Date
June 19, 2025, 12:07 p.m.
Failure - kunit - drm_test_framebuffer_create_X0L2Normalsizes
<8>[ 374.721628] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_framebuffer_create_X0L2Normalsizes RESULT=fail>
Failure - kunit - drm_test_framebuffer_create_ABGR8888Invalidflag
<8>[ 369.229198] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_framebuffer_create_ABGR8888Invalidflag RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_10_value
<8>[ 386.138569] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_10_value RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_8_value
<8>[ 385.938896] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_8_value RESULT=fail>
Failure - kunit - drm_test_framebuffer_create_ABGR8888Bufferoffsetforinexistentplane
<8>[ 369.038648] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_framebuffer_create_ABGR8888Bufferoffsetforinexistentplane RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_test_check_broadcast_rgb_value
<8>[ 385.745951] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_test_check_broadcast_rgb_value RESULT=fail>
Failure - kunit - drm_test_framebuffer_create_ABGR8888Largebufferoffset
<8>[ 368.857540] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_framebuffer_create_ABGR8888Largebufferoffset RESULT=fail>
Failure - kunit - drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_atomic_helper_connector_hdmi_check
<8>[ 385.559550] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_atomic_helper_connector_hdmi_check RESULT=fail>
Failure - kunit - drm_test_framebuffer_create_X0L2Pitchgreaterthanminimumrequired
<8>[ 375.271767] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_framebuffer_create_X0L2Pitchgreaterthanminimumrequired RESULT=fail>
Failure - kunit - drm_test_framebuffer_create_X0L2Invalidpitch
<8>[ 375.090966] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_framebuffer_create_X0L2Invalidpitch RESULT=fail>
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 29.436926] ================================================================== [ 29.439646] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80 [ 29.440165] Read of size 1 at addr ffff8881024dbb10 by task kunit_try_catch/288 [ 29.440491] [ 29.440638] CPU: 1 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 29.440745] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.440772] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.440817] Call Trace: [ 29.440861] <TASK> [ 29.440904] dump_stack_lvl+0x73/0xb0 [ 29.440964] print_report+0xd1/0x650 [ 29.442038] ? __virt_addr_valid+0x1db/0x2d0 [ 29.442123] ? strnlen+0x73/0x80 [ 29.442169] ? kasan_complete_mode_report_info+0x64/0x200 [ 29.442228] ? strnlen+0x73/0x80 [ 29.442272] kasan_report+0x141/0x180 [ 29.442324] ? strnlen+0x73/0x80 [ 29.442378] __asan_report_load1_noabort+0x18/0x20 [ 29.442432] strnlen+0x73/0x80 [ 29.442477] kasan_strings+0x615/0xe80 [ 29.442524] ? trace_hardirqs_on+0x37/0xe0 [ 29.442577] ? __pfx_kasan_strings+0x10/0x10 [ 29.442621] ? finish_task_switch.isra.0+0x153/0x700 [ 29.442668] ? __switch_to+0x47/0xf50 [ 29.442724] ? __schedule+0x10cc/0x2b60 [ 29.442777] ? __pfx_read_tsc+0x10/0x10 [ 29.442823] ? ktime_get_ts64+0x86/0x230 [ 29.442878] kunit_try_run_case+0x1a5/0x480 [ 29.442935] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.442983] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.443032] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.443086] ? __kthread_parkme+0x82/0x180 [ 29.443145] ? preempt_count_sub+0x50/0x80 [ 29.443248] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.443407] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.443462] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.443517] kthread+0x337/0x6f0 [ 29.443565] ? trace_preempt_on+0x20/0xc0 [ 29.443617] ? __pfx_kthread+0x10/0x10 [ 29.443661] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.443690] ? calculate_sigpending+0x7b/0xa0 [ 29.443717] ? __pfx_kthread+0x10/0x10 [ 29.443739] ret_from_fork+0x116/0x1d0 [ 29.443761] ? __pfx_kthread+0x10/0x10 [ 29.443783] ret_from_fork_asm+0x1a/0x30 [ 29.443816] </TASK> [ 29.443830] [ 29.456638] Allocated by task 288: [ 29.457209] kasan_save_stack+0x45/0x70 [ 29.457629] kasan_save_track+0x18/0x40 [ 29.457896] kasan_save_alloc_info+0x3b/0x50 [ 29.458668] __kasan_kmalloc+0xb7/0xc0 [ 29.458903] __kmalloc_cache_noprof+0x189/0x420 [ 29.459191] kasan_strings+0xc0/0xe80 [ 29.459383] kunit_try_run_case+0x1a5/0x480 [ 29.459591] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.459827] kthread+0x337/0x6f0 [ 29.461302] ret_from_fork+0x116/0x1d0 [ 29.461532] ret_from_fork_asm+0x1a/0x30 [ 29.461720] [ 29.461826] Freed by task 288: [ 29.462679] kasan_save_stack+0x45/0x70 [ 29.463167] kasan_save_track+0x18/0x40 [ 29.463472] kasan_save_free_info+0x3f/0x60 [ 29.463710] __kasan_slab_free+0x56/0x70 [ 29.464053] kfree+0x222/0x3f0 [ 29.464284] kasan_strings+0x2aa/0xe80 [ 29.464453] kunit_try_run_case+0x1a5/0x480 [ 29.464710] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.465129] kthread+0x337/0x6f0 [ 29.465294] ret_from_fork+0x116/0x1d0 [ 29.465464] ret_from_fork_asm+0x1a/0x30 [ 29.465859] [ 29.466024] The buggy address belongs to the object at ffff8881024dbb00 [ 29.466024] which belongs to the cache kmalloc-32 of size 32 [ 29.466823] The buggy address is located 16 bytes inside of [ 29.466823] freed 32-byte region [ffff8881024dbb00, ffff8881024dbb20) [ 29.468469] [ 29.468665] The buggy address belongs to the physical page: [ 29.469063] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024db [ 29.469547] flags: 0x200000000000000(node=0|zone=2) [ 29.469770] page_type: f5(slab) [ 29.469942] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 29.470835] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 29.471203] page dumped because: kasan: bad access detected [ 29.471511] [ 29.471693] Memory state around the buggy address: [ 29.472162] ffff8881024dba00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 29.472415] ffff8881024dba80: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 29.472987] >ffff8881024dbb00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 29.473486] ^ [ 29.473808] ffff8881024dbb80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 29.475201] ffff8881024dbc00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 29.475616] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strlen
[ 29.403747] ================================================================== [ 29.404897] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 29.405547] Read of size 1 at addr ffff8881024dbb10 by task kunit_try_catch/288 [ 29.406232] [ 29.406460] CPU: 1 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 29.406566] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.406593] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.406640] Call Trace: [ 29.406685] <TASK> [ 29.406727] dump_stack_lvl+0x73/0xb0 [ 29.406799] print_report+0xd1/0x650 [ 29.406846] ? __virt_addr_valid+0x1db/0x2d0 [ 29.406894] ? strlen+0x8f/0xb0 [ 29.406949] ? kasan_complete_mode_report_info+0x64/0x200 [ 29.406998] ? strlen+0x8f/0xb0 [ 29.407038] kasan_report+0x141/0x180 [ 29.407084] ? strlen+0x8f/0xb0 [ 29.407148] __asan_report_load1_noabort+0x18/0x20 [ 29.407200] strlen+0x8f/0xb0 [ 29.407245] kasan_strings+0x57b/0xe80 [ 29.407287] ? trace_hardirqs_on+0x37/0xe0 [ 29.407333] ? __pfx_kasan_strings+0x10/0x10 [ 29.407372] ? finish_task_switch.isra.0+0x153/0x700 [ 29.407417] ? __switch_to+0x47/0xf50 [ 29.407472] ? __schedule+0x10cc/0x2b60 [ 29.407523] ? __pfx_read_tsc+0x10/0x10 [ 29.407568] ? ktime_get_ts64+0x86/0x230 [ 29.407627] kunit_try_run_case+0x1a5/0x480 [ 29.407682] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.407723] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.407769] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.407806] ? __kthread_parkme+0x82/0x180 [ 29.407842] ? preempt_count_sub+0x50/0x80 [ 29.407886] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.407926] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.407972] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.408018] kthread+0x337/0x6f0 [ 29.408052] ? trace_preempt_on+0x20/0xc0 [ 29.408116] ? __pfx_kthread+0x10/0x10 [ 29.408163] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.408207] ? calculate_sigpending+0x7b/0xa0 [ 29.408254] ? __pfx_kthread+0x10/0x10 [ 29.408297] ret_from_fork+0x116/0x1d0 [ 29.408333] ? __pfx_kthread+0x10/0x10 [ 29.408379] ret_from_fork_asm+0x1a/0x30 [ 29.408445] </TASK> [ 29.408469] [ 29.419436] Allocated by task 288: [ 29.419729] kasan_save_stack+0x45/0x70 [ 29.420860] kasan_save_track+0x18/0x40 [ 29.421079] kasan_save_alloc_info+0x3b/0x50 [ 29.421292] __kasan_kmalloc+0xb7/0xc0 [ 29.421465] __kmalloc_cache_noprof+0x189/0x420 [ 29.421830] kasan_strings+0xc0/0xe80 [ 29.422322] kunit_try_run_case+0x1a5/0x480 [ 29.422667] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.423042] kthread+0x337/0x6f0 [ 29.423200] ret_from_fork+0x116/0x1d0 [ 29.423368] ret_from_fork_asm+0x1a/0x30 [ 29.423546] [ 29.423653] Freed by task 288: [ 29.423801] kasan_save_stack+0x45/0x70 [ 29.423976] kasan_save_track+0x18/0x40 [ 29.424249] kasan_save_free_info+0x3f/0x60 [ 29.424576] __kasan_slab_free+0x56/0x70 [ 29.424912] kfree+0x222/0x3f0 [ 29.425326] kasan_strings+0x2aa/0xe80 [ 29.425643] kunit_try_run_case+0x1a5/0x480 [ 29.426113] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.426521] kthread+0x337/0x6f0 [ 29.426805] ret_from_fork+0x116/0x1d0 [ 29.427164] ret_from_fork_asm+0x1a/0x30 [ 29.427426] [ 29.427533] The buggy address belongs to the object at ffff8881024dbb00 [ 29.427533] which belongs to the cache kmalloc-32 of size 32 [ 29.427951] The buggy address is located 16 bytes inside of [ 29.427951] freed 32-byte region [ffff8881024dbb00, ffff8881024dbb20) [ 29.428824] [ 29.429118] The buggy address belongs to the physical page: [ 29.429545] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024db [ 29.430864] flags: 0x200000000000000(node=0|zone=2) [ 29.431402] page_type: f5(slab) [ 29.431581] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 29.431861] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 29.432282] page dumped because: kasan: bad access detected [ 29.432682] [ 29.432835] Memory state around the buggy address: [ 29.433477] ffff8881024dba00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 29.434023] ffff8881024dba80: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 29.434545] >ffff8881024dbb00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 29.434844] ^ [ 29.435226] ffff8881024dbb80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 29.435602] ffff8881024dbc00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 29.435859] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 29.371707] ================================================================== [ 29.372374] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80 [ 29.372783] Read of size 1 at addr ffff8881024dbb10 by task kunit_try_catch/288 [ 29.373254] [ 29.373455] CPU: 1 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 29.373562] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.373589] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.373640] Call Trace: [ 29.373686] <TASK> [ 29.373732] dump_stack_lvl+0x73/0xb0 [ 29.373804] print_report+0xd1/0x650 [ 29.373857] ? __virt_addr_valid+0x1db/0x2d0 [ 29.373902] ? kasan_strings+0xcbc/0xe80 [ 29.373940] ? kasan_complete_mode_report_info+0x64/0x200 [ 29.373983] ? kasan_strings+0xcbc/0xe80 [ 29.374023] kasan_report+0x141/0x180 [ 29.374070] ? kasan_strings+0xcbc/0xe80 [ 29.374283] __asan_report_load1_noabort+0x18/0x20 [ 29.374345] kasan_strings+0xcbc/0xe80 [ 29.374392] ? trace_hardirqs_on+0x37/0xe0 [ 29.374445] ? __pfx_kasan_strings+0x10/0x10 [ 29.374493] ? finish_task_switch.isra.0+0x153/0x700 [ 29.374540] ? __switch_to+0x47/0xf50 [ 29.374584] ? __schedule+0x10cc/0x2b60 [ 29.374628] ? __pfx_read_tsc+0x10/0x10 [ 29.374668] ? ktime_get_ts64+0x86/0x230 [ 29.374716] kunit_try_run_case+0x1a5/0x480 [ 29.374773] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.374819] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.374861] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.374935] ? __kthread_parkme+0x82/0x180 [ 29.375109] ? preempt_count_sub+0x50/0x80 [ 29.375168] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.375207] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.375235] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.375261] kthread+0x337/0x6f0 [ 29.375283] ? trace_preempt_on+0x20/0xc0 [ 29.375307] ? __pfx_kthread+0x10/0x10 [ 29.375329] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.375353] ? calculate_sigpending+0x7b/0xa0 [ 29.375378] ? __pfx_kthread+0x10/0x10 [ 29.375401] ret_from_fork+0x116/0x1d0 [ 29.375422] ? __pfx_kthread+0x10/0x10 [ 29.375444] ret_from_fork_asm+0x1a/0x30 [ 29.375477] </TASK> [ 29.375491] [ 29.385318] Allocated by task 288: [ 29.385707] kasan_save_stack+0x45/0x70 [ 29.386327] kasan_save_track+0x18/0x40 [ 29.386515] kasan_save_alloc_info+0x3b/0x50 [ 29.386814] __kasan_kmalloc+0xb7/0xc0 [ 29.387311] __kmalloc_cache_noprof+0x189/0x420 [ 29.387569] kasan_strings+0xc0/0xe80 [ 29.387775] kunit_try_run_case+0x1a5/0x480 [ 29.388036] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.388275] kthread+0x337/0x6f0 [ 29.388438] ret_from_fork+0x116/0x1d0 [ 29.388608] ret_from_fork_asm+0x1a/0x30 [ 29.388788] [ 29.388894] Freed by task 288: [ 29.389042] kasan_save_stack+0x45/0x70 [ 29.389377] kasan_save_track+0x18/0x40 [ 29.389708] kasan_save_free_info+0x3f/0x60 [ 29.390199] __kasan_slab_free+0x56/0x70 [ 29.390537] kfree+0x222/0x3f0 [ 29.390823] kasan_strings+0x2aa/0xe80 [ 29.391319] kunit_try_run_case+0x1a5/0x480 [ 29.391747] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.392269] kthread+0x337/0x6f0 [ 29.392561] ret_from_fork+0x116/0x1d0 [ 29.392841] ret_from_fork_asm+0x1a/0x30 [ 29.393232] [ 29.393336] The buggy address belongs to the object at ffff8881024dbb00 [ 29.393336] which belongs to the cache kmalloc-32 of size 32 [ 29.393746] The buggy address is located 16 bytes inside of [ 29.393746] freed 32-byte region [ffff8881024dbb00, ffff8881024dbb20) [ 29.395578] [ 29.395790] The buggy address belongs to the physical page: [ 29.396423] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024db [ 29.396939] flags: 0x200000000000000(node=0|zone=2) [ 29.397363] page_type: f5(slab) [ 29.397661] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 29.398128] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 29.398541] page dumped because: kasan: bad access detected [ 29.398752] [ 29.398849] Memory state around the buggy address: [ 29.400016] ffff8881024dba00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 29.400628] ffff8881024dba80: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 29.401224] >ffff8881024dbb00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 29.401619] ^ [ 29.401852] ffff8881024dbb80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 29.402387] ffff8881024dbc00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 29.402747] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 29.335599] ================================================================== [ 29.337073] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0 [ 29.337589] Read of size 1 at addr ffff8881024dbb10 by task kunit_try_catch/288 [ 29.337945] [ 29.338302] CPU: 1 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 29.338423] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.338452] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.338499] Call Trace: [ 29.338529] <TASK> [ 29.338570] dump_stack_lvl+0x73/0xb0 [ 29.338643] print_report+0xd1/0x650 [ 29.338699] ? __virt_addr_valid+0x1db/0x2d0 [ 29.338752] ? strcmp+0xb0/0xc0 [ 29.338790] ? kasan_complete_mode_report_info+0x64/0x200 [ 29.338836] ? strcmp+0xb0/0xc0 [ 29.338880] kasan_report+0x141/0x180 [ 29.339081] ? strcmp+0xb0/0xc0 [ 29.339162] __asan_report_load1_noabort+0x18/0x20 [ 29.339218] strcmp+0xb0/0xc0 [ 29.339261] kasan_strings+0x431/0xe80 [ 29.339303] ? trace_hardirqs_on+0x37/0xe0 [ 29.339347] ? __pfx_kasan_strings+0x10/0x10 [ 29.339385] ? finish_task_switch.isra.0+0x153/0x700 [ 29.339430] ? __switch_to+0x47/0xf50 [ 29.339485] ? __schedule+0x10cc/0x2b60 [ 29.339519] ? __pfx_read_tsc+0x10/0x10 [ 29.339544] ? ktime_get_ts64+0x86/0x230 [ 29.339571] kunit_try_run_case+0x1a5/0x480 [ 29.339599] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.339623] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.339646] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.339671] ? __kthread_parkme+0x82/0x180 [ 29.339694] ? preempt_count_sub+0x50/0x80 [ 29.339718] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.339743] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.339766] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.339791] kthread+0x337/0x6f0 [ 29.339811] ? trace_preempt_on+0x20/0xc0 [ 29.339835] ? __pfx_kthread+0x10/0x10 [ 29.339857] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.339879] ? calculate_sigpending+0x7b/0xa0 [ 29.339928] ? __pfx_kthread+0x10/0x10 [ 29.340002] ret_from_fork+0x116/0x1d0 [ 29.340052] ? __pfx_kthread+0x10/0x10 [ 29.340123] ret_from_fork_asm+0x1a/0x30 [ 29.340165] </TASK> [ 29.340180] [ 29.351412] Allocated by task 288: [ 29.351759] kasan_save_stack+0x45/0x70 [ 29.352717] kasan_save_track+0x18/0x40 [ 29.353129] kasan_save_alloc_info+0x3b/0x50 [ 29.353477] __kasan_kmalloc+0xb7/0xc0 [ 29.353720] __kmalloc_cache_noprof+0x189/0x420 [ 29.353981] kasan_strings+0xc0/0xe80 [ 29.354449] kunit_try_run_case+0x1a5/0x480 [ 29.354716] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.355237] kthread+0x337/0x6f0 [ 29.355544] ret_from_fork+0x116/0x1d0 [ 29.355765] ret_from_fork_asm+0x1a/0x30 [ 29.356261] [ 29.356397] Freed by task 288: [ 29.356634] kasan_save_stack+0x45/0x70 [ 29.356893] kasan_save_track+0x18/0x40 [ 29.357274] kasan_save_free_info+0x3f/0x60 [ 29.357508] __kasan_slab_free+0x56/0x70 [ 29.357811] kfree+0x222/0x3f0 [ 29.358991] kasan_strings+0x2aa/0xe80 [ 29.359238] kunit_try_run_case+0x1a5/0x480 [ 29.359427] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.359647] kthread+0x337/0x6f0 [ 29.360187] ret_from_fork+0x116/0x1d0 [ 29.360513] ret_from_fork_asm+0x1a/0x30 [ 29.360849] [ 29.361167] The buggy address belongs to the object at ffff8881024dbb00 [ 29.361167] which belongs to the cache kmalloc-32 of size 32 [ 29.362181] The buggy address is located 16 bytes inside of [ 29.362181] freed 32-byte region [ffff8881024dbb00, ffff8881024dbb20) [ 29.363603] [ 29.363749] The buggy address belongs to the physical page: [ 29.364027] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024db [ 29.364602] flags: 0x200000000000000(node=0|zone=2) [ 29.364953] page_type: f5(slab) [ 29.365277] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 29.365663] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 29.366319] page dumped because: kasan: bad access detected [ 29.366724] [ 29.366873] Memory state around the buggy address: [ 29.367397] ffff8881024dba00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 29.368088] ffff8881024dba80: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 29.368419] >ffff8881024dbb00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 29.368763] ^ [ 29.369671] ffff8881024dbb80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 29.370059] ffff8881024dbc00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 29.370702] ==================================================================
Failure - log-parser-boot - bug-bug-kernel-null-pointer-dereference-address
[ 184.210800] BUG: kernel NULL pointer dereference, address: 0000000000000690 [ 184.167910] BUG: kernel NULL pointer dereference, address: 0000000000000690 [ 184.249693] BUG: kernel NULL pointer dereference, address: 0000000000000690 [ 184.286557] BUG: kernel NULL pointer dereference, address: 0000000000000690
Failure - log-parser-boot - oops-oops-oops-smp-kasan-pti
[ 184.213103] Oops: Oops: 0002 [#50] SMP KASAN PTI [ 184.287879] Oops: Oops: 0002 [#52] SMP KASAN PTI [ 184.170076] Oops: Oops: 0002 [#49] SMP KASAN PTI [ 184.251015] Oops: Oops: 0002 [#51] SMP KASAN PTI
Failure - log-parser-boot - oops-oops-general-protection-fault-probably-for-non-canonical-address-smp-kasan-pti
[ 182.740673] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#14] SMP KASAN PTI [ 183.471827] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#32] SMP KASAN PTI [ 184.119706] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#48] SMP KASAN PTI [ 184.044097] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#46] SMP KASAN PTI [ 183.344763] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#29] SMP KASAN PTI [ 184.368702] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#54] SMP KASAN PTI [ 183.030865] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#21] SMP KASAN PTI [ 182.948532] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#19] SMP KASAN PTI [ 182.697890] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#13] SMP KASAN PTI [ 183.157301] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#24] SMP KASAN PTI [ 182.356911] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#5] SMP KASAN PTI [ 184.408224] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#55] SMP KASAN PTI [ 183.755845] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#39] SMP KASAN PTI [ 182.994978] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#20] SMP KASAN PTI [ 182.400247] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#6] SMP KASAN PTI [ 184.082349] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#47] SMP KASAN PTI [ 182.611775] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#11] SMP KASAN PTI [ 182.573779] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#10] SMP KASAN PTI [ 182.778565] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#15] SMP KASAN PTI [ 184.330673] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#53] SMP KASAN PTI [ 183.875766] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#42] SMP KASAN PTI [ 183.229858] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#26] SMP KASAN PTI [ 183.429266] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#31] SMP KASAN PTI [ 182.869692] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#17] SMP KASAN PTI [ 183.832822] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#41] SMP KASAN PTI [ 140.549380] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI [ 182.314241] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#4] SMP KASAN PTI [ 183.070544] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#22] SMP KASAN PTI [ 183.794912] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#40] SMP KASAN PTI [ 184.481256] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#57] SMP KASAN PTI [ 182.530746] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#9] SMP KASAN PTI [ 184.599004] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#59] SMP KASAN PTI [ 184.443516] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#56] SMP KASAN PTI [ 183.113750] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#23] SMP KASAN PTI [ 183.600540] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#35] SMP KASAN PTI [ 182.275641] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#3] SMP KASAN PTI [ 182.487499] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#8] SMP KASAN PTI [ 184.003764] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#45] SMP KASAN PTI [ 183.677734] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#37] SMP KASAN PTI [ 183.299368] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#28] SMP KASAN PTI [ 181.136988] Oops: general protection fault, probably for non-canonical address 0xe0c57c17c00000ca: 0000 [#2] SMP KASAN PTI [ 183.256905] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#27] SMP KASAN PTI [ 183.515636] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#33] SMP KASAN PTI [ 182.654081] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#12] SMP KASAN PTI [ 183.639160] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#36] SMP KASAN PTI [ 184.521542] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#58] SMP KASAN PTI [ 183.917517] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#43] SMP KASAN PTI [ 183.718615] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#38] SMP KASAN PTI [ 183.387539] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#30] SMP KASAN PTI [ 183.959793] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#44] SMP KASAN PTI [ 182.444477] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#7] SMP KASAN PTI [ 182.823835] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#16] SMP KASAN PTI [ 183.194607] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#25] SMP KASAN PTI [ 182.909640] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#18] SMP KASAN PTI [ 183.556972] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#34] SMP KASAN PTI
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 63.413837] ================================================================== [ 63.414364] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0 [ 63.414364] [ 63.414807] Use-after-free read at 0x(____ptrval____) (in kfence-#179): [ 63.415089] test_krealloc+0x6fc/0xbe0 [ 63.415275] kunit_try_run_case+0x1a5/0x480 [ 63.415671] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 63.416114] kthread+0x337/0x6f0 [ 63.416439] ret_from_fork+0x116/0x1d0 [ 63.416674] ret_from_fork_asm+0x1a/0x30 [ 63.417013] [ 63.417162] kfence-#179: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 63.417162] [ 63.417529] allocated by task 366 on cpu 1 at 63.412766s (0.004758s ago): [ 63.418149] test_alloc+0x364/0x10f0 [ 63.418482] test_krealloc+0xad/0xbe0 [ 63.418761] kunit_try_run_case+0x1a5/0x480 [ 63.419152] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 63.419403] kthread+0x337/0x6f0 [ 63.419581] ret_from_fork+0x116/0x1d0 [ 63.419878] ret_from_fork_asm+0x1a/0x30 [ 63.420221] [ 63.420393] freed by task 366 on cpu 1 at 63.413254s (0.007135s ago): [ 63.420814] krealloc_noprof+0x108/0x340 [ 63.421047] test_krealloc+0x226/0xbe0 [ 63.421374] kunit_try_run_case+0x1a5/0x480 [ 63.421590] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 63.422055] kthread+0x337/0x6f0 [ 63.422242] ret_from_fork+0x116/0x1d0 [ 63.422527] ret_from_fork_asm+0x1a/0x30 [ 63.422727] [ 63.422905] CPU: 1 UID: 0 PID: 366 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 63.423872] Tainted: [B]=BAD_PAGE, [N]=TEST [ 63.424198] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 63.424612] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 63.319484] ================================================================== [ 63.319960] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 63.319960] [ 63.320401] Use-after-free read at 0x(____ptrval____) (in kfence-#178): [ 63.320938] test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 63.321484] kunit_try_run_case+0x1a5/0x480 [ 63.321767] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 63.322315] kthread+0x337/0x6f0 [ 63.322726] ret_from_fork+0x116/0x1d0 [ 63.323129] ret_from_fork_asm+0x1a/0x30 [ 63.323454] [ 63.323570] kfence-#178: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 63.323570] [ 63.324259] allocated by task 364 on cpu 0 at 63.309862s (0.014390s ago): [ 63.324671] test_alloc+0x2a6/0x10f0 [ 63.325069] test_memcache_typesafe_by_rcu+0x16f/0x670 [ 63.325423] kunit_try_run_case+0x1a5/0x480 [ 63.325756] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 63.326238] kthread+0x337/0x6f0 [ 63.326546] ret_from_fork+0x116/0x1d0 [ 63.326819] ret_from_fork_asm+0x1a/0x30 [ 63.327194] [ 63.327425] freed by task 364 on cpu 0 at 63.310082s (0.017338s ago): [ 63.327851] test_memcache_typesafe_by_rcu+0x1bf/0x670 [ 63.328402] kunit_try_run_case+0x1a5/0x480 [ 63.328663] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 63.329209] kthread+0x337/0x6f0 [ 63.329525] ret_from_fork+0x116/0x1d0 [ 63.329757] ret_from_fork_asm+0x1a/0x30 [ 63.330192] [ 63.330426] CPU: 0 UID: 0 PID: 364 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 63.331188] Tainted: [B]=BAD_PAGE, [N]=TEST [ 63.331638] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 63.332301] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 29.296873] ================================================================== [ 29.297423] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 29.297921] Read of size 1 at addr ffff8881024db9d8 by task kunit_try_catch/286 [ 29.298422] [ 29.298618] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 29.298732] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.298757] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.298801] Call Trace: [ 29.298831] <TASK> [ 29.298873] dump_stack_lvl+0x73/0xb0 [ 29.298937] print_report+0xd1/0x650 [ 29.298984] ? __virt_addr_valid+0x1db/0x2d0 [ 29.299035] ? memcmp+0x1b4/0x1d0 [ 29.299074] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.299139] ? memcmp+0x1b4/0x1d0 [ 29.299177] kasan_report+0x141/0x180 [ 29.299223] ? memcmp+0x1b4/0x1d0 [ 29.299270] __asan_report_load1_noabort+0x18/0x20 [ 29.299322] memcmp+0x1b4/0x1d0 [ 29.299364] kasan_memcmp+0x18f/0x390 [ 29.299403] ? trace_hardirqs_on+0x37/0xe0 [ 29.299450] ? __pfx_kasan_memcmp+0x10/0x10 [ 29.299488] ? finish_task_switch.isra.0+0x153/0x700 [ 29.299531] ? __switch_to+0x47/0xf50 [ 29.299590] ? __pfx_read_tsc+0x10/0x10 [ 29.299633] ? ktime_get_ts64+0x86/0x230 [ 29.299689] kunit_try_run_case+0x1a5/0x480 [ 29.299744] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.299786] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.299830] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.299876] ? __kthread_parkme+0x82/0x180 [ 29.299914] ? preempt_count_sub+0x50/0x80 [ 29.299957] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.300007] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.300062] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.300156] kthread+0x337/0x6f0 [ 29.300203] ? trace_preempt_on+0x20/0xc0 [ 29.300257] ? __pfx_kthread+0x10/0x10 [ 29.300306] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.300343] ? calculate_sigpending+0x7b/0xa0 [ 29.300370] ? __pfx_kthread+0x10/0x10 [ 29.300394] ret_from_fork+0x116/0x1d0 [ 29.300416] ? __pfx_kthread+0x10/0x10 [ 29.300438] ret_from_fork_asm+0x1a/0x30 [ 29.300471] </TASK> [ 29.300485] [ 29.308820] Allocated by task 286: [ 29.309188] kasan_save_stack+0x45/0x70 [ 29.309588] kasan_save_track+0x18/0x40 [ 29.310047] kasan_save_alloc_info+0x3b/0x50 [ 29.310354] __kasan_kmalloc+0xb7/0xc0 [ 29.310533] __kmalloc_cache_noprof+0x189/0x420 [ 29.310735] kasan_memcmp+0xb7/0x390 [ 29.311061] kunit_try_run_case+0x1a5/0x480 [ 29.311419] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.311815] kthread+0x337/0x6f0 [ 29.312155] ret_from_fork+0x116/0x1d0 [ 29.312431] ret_from_fork_asm+0x1a/0x30 [ 29.312707] [ 29.312848] The buggy address belongs to the object at ffff8881024db9c0 [ 29.312848] which belongs to the cache kmalloc-32 of size 32 [ 29.313445] The buggy address is located 0 bytes to the right of [ 29.313445] allocated 24-byte region [ffff8881024db9c0, ffff8881024db9d8) [ 29.314061] [ 29.314182] The buggy address belongs to the physical page: [ 29.314552] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024db [ 29.314908] flags: 0x200000000000000(node=0|zone=2) [ 29.315221] page_type: f5(slab) [ 29.315487] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 29.315858] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 29.316275] page dumped because: kasan: bad access detected [ 29.316564] [ 29.316699] Memory state around the buggy address: [ 29.317015] ffff8881024db880: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 29.317271] ffff8881024db900: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 29.317531] >ffff8881024db980: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 29.317781] ^ [ 29.318009] ffff8881024dba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.318504] ffff8881024dba80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.319065] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 29.257497] ================================================================== [ 29.258033] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 29.258864] Read of size 1 at addr ffff888103a97c4a by task kunit_try_catch/282 [ 29.259380] [ 29.259628] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 29.259757] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.259804] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.259851] Call Trace: [ 29.259882] <TASK> [ 29.259955] dump_stack_lvl+0x73/0xb0 [ 29.260267] print_report+0xd1/0x650 [ 29.260316] ? __virt_addr_valid+0x1db/0x2d0 [ 29.260380] ? kasan_alloca_oob_right+0x329/0x390 [ 29.260446] ? kasan_addr_to_slab+0x11/0xa0 [ 29.260491] ? kasan_alloca_oob_right+0x329/0x390 [ 29.260539] kasan_report+0x141/0x180 [ 29.260584] ? kasan_alloca_oob_right+0x329/0x390 [ 29.260655] __asan_report_load1_noabort+0x18/0x20 [ 29.260723] kasan_alloca_oob_right+0x329/0x390 [ 29.260765] ? __pfx_sched_clock_cpu+0x10/0x10 [ 29.260794] ? finish_task_switch.isra.0+0x153/0x700 [ 29.260820] ? rwsem_down_read_slowpath+0x52e/0xb90 [ 29.260848] ? trace_hardirqs_on+0x37/0xe0 [ 29.260876] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 29.260945] ? __schedule+0x10cc/0x2b60 [ 29.261180] ? __pfx_read_tsc+0x10/0x10 [ 29.261214] ? ktime_get_ts64+0x86/0x230 [ 29.261244] kunit_try_run_case+0x1a5/0x480 [ 29.261276] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.261300] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.261325] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.261350] ? __kthread_parkme+0x82/0x180 [ 29.261373] ? preempt_count_sub+0x50/0x80 [ 29.261399] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.261424] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.261448] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.261473] kthread+0x337/0x6f0 [ 29.261494] ? trace_preempt_on+0x20/0xc0 [ 29.261518] ? __pfx_kthread+0x10/0x10 [ 29.261541] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.261564] ? calculate_sigpending+0x7b/0xa0 [ 29.261590] ? __pfx_kthread+0x10/0x10 [ 29.261613] ret_from_fork+0x116/0x1d0 [ 29.261634] ? __pfx_kthread+0x10/0x10 [ 29.261657] ret_from_fork_asm+0x1a/0x30 [ 29.261690] </TASK> [ 29.261703] [ 29.272581] The buggy address belongs to stack of task kunit_try_catch/282 [ 29.273445] [ 29.273652] The buggy address belongs to the physical page: [ 29.274213] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a97 [ 29.274528] flags: 0x200000000000000(node=0|zone=2) [ 29.274796] raw: 0200000000000000 ffffea00040ea5c8 ffffea00040ea5c8 0000000000000000 [ 29.275406] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 29.276191] page dumped because: kasan: bad access detected [ 29.276642] [ 29.276806] Memory state around the buggy address: [ 29.277142] ffff888103a97b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.277787] ffff888103a97b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.278355] >ffff888103a97c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 29.278803] ^ [ 29.279188] ffff888103a97c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 29.279766] ffff888103a97d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 29.280035] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 29.226289] ================================================================== [ 29.226948] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x320/0x380 [ 29.227792] Read of size 1 at addr ffff888103a3fc3f by task kunit_try_catch/280 [ 29.228763] [ 29.229058] CPU: 0 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 29.229415] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.229448] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.229603] Call Trace: [ 29.229636] <TASK> [ 29.229664] dump_stack_lvl+0x73/0xb0 [ 29.229714] print_report+0xd1/0x650 [ 29.229741] ? __virt_addr_valid+0x1db/0x2d0 [ 29.229767] ? kasan_alloca_oob_left+0x320/0x380 [ 29.229792] ? kasan_addr_to_slab+0x11/0xa0 [ 29.229814] ? kasan_alloca_oob_left+0x320/0x380 [ 29.229838] kasan_report+0x141/0x180 [ 29.229862] ? kasan_alloca_oob_left+0x320/0x380 [ 29.229890] __asan_report_load1_noabort+0x18/0x20 [ 29.229929] kasan_alloca_oob_left+0x320/0x380 [ 29.229962] ? __pfx_sched_clock_cpu+0x10/0x10 [ 29.229988] ? finish_task_switch.isra.0+0x153/0x700 [ 29.230014] ? rwsem_down_read_slowpath+0x52e/0xb90 [ 29.230042] ? trace_hardirqs_on+0x37/0xe0 [ 29.230070] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 29.230097] ? __schedule+0x10cc/0x2b60 [ 29.230147] ? __pfx_read_tsc+0x10/0x10 [ 29.230172] ? ktime_get_ts64+0x86/0x230 [ 29.230200] kunit_try_run_case+0x1a5/0x480 [ 29.230229] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.230254] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.230278] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.230304] ? __kthread_parkme+0x82/0x180 [ 29.230328] ? preempt_count_sub+0x50/0x80 [ 29.230353] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.230380] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.230406] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.230431] kthread+0x337/0x6f0 [ 29.230454] ? trace_preempt_on+0x20/0xc0 [ 29.230479] ? __pfx_kthread+0x10/0x10 [ 29.230502] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.230526] ? calculate_sigpending+0x7b/0xa0 [ 29.230552] ? __pfx_kthread+0x10/0x10 [ 29.230575] ret_from_fork+0x116/0x1d0 [ 29.230596] ? __pfx_kthread+0x10/0x10 [ 29.230620] ret_from_fork_asm+0x1a/0x30 [ 29.230654] </TASK> [ 29.230666] [ 29.243311] The buggy address belongs to stack of task kunit_try_catch/280 [ 29.243907] [ 29.244083] The buggy address belongs to the physical page: [ 29.244620] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a3f [ 29.245349] flags: 0x200000000000000(node=0|zone=2) [ 29.245842] raw: 0200000000000000 ffffea00040e8fc8 ffffea00040e8fc8 0000000000000000 [ 29.246412] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 29.246819] page dumped because: kasan: bad access detected [ 29.247281] [ 29.247438] Memory state around the buggy address: [ 29.247739] ffff888103a3fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.248221] ffff888103a3fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.248632] >ffff888103a3fc00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 29.249049] ^ [ 29.249407] ffff888103a3fc80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 29.249776] ffff888103a3fd00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 29.250279] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 29.191342] ================================================================== [ 29.192487] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2b5/0x300 [ 29.192978] Read of size 1 at addr ffff888103aa7d02 by task kunit_try_catch/278 [ 29.193239] [ 29.193386] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 29.193489] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.193514] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.193769] Call Trace: [ 29.193819] <TASK> [ 29.193873] dump_stack_lvl+0x73/0xb0 [ 29.193944] print_report+0xd1/0x650 [ 29.194096] ? __virt_addr_valid+0x1db/0x2d0 [ 29.194197] ? kasan_stack_oob+0x2b5/0x300 [ 29.194240] ? kasan_addr_to_slab+0x11/0xa0 [ 29.194279] ? kasan_stack_oob+0x2b5/0x300 [ 29.194316] kasan_report+0x141/0x180 [ 29.194362] ? kasan_stack_oob+0x2b5/0x300 [ 29.194409] __asan_report_load1_noabort+0x18/0x20 [ 29.194502] kasan_stack_oob+0x2b5/0x300 [ 29.194566] ? __pfx_kasan_stack_oob+0x10/0x10 [ 29.194607] ? finish_task_switch.isra.0+0x153/0x700 [ 29.194656] ? __switch_to+0x47/0xf50 [ 29.194748] ? __schedule+0x10cc/0x2b60 [ 29.194817] ? __pfx_read_tsc+0x10/0x10 [ 29.194859] ? ktime_get_ts64+0x86/0x230 [ 29.194910] kunit_try_run_case+0x1a5/0x480 [ 29.194967] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.195097] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.195147] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.195174] ? __kthread_parkme+0x82/0x180 [ 29.195198] ? preempt_count_sub+0x50/0x80 [ 29.195224] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.195250] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.195277] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.195303] kthread+0x337/0x6f0 [ 29.195325] ? trace_preempt_on+0x20/0xc0 [ 29.195351] ? __pfx_kthread+0x10/0x10 [ 29.195375] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.195399] ? calculate_sigpending+0x7b/0xa0 [ 29.195426] ? __pfx_kthread+0x10/0x10 [ 29.195451] ret_from_fork+0x116/0x1d0 [ 29.195473] ? __pfx_kthread+0x10/0x10 [ 29.195496] ret_from_fork_asm+0x1a/0x30 [ 29.195530] </TASK> [ 29.195545] [ 29.206506] The buggy address belongs to stack of task kunit_try_catch/278 [ 29.207621] and is located at offset 138 in frame: [ 29.208340] kasan_stack_oob+0x0/0x300 [ 29.208844] [ 29.209334] This frame has 4 objects: [ 29.209854] [48, 49) '__assertion' [ 29.209913] [64, 72) 'array' [ 29.210085] [96, 112) '__assertion' [ 29.210267] [128, 138) 'stack_array' [ 29.210506] [ 29.211182] The buggy address belongs to the physical page: [ 29.211683] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103aa7 [ 29.212645] flags: 0x200000000000000(node=0|zone=2) [ 29.212917] raw: 0200000000000000 ffffea00040ea9c8 ffffea00040ea9c8 0000000000000000 [ 29.213758] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 29.214686] page dumped because: kasan: bad access detected [ 29.215287] [ 29.215542] Memory state around the buggy address: [ 29.215878] ffff888103aa7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 29.216579] ffff888103aa7c80: f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 [ 29.216845] >ffff888103aa7d00: 02 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 29.217364] ^ [ 29.217820] ffff888103aa7d80: f1 f1 f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 [ 29.218690] ffff888103aa7e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.219457] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 39.298388] ================================================================== [ 39.299048] BUG: KFENCE: invalid read in test_invalid_access+0xf0/0x210 [ 39.299048] [ 39.300056] Invalid read at 0x(____ptrval____): [ 39.301215] test_invalid_access+0xf0/0x210 [ 39.301469] kunit_try_run_case+0x1a5/0x480 [ 39.301669] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 39.303348] kthread+0x337/0x6f0 [ 39.303692] ret_from_fork+0x116/0x1d0 [ 39.304664] ret_from_fork_asm+0x1a/0x30 [ 39.305312] [ 39.305512] CPU: 1 UID: 0 PID: 360 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 39.306849] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.307218] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 39.307406] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 39.069029] ================================================================== [ 39.069513] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x24f/0x340 [ 39.069513] [ 39.069842] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#174): [ 39.071003] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 39.071306] kunit_try_run_case+0x1a5/0x480 [ 39.071715] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 39.072274] kthread+0x337/0x6f0 [ 39.072578] ret_from_fork+0x116/0x1d0 [ 39.072807] ret_from_fork_asm+0x1a/0x30 [ 39.073107] [ 39.073300] kfence-#174: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 39.073300] [ 39.074112] allocated by task 354 on cpu 1 at 39.068627s (0.005480s ago): [ 39.074563] test_alloc+0x364/0x10f0 [ 39.074890] test_kmalloc_aligned_oob_write+0xc8/0x340 [ 39.075298] kunit_try_run_case+0x1a5/0x480 [ 39.075578] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 39.075850] kthread+0x337/0x6f0 [ 39.076155] ret_from_fork+0x116/0x1d0 [ 39.076512] ret_from_fork_asm+0x1a/0x30 [ 39.076963] [ 39.077078] freed by task 354 on cpu 1 at 39.068833s (0.008240s ago): [ 39.077564] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 39.078051] kunit_try_run_case+0x1a5/0x480 [ 39.078464] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 39.078801] kthread+0x337/0x6f0 [ 39.079171] ret_from_fork+0x116/0x1d0 [ 39.079390] ret_from_fork_asm+0x1a/0x30 [ 39.079621] [ 39.079837] CPU: 1 UID: 0 PID: 354 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 39.080951] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.081585] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 39.082059] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 38.445245] ================================================================== [ 38.445722] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x27e/0x560 [ 38.445722] [ 38.446386] Out-of-bounds read at 0x(____ptrval____) (105B right of kfence-#168): [ 38.446901] test_kmalloc_aligned_oob_read+0x27e/0x560 [ 38.447297] kunit_try_run_case+0x1a5/0x480 [ 38.447560] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 38.447857] kthread+0x337/0x6f0 [ 38.448185] ret_from_fork+0x116/0x1d0 [ 38.448493] ret_from_fork_asm+0x1a/0x30 [ 38.448772] [ 38.448882] kfence-#168: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 38.448882] [ 38.449902] allocated by task 352 on cpu 0 at 38.444772s (0.005124s ago): [ 38.450417] test_alloc+0x364/0x10f0 [ 38.450612] test_kmalloc_aligned_oob_read+0x105/0x560 [ 38.451091] kunit_try_run_case+0x1a5/0x480 [ 38.451544] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 38.451859] kthread+0x337/0x6f0 [ 38.452191] ret_from_fork+0x116/0x1d0 [ 38.452523] ret_from_fork_asm+0x1a/0x30 [ 38.452784] [ 38.452998] CPU: 0 UID: 0 PID: 352 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 38.454054] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.454660] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 38.455033] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-test_corruption
[ 33.452932] ================================================================== [ 33.453356] BUG: KFENCE: memory corruption in test_corruption+0x2d2/0x3e0 [ 33.453356] [ 33.453610] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#120): [ 33.455069] test_corruption+0x2d2/0x3e0 [ 33.455362] kunit_try_run_case+0x1a5/0x480 [ 33.455659] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.456024] kthread+0x337/0x6f0 [ 33.456295] ret_from_fork+0x116/0x1d0 [ 33.456483] ret_from_fork_asm+0x1a/0x30 [ 33.456674] [ 33.456777] kfence-#120: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 33.456777] [ 33.457564] allocated by task 340 on cpu 0 at 33.452652s (0.004907s ago): [ 33.458244] test_alloc+0x364/0x10f0 [ 33.458421] test_corruption+0xe6/0x3e0 [ 33.459456] kunit_try_run_case+0x1a5/0x480 [ 33.459742] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.460129] kthread+0x337/0x6f0 [ 33.460800] ret_from_fork+0x116/0x1d0 [ 33.461387] ret_from_fork_asm+0x1a/0x30 [ 33.461641] [ 33.461780] freed by task 340 on cpu 0 at 33.452798s (0.008979s ago): [ 33.462474] test_corruption+0x2d2/0x3e0 [ 33.462744] kunit_try_run_case+0x1a5/0x480 [ 33.463458] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.463747] kthread+0x337/0x6f0 [ 33.464243] ret_from_fork+0x116/0x1d0 [ 33.464493] ret_from_fork_asm+0x1a/0x30 [ 33.464710] [ 33.464859] CPU: 0 UID: 0 PID: 340 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 33.465624] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.465860] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.466604] ================================================================== [ 34.180857] ================================================================== [ 34.181341] BUG: KFENCE: memory corruption in test_corruption+0x131/0x3e0 [ 34.181341] [ 34.181634] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#127): [ 34.182747] test_corruption+0x131/0x3e0 [ 34.183119] kunit_try_run_case+0x1a5/0x480 [ 34.183415] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.183704] kthread+0x337/0x6f0 [ 34.183886] ret_from_fork+0x116/0x1d0 [ 34.184312] ret_from_fork_asm+0x1a/0x30 [ 34.184675] [ 34.184847] kfence-#127: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 34.184847] [ 34.185366] allocated by task 342 on cpu 0 at 34.180619s (0.004742s ago): [ 34.185770] test_alloc+0x2a6/0x10f0 [ 34.186081] test_corruption+0xe6/0x3e0 [ 34.186428] kunit_try_run_case+0x1a5/0x480 [ 34.186697] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.186931] kthread+0x337/0x6f0 [ 34.187119] ret_from_fork+0x116/0x1d0 [ 34.187464] ret_from_fork_asm+0x1a/0x30 [ 34.187908] [ 34.188174] freed by task 342 on cpu 0 at 34.180718s (0.007451s ago): [ 34.188708] test_corruption+0x131/0x3e0 [ 34.189059] kunit_try_run_case+0x1a5/0x480 [ 34.189394] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.189678] kthread+0x337/0x6f0 [ 34.190019] ret_from_fork+0x116/0x1d0 [ 34.190231] ret_from_fork_asm+0x1a/0x30 [ 34.190500] [ 34.190731] CPU: 0 UID: 0 PID: 342 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 34.191296] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.191661] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.192430] ================================================================== [ 33.557197] ================================================================== [ 33.557716] BUG: KFENCE: memory corruption in test_corruption+0x2df/0x3e0 [ 33.557716] [ 33.558148] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#121): [ 33.558818] test_corruption+0x2df/0x3e0 [ 33.558998] kunit_try_run_case+0x1a5/0x480 [ 33.559410] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.559825] kthread+0x337/0x6f0 [ 33.560020] ret_from_fork+0x116/0x1d0 [ 33.560495] ret_from_fork_asm+0x1a/0x30 [ 33.560780] [ 33.560938] kfence-#121: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 33.560938] [ 33.561364] allocated by task 340 on cpu 0 at 33.556668s (0.004691s ago): [ 33.561833] test_alloc+0x364/0x10f0 [ 33.562222] test_corruption+0x1cb/0x3e0 [ 33.562541] kunit_try_run_case+0x1a5/0x480 [ 33.562752] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.562981] kthread+0x337/0x6f0 [ 33.563349] ret_from_fork+0x116/0x1d0 [ 33.563665] ret_from_fork_asm+0x1a/0x30 [ 33.564023] [ 33.564268] freed by task 340 on cpu 0 at 33.556833s (0.007430s ago): [ 33.564810] test_corruption+0x2df/0x3e0 [ 33.565226] kunit_try_run_case+0x1a5/0x480 [ 33.565439] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.565817] kthread+0x337/0x6f0 [ 33.566152] ret_from_fork+0x116/0x1d0 [ 33.566422] ret_from_fork_asm+0x1a/0x30 [ 33.566683] [ 33.566855] CPU: 0 UID: 0 PID: 340 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 33.567565] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.567777] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.568145] ================================================================== [ 34.492833] ================================================================== [ 34.493505] BUG: KFENCE: memory corruption in test_corruption+0x216/0x3e0 [ 34.493505] [ 34.494200] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#130): [ 34.494548] test_corruption+0x216/0x3e0 [ 34.494738] kunit_try_run_case+0x1a5/0x480 [ 34.494949] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.495158] kthread+0x337/0x6f0 [ 34.495333] ret_from_fork+0x116/0x1d0 [ 34.495484] ret_from_fork_asm+0x1a/0x30 [ 34.495597] [ 34.495656] kfence-#130: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 34.495656] [ 34.495849] allocated by task 342 on cpu 0 at 34.492610s (0.003237s ago): [ 34.496007] test_alloc+0x2a6/0x10f0 [ 34.496184] test_corruption+0x1cb/0x3e0 [ 34.496514] kunit_try_run_case+0x1a5/0x480 [ 34.496939] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.497418] kthread+0x337/0x6f0 [ 34.497723] ret_from_fork+0x116/0x1d0 [ 34.498121] ret_from_fork_asm+0x1a/0x30 [ 34.498506] [ 34.498691] freed by task 342 on cpu 0 at 34.492693s (0.005992s ago): [ 34.499297] test_corruption+0x216/0x3e0 [ 34.499645] kunit_try_run_case+0x1a5/0x480 [ 34.500060] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.500556] kthread+0x337/0x6f0 [ 34.500879] ret_from_fork+0x116/0x1d0 [ 34.501252] ret_from_fork_asm+0x1a/0x30 [ 34.501617] [ 34.501863] CPU: 0 UID: 0 PID: 342 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 34.503234] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.503416] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.504021] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 33.244846] ================================================================== [ 33.245343] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1e1/0x260 [ 33.245343] [ 33.245648] Invalid free of 0x(____ptrval____) (in kfence-#118): [ 33.246198] test_invalid_addr_free+0x1e1/0x260 [ 33.246441] kunit_try_run_case+0x1a5/0x480 [ 33.246624] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.247089] kthread+0x337/0x6f0 [ 33.247445] ret_from_fork+0x116/0x1d0 [ 33.247768] ret_from_fork_asm+0x1a/0x30 [ 33.248140] [ 33.248315] kfence-#118: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 33.248315] [ 33.248720] allocated by task 336 on cpu 0 at 33.244603s (0.004111s ago): [ 33.249279] test_alloc+0x364/0x10f0 [ 33.249613] test_invalid_addr_free+0xdb/0x260 [ 33.250039] kunit_try_run_case+0x1a5/0x480 [ 33.250348] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.250590] kthread+0x337/0x6f0 [ 33.250907] ret_from_fork+0x116/0x1d0 [ 33.251271] ret_from_fork_asm+0x1a/0x30 [ 33.251639] [ 33.251864] CPU: 0 UID: 0 PID: 336 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 33.252497] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.252723] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.253486] ================================================================== [ 33.348829] ================================================================== [ 33.349322] BUG: KFENCE: invalid free in test_invalid_addr_free+0xfb/0x260 [ 33.349322] [ 33.349618] Invalid free of 0x(____ptrval____) (in kfence-#119): [ 33.350039] test_invalid_addr_free+0xfb/0x260 [ 33.350336] kunit_try_run_case+0x1a5/0x480 [ 33.350724] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.351129] kthread+0x337/0x6f0 [ 33.351312] ret_from_fork+0x116/0x1d0 [ 33.351650] ret_from_fork_asm+0x1a/0x30 [ 33.351848] [ 33.352060] kfence-#119: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 33.352060] [ 33.352632] allocated by task 338 on cpu 1 at 33.348618s (0.004009s ago): [ 33.352938] test_alloc+0x2a6/0x10f0 [ 33.353129] test_invalid_addr_free+0xdb/0x260 [ 33.353470] kunit_try_run_case+0x1a5/0x480 [ 33.353823] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.354260] kthread+0x337/0x6f0 [ 33.354560] ret_from_fork+0x116/0x1d0 [ 33.354800] ret_from_fork_asm+0x1a/0x30 [ 33.355162] [ 33.355416] CPU: 1 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 33.356247] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.356555] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.357113] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-free-in-test_double_free
[ 33.036951] ================================================================== [ 33.037503] BUG: KFENCE: invalid free in test_double_free+0x1d3/0x260 [ 33.037503] [ 33.037891] Invalid free of 0x(____ptrval____) (in kfence-#116): [ 33.038449] test_double_free+0x1d3/0x260 [ 33.038728] kunit_try_run_case+0x1a5/0x480 [ 33.038919] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.039262] kthread+0x337/0x6f0 [ 33.039639] ret_from_fork+0x116/0x1d0 [ 33.039974] ret_from_fork_asm+0x1a/0x30 [ 33.040277] [ 33.040443] kfence-#116: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 33.040443] [ 33.040923] allocated by task 332 on cpu 0 at 33.036617s (0.004301s ago): [ 33.041237] test_alloc+0x364/0x10f0 [ 33.041615] test_double_free+0xdb/0x260 [ 33.042000] kunit_try_run_case+0x1a5/0x480 [ 33.042422] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.042864] kthread+0x337/0x6f0 [ 33.043052] ret_from_fork+0x116/0x1d0 [ 33.043252] ret_from_fork_asm+0x1a/0x30 [ 33.043446] [ 33.043638] freed by task 332 on cpu 0 at 33.036741s (0.006892s ago): [ 33.044227] test_double_free+0x1e0/0x260 [ 33.044733] kunit_try_run_case+0x1a5/0x480 [ 33.045176] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.045550] kthread+0x337/0x6f0 [ 33.045731] ret_from_fork+0x116/0x1d0 [ 33.045970] ret_from_fork_asm+0x1a/0x30 [ 33.046339] [ 33.046595] CPU: 0 UID: 0 PID: 332 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 33.047517] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.047758] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.048431] ================================================================== [ 33.140931] ================================================================== [ 33.141453] BUG: KFENCE: invalid free in test_double_free+0x112/0x260 [ 33.141453] [ 33.141747] Invalid free of 0x(____ptrval____) (in kfence-#117): [ 33.142333] test_double_free+0x112/0x260 [ 33.142583] kunit_try_run_case+0x1a5/0x480 [ 33.142771] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.143162] kthread+0x337/0x6f0 [ 33.143522] ret_from_fork+0x116/0x1d0 [ 33.143877] ret_from_fork_asm+0x1a/0x30 [ 33.144204] [ 33.144347] kfence-#117: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 33.144347] [ 33.145094] allocated by task 334 on cpu 0 at 33.140640s (0.004449s ago): [ 33.145493] test_alloc+0x2a6/0x10f0 [ 33.145685] test_double_free+0xdb/0x260 [ 33.146046] kunit_try_run_case+0x1a5/0x480 [ 33.146463] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.146939] kthread+0x337/0x6f0 [ 33.147294] ret_from_fork+0x116/0x1d0 [ 33.147498] ret_from_fork_asm+0x1a/0x30 [ 33.147738] [ 33.147868] freed by task 334 on cpu 0 at 33.140741s (0.007123s ago): [ 33.148448] test_double_free+0xfa/0x260 [ 33.148813] kunit_try_run_case+0x1a5/0x480 [ 33.149302] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.149668] kthread+0x337/0x6f0 [ 33.150036] ret_from_fork+0x116/0x1d0 [ 33.150354] ret_from_fork_asm+0x1a/0x30 [ 33.150632] [ 33.150875] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 33.151578] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.151874] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.152493] ==================================================================
Failure - kunit - drm_managed_drm_test_managed_run_action
<8>[ 388.271522] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_managed_drm_test_managed_run_action RESULT=fail>
Failure - kunit - drm_managed_drm_test_managed_release_action
<8>[ 388.092654] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_managed_drm_test_managed_release_action RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_mode_valid_drm_atomic_helper_connector_hdmi_mode_valid
<8>[ 387.907623] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_mode_valid_drm_atomic_helper_connector_hdmi_mode_valid RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid_reject_max_clock
<8>[ 387.690503] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid_reject_max_clock RESULT=fail>
Failure - kunit - drm_test_framebuffer_create_X0L2Maxsizes
<8>[ 374.904703] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_framebuffer_create_X0L2Maxsizes RESULT=fail>
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 32.724881] ================================================================== [ 32.725468] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 32.725468] [ 32.725987] Use-after-free read at 0x(____ptrval____) (in kfence-#113): [ 32.726552] test_use_after_free_read+0x129/0x270 [ 32.726836] kunit_try_run_case+0x1a5/0x480 [ 32.727358] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.727665] kthread+0x337/0x6f0 [ 32.727900] ret_from_fork+0x116/0x1d0 [ 32.728257] ret_from_fork_asm+0x1a/0x30 [ 32.728670] [ 32.728890] kfence-#113: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 32.728890] [ 32.729449] allocated by task 326 on cpu 0 at 32.724652s (0.004791s ago): [ 32.730136] test_alloc+0x2a6/0x10f0 [ 32.730449] test_use_after_free_read+0xdc/0x270 [ 32.730872] kunit_try_run_case+0x1a5/0x480 [ 32.731257] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.731699] kthread+0x337/0x6f0 [ 32.732089] ret_from_fork+0x116/0x1d0 [ 32.732459] ret_from_fork_asm+0x1a/0x30 [ 32.732659] [ 32.732768] freed by task 326 on cpu 0 at 32.724726s (0.008037s ago): [ 32.733390] test_use_after_free_read+0xfb/0x270 [ 32.733820] kunit_try_run_case+0x1a5/0x480 [ 32.734286] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.734693] kthread+0x337/0x6f0 [ 32.734904] ret_from_fork+0x116/0x1d0 [ 32.735350] ret_from_fork_asm+0x1a/0x30 [ 32.735730] [ 32.735980] CPU: 0 UID: 0 PID: 326 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 32.736565] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.736955] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.737596] ================================================================== [ 32.621055] ================================================================== [ 32.621635] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 32.621635] [ 32.622399] Use-after-free read at 0x(____ptrval____) (in kfence-#112): [ 32.622738] test_use_after_free_read+0x129/0x270 [ 32.623167] kunit_try_run_case+0x1a5/0x480 [ 32.623410] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.623872] kthread+0x337/0x6f0 [ 32.624140] ret_from_fork+0x116/0x1d0 [ 32.624339] ret_from_fork_asm+0x1a/0x30 [ 32.624542] [ 32.624722] kfence-#112: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 32.624722] [ 32.625691] allocated by task 324 on cpu 1 at 32.620669s (0.005016s ago): [ 32.626389] test_alloc+0x364/0x10f0 [ 32.626795] test_use_after_free_read+0xdc/0x270 [ 32.627081] kunit_try_run_case+0x1a5/0x480 [ 32.627530] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.627958] kthread+0x337/0x6f0 [ 32.628332] ret_from_fork+0x116/0x1d0 [ 32.628681] ret_from_fork_asm+0x1a/0x30 [ 32.629026] [ 32.629184] freed by task 324 on cpu 1 at 32.620797s (0.008382s ago): [ 32.629702] test_use_after_free_read+0x1e7/0x270 [ 32.630250] kunit_try_run_case+0x1a5/0x480 [ 32.630647] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.631097] kthread+0x337/0x6f0 [ 32.631458] ret_from_fork+0x116/0x1d0 [ 32.631778] ret_from_fork_asm+0x1a/0x30 [ 32.632262] [ 32.632466] CPU: 1 UID: 0 PID: 324 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 32.633320] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.633728] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.634467] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 32.308898] ================================================================== [ 32.309609] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 32.309609] [ 32.310287] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#109): [ 32.310510] test_out_of_bounds_write+0x10d/0x260 [ 32.310718] kunit_try_run_case+0x1a5/0x480 [ 32.310923] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.312321] kthread+0x337/0x6f0 [ 32.312515] ret_from_fork+0x116/0x1d0 [ 32.312784] ret_from_fork_asm+0x1a/0x30 [ 32.313407] [ 32.313621] kfence-#109: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 32.313621] [ 32.314191] allocated by task 320 on cpu 1 at 32.308689s (0.005496s ago): [ 32.314576] test_alloc+0x364/0x10f0 [ 32.314944] test_out_of_bounds_write+0xd4/0x260 [ 32.315338] kunit_try_run_case+0x1a5/0x480 [ 32.315673] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.316234] kthread+0x337/0x6f0 [ 32.316532] ret_from_fork+0x116/0x1d0 [ 32.316896] ret_from_fork_asm+0x1a/0x30 [ 32.317276] [ 32.317481] CPU: 1 UID: 0 PID: 320 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 32.318216] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.318521] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.319237] ================================================================== [ 32.516725] ================================================================== [ 32.517709] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 32.517709] [ 32.518225] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#111): [ 32.519158] test_out_of_bounds_write+0x10d/0x260 [ 32.519561] kunit_try_run_case+0x1a5/0x480 [ 32.519852] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.520324] kthread+0x337/0x6f0 [ 32.520535] ret_from_fork+0x116/0x1d0 [ 32.520837] ret_from_fork_asm+0x1a/0x30 [ 32.521256] [ 32.521374] kfence-#111: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 32.521374] [ 32.522042] allocated by task 322 on cpu 1 at 32.516619s (0.005417s ago): [ 32.522418] test_alloc+0x2a6/0x10f0 [ 32.522657] test_out_of_bounds_write+0xd4/0x260 [ 32.522996] kunit_try_run_case+0x1a5/0x480 [ 32.523311] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.523565] kthread+0x337/0x6f0 [ 32.523755] ret_from_fork+0x116/0x1d0 [ 32.523984] ret_from_fork_asm+0x1a/0x30 [ 32.524282] [ 32.524521] CPU: 1 UID: 0 PID: 322 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 32.525485] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.525849] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.526618] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 31.581045] ================================================================== [ 31.581582] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 31.581582] [ 31.582273] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#102): [ 31.582827] test_out_of_bounds_read+0x216/0x4e0 [ 31.583146] kunit_try_run_case+0x1a5/0x480 [ 31.583327] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.583531] kthread+0x337/0x6f0 [ 31.583700] ret_from_fork+0x116/0x1d0 [ 31.584041] ret_from_fork_asm+0x1a/0x30 [ 31.584392] [ 31.584596] kfence-#102: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 31.584596] [ 31.585216] allocated by task 316 on cpu 0 at 31.580710s (0.004501s ago): [ 31.585555] test_alloc+0x364/0x10f0 [ 31.585873] test_out_of_bounds_read+0x1e2/0x4e0 [ 31.586255] kunit_try_run_case+0x1a5/0x480 [ 31.586614] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.587115] kthread+0x337/0x6f0 [ 31.587364] ret_from_fork+0x116/0x1d0 [ 31.587546] ret_from_fork_asm+0x1a/0x30 [ 31.587722] [ 31.587882] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 31.588764] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.589155] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.590075] ================================================================== [ 31.892920] ================================================================== [ 31.893468] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 31.893468] [ 31.893912] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#105): [ 31.894519] test_out_of_bounds_read+0x126/0x4e0 [ 31.894822] kunit_try_run_case+0x1a5/0x480 [ 31.895001] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.895272] kthread+0x337/0x6f0 [ 31.895665] ret_from_fork+0x116/0x1d0 [ 31.896068] ret_from_fork_asm+0x1a/0x30 [ 31.896481] [ 31.896665] kfence-#105: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 31.896665] [ 31.897284] allocated by task 318 on cpu 1 at 31.892805s (0.004472s ago): [ 31.897760] test_alloc+0x2a6/0x10f0 [ 31.898127] test_out_of_bounds_read+0xed/0x4e0 [ 31.898684] kunit_try_run_case+0x1a5/0x480 [ 31.899158] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.899601] kthread+0x337/0x6f0 [ 31.899931] ret_from_fork+0x116/0x1d0 [ 31.900190] ret_from_fork_asm+0x1a/0x30 [ 31.900396] [ 31.900649] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 31.901644] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.901851] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.902466] ================================================================== [ 31.373976] ================================================================== [ 31.374535] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 31.374535] [ 31.375294] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#100): [ 31.375649] test_out_of_bounds_read+0x126/0x4e0 [ 31.376043] kunit_try_run_case+0x1a5/0x480 [ 31.376467] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.376783] kthread+0x337/0x6f0 [ 31.377149] ret_from_fork+0x116/0x1d0 [ 31.377395] ret_from_fork_asm+0x1a/0x30 [ 31.377711] [ 31.377917] kfence-#100: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 31.377917] [ 31.378413] allocated by task 316 on cpu 0 at 31.372647s (0.005760s ago): [ 31.378911] test_alloc+0x364/0x10f0 [ 31.379394] test_out_of_bounds_read+0xed/0x4e0 [ 31.379715] kunit_try_run_case+0x1a5/0x480 [ 31.380043] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.380470] kthread+0x337/0x6f0 [ 31.380659] ret_from_fork+0x116/0x1d0 [ 31.380845] ret_from_fork_asm+0x1a/0x30 [ 31.381269] [ 31.381548] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 31.382542] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.382795] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.383143] ================================================================== [ 31.996885] ================================================================== [ 31.997421] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 31.997421] [ 31.997915] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#106): [ 31.998615] test_out_of_bounds_read+0x216/0x4e0 [ 31.998864] kunit_try_run_case+0x1a5/0x480 [ 31.999342] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.999904] kthread+0x337/0x6f0 [ 32.000340] ret_from_fork+0x116/0x1d0 [ 32.000731] ret_from_fork_asm+0x1a/0x30 [ 32.000981] [ 32.001183] kfence-#106: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 32.001183] [ 32.001707] allocated by task 318 on cpu 1 at 31.996781s (0.004920s ago): [ 32.002372] test_alloc+0x2a6/0x10f0 [ 32.002686] test_out_of_bounds_read+0x1e2/0x4e0 [ 32.002902] kunit_try_run_case+0x1a5/0x480 [ 32.003339] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.003822] kthread+0x337/0x6f0 [ 32.004057] ret_from_fork+0x116/0x1d0 [ 32.004285] ret_from_fork_asm+0x1a/0x30 [ 32.004721] [ 32.004969] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 32.005804] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.006005] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.006731] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-kasan_atomics
[ 30.202974] ================================================================== [ 30.204473] BUG: KFENCE: memory corruption in kasan_atomics+0x1e4/0x310 [ 30.204473] [ 30.204938] Corrupted memory at 0x(____ptrval____) [ ! ! ! ! ! ! ! ! . . . . . . . . ] (in kfence-#88): [ 30.206650] kasan_atomics+0x1e4/0x310 [ 30.207015] kunit_try_run_case+0x1a5/0x480 [ 30.207326] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.207793] kthread+0x337/0x6f0 [ 30.208019] ret_from_fork+0x116/0x1d0 [ 30.208536] ret_from_fork_asm+0x1a/0x30 [ 30.208903] [ 30.209382] kfence-#88: 0x(____ptrval____)-0x(____ptrval____), size=48, cache=kmalloc-64 [ 30.209382] [ 30.210481] allocated by task 294 on cpu 1 at 30.111968s (0.098372s ago): [ 30.211092] kasan_atomics+0x95/0x310 [ 30.211508] kunit_try_run_case+0x1a5/0x480 [ 30.211844] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.212161] kthread+0x337/0x6f0 [ 30.212467] ret_from_fork+0x116/0x1d0 [ 30.212791] ret_from_fork_asm+0x1a/0x30 [ 30.213410] [ 30.213804] freed by task 294 on cpu 1 at 30.202259s (0.011391s ago): [ 30.214378] kasan_atomics+0x1e4/0x310 [ 30.214739] kunit_try_run_case+0x1a5/0x480 [ 30.215154] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.215548] kthread+0x337/0x6f0 [ 30.215758] ret_from_fork+0x116/0x1d0 [ 30.216047] ret_from_fork_asm+0x1a/0x30 [ 30.216456] [ 30.216733] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 30.217398] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.217597] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.218247] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-drm_encoder_cleanup
[ 181.088800] ================================================================== [ 181.089460] BUG: KASAN: slab-use-after-free in drm_encoder_cleanup+0x265/0x270 [ 181.089762] Read of size 8 at addr ffff888105b27470 by task kunit_try_catch/1610 [ 181.091036] [ 181.091459] CPU: 1 UID: 0 PID: 1610 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 181.091716] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 181.091736] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 181.091757] Call Trace: [ 181.091777] <TASK> [ 181.091806] dump_stack_lvl+0x73/0xb0 [ 181.091862] print_report+0xd1/0x650 [ 181.091905] ? __virt_addr_valid+0x1db/0x2d0 [ 181.091934] ? drm_encoder_cleanup+0x265/0x270 [ 181.091959] ? kasan_complete_mode_report_info+0x64/0x200 [ 181.091985] ? drm_encoder_cleanup+0x265/0x270 [ 181.092009] kasan_report+0x141/0x180 [ 181.092032] ? drm_encoder_cleanup+0x265/0x270 [ 181.092060] __asan_report_load8_noabort+0x18/0x20 [ 181.092136] drm_encoder_cleanup+0x265/0x270 [ 181.092163] drmm_encoder_alloc_release+0x36/0x60 [ 181.092187] drm_managed_release+0x15c/0x470 [ 181.092211] ? simple_release_fs+0x86/0xb0 [ 181.092239] drm_dev_put.part.0+0xa1/0x100 [ 181.092263] ? __pfx_devm_drm_dev_init_release+0x10/0x10 [ 181.092288] devm_drm_dev_init_release+0x17/0x30 [ 181.092311] devm_action_release+0x50/0x80 [ 181.092340] devres_release_all+0x186/0x240 [ 181.092366] ? __pfx_devres_release_all+0x10/0x10 [ 181.092388] ? kernfs_remove_by_name_ns+0x166/0x1d0 [ 181.092416] ? sysfs_remove_file_ns+0x56/0xa0 [ 181.092441] device_unbind_cleanup+0x1b/0x1b0 [ 181.092465] device_release_driver_internal+0x3e4/0x540 [ 181.092488] ? klist_devices_put+0x35/0x50 [ 181.092511] device_release_driver+0x16/0x20 [ 181.092534] bus_remove_device+0x1e9/0x3d0 [ 181.092557] device_del+0x397/0x980 [ 181.092583] ? __pfx_device_del+0x10/0x10 [ 181.092606] ? __kasan_check_write+0x18/0x20 [ 181.092629] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 181.092653] ? __pfx_device_unregister_wrapper+0x10/0x10 [ 181.092680] device_unregister+0x1b/0xa0 [ 181.092702] device_unregister_wrapper+0x12/0x20 [ 181.092724] __kunit_action_free+0x57/0x70 [ 181.092749] kunit_remove_resource+0x133/0x200 [ 181.092771] ? preempt_count_sub+0x50/0x80 [ 181.092797] kunit_cleanup+0x7a/0x120 [ 181.092823] kunit_try_run_case_cleanup+0xbd/0xf0 [ 181.092847] ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [ 181.092877] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 181.092911] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 181.092933] kthread+0x337/0x6f0 [ 181.092957] ? trace_preempt_on+0x20/0xc0 [ 181.092984] ? __pfx_kthread+0x10/0x10 [ 181.093006] ? _raw_spin_unlock_irq+0x47/0x80 [ 181.093028] ? calculate_sigpending+0x7b/0xa0 [ 181.093053] ? __pfx_kthread+0x10/0x10 [ 181.093088] ret_from_fork+0x116/0x1d0 [ 181.093113] ? __pfx_kthread+0x10/0x10 [ 181.093134] ret_from_fork_asm+0x1a/0x30 [ 181.093168] </TASK> [ 181.093184] [ 181.111650] Allocated by task 1609: [ 181.112114] kasan_save_stack+0x45/0x70 [ 181.112528] kasan_save_track+0x18/0x40 [ 181.112919] kasan_save_alloc_info+0x3b/0x50 [ 181.113327] __kasan_kmalloc+0xb7/0xc0 [ 181.113503] __kmalloc_noprof+0x1c9/0x500 [ 181.113726] __devm_drm_bridge_alloc+0x33/0x170 [ 181.114013] drm_test_bridge_init+0x188/0x5c0 [ 181.114393] drm_test_drm_bridge_get_current_state_atomic+0xea/0x870 [ 181.114808] kunit_try_run_case+0x1a5/0x480 [ 181.115126] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 181.115546] kthread+0x337/0x6f0 [ 181.115746] ret_from_fork+0x116/0x1d0 [ 181.116127] ret_from_fork_asm+0x1a/0x30 [ 181.116369] [ 181.116531] Freed by task 1610: [ 181.116685] kasan_save_stack+0x45/0x70 [ 181.116930] kasan_save_track+0x18/0x40 [ 181.117307] kasan_save_free_info+0x3f/0x60 [ 181.117658] __kasan_slab_free+0x56/0x70 [ 181.118021] kfree+0x222/0x3f0 [ 181.118327] drm_bridge_put.part.0+0xc7/0x100 [ 181.118599] drm_bridge_put_void+0x17/0x30 [ 181.118836] devm_action_release+0x50/0x80 [ 181.119240] devres_release_all+0x186/0x240 [ 181.119518] device_unbind_cleanup+0x1b/0x1b0 [ 181.119762] device_release_driver_internal+0x3e4/0x540 [ 181.119990] device_release_driver+0x16/0x20 [ 181.120193] bus_remove_device+0x1e9/0x3d0 [ 181.120587] device_del+0x397/0x980 [ 181.120933] device_unregister+0x1b/0xa0 [ 181.121271] device_unregister_wrapper+0x12/0x20 [ 181.121658] __kunit_action_free+0x57/0x70 [ 181.122016] kunit_remove_resource+0x133/0x200 [ 181.122394] kunit_cleanup+0x7a/0x120 [ 181.122610] kunit_try_run_case_cleanup+0xbd/0xf0 [ 181.122970] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 181.123332] kthread+0x337/0x6f0 [ 181.123629] ret_from_fork+0x116/0x1d0 [ 181.123917] ret_from_fork_asm+0x1a/0x30 [ 181.124160] [ 181.124338] The buggy address belongs to the object at ffff888105b27400 [ 181.124338] which belongs to the cache kmalloc-512 of size 512 [ 181.124814] The buggy address is located 112 bytes inside of [ 181.124814] freed 512-byte region [ffff888105b27400, ffff888105b27600) [ 181.125506] [ 181.125694] The buggy address belongs to the physical page: [ 181.126180] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105b24 [ 181.126683] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 181.127182] anon flags: 0x200000000000040(head|node=0|zone=2) [ 181.127602] page_type: f5(slab) [ 181.127780] raw: 0200000000000040 ffff888100041c80 0000000000000000 0000000000000001 [ 181.128366] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 181.128812] head: 0200000000000040 ffff888100041c80 0000000000000000 0000000000000001 [ 181.129281] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 181.129686] head: 0200000000000002 ffffea000416c901 00000000ffffffff 00000000ffffffff [ 181.129995] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 181.130280] page dumped because: kasan: bad access detected [ 181.130722] [ 181.130928] Memory state around the buggy address: [ 181.131336] ffff888105b27300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 181.131893] ffff888105b27380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 181.132285] >ffff888105b27400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 181.132675] ^ [ 181.133079] ffff888105b27480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 181.133580] ffff888105b27500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 181.133967] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 30.599296] ================================================================== [ 30.599897] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 30.600746] Write of size 1 at addr ffff888103782f78 by task kunit_try_catch/314 [ 30.601435] [ 30.601602] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 30.601725] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.601754] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.601801] Call Trace: [ 30.601850] <TASK> [ 30.601894] dump_stack_lvl+0x73/0xb0 [ 30.601967] print_report+0xd1/0x650 [ 30.602017] ? __virt_addr_valid+0x1db/0x2d0 [ 30.602070] ? strncpy_from_user+0x1a5/0x1d0 [ 30.602141] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.602200] ? strncpy_from_user+0x1a5/0x1d0 [ 30.602256] kasan_report+0x141/0x180 [ 30.602309] ? strncpy_from_user+0x1a5/0x1d0 [ 30.602374] __asan_report_store1_noabort+0x1b/0x30 [ 30.602433] strncpy_from_user+0x1a5/0x1d0 [ 30.602493] copy_user_test_oob+0x760/0x10f0 [ 30.602555] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.602609] ? finish_task_switch.isra.0+0x153/0x700 [ 30.602663] ? __switch_to+0x47/0xf50 [ 30.602723] ? __schedule+0x10cc/0x2b60 [ 30.602779] ? __pfx_read_tsc+0x10/0x10 [ 30.602830] ? ktime_get_ts64+0x86/0x230 [ 30.602893] kunit_try_run_case+0x1a5/0x480 [ 30.602951] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.603003] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.603058] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.603120] ? __kthread_parkme+0x82/0x180 [ 30.603169] ? preempt_count_sub+0x50/0x80 [ 30.603223] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.603277] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.603332] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.603405] kthread+0x337/0x6f0 [ 30.603451] ? trace_preempt_on+0x20/0xc0 [ 30.603507] ? __pfx_kthread+0x10/0x10 [ 30.603558] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.603613] ? calculate_sigpending+0x7b/0xa0 [ 30.603670] ? __pfx_kthread+0x10/0x10 [ 30.603726] ret_from_fork+0x116/0x1d0 [ 30.603774] ? __pfx_kthread+0x10/0x10 [ 30.603826] ret_from_fork_asm+0x1a/0x30 [ 30.603903] </TASK> [ 30.603931] [ 30.617353] Allocated by task 314: [ 30.617838] kasan_save_stack+0x45/0x70 [ 30.618269] kasan_save_track+0x18/0x40 [ 30.618469] kasan_save_alloc_info+0x3b/0x50 [ 30.618667] __kasan_kmalloc+0xb7/0xc0 [ 30.618875] __kmalloc_noprof+0x1c9/0x500 [ 30.619241] kunit_kmalloc_array+0x25/0x60 [ 30.619594] copy_user_test_oob+0xab/0x10f0 [ 30.619953] kunit_try_run_case+0x1a5/0x480 [ 30.620433] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.620965] kthread+0x337/0x6f0 [ 30.621299] ret_from_fork+0x116/0x1d0 [ 30.621665] ret_from_fork_asm+0x1a/0x30 [ 30.621895] [ 30.622168] The buggy address belongs to the object at ffff888103782f00 [ 30.622168] which belongs to the cache kmalloc-128 of size 128 [ 30.622939] The buggy address is located 0 bytes to the right of [ 30.622939] allocated 120-byte region [ffff888103782f00, ffff888103782f78) [ 30.624146] [ 30.625135] The buggy address belongs to the physical page: [ 30.625374] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103782 [ 30.625965] flags: 0x200000000000000(node=0|zone=2) [ 30.626253] page_type: f5(slab) [ 30.626545] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.627338] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.627963] page dumped because: kasan: bad access detected [ 30.628492] [ 30.628602] Memory state around the buggy address: [ 30.629067] ffff888103782e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.629717] ffff888103782e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.630520] >ffff888103782f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.630886] ^ [ 30.631825] ffff888103782f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.632053] ffff888103783000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.632268] ================================================================== [ 30.574398] ================================================================== [ 30.574762] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 30.575742] Write of size 121 at addr ffff888103782f00 by task kunit_try_catch/314 [ 30.576293] [ 30.576559] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 30.576685] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.576717] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.576766] Call Trace: [ 30.576813] <TASK> [ 30.576863] dump_stack_lvl+0x73/0xb0 [ 30.576954] print_report+0xd1/0x650 [ 30.577006] ? __virt_addr_valid+0x1db/0x2d0 [ 30.577054] ? strncpy_from_user+0x2e/0x1d0 [ 30.577115] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.577176] ? strncpy_from_user+0x2e/0x1d0 [ 30.577233] kasan_report+0x141/0x180 [ 30.577277] ? strncpy_from_user+0x2e/0x1d0 [ 30.577315] kasan_check_range+0x10c/0x1c0 [ 30.577343] __kasan_check_write+0x18/0x20 [ 30.577369] strncpy_from_user+0x2e/0x1d0 [ 30.577393] ? __kasan_check_read+0x15/0x20 [ 30.577420] copy_user_test_oob+0x760/0x10f0 [ 30.577449] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.577474] ? finish_task_switch.isra.0+0x153/0x700 [ 30.577501] ? __switch_to+0x47/0xf50 [ 30.577530] ? __schedule+0x10cc/0x2b60 [ 30.577556] ? __pfx_read_tsc+0x10/0x10 [ 30.577580] ? ktime_get_ts64+0x86/0x230 [ 30.577608] kunit_try_run_case+0x1a5/0x480 [ 30.577638] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.577663] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.577690] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.577716] ? __kthread_parkme+0x82/0x180 [ 30.577741] ? preempt_count_sub+0x50/0x80 [ 30.577767] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.577793] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.577819] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.577845] kthread+0x337/0x6f0 [ 30.577867] ? trace_preempt_on+0x20/0xc0 [ 30.577893] ? __pfx_kthread+0x10/0x10 [ 30.577932] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.577961] ? calculate_sigpending+0x7b/0xa0 [ 30.577989] ? __pfx_kthread+0x10/0x10 [ 30.578013] ret_from_fork+0x116/0x1d0 [ 30.578035] ? __pfx_kthread+0x10/0x10 [ 30.578058] ret_from_fork_asm+0x1a/0x30 [ 30.578092] </TASK> [ 30.578125] [ 30.587529] Allocated by task 314: [ 30.587805] kasan_save_stack+0x45/0x70 [ 30.588128] kasan_save_track+0x18/0x40 [ 30.588439] kasan_save_alloc_info+0x3b/0x50 [ 30.588660] __kasan_kmalloc+0xb7/0xc0 [ 30.588954] __kmalloc_noprof+0x1c9/0x500 [ 30.589215] kunit_kmalloc_array+0x25/0x60 [ 30.589537] copy_user_test_oob+0xab/0x10f0 [ 30.589728] kunit_try_run_case+0x1a5/0x480 [ 30.589911] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.590346] kthread+0x337/0x6f0 [ 30.590613] ret_from_fork+0x116/0x1d0 [ 30.590944] ret_from_fork_asm+0x1a/0x30 [ 30.591223] [ 30.591343] The buggy address belongs to the object at ffff888103782f00 [ 30.591343] which belongs to the cache kmalloc-128 of size 128 [ 30.591945] The buggy address is located 0 bytes inside of [ 30.591945] allocated 120-byte region [ffff888103782f00, ffff888103782f78) [ 30.592537] [ 30.592659] The buggy address belongs to the physical page: [ 30.593097] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103782 [ 30.593587] flags: 0x200000000000000(node=0|zone=2) [ 30.593810] page_type: f5(slab) [ 30.594147] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.594587] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.595121] page dumped because: kasan: bad access detected [ 30.595341] [ 30.595504] Memory state around the buggy address: [ 30.595756] ffff888103782e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.596272] ffff888103782e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.596641] >ffff888103782f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.596979] ^ [ 30.597344] ffff888103782f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.597617] ffff888103783000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.597876] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 30.542383] ================================================================== [ 30.542791] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 30.544414] Read of size 121 at addr ffff888103782f00 by task kunit_try_catch/314 [ 30.544845] [ 30.545136] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 30.545285] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.545315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.545364] Call Trace: [ 30.545412] <TASK> [ 30.545490] dump_stack_lvl+0x73/0xb0 [ 30.545591] print_report+0xd1/0x650 [ 30.545643] ? __virt_addr_valid+0x1db/0x2d0 [ 30.545697] ? copy_user_test_oob+0x604/0x10f0 [ 30.545781] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.545856] ? copy_user_test_oob+0x604/0x10f0 [ 30.545908] kasan_report+0x141/0x180 [ 30.545976] ? copy_user_test_oob+0x604/0x10f0 [ 30.546066] kasan_check_range+0x10c/0x1c0 [ 30.546150] __kasan_check_read+0x15/0x20 [ 30.546191] copy_user_test_oob+0x604/0x10f0 [ 30.546221] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.546246] ? finish_task_switch.isra.0+0x153/0x700 [ 30.546272] ? __switch_to+0x47/0xf50 [ 30.546305] ? __schedule+0x10cc/0x2b60 [ 30.546349] ? __pfx_read_tsc+0x10/0x10 [ 30.546388] ? ktime_get_ts64+0x86/0x230 [ 30.546418] kunit_try_run_case+0x1a5/0x480 [ 30.546447] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.546471] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.546497] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.546523] ? __kthread_parkme+0x82/0x180 [ 30.546547] ? preempt_count_sub+0x50/0x80 [ 30.546573] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.546598] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.546625] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.546650] kthread+0x337/0x6f0 [ 30.546672] ? trace_preempt_on+0x20/0xc0 [ 30.546699] ? __pfx_kthread+0x10/0x10 [ 30.546722] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.546745] ? calculate_sigpending+0x7b/0xa0 [ 30.546772] ? __pfx_kthread+0x10/0x10 [ 30.546796] ret_from_fork+0x116/0x1d0 [ 30.546818] ? __pfx_kthread+0x10/0x10 [ 30.546841] ret_from_fork_asm+0x1a/0x30 [ 30.546874] </TASK> [ 30.546889] [ 30.555906] Allocated by task 314: [ 30.556358] kasan_save_stack+0x45/0x70 [ 30.556820] kasan_save_track+0x18/0x40 [ 30.557316] kasan_save_alloc_info+0x3b/0x50 [ 30.557706] __kasan_kmalloc+0xb7/0xc0 [ 30.558040] __kmalloc_noprof+0x1c9/0x500 [ 30.558387] kunit_kmalloc_array+0x25/0x60 [ 30.558730] copy_user_test_oob+0xab/0x10f0 [ 30.559186] kunit_try_run_case+0x1a5/0x480 [ 30.559599] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.560157] kthread+0x337/0x6f0 [ 30.560497] ret_from_fork+0x116/0x1d0 [ 30.560768] ret_from_fork_asm+0x1a/0x30 [ 30.561056] [ 30.561271] The buggy address belongs to the object at ffff888103782f00 [ 30.561271] which belongs to the cache kmalloc-128 of size 128 [ 30.561962] The buggy address is located 0 bytes inside of [ 30.561962] allocated 120-byte region [ffff888103782f00, ffff888103782f78) [ 30.562839] [ 30.563029] The buggy address belongs to the physical page: [ 30.564663] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103782 [ 30.565238] flags: 0x200000000000000(node=0|zone=2) [ 30.566421] page_type: f5(slab) [ 30.566659] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.566871] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.567811] page dumped because: kasan: bad access detected [ 30.568584] [ 30.568709] Memory state around the buggy address: [ 30.569095] ffff888103782e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.569590] ffff888103782e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.570395] >ffff888103782f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.570722] ^ [ 30.571371] ffff888103782f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.571729] ffff888103783000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.572547] ================================================================== [ 30.445569] ================================================================== [ 30.446094] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 30.446826] Write of size 121 at addr ffff888103782f00 by task kunit_try_catch/314 [ 30.447447] [ 30.447636] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 30.447750] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.447770] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.447798] Call Trace: [ 30.447823] <TASK> [ 30.447850] dump_stack_lvl+0x73/0xb0 [ 30.447912] print_report+0xd1/0x650 [ 30.447984] ? __virt_addr_valid+0x1db/0x2d0 [ 30.448396] ? copy_user_test_oob+0x3fd/0x10f0 [ 30.448426] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.448456] ? copy_user_test_oob+0x3fd/0x10f0 [ 30.448484] kasan_report+0x141/0x180 [ 30.448510] ? copy_user_test_oob+0x3fd/0x10f0 [ 30.448541] kasan_check_range+0x10c/0x1c0 [ 30.448569] __kasan_check_write+0x18/0x20 [ 30.448595] copy_user_test_oob+0x3fd/0x10f0 [ 30.448624] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.448649] ? finish_task_switch.isra.0+0x153/0x700 [ 30.448676] ? __switch_to+0x47/0xf50 [ 30.448705] ? __schedule+0x10cc/0x2b60 [ 30.448732] ? __pfx_read_tsc+0x10/0x10 [ 30.448756] ? ktime_get_ts64+0x86/0x230 [ 30.448786] kunit_try_run_case+0x1a5/0x480 [ 30.448815] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.448840] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.448867] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.448893] ? __kthread_parkme+0x82/0x180 [ 30.448931] ? preempt_count_sub+0x50/0x80 [ 30.448964] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.448990] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.449018] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.449044] kthread+0x337/0x6f0 [ 30.449067] ? trace_preempt_on+0x20/0xc0 [ 30.449093] ? __pfx_kthread+0x10/0x10 [ 30.449131] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.449155] ? calculate_sigpending+0x7b/0xa0 [ 30.449183] ? __pfx_kthread+0x10/0x10 [ 30.449207] ret_from_fork+0x116/0x1d0 [ 30.449230] ? __pfx_kthread+0x10/0x10 [ 30.449253] ret_from_fork_asm+0x1a/0x30 [ 30.449286] </TASK> [ 30.449301] [ 30.464205] Allocated by task 314: [ 30.464515] kasan_save_stack+0x45/0x70 [ 30.464820] kasan_save_track+0x18/0x40 [ 30.465129] kasan_save_alloc_info+0x3b/0x50 [ 30.465713] __kasan_kmalloc+0xb7/0xc0 [ 30.466085] __kmalloc_noprof+0x1c9/0x500 [ 30.466289] kunit_kmalloc_array+0x25/0x60 [ 30.466476] copy_user_test_oob+0xab/0x10f0 [ 30.467021] kunit_try_run_case+0x1a5/0x480 [ 30.467490] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.467963] kthread+0x337/0x6f0 [ 30.468292] ret_from_fork+0x116/0x1d0 [ 30.468564] ret_from_fork_asm+0x1a/0x30 [ 30.468848] [ 30.469384] The buggy address belongs to the object at ffff888103782f00 [ 30.469384] which belongs to the cache kmalloc-128 of size 128 [ 30.470405] The buggy address is located 0 bytes inside of [ 30.470405] allocated 120-byte region [ffff888103782f00, ffff888103782f78) [ 30.471296] [ 30.471533] The buggy address belongs to the physical page: [ 30.471882] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103782 [ 30.472278] flags: 0x200000000000000(node=0|zone=2) [ 30.472619] page_type: f5(slab) [ 30.472857] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.473800] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.474576] page dumped because: kasan: bad access detected [ 30.474992] [ 30.475172] Memory state around the buggy address: [ 30.475412] ffff888103782e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.475940] ffff888103782e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.476403] >ffff888103782f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.476689] ^ [ 30.477470] ffff888103782f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.478182] ffff888103783000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.478817] ================================================================== [ 30.511355] ================================================================== [ 30.512291] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 30.512708] Write of size 121 at addr ffff888103782f00 by task kunit_try_catch/314 [ 30.513165] [ 30.513434] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 30.513572] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.513603] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.513654] Call Trace: [ 30.513728] <TASK> [ 30.513792] dump_stack_lvl+0x73/0xb0 [ 30.513887] print_report+0xd1/0x650 [ 30.514225] ? __virt_addr_valid+0x1db/0x2d0 [ 30.514281] ? copy_user_test_oob+0x557/0x10f0 [ 30.514310] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.514340] ? copy_user_test_oob+0x557/0x10f0 [ 30.514366] kasan_report+0x141/0x180 [ 30.514391] ? copy_user_test_oob+0x557/0x10f0 [ 30.514421] kasan_check_range+0x10c/0x1c0 [ 30.514446] __kasan_check_write+0x18/0x20 [ 30.514472] copy_user_test_oob+0x557/0x10f0 [ 30.514500] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.514525] ? finish_task_switch.isra.0+0x153/0x700 [ 30.514550] ? __switch_to+0x47/0xf50 [ 30.514579] ? __schedule+0x10cc/0x2b60 [ 30.514604] ? __pfx_read_tsc+0x10/0x10 [ 30.514629] ? ktime_get_ts64+0x86/0x230 [ 30.514657] kunit_try_run_case+0x1a5/0x480 [ 30.514686] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.514711] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.514736] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.514761] ? __kthread_parkme+0x82/0x180 [ 30.514785] ? preempt_count_sub+0x50/0x80 [ 30.514812] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.514838] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.514864] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.514890] kthread+0x337/0x6f0 [ 30.514922] ? trace_preempt_on+0x20/0xc0 [ 30.515192] ? __pfx_kthread+0x10/0x10 [ 30.515230] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.515258] ? calculate_sigpending+0x7b/0xa0 [ 30.515285] ? __pfx_kthread+0x10/0x10 [ 30.515310] ret_from_fork+0x116/0x1d0 [ 30.515336] ? __pfx_kthread+0x10/0x10 [ 30.515359] ret_from_fork_asm+0x1a/0x30 [ 30.515394] </TASK> [ 30.515410] [ 30.527857] Allocated by task 314: [ 30.528167] kasan_save_stack+0x45/0x70 [ 30.528584] kasan_save_track+0x18/0x40 [ 30.528917] kasan_save_alloc_info+0x3b/0x50 [ 30.529456] __kasan_kmalloc+0xb7/0xc0 [ 30.529762] __kmalloc_noprof+0x1c9/0x500 [ 30.530260] kunit_kmalloc_array+0x25/0x60 [ 30.530499] copy_user_test_oob+0xab/0x10f0 [ 30.530720] kunit_try_run_case+0x1a5/0x480 [ 30.531135] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.531372] kthread+0x337/0x6f0 [ 30.531535] ret_from_fork+0x116/0x1d0 [ 30.531658] ret_from_fork_asm+0x1a/0x30 [ 30.531755] [ 30.531816] The buggy address belongs to the object at ffff888103782f00 [ 30.531816] which belongs to the cache kmalloc-128 of size 128 [ 30.532714] The buggy address is located 0 bytes inside of [ 30.532714] allocated 120-byte region [ffff888103782f00, ffff888103782f78) [ 30.533885] [ 30.534124] The buggy address belongs to the physical page: [ 30.534654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103782 [ 30.535175] flags: 0x200000000000000(node=0|zone=2) [ 30.535603] page_type: f5(slab) [ 30.535880] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.536302] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.536823] page dumped because: kasan: bad access detected [ 30.537359] [ 30.537554] Memory state around the buggy address: [ 30.537833] ffff888103782e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.538332] ffff888103782e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.538938] >ffff888103782f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.539271] ^ [ 30.539830] ffff888103782f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.540251] ffff888103783000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.540707] ================================================================== [ 30.480171] ================================================================== [ 30.481823] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 30.482362] Read of size 121 at addr ffff888103782f00 by task kunit_try_catch/314 [ 30.482967] [ 30.483191] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 30.483306] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.483338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.483389] Call Trace: [ 30.483461] <TASK> [ 30.483521] dump_stack_lvl+0x73/0xb0 [ 30.483612] print_report+0xd1/0x650 [ 30.483664] ? __virt_addr_valid+0x1db/0x2d0 [ 30.483713] ? copy_user_test_oob+0x4aa/0x10f0 [ 30.483764] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.483821] ? copy_user_test_oob+0x4aa/0x10f0 [ 30.483877] kasan_report+0x141/0x180 [ 30.483929] ? copy_user_test_oob+0x4aa/0x10f0 [ 30.483994] kasan_check_range+0x10c/0x1c0 [ 30.484049] __kasan_check_read+0x15/0x20 [ 30.484114] copy_user_test_oob+0x4aa/0x10f0 [ 30.484166] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.484194] ? finish_task_switch.isra.0+0x153/0x700 [ 30.484222] ? __switch_to+0x47/0xf50 [ 30.484252] ? __schedule+0x10cc/0x2b60 [ 30.484278] ? __pfx_read_tsc+0x10/0x10 [ 30.484303] ? ktime_get_ts64+0x86/0x230 [ 30.484331] kunit_try_run_case+0x1a5/0x480 [ 30.484360] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.484385] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.484411] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.484437] ? __kthread_parkme+0x82/0x180 [ 30.484460] ? preempt_count_sub+0x50/0x80 [ 30.484485] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.484513] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.484539] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.484565] kthread+0x337/0x6f0 [ 30.484587] ? trace_preempt_on+0x20/0xc0 [ 30.484614] ? __pfx_kthread+0x10/0x10 [ 30.484638] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.484662] ? calculate_sigpending+0x7b/0xa0 [ 30.484688] ? __pfx_kthread+0x10/0x10 [ 30.484713] ret_from_fork+0x116/0x1d0 [ 30.484734] ? __pfx_kthread+0x10/0x10 [ 30.484758] ret_from_fork_asm+0x1a/0x30 [ 30.484792] </TASK> [ 30.484806] [ 30.496813] Allocated by task 314: [ 30.497168] kasan_save_stack+0x45/0x70 [ 30.497597] kasan_save_track+0x18/0x40 [ 30.497890] kasan_save_alloc_info+0x3b/0x50 [ 30.498172] __kasan_kmalloc+0xb7/0xc0 [ 30.498463] __kmalloc_noprof+0x1c9/0x500 [ 30.498685] kunit_kmalloc_array+0x25/0x60 [ 30.499012] copy_user_test_oob+0xab/0x10f0 [ 30.499324] kunit_try_run_case+0x1a5/0x480 [ 30.499535] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.499761] kthread+0x337/0x6f0 [ 30.499963] ret_from_fork+0x116/0x1d0 [ 30.500333] ret_from_fork_asm+0x1a/0x30 [ 30.500679] [ 30.500859] The buggy address belongs to the object at ffff888103782f00 [ 30.500859] which belongs to the cache kmalloc-128 of size 128 [ 30.501883] The buggy address is located 0 bytes inside of [ 30.501883] allocated 120-byte region [ffff888103782f00, ffff888103782f78) [ 30.502731] [ 30.502859] The buggy address belongs to the physical page: [ 30.503119] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103782 [ 30.503759] flags: 0x200000000000000(node=0|zone=2) [ 30.504299] page_type: f5(slab) [ 30.504646] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.505109] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.505482] page dumped because: kasan: bad access detected [ 30.505990] [ 30.506149] Memory state around the buggy address: [ 30.506491] ffff888103782e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.506763] ffff888103782e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.507051] >ffff888103782f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.507623] ^ [ 30.508478] ffff888103782f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.508745] ffff888103783000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.509792] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-_copy_to_user
[ 30.410512] ================================================================== [ 30.410897] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70 [ 30.411369] Read of size 121 at addr ffff888103782f00 by task kunit_try_catch/314 [ 30.411654] [ 30.411868] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 30.411975] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.412006] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.412056] Call Trace: [ 30.412123] <TASK> [ 30.412167] dump_stack_lvl+0x73/0xb0 [ 30.412237] print_report+0xd1/0x650 [ 30.412288] ? __virt_addr_valid+0x1db/0x2d0 [ 30.412339] ? _copy_to_user+0x3c/0x70 [ 30.412385] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.412438] ? _copy_to_user+0x3c/0x70 [ 30.412482] kasan_report+0x141/0x180 [ 30.412525] ? _copy_to_user+0x3c/0x70 [ 30.412583] kasan_check_range+0x10c/0x1c0 [ 30.412633] __kasan_check_read+0x15/0x20 [ 30.412685] _copy_to_user+0x3c/0x70 [ 30.412735] copy_user_test_oob+0x364/0x10f0 [ 30.412786] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.412835] ? finish_task_switch.isra.0+0x153/0x700 [ 30.412886] ? __switch_to+0x47/0xf50 [ 30.412943] ? __schedule+0x10cc/0x2b60 [ 30.412989] ? __pfx_read_tsc+0x10/0x10 [ 30.413044] ? ktime_get_ts64+0x86/0x230 [ 30.413113] kunit_try_run_case+0x1a5/0x480 [ 30.413172] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.413226] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.413267] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.413296] ? __kthread_parkme+0x82/0x180 [ 30.413321] ? preempt_count_sub+0x50/0x80 [ 30.413346] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.413373] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.413400] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.413425] kthread+0x337/0x6f0 [ 30.413448] ? trace_preempt_on+0x20/0xc0 [ 30.413475] ? __pfx_kthread+0x10/0x10 [ 30.413498] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.413521] ? calculate_sigpending+0x7b/0xa0 [ 30.413548] ? __pfx_kthread+0x10/0x10 [ 30.413573] ret_from_fork+0x116/0x1d0 [ 30.413594] ? __pfx_kthread+0x10/0x10 [ 30.413618] ret_from_fork_asm+0x1a/0x30 [ 30.413651] </TASK> [ 30.413666] [ 30.423996] Allocated by task 314: [ 30.424391] kasan_save_stack+0x45/0x70 [ 30.424810] kasan_save_track+0x18/0x40 [ 30.425144] kasan_save_alloc_info+0x3b/0x50 [ 30.425454] __kasan_kmalloc+0xb7/0xc0 [ 30.425645] __kmalloc_noprof+0x1c9/0x500 [ 30.425839] kunit_kmalloc_array+0x25/0x60 [ 30.426035] copy_user_test_oob+0xab/0x10f0 [ 30.426244] kunit_try_run_case+0x1a5/0x480 [ 30.426605] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.427078] kthread+0x337/0x6f0 [ 30.427622] ret_from_fork+0x116/0x1d0 [ 30.428010] ret_from_fork_asm+0x1a/0x30 [ 30.428396] [ 30.428578] The buggy address belongs to the object at ffff888103782f00 [ 30.428578] which belongs to the cache kmalloc-128 of size 128 [ 30.429233] The buggy address is located 0 bytes inside of [ 30.429233] allocated 120-byte region [ffff888103782f00, ffff888103782f78) [ 30.430091] [ 30.430238] The buggy address belongs to the physical page: [ 30.430558] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103782 [ 30.430880] flags: 0x200000000000000(node=0|zone=2) [ 30.431117] page_type: f5(slab) [ 30.431432] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.432136] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.432601] page dumped because: kasan: bad access detected [ 30.432998] [ 30.433122] Memory state around the buggy address: [ 30.433490] ffff888103782e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.433867] ffff888103782e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.434298] >ffff888103782f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.434579] ^ [ 30.434863] ffff888103782f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.435408] ffff888103783000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.435948] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-_copy_from_user
[ 30.373625] ================================================================== [ 30.374705] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 30.375822] Write of size 121 at addr ffff888103782f00 by task kunit_try_catch/314 [ 30.376819] [ 30.377009] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 30.377086] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.377121] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.377169] Call Trace: [ 30.377208] <TASK> [ 30.377258] dump_stack_lvl+0x73/0xb0 [ 30.377657] print_report+0xd1/0x650 [ 30.377708] ? __virt_addr_valid+0x1db/0x2d0 [ 30.377740] ? _copy_from_user+0x32/0x90 [ 30.377768] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.377797] ? _copy_from_user+0x32/0x90 [ 30.377823] kasan_report+0x141/0x180 [ 30.377848] ? _copy_from_user+0x32/0x90 [ 30.377879] kasan_check_range+0x10c/0x1c0 [ 30.377914] __kasan_check_write+0x18/0x20 [ 30.378032] _copy_from_user+0x32/0x90 [ 30.378060] copy_user_test_oob+0x2be/0x10f0 [ 30.378096] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.378144] ? finish_task_switch.isra.0+0x153/0x700 [ 30.378172] ? __switch_to+0x47/0xf50 [ 30.378205] ? __schedule+0x10cc/0x2b60 [ 30.378232] ? __pfx_read_tsc+0x10/0x10 [ 30.378256] ? ktime_get_ts64+0x86/0x230 [ 30.378287] kunit_try_run_case+0x1a5/0x480 [ 30.378314] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.378340] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.378366] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.378392] ? __kthread_parkme+0x82/0x180 [ 30.378416] ? preempt_count_sub+0x50/0x80 [ 30.378442] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.378469] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.378495] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.378521] kthread+0x337/0x6f0 [ 30.378543] ? trace_preempt_on+0x20/0xc0 [ 30.378571] ? __pfx_kthread+0x10/0x10 [ 30.378595] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.378619] ? calculate_sigpending+0x7b/0xa0 [ 30.378647] ? __pfx_kthread+0x10/0x10 [ 30.378671] ret_from_fork+0x116/0x1d0 [ 30.378694] ? __pfx_kthread+0x10/0x10 [ 30.378717] ret_from_fork_asm+0x1a/0x30 [ 30.378751] </TASK> [ 30.378769] [ 30.391704] Allocated by task 314: [ 30.392209] kasan_save_stack+0x45/0x70 [ 30.392529] kasan_save_track+0x18/0x40 [ 30.392735] kasan_save_alloc_info+0x3b/0x50 [ 30.392966] __kasan_kmalloc+0xb7/0xc0 [ 30.393341] __kmalloc_noprof+0x1c9/0x500 [ 30.393644] kunit_kmalloc_array+0x25/0x60 [ 30.394060] copy_user_test_oob+0xab/0x10f0 [ 30.394298] kunit_try_run_case+0x1a5/0x480 [ 30.394715] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.395039] kthread+0x337/0x6f0 [ 30.395382] ret_from_fork+0x116/0x1d0 [ 30.395673] ret_from_fork_asm+0x1a/0x30 [ 30.395888] [ 30.396139] The buggy address belongs to the object at ffff888103782f00 [ 30.396139] which belongs to the cache kmalloc-128 of size 128 [ 30.396894] The buggy address is located 0 bytes inside of [ 30.396894] allocated 120-byte region [ffff888103782f00, ffff888103782f78) [ 30.397627] [ 30.397793] The buggy address belongs to the physical page: [ 30.398321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103782 [ 30.398852] flags: 0x200000000000000(node=0|zone=2) [ 30.399151] page_type: f5(slab) [ 30.399501] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.399977] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.400571] page dumped because: kasan: bad access detected [ 30.400956] [ 30.401151] Memory state around the buggy address: [ 30.401511] ffff888103782e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.401895] ffff888103782e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.402527] >ffff888103782f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.402987] ^ [ 30.403520] ffff888103782f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.404140] ffff888103783000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.404577] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 30.295779] ================================================================== [ 30.296900] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 30.297481] Write of size 8 at addr ffff888103782e78 by task kunit_try_catch/310 [ 30.298496] [ 30.298792] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 30.298924] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.299003] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.299072] Call Trace: [ 30.299126] <TASK> [ 30.299172] dump_stack_lvl+0x73/0xb0 [ 30.299228] print_report+0xd1/0x650 [ 30.299258] ? __virt_addr_valid+0x1db/0x2d0 [ 30.299286] ? copy_to_kernel_nofault+0x99/0x260 [ 30.299332] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.299422] ? copy_to_kernel_nofault+0x99/0x260 [ 30.299464] kasan_report+0x141/0x180 [ 30.299505] ? copy_to_kernel_nofault+0x99/0x260 [ 30.299535] kasan_check_range+0x10c/0x1c0 [ 30.299560] __kasan_check_write+0x18/0x20 [ 30.299586] copy_to_kernel_nofault+0x99/0x260 [ 30.299613] copy_to_kernel_nofault_oob+0x288/0x560 [ 30.299638] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 30.299664] ? finish_task_switch.isra.0+0x153/0x700 [ 30.299690] ? __schedule+0x10cc/0x2b60 [ 30.299715] ? trace_hardirqs_on+0x37/0xe0 [ 30.299748] ? __pfx_read_tsc+0x10/0x10 [ 30.299771] ? ktime_get_ts64+0x86/0x230 [ 30.299799] kunit_try_run_case+0x1a5/0x480 [ 30.299827] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.299851] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.299877] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.299917] ? __kthread_parkme+0x82/0x180 [ 30.299953] ? preempt_count_sub+0x50/0x80 [ 30.299996] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.300040] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.300081] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.300140] kthread+0x337/0x6f0 [ 30.300175] ? trace_preempt_on+0x20/0xc0 [ 30.300212] ? __pfx_kthread+0x10/0x10 [ 30.300246] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.300283] ? calculate_sigpending+0x7b/0xa0 [ 30.300323] ? __pfx_kthread+0x10/0x10 [ 30.300360] ret_from_fork+0x116/0x1d0 [ 30.300396] ? __pfx_kthread+0x10/0x10 [ 30.300434] ret_from_fork_asm+0x1a/0x30 [ 30.300482] </TASK> [ 30.300497] [ 30.317771] Allocated by task 310: [ 30.318587] kasan_save_stack+0x45/0x70 [ 30.318923] kasan_save_track+0x18/0x40 [ 30.319370] kasan_save_alloc_info+0x3b/0x50 [ 30.319810] __kasan_kmalloc+0xb7/0xc0 [ 30.320408] __kmalloc_cache_noprof+0x189/0x420 [ 30.320836] copy_to_kernel_nofault_oob+0x12f/0x560 [ 30.321053] kunit_try_run_case+0x1a5/0x480 [ 30.321711] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.322413] kthread+0x337/0x6f0 [ 30.322812] ret_from_fork+0x116/0x1d0 [ 30.323275] ret_from_fork_asm+0x1a/0x30 [ 30.323613] [ 30.323721] The buggy address belongs to the object at ffff888103782e00 [ 30.323721] which belongs to the cache kmalloc-128 of size 128 [ 30.325086] The buggy address is located 0 bytes to the right of [ 30.325086] allocated 120-byte region [ffff888103782e00, ffff888103782e78) [ 30.326375] [ 30.326515] The buggy address belongs to the physical page: [ 30.327071] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103782 [ 30.328306] flags: 0x200000000000000(node=0|zone=2) [ 30.328598] page_type: f5(slab) [ 30.328846] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.330226] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.330599] page dumped because: kasan: bad access detected [ 30.331327] [ 30.331695] Memory state around the buggy address: [ 30.332080] ffff888103782d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.332702] ffff888103782d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.333476] >ffff888103782e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.334230] ^ [ 30.334490] ffff888103782e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.334733] ffff888103782f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.334879] ================================================================== [ 30.258737] ================================================================== [ 30.259899] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 30.260551] Read of size 8 at addr ffff888103782e78 by task kunit_try_catch/310 [ 30.260870] [ 30.261343] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 30.261462] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.261488] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.261532] Call Trace: [ 30.261562] <TASK> [ 30.261604] dump_stack_lvl+0x73/0xb0 [ 30.261685] print_report+0xd1/0x650 [ 30.261743] ? __virt_addr_valid+0x1db/0x2d0 [ 30.261799] ? copy_to_kernel_nofault+0x225/0x260 [ 30.261841] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.261896] ? copy_to_kernel_nofault+0x225/0x260 [ 30.261942] kasan_report+0x141/0x180 [ 30.261993] ? copy_to_kernel_nofault+0x225/0x260 [ 30.262366] __asan_report_load8_noabort+0x18/0x20 [ 30.262415] copy_to_kernel_nofault+0x225/0x260 [ 30.262443] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 30.262468] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 30.262492] ? finish_task_switch.isra.0+0x153/0x700 [ 30.262520] ? __schedule+0x10cc/0x2b60 [ 30.262546] ? trace_hardirqs_on+0x37/0xe0 [ 30.262579] ? __pfx_read_tsc+0x10/0x10 [ 30.262603] ? ktime_get_ts64+0x86/0x230 [ 30.262630] kunit_try_run_case+0x1a5/0x480 [ 30.262659] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.262682] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.262706] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.262730] ? __kthread_parkme+0x82/0x180 [ 30.262753] ? preempt_count_sub+0x50/0x80 [ 30.262777] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.262801] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.262826] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.262850] kthread+0x337/0x6f0 [ 30.262871] ? trace_preempt_on+0x20/0xc0 [ 30.262894] ? __pfx_kthread+0x10/0x10 [ 30.262926] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.263221] ? calculate_sigpending+0x7b/0xa0 [ 30.263275] ? __pfx_kthread+0x10/0x10 [ 30.263318] ret_from_fork+0x116/0x1d0 [ 30.263355] ? __pfx_kthread+0x10/0x10 [ 30.263388] ret_from_fork_asm+0x1a/0x30 [ 30.263445] </TASK> [ 30.263497] [ 30.280128] Allocated by task 310: [ 30.280506] kasan_save_stack+0x45/0x70 [ 30.280976] kasan_save_track+0x18/0x40 [ 30.281165] kasan_save_alloc_info+0x3b/0x50 [ 30.281564] __kasan_kmalloc+0xb7/0xc0 [ 30.281816] __kmalloc_cache_noprof+0x189/0x420 [ 30.282061] copy_to_kernel_nofault_oob+0x12f/0x560 [ 30.282477] kunit_try_run_case+0x1a5/0x480 [ 30.282850] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.283235] kthread+0x337/0x6f0 [ 30.283372] ret_from_fork+0x116/0x1d0 [ 30.283727] ret_from_fork_asm+0x1a/0x30 [ 30.284142] [ 30.284308] The buggy address belongs to the object at ffff888103782e00 [ 30.284308] which belongs to the cache kmalloc-128 of size 128 [ 30.284850] The buggy address is located 0 bytes to the right of [ 30.284850] allocated 120-byte region [ffff888103782e00, ffff888103782e78) [ 30.285564] [ 30.285740] The buggy address belongs to the physical page: [ 30.286385] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103782 [ 30.286936] flags: 0x200000000000000(node=0|zone=2) [ 30.287521] page_type: f5(slab) [ 30.287927] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.288462] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.288747] page dumped because: kasan: bad access detected [ 30.289076] [ 30.289258] Memory state around the buggy address: [ 30.289700] ffff888103782d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.290208] ffff888103782d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.290957] >ffff888103782e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.291480] ^ [ 30.292242] ffff888103782e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.292886] ffff888103782f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.293602] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 30.047993] ================================================================== [ 30.048665] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 30.049514] Read of size 8 at addr ffff888101892c28 by task kunit_try_catch/290 [ 30.049995] [ 30.050453] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 30.050596] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.050626] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.050670] Call Trace: [ 30.050716] <TASK> [ 30.050759] dump_stack_lvl+0x73/0xb0 [ 30.050853] print_report+0xd1/0x650 [ 30.050902] ? __virt_addr_valid+0x1db/0x2d0 [ 30.050954] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 30.051011] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.051059] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 30.051127] kasan_report+0x141/0x180 [ 30.051178] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 30.051544] __asan_report_load8_noabort+0x18/0x20 [ 30.051636] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 30.051696] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 30.051755] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.052052] ? trace_hardirqs_on+0x37/0xe0 [ 30.052109] ? kasan_bitops_generic+0x92/0x1c0 [ 30.052158] kasan_bitops_generic+0x121/0x1c0 [ 30.052188] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 30.052216] ? __pfx_read_tsc+0x10/0x10 [ 30.052241] ? ktime_get_ts64+0x86/0x230 [ 30.052269] kunit_try_run_case+0x1a5/0x480 [ 30.052298] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.052323] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.052349] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.052374] ? __kthread_parkme+0x82/0x180 [ 30.052397] ? preempt_count_sub+0x50/0x80 [ 30.052423] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.052449] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.052475] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.052500] kthread+0x337/0x6f0 [ 30.052522] ? trace_preempt_on+0x20/0xc0 [ 30.052546] ? __pfx_kthread+0x10/0x10 [ 30.052569] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.052593] ? calculate_sigpending+0x7b/0xa0 [ 30.052620] ? __pfx_kthread+0x10/0x10 [ 30.052644] ret_from_fork+0x116/0x1d0 [ 30.052665] ? __pfx_kthread+0x10/0x10 [ 30.052688] ret_from_fork_asm+0x1a/0x30 [ 30.052723] </TASK> [ 30.052737] [ 30.066155] Allocated by task 290: [ 30.066475] kasan_save_stack+0x45/0x70 [ 30.066796] kasan_save_track+0x18/0x40 [ 30.067081] kasan_save_alloc_info+0x3b/0x50 [ 30.067594] __kasan_kmalloc+0xb7/0xc0 [ 30.067812] __kmalloc_cache_noprof+0x189/0x420 [ 30.068254] kasan_bitops_generic+0x92/0x1c0 [ 30.068622] kunit_try_run_case+0x1a5/0x480 [ 30.069527] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.070008] kthread+0x337/0x6f0 [ 30.070216] ret_from_fork+0x116/0x1d0 [ 30.070546] ret_from_fork_asm+0x1a/0x30 [ 30.071208] [ 30.071345] The buggy address belongs to the object at ffff888101892c20 [ 30.071345] which belongs to the cache kmalloc-16 of size 16 [ 30.072419] The buggy address is located 8 bytes inside of [ 30.072419] allocated 9-byte region [ffff888101892c20, ffff888101892c29) [ 30.072866] [ 30.072980] The buggy address belongs to the physical page: [ 30.073323] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101892 [ 30.073942] flags: 0x200000000000000(node=0|zone=2) [ 30.074742] page_type: f5(slab) [ 30.075475] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 30.076274] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 30.076585] page dumped because: kasan: bad access detected [ 30.077282] [ 30.077480] Memory state around the buggy address: [ 30.077884] ffff888101892b00: 00 00 fc fc 00 04 fc fc 00 04 fc fc 00 00 fc fc [ 30.078676] ffff888101892b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 30.079194] >ffff888101892c00: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 30.079515] ^ [ 30.079759] ffff888101892c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.080358] ffff888101892d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.081191] ================================================================== [ 29.867755] ================================================================== [ 29.868424] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 29.869191] Write of size 8 at addr ffff888101892c28 by task kunit_try_catch/290 [ 29.869721] [ 29.869918] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 29.870029] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.870059] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.870115] Call Trace: [ 29.870161] <TASK> [ 29.870206] dump_stack_lvl+0x73/0xb0 [ 29.870278] print_report+0xd1/0x650 [ 29.870332] ? __virt_addr_valid+0x1db/0x2d0 [ 29.870385] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 29.870441] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.870488] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 29.870533] kasan_report+0x141/0x180 [ 29.870573] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 29.870632] kasan_check_range+0x10c/0x1c0 [ 29.870681] __kasan_check_write+0x18/0x20 [ 29.870731] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 29.870792] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 29.870856] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.870909] ? trace_hardirqs_on+0x37/0xe0 [ 29.870949] ? kasan_bitops_generic+0x92/0x1c0 [ 29.870999] kasan_bitops_generic+0x121/0x1c0 [ 29.871048] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 29.871096] ? __pfx_read_tsc+0x10/0x10 [ 29.871848] ? ktime_get_ts64+0x86/0x230 [ 29.871915] kunit_try_run_case+0x1a5/0x480 [ 29.871967] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.872175] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.872235] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.872291] ? __kthread_parkme+0x82/0x180 [ 29.872339] ? preempt_count_sub+0x50/0x80 [ 29.872378] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.872405] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.872433] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.872459] kthread+0x337/0x6f0 [ 29.872482] ? trace_preempt_on+0x20/0xc0 [ 29.872508] ? __pfx_kthread+0x10/0x10 [ 29.872531] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.872556] ? calculate_sigpending+0x7b/0xa0 [ 29.872584] ? __pfx_kthread+0x10/0x10 [ 29.872607] ret_from_fork+0x116/0x1d0 [ 29.872629] ? __pfx_kthread+0x10/0x10 [ 29.872652] ret_from_fork_asm+0x1a/0x30 [ 29.872685] </TASK> [ 29.872699] [ 29.880749] Allocated by task 290: [ 29.881326] kasan_save_stack+0x45/0x70 [ 29.881744] kasan_save_track+0x18/0x40 [ 29.882393] kasan_save_alloc_info+0x3b/0x50 [ 29.882762] __kasan_kmalloc+0xb7/0xc0 [ 29.883110] __kmalloc_cache_noprof+0x189/0x420 [ 29.884155] kasan_bitops_generic+0x92/0x1c0 [ 29.884609] kunit_try_run_case+0x1a5/0x480 [ 29.884986] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.885668] kthread+0x337/0x6f0 [ 29.885992] ret_from_fork+0x116/0x1d0 [ 29.886595] ret_from_fork_asm+0x1a/0x30 [ 29.887664] [ 29.887869] The buggy address belongs to the object at ffff888101892c20 [ 29.887869] which belongs to the cache kmalloc-16 of size 16 [ 29.888321] The buggy address is located 8 bytes inside of [ 29.888321] allocated 9-byte region [ffff888101892c20, ffff888101892c29) [ 29.889294] [ 29.889534] The buggy address belongs to the physical page: [ 29.889960] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101892 [ 29.890771] flags: 0x200000000000000(node=0|zone=2) [ 29.891249] page_type: f5(slab) [ 29.891927] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 29.892537] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.893445] page dumped because: kasan: bad access detected [ 29.893701] [ 29.893838] Memory state around the buggy address: [ 29.894229] ffff888101892b00: 00 00 fc fc 00 04 fc fc 00 04 fc fc 00 00 fc fc [ 29.895606] ffff888101892b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.896485] >ffff888101892c00: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 29.896942] ^ [ 29.897500] ffff888101892c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.897932] ffff888101892d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.898696] ================================================================== [ 29.900751] ================================================================== [ 29.901792] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 29.902480] Write of size 8 at addr ffff888101892c28 by task kunit_try_catch/290 [ 29.903560] [ 29.903770] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 29.903884] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.903958] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.904255] Call Trace: [ 29.904327] <TASK> [ 29.904372] dump_stack_lvl+0x73/0xb0 [ 29.904455] print_report+0xd1/0x650 [ 29.904505] ? __virt_addr_valid+0x1db/0x2d0 [ 29.904550] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 29.904595] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.904623] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 29.904654] kasan_report+0x141/0x180 [ 29.904678] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 29.904712] kasan_check_range+0x10c/0x1c0 [ 29.904738] __kasan_check_write+0x18/0x20 [ 29.904762] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 29.904792] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 29.904823] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.904850] ? trace_hardirqs_on+0x37/0xe0 [ 29.904875] ? kasan_bitops_generic+0x92/0x1c0 [ 29.904927] kasan_bitops_generic+0x121/0x1c0 [ 29.904977] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 29.905052] ? __pfx_read_tsc+0x10/0x10 [ 29.905093] ? ktime_get_ts64+0x86/0x230 [ 29.905153] kunit_try_run_case+0x1a5/0x480 [ 29.905192] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.905217] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.905244] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.905270] ? __kthread_parkme+0x82/0x180 [ 29.905294] ? preempt_count_sub+0x50/0x80 [ 29.905320] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.905346] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.905372] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.905398] kthread+0x337/0x6f0 [ 29.905421] ? trace_preempt_on+0x20/0xc0 [ 29.905446] ? __pfx_kthread+0x10/0x10 [ 29.905470] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.905493] ? calculate_sigpending+0x7b/0xa0 [ 29.905520] ? __pfx_kthread+0x10/0x10 [ 29.905543] ret_from_fork+0x116/0x1d0 [ 29.905565] ? __pfx_kthread+0x10/0x10 [ 29.905588] ret_from_fork_asm+0x1a/0x30 [ 29.905623] </TASK> [ 29.905636] [ 29.921710] Allocated by task 290: [ 29.922401] kasan_save_stack+0x45/0x70 [ 29.922769] kasan_save_track+0x18/0x40 [ 29.923063] kasan_save_alloc_info+0x3b/0x50 [ 29.923506] __kasan_kmalloc+0xb7/0xc0 [ 29.923819] __kmalloc_cache_noprof+0x189/0x420 [ 29.924350] kasan_bitops_generic+0x92/0x1c0 [ 29.924673] kunit_try_run_case+0x1a5/0x480 [ 29.925047] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.925432] kthread+0x337/0x6f0 [ 29.925663] ret_from_fork+0x116/0x1d0 [ 29.925911] ret_from_fork_asm+0x1a/0x30 [ 29.927067] [ 29.927225] The buggy address belongs to the object at ffff888101892c20 [ 29.927225] which belongs to the cache kmalloc-16 of size 16 [ 29.927459] The buggy address is located 8 bytes inside of [ 29.927459] allocated 9-byte region [ffff888101892c20, ffff888101892c29) [ 29.927670] [ 29.927721] The buggy address belongs to the physical page: [ 29.927828] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101892 [ 29.929468] flags: 0x200000000000000(node=0|zone=2) [ 29.929910] page_type: f5(slab) [ 29.930585] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 29.931506] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.932145] page dumped because: kasan: bad access detected [ 29.932549] [ 29.932719] Memory state around the buggy address: [ 29.933204] ffff888101892b00: 00 00 fc fc 00 04 fc fc 00 04 fc fc 00 00 fc fc [ 29.933600] ffff888101892b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.933889] >ffff888101892c00: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 29.934455] ^ [ 29.934655] ffff888101892c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.935802] ffff888101892d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.936370] ================================================================== [ 29.798397] ================================================================== [ 29.798826] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 29.800013] Write of size 8 at addr ffff888101892c28 by task kunit_try_catch/290 [ 29.800915] [ 29.801161] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 29.801272] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.801300] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.801350] Call Trace: [ 29.801382] <TASK> [ 29.801432] dump_stack_lvl+0x73/0xb0 [ 29.801534] print_report+0xd1/0x650 [ 29.801596] ? __virt_addr_valid+0x1db/0x2d0 [ 29.801812] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 29.801853] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.801884] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 29.801924] kasan_report+0x141/0x180 [ 29.801989] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 29.802041] kasan_check_range+0x10c/0x1c0 [ 29.802069] __kasan_check_write+0x18/0x20 [ 29.802095] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 29.802149] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 29.802184] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.802212] ? trace_hardirqs_on+0x37/0xe0 [ 29.802239] ? kasan_bitops_generic+0x92/0x1c0 [ 29.802268] kasan_bitops_generic+0x121/0x1c0 [ 29.802295] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 29.802322] ? __pfx_read_tsc+0x10/0x10 [ 29.802347] ? ktime_get_ts64+0x86/0x230 [ 29.802376] kunit_try_run_case+0x1a5/0x480 [ 29.802406] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.802432] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.802459] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.802485] ? __kthread_parkme+0x82/0x180 [ 29.802508] ? preempt_count_sub+0x50/0x80 [ 29.802535] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.802561] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.802588] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.802614] kthread+0x337/0x6f0 [ 29.802636] ? trace_preempt_on+0x20/0xc0 [ 29.802660] ? __pfx_kthread+0x10/0x10 [ 29.802683] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.802707] ? calculate_sigpending+0x7b/0xa0 [ 29.802734] ? __pfx_kthread+0x10/0x10 [ 29.802759] ret_from_fork+0x116/0x1d0 [ 29.802780] ? __pfx_kthread+0x10/0x10 [ 29.802804] ret_from_fork_asm+0x1a/0x30 [ 29.802838] </TASK> [ 29.802852] [ 29.818354] Allocated by task 290: [ 29.818733] kasan_save_stack+0x45/0x70 [ 29.819194] kasan_save_track+0x18/0x40 [ 29.819542] kasan_save_alloc_info+0x3b/0x50 [ 29.819889] __kasan_kmalloc+0xb7/0xc0 [ 29.820327] __kmalloc_cache_noprof+0x189/0x420 [ 29.820726] kasan_bitops_generic+0x92/0x1c0 [ 29.821184] kunit_try_run_case+0x1a5/0x480 [ 29.821356] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.821525] kthread+0x337/0x6f0 [ 29.821662] ret_from_fork+0x116/0x1d0 [ 29.821810] ret_from_fork_asm+0x1a/0x30 [ 29.821988] [ 29.822090] The buggy address belongs to the object at ffff888101892c20 [ 29.822090] which belongs to the cache kmalloc-16 of size 16 [ 29.822942] The buggy address is located 8 bytes inside of [ 29.822942] allocated 9-byte region [ffff888101892c20, ffff888101892c29) [ 29.823781] [ 29.823934] The buggy address belongs to the physical page: [ 29.824662] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101892 [ 29.825719] flags: 0x200000000000000(node=0|zone=2) [ 29.826333] page_type: f5(slab) [ 29.826627] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 29.827237] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.827626] page dumped because: kasan: bad access detected [ 29.828329] [ 29.828483] Memory state around the buggy address: [ 29.828803] ffff888101892b00: 00 00 fc fc 00 04 fc fc 00 04 fc fc 00 00 fc fc [ 29.829830] ffff888101892b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.830781] >ffff888101892c00: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 29.831547] ^ [ 29.831831] ffff888101892c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.832432] ffff888101892d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.832787] ================================================================== [ 29.937274] ================================================================== [ 29.937803] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 29.938608] Write of size 8 at addr ffff888101892c28 by task kunit_try_catch/290 [ 29.939473] [ 29.939698] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 29.939808] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.939836] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.939883] Call Trace: [ 29.939924] <TASK> [ 29.939963] dump_stack_lvl+0x73/0xb0 [ 29.940037] print_report+0xd1/0x650 [ 29.940086] ? __virt_addr_valid+0x1db/0x2d0 [ 29.940160] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 29.940216] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.940271] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 29.940331] kasan_report+0x141/0x180 [ 29.940380] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 29.941082] kasan_check_range+0x10c/0x1c0 [ 29.941149] __kasan_check_write+0x18/0x20 [ 29.941193] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 29.941238] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 29.941271] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.941298] ? trace_hardirqs_on+0x37/0xe0 [ 29.941324] ? kasan_bitops_generic+0x92/0x1c0 [ 29.941353] kasan_bitops_generic+0x121/0x1c0 [ 29.941379] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 29.941406] ? __pfx_read_tsc+0x10/0x10 [ 29.941431] ? ktime_get_ts64+0x86/0x230 [ 29.941459] kunit_try_run_case+0x1a5/0x480 [ 29.941486] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.941511] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.941537] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.941563] ? __kthread_parkme+0x82/0x180 [ 29.941586] ? preempt_count_sub+0x50/0x80 [ 29.941612] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.941638] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.941664] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.941689] kthread+0x337/0x6f0 [ 29.941711] ? trace_preempt_on+0x20/0xc0 [ 29.941735] ? __pfx_kthread+0x10/0x10 [ 29.941758] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.941782] ? calculate_sigpending+0x7b/0xa0 [ 29.941809] ? __pfx_kthread+0x10/0x10 [ 29.941832] ret_from_fork+0x116/0x1d0 [ 29.941854] ? __pfx_kthread+0x10/0x10 [ 29.941877] ret_from_fork_asm+0x1a/0x30 [ 29.941922] </TASK> [ 29.941943] [ 29.957586] Allocated by task 290: [ 29.957857] kasan_save_stack+0x45/0x70 [ 29.958907] kasan_save_track+0x18/0x40 [ 29.959708] kasan_save_alloc_info+0x3b/0x50 [ 29.960088] __kasan_kmalloc+0xb7/0xc0 [ 29.960547] __kmalloc_cache_noprof+0x189/0x420 [ 29.961197] kasan_bitops_generic+0x92/0x1c0 [ 29.961927] kunit_try_run_case+0x1a5/0x480 [ 29.962133] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.962410] kthread+0x337/0x6f0 [ 29.963153] ret_from_fork+0x116/0x1d0 [ 29.963392] ret_from_fork_asm+0x1a/0x30 [ 29.963643] [ 29.963755] The buggy address belongs to the object at ffff888101892c20 [ 29.963755] which belongs to the cache kmalloc-16 of size 16 [ 29.964889] The buggy address is located 8 bytes inside of [ 29.964889] allocated 9-byte region [ffff888101892c20, ffff888101892c29) [ 29.965844] [ 29.965949] The buggy address belongs to the physical page: [ 29.966205] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101892 [ 29.966465] flags: 0x200000000000000(node=0|zone=2) [ 29.966646] page_type: f5(slab) [ 29.966789] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 29.967029] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.968757] page dumped because: kasan: bad access detected [ 29.969583] [ 29.969756] Memory state around the buggy address: [ 29.969981] ffff888101892b00: 00 00 fc fc 00 04 fc fc 00 04 fc fc 00 00 fc fc [ 29.970311] ffff888101892b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.970544] >ffff888101892c00: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 29.970768] ^ [ 29.970927] ffff888101892c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.971975] ffff888101892d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.972451] ================================================================== [ 29.974662] ================================================================== [ 29.975762] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 29.976703] Write of size 8 at addr ffff888101892c28 by task kunit_try_catch/290 [ 29.977308] [ 29.977985] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 29.978269] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.978288] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.978316] Call Trace: [ 29.978357] <TASK> [ 29.978398] dump_stack_lvl+0x73/0xb0 [ 29.978459] print_report+0xd1/0x650 [ 29.978486] ? __virt_addr_valid+0x1db/0x2d0 [ 29.978513] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 29.978544] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.978574] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 29.978604] kasan_report+0x141/0x180 [ 29.978627] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 29.978663] kasan_check_range+0x10c/0x1c0 [ 29.978689] __kasan_check_write+0x18/0x20 [ 29.978715] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 29.978745] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 29.978776] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.978803] ? trace_hardirqs_on+0x37/0xe0 [ 29.978827] ? kasan_bitops_generic+0x92/0x1c0 [ 29.978857] kasan_bitops_generic+0x121/0x1c0 [ 29.978884] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 29.978921] ? __pfx_read_tsc+0x10/0x10 [ 29.978952] ? ktime_get_ts64+0x86/0x230 [ 29.979215] kunit_try_run_case+0x1a5/0x480 [ 29.979258] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.979286] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.979314] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.979340] ? __kthread_parkme+0x82/0x180 [ 29.979364] ? preempt_count_sub+0x50/0x80 [ 29.979391] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.979417] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.979444] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.979470] kthread+0x337/0x6f0 [ 29.979492] ? trace_preempt_on+0x20/0xc0 [ 29.979518] ? __pfx_kthread+0x10/0x10 [ 29.979542] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.979565] ? calculate_sigpending+0x7b/0xa0 [ 29.979592] ? __pfx_kthread+0x10/0x10 [ 29.979616] ret_from_fork+0x116/0x1d0 [ 29.979637] ? __pfx_kthread+0x10/0x10 [ 29.979660] ret_from_fork_asm+0x1a/0x30 [ 29.979695] </TASK> [ 29.979708] [ 29.995556] Allocated by task 290: [ 29.995902] kasan_save_stack+0x45/0x70 [ 29.996510] kasan_save_track+0x18/0x40 [ 29.996743] kasan_save_alloc_info+0x3b/0x50 [ 29.997172] __kasan_kmalloc+0xb7/0xc0 [ 29.998454] __kmalloc_cache_noprof+0x189/0x420 [ 29.998640] kasan_bitops_generic+0x92/0x1c0 [ 29.998891] kunit_try_run_case+0x1a5/0x480 [ 29.999333] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.000361] kthread+0x337/0x6f0 [ 30.000530] ret_from_fork+0x116/0x1d0 [ 30.001601] ret_from_fork_asm+0x1a/0x30 [ 30.001855] [ 30.002356] The buggy address belongs to the object at ffff888101892c20 [ 30.002356] which belongs to the cache kmalloc-16 of size 16 [ 30.003161] The buggy address is located 8 bytes inside of [ 30.003161] allocated 9-byte region [ffff888101892c20, ffff888101892c29) [ 30.003921] [ 30.004162] The buggy address belongs to the physical page: [ 30.004570] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101892 [ 30.004948] flags: 0x200000000000000(node=0|zone=2) [ 30.005377] page_type: f5(slab) [ 30.005670] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 30.007018] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 30.007608] page dumped because: kasan: bad access detected [ 30.007988] [ 30.008139] Memory state around the buggy address: [ 30.008358] ffff888101892b00: 00 00 fc fc 00 04 fc fc 00 04 fc fc 00 00 fc fc [ 30.008802] ffff888101892b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 30.009267] >ffff888101892c00: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 30.009583] ^ [ 30.010601] ffff888101892c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.011324] ffff888101892d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.011735] ================================================================== [ 30.012494] ================================================================== [ 30.012861] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 30.013453] Read of size 8 at addr ffff888101892c28 by task kunit_try_catch/290 [ 30.013833] [ 30.014055] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 30.014799] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.014838] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.014889] Call Trace: [ 30.014935] <TASK> [ 30.014980] dump_stack_lvl+0x73/0xb0 [ 30.015067] print_report+0xd1/0x650 [ 30.015138] ? __virt_addr_valid+0x1db/0x2d0 [ 30.015339] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 30.015436] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.015511] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 30.015600] kasan_report+0x141/0x180 [ 30.015672] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 30.015745] kasan_check_range+0x10c/0x1c0 [ 30.015794] __kasan_check_read+0x15/0x20 [ 30.015838] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 30.015882] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 30.015923] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.016004] ? trace_hardirqs_on+0x37/0xe0 [ 30.016032] ? kasan_bitops_generic+0x92/0x1c0 [ 30.016062] kasan_bitops_generic+0x121/0x1c0 [ 30.016088] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 30.016156] ? __pfx_read_tsc+0x10/0x10 [ 30.016192] ? ktime_get_ts64+0x86/0x230 [ 30.016239] kunit_try_run_case+0x1a5/0x480 [ 30.016279] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.016318] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.016356] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.016383] ? __kthread_parkme+0x82/0x180 [ 30.016408] ? preempt_count_sub+0x50/0x80 [ 30.016435] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.016461] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.016487] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.016513] kthread+0x337/0x6f0 [ 30.016535] ? trace_preempt_on+0x20/0xc0 [ 30.016560] ? __pfx_kthread+0x10/0x10 [ 30.016583] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.016606] ? calculate_sigpending+0x7b/0xa0 [ 30.016632] ? __pfx_kthread+0x10/0x10 [ 30.016656] ret_from_fork+0x116/0x1d0 [ 30.016678] ? __pfx_kthread+0x10/0x10 [ 30.016700] ret_from_fork_asm+0x1a/0x30 [ 30.016734] </TASK> [ 30.016748] [ 30.030004] Allocated by task 290: [ 30.031143] kasan_save_stack+0x45/0x70 [ 30.031663] kasan_save_track+0x18/0x40 [ 30.032504] kasan_save_alloc_info+0x3b/0x50 [ 30.032781] __kasan_kmalloc+0xb7/0xc0 [ 30.033546] __kmalloc_cache_noprof+0x189/0x420 [ 30.033759] kasan_bitops_generic+0x92/0x1c0 [ 30.034128] kunit_try_run_case+0x1a5/0x480 [ 30.034532] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.034824] kthread+0x337/0x6f0 [ 30.035087] ret_from_fork+0x116/0x1d0 [ 30.035778] ret_from_fork_asm+0x1a/0x30 [ 30.036211] [ 30.036322] The buggy address belongs to the object at ffff888101892c20 [ 30.036322] which belongs to the cache kmalloc-16 of size 16 [ 30.037483] The buggy address is located 8 bytes inside of [ 30.037483] allocated 9-byte region [ffff888101892c20, ffff888101892c29) [ 30.038723] [ 30.038962] The buggy address belongs to the physical page: [ 30.039234] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101892 [ 30.040148] flags: 0x200000000000000(node=0|zone=2) [ 30.040503] page_type: f5(slab) [ 30.040777] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 30.041240] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 30.041716] page dumped because: kasan: bad access detected [ 30.042840] [ 30.043068] Memory state around the buggy address: [ 30.043333] ffff888101892b00: 00 00 fc fc 00 04 fc fc 00 04 fc fc 00 00 fc fc [ 30.043779] ffff888101892b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 30.044591] >ffff888101892c00: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 30.044922] ^ [ 30.045367] ffff888101892c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.045847] ffff888101892d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.046468] ================================================================== [ 29.761772] ================================================================== [ 29.762302] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 29.762800] Write of size 8 at addr ffff888101892c28 by task kunit_try_catch/290 [ 29.763831] [ 29.764856] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 29.764954] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.764980] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.765014] Call Trace: [ 29.765043] <TASK> [ 29.765070] dump_stack_lvl+0x73/0xb0 [ 29.765147] print_report+0xd1/0x650 [ 29.765175] ? __virt_addr_valid+0x1db/0x2d0 [ 29.765202] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 29.765233] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.765262] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 29.765293] kasan_report+0x141/0x180 [ 29.765316] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 29.765350] kasan_check_range+0x10c/0x1c0 [ 29.765376] __kasan_check_write+0x18/0x20 [ 29.765401] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 29.765432] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 29.765463] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.765490] ? trace_hardirqs_on+0x37/0xe0 [ 29.765515] ? kasan_bitops_generic+0x92/0x1c0 [ 29.765544] kasan_bitops_generic+0x121/0x1c0 [ 29.765570] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 29.765597] ? __pfx_read_tsc+0x10/0x10 [ 29.765623] ? ktime_get_ts64+0x86/0x230 [ 29.765651] kunit_try_run_case+0x1a5/0x480 [ 29.765679] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.765704] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.765730] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.765756] ? __kthread_parkme+0x82/0x180 [ 29.765780] ? preempt_count_sub+0x50/0x80 [ 29.765806] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.765832] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.765858] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.765884] kthread+0x337/0x6f0 [ 29.765913] ? trace_preempt_on+0x20/0xc0 [ 29.766065] ? __pfx_kthread+0x10/0x10 [ 29.766090] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.766128] ? calculate_sigpending+0x7b/0xa0 [ 29.766157] ? __pfx_kthread+0x10/0x10 [ 29.766181] ret_from_fork+0x116/0x1d0 [ 29.766203] ? __pfx_kthread+0x10/0x10 [ 29.766226] ret_from_fork_asm+0x1a/0x30 [ 29.766260] </TASK> [ 29.766274] [ 29.780883] Allocated by task 290: [ 29.781298] kasan_save_stack+0x45/0x70 [ 29.781832] kasan_save_track+0x18/0x40 [ 29.782017] kasan_save_alloc_info+0x3b/0x50 [ 29.782205] __kasan_kmalloc+0xb7/0xc0 [ 29.782542] __kmalloc_cache_noprof+0x189/0x420 [ 29.783085] kasan_bitops_generic+0x92/0x1c0 [ 29.783716] kunit_try_run_case+0x1a5/0x480 [ 29.784020] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.784265] kthread+0x337/0x6f0 [ 29.784468] ret_from_fork+0x116/0x1d0 [ 29.785390] ret_from_fork_asm+0x1a/0x30 [ 29.786184] [ 29.786439] The buggy address belongs to the object at ffff888101892c20 [ 29.786439] which belongs to the cache kmalloc-16 of size 16 [ 29.787385] The buggy address is located 8 bytes inside of [ 29.787385] allocated 9-byte region [ffff888101892c20, ffff888101892c29) [ 29.788467] [ 29.788661] The buggy address belongs to the physical page: [ 29.789147] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101892 [ 29.789518] flags: 0x200000000000000(node=0|zone=2) [ 29.789745] page_type: f5(slab) [ 29.789915] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 29.791247] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.791829] page dumped because: kasan: bad access detected [ 29.792242] [ 29.792339] Memory state around the buggy address: [ 29.793036] ffff888101892b00: 00 00 fc fc 00 04 fc fc 00 04 fc fc 00 00 fc fc [ 29.793489] ffff888101892b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.794669] >ffff888101892c00: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 29.794995] ^ [ 29.795307] ffff888101892c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.795750] ffff888101892d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.796117] ================================================================== [ 29.834366] ================================================================== [ 29.834662] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 29.835634] Write of size 8 at addr ffff888101892c28 by task kunit_try_catch/290 [ 29.836306] [ 29.836526] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 29.836638] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.836664] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.836711] Call Trace: [ 29.836755] <TASK> [ 29.836798] dump_stack_lvl+0x73/0xb0 [ 29.836872] print_report+0xd1/0x650 [ 29.836957] ? __virt_addr_valid+0x1db/0x2d0 [ 29.837673] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 29.837742] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.837792] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 29.837844] kasan_report+0x141/0x180 [ 29.837893] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 29.838150] kasan_check_range+0x10c/0x1c0 [ 29.838185] __kasan_check_write+0x18/0x20 [ 29.838214] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 29.838244] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 29.838276] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.838304] ? trace_hardirqs_on+0x37/0xe0 [ 29.838329] ? kasan_bitops_generic+0x92/0x1c0 [ 29.838359] kasan_bitops_generic+0x121/0x1c0 [ 29.838385] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 29.838412] ? __pfx_read_tsc+0x10/0x10 [ 29.838437] ? ktime_get_ts64+0x86/0x230 [ 29.838465] kunit_try_run_case+0x1a5/0x480 [ 29.838493] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.838518] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.838545] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.838571] ? __kthread_parkme+0x82/0x180 [ 29.838594] ? preempt_count_sub+0x50/0x80 [ 29.838621] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.838646] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.838672] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.838698] kthread+0x337/0x6f0 [ 29.838720] ? trace_preempt_on+0x20/0xc0 [ 29.838745] ? __pfx_kthread+0x10/0x10 [ 29.838767] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.838791] ? calculate_sigpending+0x7b/0xa0 [ 29.838818] ? __pfx_kthread+0x10/0x10 [ 29.838842] ret_from_fork+0x116/0x1d0 [ 29.838863] ? __pfx_kthread+0x10/0x10 [ 29.838885] ret_from_fork_asm+0x1a/0x30 [ 29.838951] </TASK> [ 29.838969] [ 29.852797] Allocated by task 290: [ 29.853371] kasan_save_stack+0x45/0x70 [ 29.853638] kasan_save_track+0x18/0x40 [ 29.853837] kasan_save_alloc_info+0x3b/0x50 [ 29.854177] __kasan_kmalloc+0xb7/0xc0 [ 29.854489] __kmalloc_cache_noprof+0x189/0x420 [ 29.854849] kasan_bitops_generic+0x92/0x1c0 [ 29.855320] kunit_try_run_case+0x1a5/0x480 [ 29.855510] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.855736] kthread+0x337/0x6f0 [ 29.856051] ret_from_fork+0x116/0x1d0 [ 29.856389] ret_from_fork_asm+0x1a/0x30 [ 29.856700] [ 29.856867] The buggy address belongs to the object at ffff888101892c20 [ 29.856867] which belongs to the cache kmalloc-16 of size 16 [ 29.857557] The buggy address is located 8 bytes inside of [ 29.857557] allocated 9-byte region [ffff888101892c20, ffff888101892c29) [ 29.858976] [ 29.859196] The buggy address belongs to the physical page: [ 29.859775] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101892 [ 29.860382] flags: 0x200000000000000(node=0|zone=2) [ 29.860610] page_type: f5(slab) [ 29.860786] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 29.861266] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.861812] page dumped because: kasan: bad access detected [ 29.863151] [ 29.863356] Memory state around the buggy address: [ 29.863589] ffff888101892b00: 00 00 fc fc 00 04 fc fc 00 04 fc fc 00 00 fc fc [ 29.863854] ffff888101892b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.864438] >ffff888101892c00: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 29.865454] ^ [ 29.865721] ffff888101892c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.866817] ffff888101892d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.867098] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 29.517645] ================================================================== [ 29.518245] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 29.519946] Write of size 8 at addr ffff888101892c28 by task kunit_try_catch/290 [ 29.520514] [ 29.520648] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 29.520741] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.520762] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.520802] Call Trace: [ 29.520839] <TASK> [ 29.520878] dump_stack_lvl+0x73/0xb0 [ 29.520944] print_report+0xd1/0x650 [ 29.520986] ? __virt_addr_valid+0x1db/0x2d0 [ 29.521027] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 29.521075] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.521144] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 29.521196] kasan_report+0x141/0x180 [ 29.521247] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 29.521302] kasan_check_range+0x10c/0x1c0 [ 29.521595] __kasan_check_write+0x18/0x20 [ 29.521644] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 29.521687] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 29.521736] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.521787] ? trace_hardirqs_on+0x37/0xe0 [ 29.521831] ? kasan_bitops_generic+0x92/0x1c0 [ 29.521878] kasan_bitops_generic+0x116/0x1c0 [ 29.521918] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 29.521962] ? __pfx_read_tsc+0x10/0x10 [ 29.522003] ? ktime_get_ts64+0x86/0x230 [ 29.522048] kunit_try_run_case+0x1a5/0x480 [ 29.522094] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.522159] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.522188] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.522214] ? __kthread_parkme+0x82/0x180 [ 29.522239] ? preempt_count_sub+0x50/0x80 [ 29.522266] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.522293] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.522318] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.522343] kthread+0x337/0x6f0 [ 29.522366] ? trace_preempt_on+0x20/0xc0 [ 29.522391] ? __pfx_kthread+0x10/0x10 [ 29.522414] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.522436] ? calculate_sigpending+0x7b/0xa0 [ 29.522463] ? __pfx_kthread+0x10/0x10 [ 29.522486] ret_from_fork+0x116/0x1d0 [ 29.522507] ? __pfx_kthread+0x10/0x10 [ 29.522529] ret_from_fork_asm+0x1a/0x30 [ 29.522564] </TASK> [ 29.522577] [ 29.536688] Allocated by task 290: [ 29.536921] kasan_save_stack+0x45/0x70 [ 29.537115] kasan_save_track+0x18/0x40 [ 29.537309] kasan_save_alloc_info+0x3b/0x50 [ 29.537521] __kasan_kmalloc+0xb7/0xc0 [ 29.537714] __kmalloc_cache_noprof+0x189/0x420 [ 29.537959] kasan_bitops_generic+0x92/0x1c0 [ 29.540181] kunit_try_run_case+0x1a5/0x480 [ 29.540657] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.541246] kthread+0x337/0x6f0 [ 29.541398] ret_from_fork+0x116/0x1d0 [ 29.541494] ret_from_fork_asm+0x1a/0x30 [ 29.541590] [ 29.541645] The buggy address belongs to the object at ffff888101892c20 [ 29.541645] which belongs to the cache kmalloc-16 of size 16 [ 29.541864] The buggy address is located 8 bytes inside of [ 29.541864] allocated 9-byte region [ffff888101892c20, ffff888101892c29) [ 29.542385] [ 29.542501] The buggy address belongs to the physical page: [ 29.542715] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101892 [ 29.544059] flags: 0x200000000000000(node=0|zone=2) [ 29.544403] page_type: f5(slab) [ 29.544550] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 29.545028] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.546337] page dumped because: kasan: bad access detected [ 29.546785] [ 29.546950] Memory state around the buggy address: [ 29.547330] ffff888101892b00: 00 00 fc fc 00 04 fc fc 00 04 fc fc 00 00 fc fc [ 29.547952] ffff888101892b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.548394] >ffff888101892c00: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 29.548749] ^ [ 29.549735] ffff888101892c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.550339] ffff888101892d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.550792] ================================================================== [ 29.624454] ================================================================== [ 29.624859] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 29.625523] Write of size 8 at addr ffff888101892c28 by task kunit_try_catch/290 [ 29.625961] [ 29.626216] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 29.626324] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.626351] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.626399] Call Trace: [ 29.626442] <TASK> [ 29.626483] dump_stack_lvl+0x73/0xb0 [ 29.626554] print_report+0xd1/0x650 [ 29.626607] ? __virt_addr_valid+0x1db/0x2d0 [ 29.626661] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 29.626718] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.626775] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 29.626829] kasan_report+0x141/0x180 [ 29.626870] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 29.626927] kasan_check_range+0x10c/0x1c0 [ 29.626976] __kasan_check_write+0x18/0x20 [ 29.627027] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 29.627086] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 29.627162] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.627217] ? trace_hardirqs_on+0x37/0xe0 [ 29.627269] ? kasan_bitops_generic+0x92/0x1c0 [ 29.627332] kasan_bitops_generic+0x116/0x1c0 [ 29.627386] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 29.627443] ? __pfx_read_tsc+0x10/0x10 [ 29.627492] ? ktime_get_ts64+0x86/0x230 [ 29.628240] kunit_try_run_case+0x1a5/0x480 [ 29.628286] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.628313] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.628341] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.628366] ? __kthread_parkme+0x82/0x180 [ 29.628390] ? preempt_count_sub+0x50/0x80 [ 29.628416] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.628441] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.628467] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.628492] kthread+0x337/0x6f0 [ 29.628514] ? trace_preempt_on+0x20/0xc0 [ 29.628540] ? __pfx_kthread+0x10/0x10 [ 29.628563] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.628586] ? calculate_sigpending+0x7b/0xa0 [ 29.628613] ? __pfx_kthread+0x10/0x10 [ 29.628636] ret_from_fork+0x116/0x1d0 [ 29.628658] ? __pfx_kthread+0x10/0x10 [ 29.628680] ret_from_fork_asm+0x1a/0x30 [ 29.628713] </TASK> [ 29.628726] [ 29.640233] Allocated by task 290: [ 29.640632] kasan_save_stack+0x45/0x70 [ 29.640995] kasan_save_track+0x18/0x40 [ 29.641433] kasan_save_alloc_info+0x3b/0x50 [ 29.641760] __kasan_kmalloc+0xb7/0xc0 [ 29.642119] __kmalloc_cache_noprof+0x189/0x420 [ 29.642495] kasan_bitops_generic+0x92/0x1c0 [ 29.642833] kunit_try_run_case+0x1a5/0x480 [ 29.643861] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.644159] kthread+0x337/0x6f0 [ 29.644322] ret_from_fork+0x116/0x1d0 [ 29.644583] ret_from_fork_asm+0x1a/0x30 [ 29.644887] [ 29.645044] The buggy address belongs to the object at ffff888101892c20 [ 29.645044] which belongs to the cache kmalloc-16 of size 16 [ 29.645900] The buggy address is located 8 bytes inside of [ 29.645900] allocated 9-byte region [ffff888101892c20, ffff888101892c29) [ 29.646807] [ 29.646929] The buggy address belongs to the physical page: [ 29.647153] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101892 [ 29.647460] flags: 0x200000000000000(node=0|zone=2) [ 29.647832] page_type: f5(slab) [ 29.648073] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 29.648629] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.649886] page dumped because: kasan: bad access detected [ 29.650215] [ 29.650328] Memory state around the buggy address: [ 29.650536] ffff888101892b00: 00 00 fc fc 00 04 fc fc 00 04 fc fc 00 00 fc fc [ 29.650802] ffff888101892b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.652479] >ffff888101892c00: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 29.653842] ^ [ 29.654305] ffff888101892c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.654843] ffff888101892d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.655428] ================================================================== [ 29.692558] ================================================================== [ 29.692951] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 29.693942] Write of size 8 at addr ffff888101892c28 by task kunit_try_catch/290 [ 29.694613] [ 29.694820] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 29.694928] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.694958] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.695004] Call Trace: [ 29.695047] <TASK> [ 29.695083] dump_stack_lvl+0x73/0xb0 [ 29.695172] print_report+0xd1/0x650 [ 29.695217] ? __virt_addr_valid+0x1db/0x2d0 [ 29.695266] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 29.695322] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.695378] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 29.695436] kasan_report+0x141/0x180 [ 29.695487] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 29.695553] kasan_check_range+0x10c/0x1c0 [ 29.695609] __kasan_check_write+0x18/0x20 [ 29.695662] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 29.695711] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 29.695747] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.695776] ? trace_hardirqs_on+0x37/0xe0 [ 29.695802] ? kasan_bitops_generic+0x92/0x1c0 [ 29.695831] kasan_bitops_generic+0x116/0x1c0 [ 29.695857] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 29.695885] ? __pfx_read_tsc+0x10/0x10 [ 29.695917] ? ktime_get_ts64+0x86/0x230 [ 29.695956] kunit_try_run_case+0x1a5/0x480 [ 29.695984] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.696009] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.696035] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.696060] ? __kthread_parkme+0x82/0x180 [ 29.696083] ? preempt_count_sub+0x50/0x80 [ 29.696290] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.696319] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.696346] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.696371] kthread+0x337/0x6f0 [ 29.696392] ? trace_preempt_on+0x20/0xc0 [ 29.696419] ? __pfx_kthread+0x10/0x10 [ 29.696441] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.696464] ? calculate_sigpending+0x7b/0xa0 [ 29.696491] ? __pfx_kthread+0x10/0x10 [ 29.696515] ret_from_fork+0x116/0x1d0 [ 29.696536] ? __pfx_kthread+0x10/0x10 [ 29.696559] ret_from_fork_asm+0x1a/0x30 [ 29.696591] </TASK> [ 29.696605] [ 29.707683] Allocated by task 290: [ 29.708186] kasan_save_stack+0x45/0x70 [ 29.708586] kasan_save_track+0x18/0x40 [ 29.708898] kasan_save_alloc_info+0x3b/0x50 [ 29.709258] __kasan_kmalloc+0xb7/0xc0 [ 29.709580] __kmalloc_cache_noprof+0x189/0x420 [ 29.710000] kasan_bitops_generic+0x92/0x1c0 [ 29.711013] kunit_try_run_case+0x1a5/0x480 [ 29.711350] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.711571] kthread+0x337/0x6f0 [ 29.711744] ret_from_fork+0x116/0x1d0 [ 29.711919] ret_from_fork_asm+0x1a/0x30 [ 29.712136] [ 29.712245] The buggy address belongs to the object at ffff888101892c20 [ 29.712245] which belongs to the cache kmalloc-16 of size 16 [ 29.714827] The buggy address is located 8 bytes inside of [ 29.714827] allocated 9-byte region [ffff888101892c20, ffff888101892c29) [ 29.716070] [ 29.716348] The buggy address belongs to the physical page: [ 29.716555] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101892 [ 29.717140] flags: 0x200000000000000(node=0|zone=2) [ 29.717482] page_type: f5(slab) [ 29.717690] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 29.718278] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.718622] page dumped because: kasan: bad access detected [ 29.719016] [ 29.719795] Memory state around the buggy address: [ 29.720051] ffff888101892b00: 00 00 fc fc 00 04 fc fc 00 04 fc fc 00 00 fc fc [ 29.720356] ffff888101892b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.721007] >ffff888101892c00: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 29.721519] ^ [ 29.721761] ffff888101892c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.722479] ffff888101892d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.722732] ================================================================== [ 29.551762] ================================================================== [ 29.553513] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 29.554177] Write of size 8 at addr ffff888101892c28 by task kunit_try_catch/290 [ 29.555216] [ 29.555633] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 29.555760] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.555782] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.555811] Call Trace: [ 29.555837] <TASK> [ 29.555863] dump_stack_lvl+0x73/0xb0 [ 29.555925] print_report+0xd1/0x650 [ 29.555958] ? __virt_addr_valid+0x1db/0x2d0 [ 29.556122] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 29.556157] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.556187] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 29.556216] kasan_report+0x141/0x180 [ 29.556241] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 29.556274] kasan_check_range+0x10c/0x1c0 [ 29.556300] __kasan_check_write+0x18/0x20 [ 29.556326] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 29.556354] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 29.556383] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.556410] ? trace_hardirqs_on+0x37/0xe0 [ 29.556436] ? kasan_bitops_generic+0x92/0x1c0 [ 29.556465] kasan_bitops_generic+0x116/0x1c0 [ 29.556492] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 29.556519] ? __pfx_read_tsc+0x10/0x10 [ 29.556543] ? ktime_get_ts64+0x86/0x230 [ 29.556571] kunit_try_run_case+0x1a5/0x480 [ 29.556600] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.556624] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.556650] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.556675] ? __kthread_parkme+0x82/0x180 [ 29.556699] ? preempt_count_sub+0x50/0x80 [ 29.556725] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.556751] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.556775] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.556801] kthread+0x337/0x6f0 [ 29.556822] ? trace_preempt_on+0x20/0xc0 [ 29.556847] ? __pfx_kthread+0x10/0x10 [ 29.556870] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.556894] ? calculate_sigpending+0x7b/0xa0 [ 29.556934] ? __pfx_kthread+0x10/0x10 [ 29.556962] ret_from_fork+0x116/0x1d0 [ 29.556994] ? __pfx_kthread+0x10/0x10 [ 29.557018] ret_from_fork_asm+0x1a/0x30 [ 29.557051] </TASK> [ 29.557065] [ 29.572946] Allocated by task 290: [ 29.573832] kasan_save_stack+0x45/0x70 [ 29.574089] kasan_save_track+0x18/0x40 [ 29.574809] kasan_save_alloc_info+0x3b/0x50 [ 29.575364] __kasan_kmalloc+0xb7/0xc0 [ 29.575527] __kmalloc_cache_noprof+0x189/0x420 [ 29.575899] kasan_bitops_generic+0x92/0x1c0 [ 29.576366] kunit_try_run_case+0x1a5/0x480 [ 29.577271] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.577476] kthread+0x337/0x6f0 [ 29.577582] ret_from_fork+0x116/0x1d0 [ 29.577674] ret_from_fork_asm+0x1a/0x30 [ 29.577767] [ 29.577822] The buggy address belongs to the object at ffff888101892c20 [ 29.577822] which belongs to the cache kmalloc-16 of size 16 [ 29.578574] The buggy address is located 8 bytes inside of [ 29.578574] allocated 9-byte region [ffff888101892c20, ffff888101892c29) [ 29.580142] [ 29.580325] The buggy address belongs to the physical page: [ 29.580746] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101892 [ 29.581711] flags: 0x200000000000000(node=0|zone=2) [ 29.581980] page_type: f5(slab) [ 29.582712] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 29.583508] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.584274] page dumped because: kasan: bad access detected [ 29.584607] [ 29.585681] Memory state around the buggy address: [ 29.585964] ffff888101892b00: 00 00 fc fc 00 04 fc fc 00 04 fc fc 00 00 fc fc [ 29.586274] ffff888101892b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.586807] >ffff888101892c00: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 29.587640] ^ [ 29.587894] ffff888101892c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.588584] ffff888101892d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.589745] ================================================================== [ 29.723357] ================================================================== [ 29.723949] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 29.725443] Write of size 8 at addr ffff888101892c28 by task kunit_try_catch/290 [ 29.725885] [ 29.726033] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 29.726150] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.726176] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.726222] Call Trace: [ 29.726267] <TASK> [ 29.726312] dump_stack_lvl+0x73/0xb0 [ 29.726384] print_report+0xd1/0x650 [ 29.726575] ? __virt_addr_valid+0x1db/0x2d0 [ 29.726634] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 29.726690] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.726743] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 29.726789] kasan_report+0x141/0x180 [ 29.726836] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 29.726891] kasan_check_range+0x10c/0x1c0 [ 29.726934] __kasan_check_write+0x18/0x20 [ 29.726977] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 29.727021] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 29.727072] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.727134] ? trace_hardirqs_on+0x37/0xe0 [ 29.727180] ? kasan_bitops_generic+0x92/0x1c0 [ 29.727237] kasan_bitops_generic+0x116/0x1c0 [ 29.727289] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 29.727334] ? __pfx_read_tsc+0x10/0x10 [ 29.727373] ? ktime_get_ts64+0x86/0x230 [ 29.727422] kunit_try_run_case+0x1a5/0x480 [ 29.727474] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.727516] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.727561] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.727611] ? __kthread_parkme+0x82/0x180 [ 29.727654] ? preempt_count_sub+0x50/0x80 [ 29.727702] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.727752] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.727804] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.727848] kthread+0x337/0x6f0 [ 29.727893] ? trace_preempt_on+0x20/0xc0 [ 29.728404] ? __pfx_kthread+0x10/0x10 [ 29.728452] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.728480] ? calculate_sigpending+0x7b/0xa0 [ 29.728508] ? __pfx_kthread+0x10/0x10 [ 29.728531] ret_from_fork+0x116/0x1d0 [ 29.728555] ? __pfx_kthread+0x10/0x10 [ 29.728578] ret_from_fork_asm+0x1a/0x30 [ 29.728611] </TASK> [ 29.728625] [ 29.739840] Allocated by task 290: [ 29.741267] kasan_save_stack+0x45/0x70 [ 29.741734] kasan_save_track+0x18/0x40 [ 29.742059] kasan_save_alloc_info+0x3b/0x50 [ 29.742409] __kasan_kmalloc+0xb7/0xc0 [ 29.742737] __kmalloc_cache_noprof+0x189/0x420 [ 29.743534] kasan_bitops_generic+0x92/0x1c0 [ 29.743940] kunit_try_run_case+0x1a5/0x480 [ 29.745748] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.746603] kthread+0x337/0x6f0 [ 29.746911] ret_from_fork+0x116/0x1d0 [ 29.747323] ret_from_fork_asm+0x1a/0x30 [ 29.747602] [ 29.747717] The buggy address belongs to the object at ffff888101892c20 [ 29.747717] which belongs to the cache kmalloc-16 of size 16 [ 29.748885] The buggy address is located 8 bytes inside of [ 29.748885] allocated 9-byte region [ffff888101892c20, ffff888101892c29) [ 29.749850] [ 29.749967] The buggy address belongs to the physical page: [ 29.751481] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101892 [ 29.752165] flags: 0x200000000000000(node=0|zone=2) [ 29.752564] page_type: f5(slab) [ 29.752794] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 29.753696] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.754413] page dumped because: kasan: bad access detected [ 29.754746] [ 29.754845] Memory state around the buggy address: [ 29.755290] ffff888101892b00: 00 00 fc fc 00 04 fc fc 00 04 fc fc 00 00 fc fc [ 29.756702] ffff888101892b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.756946] >ffff888101892c00: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 29.757939] ^ [ 29.758158] ffff888101892c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.759097] ffff888101892d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.759384] ================================================================== [ 29.590673] ================================================================== [ 29.591880] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 29.592467] Write of size 8 at addr ffff888101892c28 by task kunit_try_catch/290 [ 29.592804] [ 29.592953] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 29.593059] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.593089] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.593148] Call Trace: [ 29.593190] <TASK> [ 29.593219] dump_stack_lvl+0x73/0xb0 [ 29.593265] print_report+0xd1/0x650 [ 29.593292] ? __virt_addr_valid+0x1db/0x2d0 [ 29.593325] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 29.593374] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.593404] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 29.593432] kasan_report+0x141/0x180 [ 29.593457] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 29.593489] kasan_check_range+0x10c/0x1c0 [ 29.593515] __kasan_check_write+0x18/0x20 [ 29.593541] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 29.593569] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 29.593597] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.593625] ? trace_hardirqs_on+0x37/0xe0 [ 29.593650] ? kasan_bitops_generic+0x92/0x1c0 [ 29.593679] kasan_bitops_generic+0x116/0x1c0 [ 29.593705] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 29.593732] ? __pfx_read_tsc+0x10/0x10 [ 29.593756] ? ktime_get_ts64+0x86/0x230 [ 29.593785] kunit_try_run_case+0x1a5/0x480 [ 29.593814] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.593839] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.593865] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.593890] ? __kthread_parkme+0x82/0x180 [ 29.593925] ? preempt_count_sub+0x50/0x80 [ 29.593958] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.593983] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.594010] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.594035] kthread+0x337/0x6f0 [ 29.594057] ? trace_preempt_on+0x20/0xc0 [ 29.594081] ? __pfx_kthread+0x10/0x10 [ 29.594303] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.594368] ? calculate_sigpending+0x7b/0xa0 [ 29.594409] ? __pfx_kthread+0x10/0x10 [ 29.594444] ret_from_fork+0x116/0x1d0 [ 29.594478] ? __pfx_kthread+0x10/0x10 [ 29.594511] ret_from_fork_asm+0x1a/0x30 [ 29.594562] </TASK> [ 29.594583] [ 29.607791] Allocated by task 290: [ 29.609033] kasan_save_stack+0x45/0x70 [ 29.609484] kasan_save_track+0x18/0x40 [ 29.609823] kasan_save_alloc_info+0x3b/0x50 [ 29.610739] __kasan_kmalloc+0xb7/0xc0 [ 29.610961] __kmalloc_cache_noprof+0x189/0x420 [ 29.611357] kasan_bitops_generic+0x92/0x1c0 [ 29.611575] kunit_try_run_case+0x1a5/0x480 [ 29.611911] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.612140] kthread+0x337/0x6f0 [ 29.612457] ret_from_fork+0x116/0x1d0 [ 29.612779] ret_from_fork_asm+0x1a/0x30 [ 29.613915] [ 29.614050] The buggy address belongs to the object at ffff888101892c20 [ 29.614050] which belongs to the cache kmalloc-16 of size 16 [ 29.614817] The buggy address is located 8 bytes inside of [ 29.614817] allocated 9-byte region [ffff888101892c20, ffff888101892c29) [ 29.615847] [ 29.616273] The buggy address belongs to the physical page: [ 29.616584] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101892 [ 29.617844] flags: 0x200000000000000(node=0|zone=2) [ 29.618076] page_type: f5(slab) [ 29.618385] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 29.618947] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.619412] page dumped because: kasan: bad access detected [ 29.619720] [ 29.619825] Memory state around the buggy address: [ 29.620515] ffff888101892b00: 00 00 fc fc 00 04 fc fc 00 04 fc fc 00 00 fc fc [ 29.620911] ffff888101892b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.621266] >ffff888101892c00: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 29.621772] ^ [ 29.621956] ffff888101892c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.622957] ffff888101892d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.623464] ================================================================== [ 29.658355] ================================================================== [ 29.658724] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 29.659855] Write of size 8 at addr ffff888101892c28 by task kunit_try_catch/290 [ 29.660497] [ 29.660675] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 29.660786] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.660809] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.660856] Call Trace: [ 29.660931] <TASK> [ 29.661127] dump_stack_lvl+0x73/0xb0 [ 29.661223] print_report+0xd1/0x650 [ 29.661272] ? __virt_addr_valid+0x1db/0x2d0 [ 29.661316] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 29.661347] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.661376] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 29.661404] kasan_report+0x141/0x180 [ 29.661429] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 29.661462] kasan_check_range+0x10c/0x1c0 [ 29.661488] __kasan_check_write+0x18/0x20 [ 29.661513] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 29.661541] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 29.661570] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.661596] ? trace_hardirqs_on+0x37/0xe0 [ 29.661621] ? kasan_bitops_generic+0x92/0x1c0 [ 29.661649] kasan_bitops_generic+0x116/0x1c0 [ 29.661676] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 29.661702] ? __pfx_read_tsc+0x10/0x10 [ 29.661726] ? ktime_get_ts64+0x86/0x230 [ 29.661754] kunit_try_run_case+0x1a5/0x480 [ 29.661783] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.661809] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.661835] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.661859] ? __kthread_parkme+0x82/0x180 [ 29.661883] ? preempt_count_sub+0x50/0x80 [ 29.661934] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.661976] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.662096] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.662143] kthread+0x337/0x6f0 [ 29.662166] ? trace_preempt_on+0x20/0xc0 [ 29.662193] ? __pfx_kthread+0x10/0x10 [ 29.662217] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.662240] ? calculate_sigpending+0x7b/0xa0 [ 29.662269] ? __pfx_kthread+0x10/0x10 [ 29.662292] ret_from_fork+0x116/0x1d0 [ 29.662314] ? __pfx_kthread+0x10/0x10 [ 29.662337] ret_from_fork_asm+0x1a/0x30 [ 29.662371] </TASK> [ 29.662385] [ 29.674323] Allocated by task 290: [ 29.674691] kasan_save_stack+0x45/0x70 [ 29.675590] kasan_save_track+0x18/0x40 [ 29.675917] kasan_save_alloc_info+0x3b/0x50 [ 29.676342] __kasan_kmalloc+0xb7/0xc0 [ 29.676540] __kmalloc_cache_noprof+0x189/0x420 [ 29.676744] kasan_bitops_generic+0x92/0x1c0 [ 29.676933] kunit_try_run_case+0x1a5/0x480 [ 29.677133] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.677356] kthread+0x337/0x6f0 [ 29.677663] ret_from_fork+0x116/0x1d0 [ 29.678085] ret_from_fork_asm+0x1a/0x30 [ 29.678464] [ 29.678642] The buggy address belongs to the object at ffff888101892c20 [ 29.678642] which belongs to the cache kmalloc-16 of size 16 [ 29.680517] The buggy address is located 8 bytes inside of [ 29.680517] allocated 9-byte region [ffff888101892c20, ffff888101892c29) [ 29.681421] [ 29.681605] The buggy address belongs to the physical page: [ 29.682012] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101892 [ 29.683473] flags: 0x200000000000000(node=0|zone=2) [ 29.683732] page_type: f5(slab) [ 29.684044] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 29.684438] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.684830] page dumped because: kasan: bad access detected [ 29.686432] [ 29.686604] Memory state around the buggy address: [ 29.686960] ffff888101892b00: 00 00 fc fc 00 04 fc fc 00 04 fc fc 00 00 fc fc [ 29.687900] ffff888101892b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.688623] >ffff888101892c00: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 29.689144] ^ [ 29.689436] ffff888101892c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.689851] ffff888101892d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.691006] ================================================================== [ 29.482865] ================================================================== [ 29.483607] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 29.484208] Write of size 8 at addr ffff888101892c28 by task kunit_try_catch/290 [ 29.484856] [ 29.485034] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 29.485161] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.485188] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.485233] Call Trace: [ 29.485321] <TASK> [ 29.485364] dump_stack_lvl+0x73/0xb0 [ 29.485498] print_report+0xd1/0x650 [ 29.485593] ? __virt_addr_valid+0x1db/0x2d0 [ 29.485830] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 29.485916] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.485971] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 29.486027] kasan_report+0x141/0x180 [ 29.486080] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 29.486152] kasan_check_range+0x10c/0x1c0 [ 29.486197] __kasan_check_write+0x18/0x20 [ 29.486229] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 29.486260] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 29.486289] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.486319] ? trace_hardirqs_on+0x37/0xe0 [ 29.486346] ? kasan_bitops_generic+0x92/0x1c0 [ 29.486375] kasan_bitops_generic+0x116/0x1c0 [ 29.486400] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 29.486427] ? __pfx_read_tsc+0x10/0x10 [ 29.486452] ? ktime_get_ts64+0x86/0x230 [ 29.486481] kunit_try_run_case+0x1a5/0x480 [ 29.486511] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.486535] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.486561] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.486587] ? __kthread_parkme+0x82/0x180 [ 29.486611] ? preempt_count_sub+0x50/0x80 [ 29.486638] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.486663] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.486688] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.486713] kthread+0x337/0x6f0 [ 29.486734] ? trace_preempt_on+0x20/0xc0 [ 29.486758] ? __pfx_kthread+0x10/0x10 [ 29.486780] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.486804] ? calculate_sigpending+0x7b/0xa0 [ 29.486831] ? __pfx_kthread+0x10/0x10 [ 29.486854] ret_from_fork+0x116/0x1d0 [ 29.486875] ? __pfx_kthread+0x10/0x10 [ 29.486899] ret_from_fork_asm+0x1a/0x30 [ 29.486979] </TASK> [ 29.487001] [ 29.499774] Allocated by task 290: [ 29.500488] kasan_save_stack+0x45/0x70 [ 29.500909] kasan_save_track+0x18/0x40 [ 29.501601] kasan_save_alloc_info+0x3b/0x50 [ 29.502268] __kasan_kmalloc+0xb7/0xc0 [ 29.502624] __kmalloc_cache_noprof+0x189/0x420 [ 29.503248] kasan_bitops_generic+0x92/0x1c0 [ 29.503659] kunit_try_run_case+0x1a5/0x480 [ 29.503905] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.504612] kthread+0x337/0x6f0 [ 29.504944] ret_from_fork+0x116/0x1d0 [ 29.505463] ret_from_fork_asm+0x1a/0x30 [ 29.505680] [ 29.505789] The buggy address belongs to the object at ffff888101892c20 [ 29.505789] which belongs to the cache kmalloc-16 of size 16 [ 29.506619] The buggy address is located 8 bytes inside of [ 29.506619] allocated 9-byte region [ffff888101892c20, ffff888101892c29) [ 29.507949] [ 29.508335] The buggy address belongs to the physical page: [ 29.508787] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101892 [ 29.509497] flags: 0x200000000000000(node=0|zone=2) [ 29.510031] page_type: f5(slab) [ 29.510276] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 29.510959] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.511550] page dumped because: kasan: bad access detected [ 29.512265] [ 29.512441] Memory state around the buggy address: [ 29.513330] ffff888101892b00: 00 00 fc fc 00 04 fc fc 00 04 fc fc 00 00 fc fc [ 29.513760] ffff888101892b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.514346] >ffff888101892c00: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 29.514891] ^ [ 29.515150] ffff888101892c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.515567] ffff888101892d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.516414] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 29.153672] ================================================================== [ 29.154669] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x286/0x2d0 [ 29.155477] Read of size 1 at addr ffffffffa8878ecd by task kunit_try_catch/274 [ 29.156286] [ 29.156551] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 29.156624] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.156640] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.156667] Call Trace: [ 29.156686] <TASK> [ 29.156711] dump_stack_lvl+0x73/0xb0 [ 29.156758] print_report+0xd1/0x650 [ 29.156784] ? __virt_addr_valid+0x1db/0x2d0 [ 29.156813] ? kasan_global_oob_right+0x286/0x2d0 [ 29.156837] ? kasan_addr_to_slab+0x11/0xa0 [ 29.156859] ? kasan_global_oob_right+0x286/0x2d0 [ 29.156884] kasan_report+0x141/0x180 [ 29.156914] ? kasan_global_oob_right+0x286/0x2d0 [ 29.157242] __asan_report_load1_noabort+0x18/0x20 [ 29.157388] kasan_global_oob_right+0x286/0x2d0 [ 29.157443] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 29.157499] ? __schedule+0x10cc/0x2b60 [ 29.157552] ? __pfx_read_tsc+0x10/0x10 [ 29.157594] ? ktime_get_ts64+0x86/0x230 [ 29.157634] kunit_try_run_case+0x1a5/0x480 [ 29.157664] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.157688] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.157715] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.157741] ? __kthread_parkme+0x82/0x180 [ 29.157764] ? preempt_count_sub+0x50/0x80 [ 29.157791] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.157817] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.157842] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.157868] kthread+0x337/0x6f0 [ 29.157890] ? trace_preempt_on+0x20/0xc0 [ 29.157943] ? __pfx_kthread+0x10/0x10 [ 29.157981] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.158019] ? calculate_sigpending+0x7b/0xa0 [ 29.158057] ? __pfx_kthread+0x10/0x10 [ 29.158096] ret_from_fork+0x116/0x1d0 [ 29.158140] ? __pfx_kthread+0x10/0x10 [ 29.158173] ret_from_fork_asm+0x1a/0x30 [ 29.158222] </TASK> [ 29.158237] [ 29.171030] The buggy address belongs to the variable: [ 29.172084] global_array+0xd/0x40 [ 29.172542] [ 29.172761] The buggy address belongs to the physical page: [ 29.173258] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x15a278 [ 29.174309] flags: 0x200000000002000(reserved|node=0|zone=2) [ 29.174989] raw: 0200000000002000 ffffea0005689e08 ffffea0005689e08 0000000000000000 [ 29.175596] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 29.175767] page dumped because: kasan: bad access detected [ 29.175877] [ 29.176411] Memory state around the buggy address: [ 29.176675] ffffffffa8878d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.177865] ffffffffa8878e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.178736] >ffffffffa8878e80: 00 00 00 00 00 00 00 00 00 02 f9 f9 f9 f9 f9 f9 [ 29.179340] ^ [ 29.179647] ffffffffa8878f00: 00 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 [ 29.180150] ffffffffa8878f80: 02 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 [ 29.180516] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 29.078765] ================================================================== [ 29.079827] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 29.080616] Free of addr ffff888103777801 by task kunit_try_catch/270 [ 29.081160] [ 29.081296] CPU: 1 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 29.081364] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.081379] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.081405] Call Trace: [ 29.081423] <TASK> [ 29.081448] dump_stack_lvl+0x73/0xb0 [ 29.081494] print_report+0xd1/0x650 [ 29.081520] ? __virt_addr_valid+0x1db/0x2d0 [ 29.081547] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.081574] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 29.081602] kasan_report_invalid_free+0x10a/0x130 [ 29.081628] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 29.081657] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 29.081682] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 29.081708] check_slab_allocation+0x11f/0x130 [ 29.081731] __kasan_mempool_poison_object+0x91/0x1d0 [ 29.081756] mempool_free+0x2ec/0x380 [ 29.081785] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 29.081811] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 29.081839] ? pick_eevdf+0x3c9/0x590 [ 29.081864] ? __pfx_sched_clock_cpu+0x10/0x10 [ 29.081889] ? finish_task_switch.isra.0+0x153/0x700 [ 29.081931] mempool_kmalloc_invalid_free+0xed/0x140 [ 29.081956] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 29.081985] ? __pfx_mempool_kmalloc+0x10/0x10 [ 29.082008] ? __pfx_mempool_kfree+0x10/0x10 [ 29.082033] ? __pfx_read_tsc+0x10/0x10 [ 29.082056] ? ktime_get_ts64+0x86/0x230 [ 29.082082] kunit_try_run_case+0x1a5/0x480 [ 29.082132] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.082172] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.082216] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.082262] ? __kthread_parkme+0x82/0x180 [ 29.082304] ? preempt_count_sub+0x50/0x80 [ 29.082352] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.082404] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.082441] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.082466] kthread+0x337/0x6f0 [ 29.082488] ? trace_preempt_on+0x20/0xc0 [ 29.082513] ? __pfx_kthread+0x10/0x10 [ 29.082535] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.082563] ? calculate_sigpending+0x7b/0xa0 [ 29.082605] ? __pfx_kthread+0x10/0x10 [ 29.082646] ret_from_fork+0x116/0x1d0 [ 29.082688] ? __pfx_kthread+0x10/0x10 [ 29.082731] ret_from_fork_asm+0x1a/0x30 [ 29.082798] </TASK> [ 29.082824] [ 29.098704] Allocated by task 270: [ 29.098933] kasan_save_stack+0x45/0x70 [ 29.100161] kasan_save_track+0x18/0x40 [ 29.100406] kasan_save_alloc_info+0x3b/0x50 [ 29.100636] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 29.100891] remove_element+0x11e/0x190 [ 29.101081] mempool_alloc_preallocated+0x4d/0x90 [ 29.101261] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 29.101482] mempool_kmalloc_invalid_free+0xed/0x140 [ 29.101688] kunit_try_run_case+0x1a5/0x480 [ 29.101877] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.102083] kthread+0x337/0x6f0 [ 29.102256] ret_from_fork+0x116/0x1d0 [ 29.102432] ret_from_fork_asm+0x1a/0x30 [ 29.103716] [ 29.103855] The buggy address belongs to the object at ffff888103777800 [ 29.103855] which belongs to the cache kmalloc-128 of size 128 [ 29.104343] The buggy address is located 1 bytes inside of [ 29.104343] 128-byte region [ffff888103777800, ffff888103777880) [ 29.104820] [ 29.104926] The buggy address belongs to the physical page: [ 29.105124] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103777 [ 29.106077] flags: 0x200000000000000(node=0|zone=2) [ 29.106605] page_type: f5(slab) [ 29.106892] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.107543] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.107820] page dumped because: kasan: bad access detected [ 29.108479] [ 29.108665] Memory state around the buggy address: [ 29.109202] ffff888103777700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.109788] ffff888103777780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.110429] >ffff888103777800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.110908] ^ [ 29.111073] ffff888103777880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.112726] ffff888103777900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.112974] ================================================================== [ 29.119888] ================================================================== [ 29.120894] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 29.121271] Free of addr ffff888102afc001 by task kunit_try_catch/272 [ 29.121486] [ 29.121594] CPU: 1 UID: 0 PID: 272 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 29.121658] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.121673] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.121698] Call Trace: [ 29.121716] <TASK> [ 29.121741] dump_stack_lvl+0x73/0xb0 [ 29.121778] print_report+0xd1/0x650 [ 29.121803] ? __virt_addr_valid+0x1db/0x2d0 [ 29.121830] ? kasan_addr_to_slab+0x11/0xa0 [ 29.121853] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 29.121881] kasan_report_invalid_free+0x10a/0x130 [ 29.121907] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 29.121937] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 29.121963] __kasan_mempool_poison_object+0x102/0x1d0 [ 29.121989] mempool_free+0x2ec/0x380 [ 29.122017] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 29.122044] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 29.122073] ? __pfx_sched_clock_cpu+0x10/0x10 [ 29.122113] ? finish_task_switch.isra.0+0x153/0x700 [ 29.122148] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 29.122175] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 29.122204] ? __pfx_mempool_kmalloc+0x10/0x10 [ 29.122227] ? __pfx_mempool_kfree+0x10/0x10 [ 29.122253] ? __pfx_read_tsc+0x10/0x10 [ 29.122275] ? ktime_get_ts64+0x86/0x230 [ 29.122301] kunit_try_run_case+0x1a5/0x480 [ 29.122327] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.122350] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.122375] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.122399] ? __kthread_parkme+0x82/0x180 [ 29.122421] ? preempt_count_sub+0x50/0x80 [ 29.122445] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.122469] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.122493] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.122517] kthread+0x337/0x6f0 [ 29.122539] ? trace_preempt_on+0x20/0xc0 [ 29.122563] ? __pfx_kthread+0x10/0x10 [ 29.122585] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.122607] ? calculate_sigpending+0x7b/0xa0 [ 29.122633] ? __pfx_kthread+0x10/0x10 [ 29.122656] ret_from_fork+0x116/0x1d0 [ 29.122676] ? __pfx_kthread+0x10/0x10 [ 29.122698] ret_from_fork_asm+0x1a/0x30 [ 29.122729] </TASK> [ 29.122741] [ 29.136810] The buggy address belongs to the physical page: [ 29.137293] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102afc [ 29.137731] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.138349] flags: 0x200000000000040(head|node=0|zone=2) [ 29.138696] page_type: f8(unknown) [ 29.139183] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.139587] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.139989] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.140318] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.140603] head: 0200000000000002 ffffea00040abf01 00000000ffffffff 00000000ffffffff [ 29.140878] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 29.141383] page dumped because: kasan: bad access detected [ 29.141793] [ 29.141962] Memory state around the buggy address: [ 29.142498] ffff888102afbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.142844] ffff888102afbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.143435] >ffff888102afc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.143712] ^ [ 29.143869] ffff888102afc080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.145503] ffff888102afc100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.146181] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 29.003849] ================================================================== [ 29.004830] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 29.005792] Free of addr ffff888102afc000 by task kunit_try_catch/266 [ 29.006180] [ 29.006342] CPU: 1 UID: 0 PID: 266 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 29.006461] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.006492] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.006538] Call Trace: [ 29.006560] <TASK> [ 29.006585] dump_stack_lvl+0x73/0xb0 [ 29.006632] print_report+0xd1/0x650 [ 29.006659] ? __virt_addr_valid+0x1db/0x2d0 [ 29.006703] ? kasan_addr_to_slab+0x11/0xa0 [ 29.006737] ? mempool_double_free_helper+0x184/0x370 [ 29.006764] kasan_report_invalid_free+0x10a/0x130 [ 29.006790] ? mempool_double_free_helper+0x184/0x370 [ 29.006818] ? mempool_double_free_helper+0x184/0x370 [ 29.006842] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 29.006869] mempool_free+0x2ec/0x380 [ 29.006898] mempool_double_free_helper+0x184/0x370 [ 29.006923] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 29.006950] ? __kasan_check_write+0x18/0x20 [ 29.006975] ? __pfx_sched_clock_cpu+0x10/0x10 [ 29.006999] ? finish_task_switch.isra.0+0x153/0x700 [ 29.007028] mempool_kmalloc_large_double_free+0xed/0x140 [ 29.007052] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 29.007081] ? __pfx_mempool_kmalloc+0x10/0x10 [ 29.007309] ? __pfx_mempool_kfree+0x10/0x10 [ 29.007387] ? __pfx_read_tsc+0x10/0x10 [ 29.007429] ? ktime_get_ts64+0x86/0x230 [ 29.007475] kunit_try_run_case+0x1a5/0x480 [ 29.007529] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.007578] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.007632] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.007681] ? __kthread_parkme+0x82/0x180 [ 29.007729] ? preempt_count_sub+0x50/0x80 [ 29.007783] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.007836] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.007878] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.007925] kthread+0x337/0x6f0 [ 29.007980] ? trace_preempt_on+0x20/0xc0 [ 29.008045] ? __pfx_kthread+0x10/0x10 [ 29.008084] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.008160] ? calculate_sigpending+0x7b/0xa0 [ 29.008200] ? __pfx_kthread+0x10/0x10 [ 29.008235] ret_from_fork+0x116/0x1d0 [ 29.008259] ? __pfx_kthread+0x10/0x10 [ 29.008281] ret_from_fork_asm+0x1a/0x30 [ 29.008314] </TASK> [ 29.008328] [ 29.026056] The buggy address belongs to the physical page: [ 29.026788] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102afc [ 29.027520] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.028273] flags: 0x200000000000040(head|node=0|zone=2) [ 29.028522] page_type: f8(unknown) [ 29.029218] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.030160] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.030897] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.031091] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.031379] head: 0200000000000002 ffffea00040abf01 00000000ffffffff 00000000ffffffff [ 29.032001] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 29.032447] page dumped because: kasan: bad access detected [ 29.032851] [ 29.032968] Memory state around the buggy address: [ 29.033833] ffff888102afbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.034681] ffff888102afbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.035369] >ffff888102afc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.036156] ^ [ 29.036479] ffff888102afc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.037314] ffff888102afc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.038078] ================================================================== [ 28.956163] ================================================================== [ 28.956940] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 28.957749] Free of addr ffff888103259800 by task kunit_try_catch/264 [ 28.958417] [ 28.958624] CPU: 0 UID: 0 PID: 264 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 28.958746] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.958773] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.958819] Call Trace: [ 28.958849] <TASK> [ 28.958890] dump_stack_lvl+0x73/0xb0 [ 28.959187] print_report+0xd1/0x650 [ 28.959234] ? __virt_addr_valid+0x1db/0x2d0 [ 28.959292] ? kasan_complete_mode_report_info+0x64/0x200 [ 28.959364] ? mempool_double_free_helper+0x184/0x370 [ 28.959429] kasan_report_invalid_free+0x10a/0x130 [ 28.959481] ? mempool_double_free_helper+0x184/0x370 [ 28.959536] ? mempool_double_free_helper+0x184/0x370 [ 28.959587] ? mempool_double_free_helper+0x184/0x370 [ 28.959640] check_slab_allocation+0x101/0x130 [ 28.959685] __kasan_mempool_poison_object+0x91/0x1d0 [ 28.959737] mempool_free+0x2ec/0x380 [ 28.959796] mempool_double_free_helper+0x184/0x370 [ 28.959850] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 28.959933] ? update_load_avg+0x1be/0x21b0 [ 28.960193] ? update_load_avg+0x1be/0x21b0 [ 28.960223] ? update_curr+0x80/0x810 [ 28.960246] ? __kasan_check_write+0x18/0x20 [ 28.960276] ? finish_task_switch.isra.0+0x153/0x700 [ 28.960307] mempool_kmalloc_double_free+0xed/0x140 [ 28.960334] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 28.960363] ? __pfx_mempool_kmalloc+0x10/0x10 [ 28.960388] ? __pfx_mempool_kfree+0x10/0x10 [ 28.960414] ? __pfx_read_tsc+0x10/0x10 [ 28.960441] ? ktime_get_ts64+0x86/0x230 [ 28.960469] kunit_try_run_case+0x1a5/0x480 [ 28.960499] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.960522] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.960550] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.960576] ? __kthread_parkme+0x82/0x180 [ 28.960599] ? preempt_count_sub+0x50/0x80 [ 28.960625] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.960650] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.960675] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.960703] kthread+0x337/0x6f0 [ 28.960725] ? trace_preempt_on+0x20/0xc0 [ 28.960751] ? __pfx_kthread+0x10/0x10 [ 28.960774] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.960797] ? calculate_sigpending+0x7b/0xa0 [ 28.960824] ? __pfx_kthread+0x10/0x10 [ 28.960848] ret_from_fork+0x116/0x1d0 [ 28.960870] ? __pfx_kthread+0x10/0x10 [ 28.960892] ret_from_fork_asm+0x1a/0x30 [ 28.960927] </TASK> [ 28.960941] [ 28.975937] Allocated by task 264: [ 28.976536] kasan_save_stack+0x45/0x70 [ 28.977285] kasan_save_track+0x18/0x40 [ 28.977576] kasan_save_alloc_info+0x3b/0x50 [ 28.977791] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 28.978194] remove_element+0x11e/0x190 [ 28.978403] mempool_alloc_preallocated+0x4d/0x90 [ 28.978619] mempool_double_free_helper+0x8a/0x370 [ 28.979195] mempool_kmalloc_double_free+0xed/0x140 [ 28.979696] kunit_try_run_case+0x1a5/0x480 [ 28.980242] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.980736] kthread+0x337/0x6f0 [ 28.981192] ret_from_fork+0x116/0x1d0 [ 28.981546] ret_from_fork_asm+0x1a/0x30 [ 28.981806] [ 28.981975] Freed by task 264: [ 28.982471] kasan_save_stack+0x45/0x70 [ 28.982807] kasan_save_track+0x18/0x40 [ 28.983339] kasan_save_free_info+0x3f/0x60 [ 28.983692] __kasan_mempool_poison_object+0x131/0x1d0 [ 28.984256] mempool_free+0x2ec/0x380 [ 28.984491] mempool_double_free_helper+0x109/0x370 [ 28.984714] mempool_kmalloc_double_free+0xed/0x140 [ 28.985077] kunit_try_run_case+0x1a5/0x480 [ 28.985493] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.986158] kthread+0x337/0x6f0 [ 28.986491] ret_from_fork+0x116/0x1d0 [ 28.986826] ret_from_fork_asm+0x1a/0x30 [ 28.987495] [ 28.987708] The buggy address belongs to the object at ffff888103259800 [ 28.987708] which belongs to the cache kmalloc-128 of size 128 [ 28.988677] The buggy address is located 0 bytes inside of [ 28.988677] 128-byte region [ffff888103259800, ffff888103259880) [ 28.989480] [ 28.989712] The buggy address belongs to the physical page: [ 28.990321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103259 [ 28.990985] flags: 0x200000000000000(node=0|zone=2) [ 28.991593] page_type: f5(slab) [ 28.991874] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.992396] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.992693] page dumped because: kasan: bad access detected [ 28.993274] [ 28.993467] Memory state around the buggy address: [ 28.993923] ffff888103259700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.994662] ffff888103259780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.995417] >ffff888103259800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.996150] ^ [ 28.996348] ffff888103259880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.996824] ffff888103259900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.997673] ================================================================== [ 29.045497] ================================================================== [ 29.046298] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 29.047033] Free of addr ffff888102afc000 by task kunit_try_catch/268 [ 29.048038] [ 29.048310] CPU: 1 UID: 0 PID: 268 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 29.048654] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.048683] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.048728] Call Trace: [ 29.048752] <TASK> [ 29.048777] dump_stack_lvl+0x73/0xb0 [ 29.048828] print_report+0xd1/0x650 [ 29.048856] ? __virt_addr_valid+0x1db/0x2d0 [ 29.048885] ? kasan_addr_to_slab+0x11/0xa0 [ 29.049062] ? mempool_double_free_helper+0x184/0x370 [ 29.049096] kasan_report_invalid_free+0x10a/0x130 [ 29.049147] ? mempool_double_free_helper+0x184/0x370 [ 29.049175] ? mempool_double_free_helper+0x184/0x370 [ 29.049199] __kasan_mempool_poison_pages+0x115/0x130 [ 29.049264] mempool_free+0x290/0x380 [ 29.049310] mempool_double_free_helper+0x184/0x370 [ 29.049351] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 29.049391] ? __kasan_check_write+0x18/0x20 [ 29.049429] ? __pfx_sched_clock_cpu+0x10/0x10 [ 29.049467] ? finish_task_switch.isra.0+0x153/0x700 [ 29.049512] mempool_page_alloc_double_free+0xe8/0x140 [ 29.049552] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 29.049595] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 29.049669] ? __pfx_mempool_free_pages+0x10/0x10 [ 29.049715] ? __pfx_read_tsc+0x10/0x10 [ 29.049741] ? ktime_get_ts64+0x86/0x230 [ 29.049770] kunit_try_run_case+0x1a5/0x480 [ 29.049799] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.049823] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.049849] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.049873] ? __kthread_parkme+0x82/0x180 [ 29.049897] ? preempt_count_sub+0x50/0x80 [ 29.049945] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.050003] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.050043] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.050082] kthread+0x337/0x6f0 [ 29.050131] ? trace_preempt_on+0x20/0xc0 [ 29.050161] ? __pfx_kthread+0x10/0x10 [ 29.050184] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.050206] ? calculate_sigpending+0x7b/0xa0 [ 29.050232] ? __pfx_kthread+0x10/0x10 [ 29.050254] ret_from_fork+0x116/0x1d0 [ 29.050277] ? __pfx_kthread+0x10/0x10 [ 29.050299] ret_from_fork_asm+0x1a/0x30 [ 29.050331] </TASK> [ 29.050345] [ 29.065816] The buggy address belongs to the physical page: [ 29.066375] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102afc [ 29.066942] flags: 0x200000000000000(node=0|zone=2) [ 29.067202] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 29.067426] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 29.067657] page dumped because: kasan: bad access detected [ 29.067844] [ 29.067927] Memory state around the buggy address: [ 29.068152] ffff888102afbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.068535] ffff888102afbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.069079] >ffff888102afc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.069655] ^ [ 29.069975] ffff888102afc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.070660] ffff888102afc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.071294] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 28.909500] ================================================================== [ 28.910259] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 28.911608] Read of size 1 at addr ffff888102afc000 by task kunit_try_catch/262 [ 28.911888] [ 28.912201] CPU: 1 UID: 0 PID: 262 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 28.912314] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.912341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.912432] Call Trace: [ 28.912463] <TASK> [ 28.912512] dump_stack_lvl+0x73/0xb0 [ 28.912591] print_report+0xd1/0x650 [ 28.912958] ? __virt_addr_valid+0x1db/0x2d0 [ 28.913083] ? mempool_uaf_helper+0x392/0x400 [ 28.913141] ? kasan_addr_to_slab+0x11/0xa0 [ 28.913180] ? mempool_uaf_helper+0x392/0x400 [ 28.913220] kasan_report+0x141/0x180 [ 28.913256] ? mempool_uaf_helper+0x392/0x400 [ 28.913290] __asan_report_load1_noabort+0x18/0x20 [ 28.913317] mempool_uaf_helper+0x392/0x400 [ 28.913342] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 28.913366] ? __kasan_check_write+0x18/0x20 [ 28.913391] ? __pfx_sched_clock_cpu+0x10/0x10 [ 28.913416] ? finish_task_switch.isra.0+0x153/0x700 [ 28.913444] mempool_page_alloc_uaf+0xed/0x140 [ 28.913469] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 28.913497] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 28.913523] ? __pfx_mempool_free_pages+0x10/0x10 [ 28.913550] ? __pfx_read_tsc+0x10/0x10 [ 28.913574] ? ktime_get_ts64+0x86/0x230 [ 28.913601] kunit_try_run_case+0x1a5/0x480 [ 28.913629] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.913652] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.913678] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.913701] ? __kthread_parkme+0x82/0x180 [ 28.913725] ? preempt_count_sub+0x50/0x80 [ 28.913749] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.913773] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.913798] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.913823] kthread+0x337/0x6f0 [ 28.913844] ? trace_preempt_on+0x20/0xc0 [ 28.913869] ? __pfx_kthread+0x10/0x10 [ 28.913891] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.914202] ? calculate_sigpending+0x7b/0xa0 [ 28.914253] ? __pfx_kthread+0x10/0x10 [ 28.914292] ret_from_fork+0x116/0x1d0 [ 28.914316] ? __pfx_kthread+0x10/0x10 [ 28.914338] ret_from_fork_asm+0x1a/0x30 [ 28.914373] </TASK> [ 28.914386] [ 28.933363] The buggy address belongs to the physical page: [ 28.933895] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102afc [ 28.935161] flags: 0x200000000000000(node=0|zone=2) [ 28.935618] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 28.936550] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 28.937402] page dumped because: kasan: bad access detected [ 28.937780] [ 28.938514] Memory state around the buggy address: [ 28.938831] ffff888102afbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.939717] ffff888102afbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.940161] >ffff888102afc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.941152] ^ [ 28.941732] ffff888102afc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.942627] ffff888102afc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.943000] ================================================================== [ 28.792721] ================================================================== [ 28.793283] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 28.793731] Read of size 1 at addr ffff888102afc000 by task kunit_try_catch/258 [ 28.794414] [ 28.794617] CPU: 1 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 28.794728] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.794758] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.794810] Call Trace: [ 28.794839] <TASK> [ 28.794880] dump_stack_lvl+0x73/0xb0 [ 28.795080] print_report+0xd1/0x650 [ 28.795155] ? __virt_addr_valid+0x1db/0x2d0 [ 28.795184] ? mempool_uaf_helper+0x392/0x400 [ 28.795209] ? kasan_addr_to_slab+0x11/0xa0 [ 28.795232] ? mempool_uaf_helper+0x392/0x400 [ 28.795256] kasan_report+0x141/0x180 [ 28.795280] ? mempool_uaf_helper+0x392/0x400 [ 28.795307] __asan_report_load1_noabort+0x18/0x20 [ 28.795335] mempool_uaf_helper+0x392/0x400 [ 28.795359] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 28.795385] ? __pfx_sched_clock_cpu+0x10/0x10 [ 28.795411] ? finish_task_switch.isra.0+0x153/0x700 [ 28.795439] mempool_kmalloc_large_uaf+0xef/0x140 [ 28.795463] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 28.795490] ? __pfx_mempool_kmalloc+0x10/0x10 [ 28.795515] ? __pfx_mempool_kfree+0x10/0x10 [ 28.795541] ? __pfx_read_tsc+0x10/0x10 [ 28.795564] ? ktime_get_ts64+0x86/0x230 [ 28.795591] kunit_try_run_case+0x1a5/0x480 [ 28.795618] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.795641] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.795667] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.795692] ? __kthread_parkme+0x82/0x180 [ 28.795714] ? preempt_count_sub+0x50/0x80 [ 28.795739] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.795764] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.795788] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.795812] kthread+0x337/0x6f0 [ 28.795834] ? trace_preempt_on+0x20/0xc0 [ 28.795858] ? __pfx_kthread+0x10/0x10 [ 28.795881] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.795920] ? calculate_sigpending+0x7b/0xa0 [ 28.795955] ? __pfx_kthread+0x10/0x10 [ 28.797014] ret_from_fork+0x116/0x1d0 [ 28.797087] ? __pfx_kthread+0x10/0x10 [ 28.797133] ret_from_fork_asm+0x1a/0x30 [ 28.797169] </TASK> [ 28.797183] [ 28.809306] The buggy address belongs to the physical page: [ 28.809591] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102afc [ 28.809936] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.810691] flags: 0x200000000000040(head|node=0|zone=2) [ 28.812501] page_type: f8(unknown) [ 28.812742] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.813263] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 28.813431] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.813576] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 28.813718] head: 0200000000000002 ffffea00040abf01 00000000ffffffff 00000000ffffffff [ 28.813858] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 28.814272] page dumped because: kasan: bad access detected [ 28.814832] [ 28.815092] Memory state around the buggy address: [ 28.815599] ffff888102afbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.816174] ffff888102afbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.816582] >ffff888102afc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.816849] ^ [ 28.817572] ffff888102afc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.818394] ffff888102afc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.819018] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 28.753836] ================================================================== [ 28.755082] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 28.755674] Read of size 1 at addr ffff888103777400 by task kunit_try_catch/256 [ 28.756321] [ 28.756583] CPU: 1 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 28.756701] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.756732] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.756778] Call Trace: [ 28.756799] <TASK> [ 28.756833] dump_stack_lvl+0x73/0xb0 [ 28.756892] print_report+0xd1/0x650 [ 28.756950] ? __virt_addr_valid+0x1db/0x2d0 [ 28.756991] ? mempool_uaf_helper+0x392/0x400 [ 28.757035] ? kasan_complete_mode_report_info+0x64/0x200 [ 28.757086] ? mempool_uaf_helper+0x392/0x400 [ 28.757201] kasan_report+0x141/0x180 [ 28.757249] ? mempool_uaf_helper+0x392/0x400 [ 28.757294] __asan_report_load1_noabort+0x18/0x20 [ 28.757338] mempool_uaf_helper+0x392/0x400 [ 28.757388] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 28.757436] ? __pfx_sched_clock_cpu+0x10/0x10 [ 28.757488] ? finish_task_switch.isra.0+0x153/0x700 [ 28.757567] mempool_kmalloc_uaf+0xef/0x140 [ 28.757615] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 28.757670] ? __pfx_mempool_kmalloc+0x10/0x10 [ 28.757713] ? __pfx_mempool_kfree+0x10/0x10 [ 28.757743] ? __pfx_read_tsc+0x10/0x10 [ 28.757767] ? ktime_get_ts64+0x86/0x230 [ 28.757795] kunit_try_run_case+0x1a5/0x480 [ 28.757825] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.757856] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.757927] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.757978] ? __kthread_parkme+0x82/0x180 [ 28.758021] ? preempt_count_sub+0x50/0x80 [ 28.758097] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.758156] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.758207] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.758252] kthread+0x337/0x6f0 [ 28.758294] ? trace_preempt_on+0x20/0xc0 [ 28.758362] ? __pfx_kthread+0x10/0x10 [ 28.758408] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.758453] ? calculate_sigpending+0x7b/0xa0 [ 28.758499] ? __pfx_kthread+0x10/0x10 [ 28.758541] ret_from_fork+0x116/0x1d0 [ 28.758577] ? __pfx_kthread+0x10/0x10 [ 28.758603] ret_from_fork_asm+0x1a/0x30 [ 28.758635] </TASK> [ 28.758648] [ 28.768510] Allocated by task 256: [ 28.768746] kasan_save_stack+0x45/0x70 [ 28.769018] kasan_save_track+0x18/0x40 [ 28.769206] kasan_save_alloc_info+0x3b/0x50 [ 28.769487] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 28.769929] remove_element+0x11e/0x190 [ 28.770278] mempool_alloc_preallocated+0x4d/0x90 [ 28.770675] mempool_uaf_helper+0x96/0x400 [ 28.770924] mempool_kmalloc_uaf+0xef/0x140 [ 28.771252] kunit_try_run_case+0x1a5/0x480 [ 28.771532] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.771794] kthread+0x337/0x6f0 [ 28.772086] ret_from_fork+0x116/0x1d0 [ 28.772286] ret_from_fork_asm+0x1a/0x30 [ 28.772470] [ 28.772570] Freed by task 256: [ 28.772721] kasan_save_stack+0x45/0x70 [ 28.772928] kasan_save_track+0x18/0x40 [ 28.773114] kasan_save_free_info+0x3f/0x60 [ 28.773302] __kasan_mempool_poison_object+0x131/0x1d0 [ 28.773727] mempool_free+0x2ec/0x380 [ 28.774088] mempool_uaf_helper+0x11a/0x400 [ 28.774460] mempool_kmalloc_uaf+0xef/0x140 [ 28.774817] kunit_try_run_case+0x1a5/0x480 [ 28.775204] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.775655] kthread+0x337/0x6f0 [ 28.775983] ret_from_fork+0x116/0x1d0 [ 28.776334] ret_from_fork_asm+0x1a/0x30 [ 28.776673] [ 28.776848] The buggy address belongs to the object at ffff888103777400 [ 28.776848] which belongs to the cache kmalloc-128 of size 128 [ 28.777635] The buggy address is located 0 bytes inside of [ 28.777635] freed 128-byte region [ffff888103777400, ffff888103777480) [ 28.778060] [ 28.778177] The buggy address belongs to the physical page: [ 28.778390] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103777 [ 28.778828] flags: 0x200000000000000(node=0|zone=2) [ 28.779296] page_type: f5(slab) [ 28.779608] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.780235] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.780806] page dumped because: kasan: bad access detected [ 28.781263] [ 28.781427] Memory state around the buggy address: [ 28.781683] ffff888103777300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.781983] ffff888103777380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.782442] >ffff888103777400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.782989] ^ [ 28.783309] ffff888103777480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.783629] ffff888103777500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.783891] ================================================================== [ 28.827938] ================================================================== [ 28.828589] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 28.829219] Read of size 1 at addr ffff8881024da240 by task kunit_try_catch/260 [ 28.829724] [ 28.829895] CPU: 1 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 28.829984] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.830000] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.830026] Call Trace: [ 28.830044] <TASK> [ 28.830072] dump_stack_lvl+0x73/0xb0 [ 28.830248] print_report+0xd1/0x650 [ 28.830309] ? __virt_addr_valid+0x1db/0x2d0 [ 28.830356] ? mempool_uaf_helper+0x392/0x400 [ 28.830394] ? kasan_complete_mode_report_info+0x64/0x200 [ 28.830449] ? mempool_uaf_helper+0x392/0x400 [ 28.830496] kasan_report+0x141/0x180 [ 28.830542] ? mempool_uaf_helper+0x392/0x400 [ 28.830601] __asan_report_load1_noabort+0x18/0x20 [ 28.830656] mempool_uaf_helper+0x392/0x400 [ 28.830707] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 28.830764] ? __pfx_sched_clock_cpu+0x10/0x10 [ 28.830816] ? finish_task_switch.isra.0+0x153/0x700 [ 28.830870] mempool_slab_uaf+0xea/0x140 [ 28.830913] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 28.831019] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 28.831126] ? __pfx_mempool_free_slab+0x10/0x10 [ 28.831210] ? __pfx_read_tsc+0x10/0x10 [ 28.831255] ? ktime_get_ts64+0x86/0x230 [ 28.831312] kunit_try_run_case+0x1a5/0x480 [ 28.831369] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.831417] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.831453] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.831478] ? __kthread_parkme+0x82/0x180 [ 28.831500] ? preempt_count_sub+0x50/0x80 [ 28.831526] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.831550] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.831576] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.831599] kthread+0x337/0x6f0 [ 28.831620] ? trace_preempt_on+0x20/0xc0 [ 28.831645] ? __pfx_kthread+0x10/0x10 [ 28.831666] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.831689] ? calculate_sigpending+0x7b/0xa0 [ 28.831715] ? __pfx_kthread+0x10/0x10 [ 28.831738] ret_from_fork+0x116/0x1d0 [ 28.831758] ? __pfx_kthread+0x10/0x10 [ 28.831780] ret_from_fork_asm+0x1a/0x30 [ 28.831812] </TASK> [ 28.831825] [ 28.846024] Allocated by task 260: [ 28.848463] kasan_save_stack+0x45/0x70 [ 28.848736] kasan_save_track+0x18/0x40 [ 28.849188] kasan_save_alloc_info+0x3b/0x50 [ 28.849418] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 28.849768] remove_element+0x11e/0x190 [ 28.850222] mempool_alloc_preallocated+0x4d/0x90 [ 28.850456] mempool_uaf_helper+0x96/0x400 [ 28.850627] mempool_slab_uaf+0xea/0x140 [ 28.851052] kunit_try_run_case+0x1a5/0x480 [ 28.851280] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.851806] kthread+0x337/0x6f0 [ 28.852336] ret_from_fork+0x116/0x1d0 [ 28.852522] ret_from_fork_asm+0x1a/0x30 [ 28.852848] [ 28.853004] Freed by task 260: [ 28.853285] kasan_save_stack+0x45/0x70 [ 28.853503] kasan_save_track+0x18/0x40 [ 28.853769] kasan_save_free_info+0x3f/0x60 [ 28.854787] __kasan_mempool_poison_object+0x131/0x1d0 [ 28.855223] mempool_free+0x2ec/0x380 [ 28.855411] mempool_uaf_helper+0x11a/0x400 [ 28.855583] mempool_slab_uaf+0xea/0x140 [ 28.856501] kunit_try_run_case+0x1a5/0x480 [ 28.856912] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.857341] kthread+0x337/0x6f0 [ 28.857632] ret_from_fork+0x116/0x1d0 [ 28.857863] ret_from_fork_asm+0x1a/0x30 [ 28.858209] [ 28.858321] The buggy address belongs to the object at ffff8881024da240 [ 28.858321] which belongs to the cache test_cache of size 123 [ 28.859556] The buggy address is located 0 bytes inside of [ 28.859556] freed 123-byte region [ffff8881024da240, ffff8881024da2bb) [ 28.859993] [ 28.860158] The buggy address belongs to the physical page: [ 28.860595] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024da [ 28.861474] flags: 0x200000000000000(node=0|zone=2) [ 28.861775] page_type: f5(slab) [ 28.861933] raw: 0200000000000000 ffff88810376a280 dead000000000122 0000000000000000 [ 28.862650] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 28.863202] page dumped because: kasan: bad access detected [ 28.863674] [ 28.863861] Memory state around the buggy address: [ 28.864324] ffff8881024da100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.864648] ffff8881024da180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.865469] >ffff8881024da200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 28.866087] ^ [ 28.866793] ffff8881024da280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.867207] ffff8881024da300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.867858] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 28.708483] ================================================================== [ 28.709014] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 28.709687] Read of size 1 at addr ffff88810326a2bb by task kunit_try_catch/254 [ 28.710333] [ 28.710496] CPU: 0 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 28.710611] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.710627] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.710657] Call Trace: [ 28.710677] <TASK> [ 28.710702] dump_stack_lvl+0x73/0xb0 [ 28.710762] print_report+0xd1/0x650 [ 28.710801] ? __virt_addr_valid+0x1db/0x2d0 [ 28.710845] ? mempool_oob_right_helper+0x318/0x380 [ 28.710890] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.710960] ? mempool_oob_right_helper+0x318/0x380 [ 28.711160] kasan_report+0x141/0x180 [ 28.711210] ? mempool_oob_right_helper+0x318/0x380 [ 28.711271] __asan_report_load1_noabort+0x18/0x20 [ 28.711325] mempool_oob_right_helper+0x318/0x380 [ 28.711378] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 28.711409] ? update_load_avg+0x1be/0x21b0 [ 28.711443] ? finish_task_switch.isra.0+0x153/0x700 [ 28.711474] mempool_slab_oob_right+0xed/0x140 [ 28.711501] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 28.711543] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 28.711584] ? __pfx_mempool_free_slab+0x10/0x10 [ 28.711625] ? __pfx_read_tsc+0x10/0x10 [ 28.711664] ? ktime_get_ts64+0x86/0x230 [ 28.711706] kunit_try_run_case+0x1a5/0x480 [ 28.711753] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.711799] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.711848] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.711899] ? __kthread_parkme+0x82/0x180 [ 28.711984] ? preempt_count_sub+0x50/0x80 [ 28.712038] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.712089] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.712175] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.712231] kthread+0x337/0x6f0 [ 28.712276] ? trace_preempt_on+0x20/0xc0 [ 28.712318] ? __pfx_kthread+0x10/0x10 [ 28.712352] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.712388] ? calculate_sigpending+0x7b/0xa0 [ 28.712427] ? __pfx_kthread+0x10/0x10 [ 28.712463] ret_from_fork+0x116/0x1d0 [ 28.712495] ? __pfx_kthread+0x10/0x10 [ 28.712520] ret_from_fork_asm+0x1a/0x30 [ 28.712556] </TASK> [ 28.712570] [ 28.722958] Allocated by task 254: [ 28.723530] kasan_save_stack+0x45/0x70 [ 28.723888] kasan_save_track+0x18/0x40 [ 28.724310] kasan_save_alloc_info+0x3b/0x50 [ 28.724660] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 28.725287] remove_element+0x11e/0x190 [ 28.725639] mempool_alloc_preallocated+0x4d/0x90 [ 28.726220] mempool_oob_right_helper+0x8a/0x380 [ 28.726513] mempool_slab_oob_right+0xed/0x140 [ 28.726724] kunit_try_run_case+0x1a5/0x480 [ 28.726914] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.727431] kthread+0x337/0x6f0 [ 28.727687] ret_from_fork+0x116/0x1d0 [ 28.728023] ret_from_fork_asm+0x1a/0x30 [ 28.728378] [ 28.728508] The buggy address belongs to the object at ffff88810326a240 [ 28.728508] which belongs to the cache test_cache of size 123 [ 28.728928] The buggy address is located 0 bytes to the right of [ 28.728928] allocated 123-byte region [ffff88810326a240, ffff88810326a2bb) [ 28.729743] [ 28.729906] The buggy address belongs to the physical page: [ 28.730588] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10326a [ 28.731066] flags: 0x200000000000000(node=0|zone=2) [ 28.731524] page_type: f5(slab) [ 28.731713] raw: 0200000000000000 ffff888103267000 dead000000000122 0000000000000000 [ 28.732064] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 28.732703] page dumped because: kasan: bad access detected [ 28.733350] [ 28.733487] Memory state around the buggy address: [ 28.733694] ffff88810326a180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.733939] ffff88810326a200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 28.734330] >ffff88810326a280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 28.734856] ^ [ 28.735594] ffff88810326a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.736349] ffff88810326a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.736873] ================================================================== [ 28.632960] ================================================================== [ 28.633553] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 28.634201] Read of size 1 at addr ffff888103259473 by task kunit_try_catch/250 [ 28.634452] [ 28.634599] CPU: 0 UID: 0 PID: 250 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 28.634703] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.634728] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.634769] Call Trace: [ 28.634800] <TASK> [ 28.634842] dump_stack_lvl+0x73/0xb0 [ 28.634932] print_report+0xd1/0x650 [ 28.634975] ? __virt_addr_valid+0x1db/0x2d0 [ 28.635022] ? mempool_oob_right_helper+0x318/0x380 [ 28.635063] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.635126] ? mempool_oob_right_helper+0x318/0x380 [ 28.635175] kasan_report+0x141/0x180 [ 28.635223] ? mempool_oob_right_helper+0x318/0x380 [ 28.635282] __asan_report_load1_noabort+0x18/0x20 [ 28.635328] mempool_oob_right_helper+0x318/0x380 [ 28.635372] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 28.635419] ? __kasan_check_write+0x18/0x20 [ 28.635466] ? __pfx_sched_clock_cpu+0x10/0x10 [ 28.635519] ? finish_task_switch.isra.0+0x153/0x700 [ 28.635580] mempool_kmalloc_oob_right+0xf2/0x150 [ 28.635635] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 28.635692] ? __pfx_mempool_kmalloc+0x10/0x10 [ 28.635942] ? __pfx_mempool_kfree+0x10/0x10 [ 28.636529] ? __pfx_read_tsc+0x10/0x10 [ 28.636588] ? ktime_get_ts64+0x86/0x230 [ 28.636649] kunit_try_run_case+0x1a5/0x480 [ 28.636701] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.636741] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.636770] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.636796] ? __kthread_parkme+0x82/0x180 [ 28.636821] ? preempt_count_sub+0x50/0x80 [ 28.636848] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.636873] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.636919] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.636966] kthread+0x337/0x6f0 [ 28.637130] ? trace_preempt_on+0x20/0xc0 [ 28.637163] ? __pfx_kthread+0x10/0x10 [ 28.637186] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.637209] ? calculate_sigpending+0x7b/0xa0 [ 28.637238] ? __pfx_kthread+0x10/0x10 [ 28.637262] ret_from_fork+0x116/0x1d0 [ 28.637284] ? __pfx_kthread+0x10/0x10 [ 28.637307] ret_from_fork_asm+0x1a/0x30 [ 28.637342] </TASK> [ 28.637356] [ 28.649521] Allocated by task 250: [ 28.649832] kasan_save_stack+0x45/0x70 [ 28.650060] kasan_save_track+0x18/0x40 [ 28.650574] kasan_save_alloc_info+0x3b/0x50 [ 28.650924] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 28.651216] remove_element+0x11e/0x190 [ 28.651408] mempool_alloc_preallocated+0x4d/0x90 [ 28.651746] mempool_oob_right_helper+0x8a/0x380 [ 28.652068] mempool_kmalloc_oob_right+0xf2/0x150 [ 28.652564] kunit_try_run_case+0x1a5/0x480 [ 28.652792] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.653014] kthread+0x337/0x6f0 [ 28.653820] ret_from_fork+0x116/0x1d0 [ 28.654375] ret_from_fork_asm+0x1a/0x30 [ 28.654705] [ 28.654857] The buggy address belongs to the object at ffff888103259400 [ 28.654857] which belongs to the cache kmalloc-128 of size 128 [ 28.655472] The buggy address is located 0 bytes to the right of [ 28.655472] allocated 115-byte region [ffff888103259400, ffff888103259473) [ 28.656283] [ 28.656530] The buggy address belongs to the physical page: [ 28.656750] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103259 [ 28.657054] flags: 0x200000000000000(node=0|zone=2) [ 28.657317] page_type: f5(slab) [ 28.657633] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.658749] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.659586] page dumped because: kasan: bad access detected [ 28.659819] [ 28.659916] Memory state around the buggy address: [ 28.660140] ffff888103259300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.660419] ffff888103259380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.660860] >ffff888103259400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 28.661424] ^ [ 28.662865] ffff888103259480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.663650] ffff888103259500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 28.664198] ================================================================== [ 28.671842] ================================================================== [ 28.672603] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 28.673163] Read of size 1 at addr ffff888102afe001 by task kunit_try_catch/252 [ 28.673667] [ 28.673854] CPU: 1 UID: 0 PID: 252 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 28.673961] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.673989] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.674038] Call Trace: [ 28.674067] <TASK> [ 28.674120] dump_stack_lvl+0x73/0xb0 [ 28.674193] print_report+0xd1/0x650 [ 28.674237] ? __virt_addr_valid+0x1db/0x2d0 [ 28.674281] ? mempool_oob_right_helper+0x318/0x380 [ 28.674325] ? kasan_addr_to_slab+0x11/0xa0 [ 28.674364] ? mempool_oob_right_helper+0x318/0x380 [ 28.674411] kasan_report+0x141/0x180 [ 28.674458] ? mempool_oob_right_helper+0x318/0x380 [ 28.674518] __asan_report_load1_noabort+0x18/0x20 [ 28.674573] mempool_oob_right_helper+0x318/0x380 [ 28.674624] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 28.674674] ? __kasan_check_write+0x18/0x20 [ 28.674721] ? __pfx_sched_clock_cpu+0x10/0x10 [ 28.674770] ? finish_task_switch.isra.0+0x153/0x700 [ 28.674819] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 28.674862] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 28.674915] ? __pfx_mempool_kmalloc+0x10/0x10 [ 28.674967] ? __pfx_mempool_kfree+0x10/0x10 [ 28.675019] ? __pfx_read_tsc+0x10/0x10 [ 28.675064] ? ktime_get_ts64+0x86/0x230 [ 28.675155] kunit_try_run_case+0x1a5/0x480 [ 28.675215] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.675264] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.675318] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.675372] ? __kthread_parkme+0x82/0x180 [ 28.675420] ? preempt_count_sub+0x50/0x80 [ 28.675471] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.675515] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.675565] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.675626] kthread+0x337/0x6f0 [ 28.675662] ? trace_preempt_on+0x20/0xc0 [ 28.675702] ? __pfx_kthread+0x10/0x10 [ 28.675736] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.675776] ? calculate_sigpending+0x7b/0xa0 [ 28.675822] ? __pfx_kthread+0x10/0x10 [ 28.675865] ret_from_fork+0x116/0x1d0 [ 28.675936] ? __pfx_kthread+0x10/0x10 [ 28.676005] ret_from_fork_asm+0x1a/0x30 [ 28.676078] </TASK> [ 28.676142] [ 28.691758] The buggy address belongs to the physical page: [ 28.692929] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102afc [ 28.693529] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.694035] flags: 0x200000000000040(head|node=0|zone=2) [ 28.694465] page_type: f8(unknown) [ 28.694700] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.695056] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 28.696174] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.696348] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 28.696491] head: 0200000000000002 ffffea00040abf01 00000000ffffffff 00000000ffffffff [ 28.696631] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 28.696766] page dumped because: kasan: bad access detected [ 28.696871] [ 28.697054] Memory state around the buggy address: [ 28.697479] ffff888102afdf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.698437] ffff888102afdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.698657] >ffff888102afe000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.698795] ^ [ 28.698874] ffff888102afe080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.699116] ffff888102afe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.699541] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 28.041887] ================================================================== [ 28.042972] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x1bf/0x380 [ 28.043643] Read of size 1 at addr ffff888101981c80 by task kunit_try_catch/244 [ 28.044035] [ 28.044276] CPU: 0 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 28.044390] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.044420] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.044471] Call Trace: [ 28.044507] <TASK> [ 28.044549] dump_stack_lvl+0x73/0xb0 [ 28.044618] print_report+0xd1/0x650 [ 28.044663] ? __virt_addr_valid+0x1db/0x2d0 [ 28.044707] ? kmem_cache_double_destroy+0x1bf/0x380 [ 28.044749] ? kasan_complete_mode_report_info+0x64/0x200 [ 28.044800] ? kmem_cache_double_destroy+0x1bf/0x380 [ 28.044851] kasan_report+0x141/0x180 [ 28.044939] ? kmem_cache_double_destroy+0x1bf/0x380 [ 28.045009] ? kmem_cache_double_destroy+0x1bf/0x380 [ 28.045065] __kasan_check_byte+0x3d/0x50 [ 28.045117] kmem_cache_destroy+0x25/0x1d0 [ 28.045165] kmem_cache_double_destroy+0x1bf/0x380 [ 28.045214] ? __pfx_kmem_cache_double_destroy+0x10/0x10 [ 28.045261] ? finish_task_switch.isra.0+0x153/0x700 [ 28.045308] ? __switch_to+0x47/0xf50 [ 28.045362] ? __pfx_read_tsc+0x10/0x10 [ 28.045411] ? ktime_get_ts64+0x86/0x230 [ 28.045468] kunit_try_run_case+0x1a5/0x480 [ 28.045516] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.045561] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.045606] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.045654] ? __kthread_parkme+0x82/0x180 [ 28.045699] ? preempt_count_sub+0x50/0x80 [ 28.045750] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.045796] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.045841] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.045883] kthread+0x337/0x6f0 [ 28.045965] ? trace_preempt_on+0x20/0xc0 [ 28.046020] ? __pfx_kthread+0x10/0x10 [ 28.046069] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.046127] ? calculate_sigpending+0x7b/0xa0 [ 28.046269] ? __pfx_kthread+0x10/0x10 [ 28.046298] ret_from_fork+0x116/0x1d0 [ 28.046328] ? __pfx_kthread+0x10/0x10 [ 28.046356] ret_from_fork_asm+0x1a/0x30 [ 28.046391] </TASK> [ 28.046405] [ 28.056505] Allocated by task 244: [ 28.056951] kasan_save_stack+0x45/0x70 [ 28.057381] kasan_save_track+0x18/0x40 [ 28.057743] kasan_save_alloc_info+0x3b/0x50 [ 28.058170] __kasan_slab_alloc+0x91/0xa0 [ 28.058509] kmem_cache_alloc_noprof+0x123/0x3f0 [ 28.058736] __kmem_cache_create_args+0x169/0x240 [ 28.058998] kmem_cache_double_destroy+0xd5/0x380 [ 28.059400] kunit_try_run_case+0x1a5/0x480 [ 28.059784] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.060299] kthread+0x337/0x6f0 [ 28.060548] ret_from_fork+0x116/0x1d0 [ 28.060775] ret_from_fork_asm+0x1a/0x30 [ 28.061018] [ 28.061188] Freed by task 244: [ 28.061477] kasan_save_stack+0x45/0x70 [ 28.061767] kasan_save_track+0x18/0x40 [ 28.062083] kasan_save_free_info+0x3f/0x60 [ 28.062363] __kasan_slab_free+0x56/0x70 [ 28.062643] kmem_cache_free+0x249/0x420 [ 28.062840] slab_kmem_cache_release+0x2e/0x40 [ 28.063219] kmem_cache_release+0x16/0x20 [ 28.063419] kobject_put+0x181/0x450 [ 28.063716] sysfs_slab_release+0x16/0x20 [ 28.064117] kmem_cache_destroy+0xf0/0x1d0 [ 28.064404] kmem_cache_double_destroy+0x14e/0x380 [ 28.064793] kunit_try_run_case+0x1a5/0x480 [ 28.065084] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.065541] kthread+0x337/0x6f0 [ 28.065747] ret_from_fork+0x116/0x1d0 [ 28.065998] ret_from_fork_asm+0x1a/0x30 [ 28.066352] [ 28.066532] The buggy address belongs to the object at ffff888101981c80 [ 28.066532] which belongs to the cache kmem_cache of size 208 [ 28.067277] The buggy address is located 0 bytes inside of [ 28.067277] freed 208-byte region [ffff888101981c80, ffff888101981d50) [ 28.067722] [ 28.067835] The buggy address belongs to the physical page: [ 28.068116] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101981 [ 28.068757] flags: 0x200000000000000(node=0|zone=2) [ 28.069230] page_type: f5(slab) [ 28.069540] raw: 0200000000000000 ffff888100041000 dead000000000122 0000000000000000 [ 28.072465] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 28.073124] page dumped because: kasan: bad access detected [ 28.073589] [ 28.073763] Memory state around the buggy address: [ 28.074164] ffff888101981b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.074484] ffff888101981c00: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.075087] >ffff888101981c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.075423] ^ [ 28.075720] ffff888101981d00: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 28.076186] ffff888101981d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.076466] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 27.974504] ================================================================== [ 27.975156] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x3e3/0x510 [ 27.975483] Read of size 1 at addr ffff888103264000 by task kunit_try_catch/242 [ 27.976238] [ 27.976533] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 27.976657] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.976685] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.976740] Call Trace: [ 27.976780] <TASK> [ 27.976821] dump_stack_lvl+0x73/0xb0 [ 27.976910] print_report+0xd1/0x650 [ 27.976979] ? __virt_addr_valid+0x1db/0x2d0 [ 27.977029] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 27.977072] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.977131] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 27.977175] kasan_report+0x141/0x180 [ 27.977221] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 27.977273] __asan_report_load1_noabort+0x18/0x20 [ 27.977326] kmem_cache_rcu_uaf+0x3e3/0x510 [ 27.977373] ? __pfx_kmem_cache_rcu_uaf+0x10/0x10 [ 27.977416] ? finish_task_switch.isra.0+0x153/0x700 [ 27.977458] ? __switch_to+0x47/0xf50 [ 27.977509] ? __pfx_read_tsc+0x10/0x10 [ 27.977571] ? ktime_get_ts64+0x86/0x230 [ 27.977627] kunit_try_run_case+0x1a5/0x480 [ 27.977687] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.977735] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.977790] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.977841] ? __kthread_parkme+0x82/0x180 [ 27.977893] ? preempt_count_sub+0x50/0x80 [ 27.977946] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.978019] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.978047] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.978073] kthread+0x337/0x6f0 [ 27.978096] ? trace_preempt_on+0x20/0xc0 [ 27.978147] ? __pfx_kthread+0x10/0x10 [ 27.978171] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.978194] ? calculate_sigpending+0x7b/0xa0 [ 27.978222] ? __pfx_kthread+0x10/0x10 [ 27.978246] ret_from_fork+0x116/0x1d0 [ 27.978268] ? __pfx_kthread+0x10/0x10 [ 27.978292] ret_from_fork_asm+0x1a/0x30 [ 27.978327] </TASK> [ 27.978342] [ 27.987339] Allocated by task 242: [ 27.987570] kasan_save_stack+0x45/0x70 [ 27.987801] kasan_save_track+0x18/0x40 [ 27.987980] kasan_save_alloc_info+0x3b/0x50 [ 27.988321] __kasan_slab_alloc+0x91/0xa0 [ 27.988690] kmem_cache_alloc_noprof+0x123/0x3f0 [ 27.989206] kmem_cache_rcu_uaf+0x155/0x510 [ 27.989583] kunit_try_run_case+0x1a5/0x480 [ 27.990007] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.990432] kthread+0x337/0x6f0 [ 27.990679] ret_from_fork+0x116/0x1d0 [ 27.990871] ret_from_fork_asm+0x1a/0x30 [ 27.991224] [ 27.991387] Freed by task 0: [ 27.991631] kasan_save_stack+0x45/0x70 [ 27.991818] kasan_save_track+0x18/0x40 [ 27.992204] kasan_save_free_info+0x3f/0x60 [ 27.992484] __kasan_slab_free+0x56/0x70 [ 27.992750] slab_free_after_rcu_debug+0xe4/0x310 [ 27.993214] rcu_core+0x66f/0x1c40 [ 27.993400] rcu_core_si+0x12/0x20 [ 27.993688] handle_softirqs+0x209/0x730 [ 27.993898] __irq_exit_rcu+0xc9/0x110 [ 27.994252] irq_exit_rcu+0x12/0x20 [ 27.994439] sysvec_apic_timer_interrupt+0x81/0x90 [ 27.994751] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 27.995219] [ 27.995392] Last potentially related work creation: [ 27.995726] kasan_save_stack+0x45/0x70 [ 27.997144] kasan_record_aux_stack+0xb2/0xc0 [ 27.997465] kmem_cache_free+0x131/0x420 [ 27.997699] kmem_cache_rcu_uaf+0x194/0x510 [ 27.998076] kunit_try_run_case+0x1a5/0x480 [ 27.998287] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.998520] kthread+0x337/0x6f0 [ 27.998691] ret_from_fork+0x116/0x1d0 [ 27.998872] ret_from_fork_asm+0x1a/0x30 [ 28.000487] [ 28.001149] The buggy address belongs to the object at ffff888103264000 [ 28.001149] which belongs to the cache test_cache of size 200 [ 28.002433] The buggy address is located 0 bytes inside of [ 28.002433] freed 200-byte region [ffff888103264000, ffff8881032640c8) [ 28.003436] [ 28.003610] The buggy address belongs to the physical page: [ 28.004013] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103264 [ 28.004524] flags: 0x200000000000000(node=0|zone=2) [ 28.004952] page_type: f5(slab) [ 28.005269] raw: 0200000000000000 ffff888101981b40 dead000000000122 0000000000000000 [ 28.005703] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 28.006159] page dumped because: kasan: bad access detected [ 28.006379] [ 28.006478] Memory state around the buggy address: [ 28.006745] ffff888103263f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.007261] ffff888103263f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.007641] >ffff888103264000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.007885] ^ [ 28.008176] ffff888103264080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 28.008674] ffff888103264100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.009139] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 27.896642] ================================================================== [ 27.897278] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 27.898276] Free of addr ffff88810376d001 by task kunit_try_catch/240 [ 27.898840] [ 27.899204] CPU: 1 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 27.899373] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.899439] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.899502] Call Trace: [ 27.899539] <TASK> [ 27.899581] dump_stack_lvl+0x73/0xb0 [ 27.899662] print_report+0xd1/0x650 [ 27.899770] ? __virt_addr_valid+0x1db/0x2d0 [ 27.899862] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.899928] ? kmem_cache_invalid_free+0x1d8/0x460 [ 27.899982] kasan_report_invalid_free+0x10a/0x130 [ 27.900028] ? kmem_cache_invalid_free+0x1d8/0x460 [ 27.900076] ? kmem_cache_invalid_free+0x1d8/0x460 [ 27.900143] check_slab_allocation+0x11f/0x130 [ 27.900189] __kasan_slab_pre_free+0x28/0x40 [ 27.900235] kmem_cache_free+0xed/0x420 [ 27.900283] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 27.900329] ? kmem_cache_invalid_free+0x1d8/0x460 [ 27.900385] kmem_cache_invalid_free+0x1d8/0x460 [ 27.900467] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 27.900534] ? finish_task_switch.isra.0+0x153/0x700 [ 27.900588] ? __switch_to+0x47/0xf50 [ 27.900645] ? __pfx_read_tsc+0x10/0x10 [ 27.900670] ? ktime_get_ts64+0x86/0x230 [ 27.900698] kunit_try_run_case+0x1a5/0x480 [ 27.900727] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.900751] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.900776] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.900800] ? __kthread_parkme+0x82/0x180 [ 27.900823] ? preempt_count_sub+0x50/0x80 [ 27.900847] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.900871] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.900895] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.900934] kthread+0x337/0x6f0 [ 27.900961] ? trace_preempt_on+0x20/0xc0 [ 27.900987] ? __pfx_kthread+0x10/0x10 [ 27.901008] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.901031] ? calculate_sigpending+0x7b/0xa0 [ 27.901056] ? __pfx_kthread+0x10/0x10 [ 27.901078] ret_from_fork+0x116/0x1d0 [ 27.901114] ? __pfx_kthread+0x10/0x10 [ 27.901143] ret_from_fork_asm+0x1a/0x30 [ 27.901176] </TASK> [ 27.901189] [ 27.914096] Allocated by task 240: [ 27.914544] kasan_save_stack+0x45/0x70 [ 27.914993] kasan_save_track+0x18/0x40 [ 27.915371] kasan_save_alloc_info+0x3b/0x50 [ 27.915831] __kasan_slab_alloc+0x91/0xa0 [ 27.916301] kmem_cache_alloc_noprof+0x123/0x3f0 [ 27.916770] kmem_cache_invalid_free+0x157/0x460 [ 27.917259] kunit_try_run_case+0x1a5/0x480 [ 27.917690] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.918246] kthread+0x337/0x6f0 [ 27.918622] ret_from_fork+0x116/0x1d0 [ 27.919053] ret_from_fork_asm+0x1a/0x30 [ 27.919407] [ 27.919517] The buggy address belongs to the object at ffff88810376d000 [ 27.919517] which belongs to the cache test_cache of size 200 [ 27.919765] The buggy address is located 1 bytes inside of [ 27.919765] 200-byte region [ffff88810376d000, ffff88810376d0c8) [ 27.920410] [ 27.920683] The buggy address belongs to the physical page: [ 27.921289] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10376d [ 27.921986] flags: 0x200000000000000(node=0|zone=2) [ 27.922474] page_type: f5(slab) [ 27.922809] raw: 0200000000000000 ffff88810376a000 dead000000000122 0000000000000000 [ 27.923205] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 27.923734] page dumped because: kasan: bad access detected [ 27.924250] [ 27.924473] Memory state around the buggy address: [ 27.924793] ffff88810376cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.925321] ffff88810376cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.925969] >ffff88810376d000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.926594] ^ [ 27.926838] ffff88810376d080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 27.927354] ffff88810376d100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.927525] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 27.844709] ================================================================== [ 27.846184] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 27.846724] Free of addr ffff88810376a000 by task kunit_try_catch/238 [ 27.847560] [ 27.847957] CPU: 1 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 27.848056] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.848072] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.852578] Call Trace: [ 27.852642] <TASK> [ 27.852671] dump_stack_lvl+0x73/0xb0 [ 27.852737] print_report+0xd1/0x650 [ 27.852764] ? __virt_addr_valid+0x1db/0x2d0 [ 27.852792] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.852819] ? kmem_cache_double_free+0x1e5/0x480 [ 27.852857] kasan_report_invalid_free+0x10a/0x130 [ 27.852884] ? kmem_cache_double_free+0x1e5/0x480 [ 27.852935] ? kmem_cache_double_free+0x1e5/0x480 [ 27.852962] check_slab_allocation+0x101/0x130 [ 27.853012] __kasan_slab_pre_free+0x28/0x40 [ 27.853035] kmem_cache_free+0xed/0x420 [ 27.853058] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 27.853080] ? kmem_cache_double_free+0x1e5/0x480 [ 27.853118] kmem_cache_double_free+0x1e5/0x480 [ 27.853146] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 27.853170] ? finish_task_switch.isra.0+0x153/0x700 [ 27.853195] ? __switch_to+0x47/0xf50 [ 27.853225] ? __pfx_read_tsc+0x10/0x10 [ 27.853249] ? ktime_get_ts64+0x86/0x230 [ 27.853276] kunit_try_run_case+0x1a5/0x480 [ 27.853306] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.853329] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.853354] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.853379] ? __kthread_parkme+0x82/0x180 [ 27.853402] ? preempt_count_sub+0x50/0x80 [ 27.853426] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.853451] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.853474] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.853498] kthread+0x337/0x6f0 [ 27.853519] ? trace_preempt_on+0x20/0xc0 [ 27.853544] ? __pfx_kthread+0x10/0x10 [ 27.853566] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.853588] ? calculate_sigpending+0x7b/0xa0 [ 27.853614] ? __pfx_kthread+0x10/0x10 [ 27.853637] ret_from_fork+0x116/0x1d0 [ 27.853658] ? __pfx_kthread+0x10/0x10 [ 27.853679] ret_from_fork_asm+0x1a/0x30 [ 27.853712] </TASK> [ 27.853725] [ 27.864067] Allocated by task 238: [ 27.864511] kasan_save_stack+0x45/0x70 [ 27.864861] kasan_save_track+0x18/0x40 [ 27.865233] kasan_save_alloc_info+0x3b/0x50 [ 27.865360] __kasan_slab_alloc+0x91/0xa0 [ 27.865761] kmem_cache_alloc_noprof+0x123/0x3f0 [ 27.865978] kmem_cache_double_free+0x14f/0x480 [ 27.866268] kunit_try_run_case+0x1a5/0x480 [ 27.866789] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.867044] kthread+0x337/0x6f0 [ 27.867153] ret_from_fork+0x116/0x1d0 [ 27.867478] ret_from_fork_asm+0x1a/0x30 [ 27.867609] [ 27.867682] Freed by task 238: [ 27.867769] kasan_save_stack+0x45/0x70 [ 27.867873] kasan_save_track+0x18/0x40 [ 27.867970] kasan_save_free_info+0x3f/0x60 [ 27.868075] __kasan_slab_free+0x56/0x70 [ 27.868493] kmem_cache_free+0x249/0x420 [ 27.868721] kmem_cache_double_free+0x16a/0x480 [ 27.869005] kunit_try_run_case+0x1a5/0x480 [ 27.869436] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.869894] kthread+0x337/0x6f0 [ 27.870263] ret_from_fork+0x116/0x1d0 [ 27.870496] ret_from_fork_asm+0x1a/0x30 [ 27.870713] [ 27.870817] The buggy address belongs to the object at ffff88810376a000 [ 27.870817] which belongs to the cache test_cache of size 200 [ 27.871650] The buggy address is located 0 bytes inside of [ 27.871650] 200-byte region [ffff88810376a000, ffff88810376a0c8) [ 27.872422] [ 27.872583] The buggy address belongs to the physical page: [ 27.872850] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10376a [ 27.873164] flags: 0x200000000000000(node=0|zone=2) [ 27.873311] page_type: f5(slab) [ 27.873526] raw: 0200000000000000 ffff888101274dc0 dead000000000122 0000000000000000 [ 27.873795] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 27.874119] page dumped because: kasan: bad access detected [ 27.874276] [ 27.874335] Memory state around the buggy address: [ 27.874651] ffff888103769f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.875217] ffff888103769f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.875668] >ffff88810376a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.876262] ^ [ 27.876371] ffff88810376a080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 27.876642] ffff88810376a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.876997] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 27.792212] ================================================================== [ 27.792699] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 27.793251] Read of size 1 at addr ffff8881032620c8 by task kunit_try_catch/236 [ 27.793837] [ 27.794118] CPU: 0 UID: 0 PID: 236 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 27.794303] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.794329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.794370] Call Trace: [ 27.794403] <TASK> [ 27.794442] dump_stack_lvl+0x73/0xb0 [ 27.794521] print_report+0xd1/0x650 [ 27.794575] ? __virt_addr_valid+0x1db/0x2d0 [ 27.794674] ? kmem_cache_oob+0x402/0x530 [ 27.794720] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.794786] ? kmem_cache_oob+0x402/0x530 [ 27.794831] kasan_report+0x141/0x180 [ 27.794915] ? kmem_cache_oob+0x402/0x530 [ 27.794992] __asan_report_load1_noabort+0x18/0x20 [ 27.795040] kmem_cache_oob+0x402/0x530 [ 27.795074] ? trace_hardirqs_on+0x37/0xe0 [ 27.795133] ? __pfx_kmem_cache_oob+0x10/0x10 [ 27.795180] ? finish_task_switch.isra.0+0x153/0x700 [ 27.795230] ? __switch_to+0x47/0xf50 [ 27.795288] ? __pfx_read_tsc+0x10/0x10 [ 27.795325] ? ktime_get_ts64+0x86/0x230 [ 27.795375] kunit_try_run_case+0x1a5/0x480 [ 27.795425] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.795634] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.795740] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.795793] ? __kthread_parkme+0x82/0x180 [ 27.795858] ? preempt_count_sub+0x50/0x80 [ 27.795904] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.795946] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.796071] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.796130] kthread+0x337/0x6f0 [ 27.796156] ? trace_preempt_on+0x20/0xc0 [ 27.796182] ? __pfx_kthread+0x10/0x10 [ 27.796205] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.796229] ? calculate_sigpending+0x7b/0xa0 [ 27.796255] ? __pfx_kthread+0x10/0x10 [ 27.796279] ret_from_fork+0x116/0x1d0 [ 27.796301] ? __pfx_kthread+0x10/0x10 [ 27.796323] ret_from_fork_asm+0x1a/0x30 [ 27.796356] </TASK> [ 27.796370] [ 27.808456] Allocated by task 236: [ 27.808856] kasan_save_stack+0x45/0x70 [ 27.809322] kasan_save_track+0x18/0x40 [ 27.809597] kasan_save_alloc_info+0x3b/0x50 [ 27.809795] __kasan_slab_alloc+0x91/0xa0 [ 27.810923] kmem_cache_alloc_noprof+0x123/0x3f0 [ 27.811209] kmem_cache_oob+0x157/0x530 [ 27.811399] kunit_try_run_case+0x1a5/0x480 [ 27.811749] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.812462] kthread+0x337/0x6f0 [ 27.812835] ret_from_fork+0x116/0x1d0 [ 27.813293] ret_from_fork_asm+0x1a/0x30 [ 27.813681] [ 27.813859] The buggy address belongs to the object at ffff888103262000 [ 27.813859] which belongs to the cache test_cache of size 200 [ 27.814592] The buggy address is located 0 bytes to the right of [ 27.814592] allocated 200-byte region [ffff888103262000, ffff8881032620c8) [ 27.815040] [ 27.815374] The buggy address belongs to the physical page: [ 27.816119] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103262 [ 27.816771] flags: 0x200000000000000(node=0|zone=2) [ 27.817296] page_type: f5(slab) [ 27.817595] raw: 0200000000000000 ffff888101981a00 dead000000000122 0000000000000000 [ 27.818359] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 27.818976] page dumped because: kasan: bad access detected [ 27.819318] [ 27.819421] Memory state around the buggy address: [ 27.819625] ffff888103261f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.819958] ffff888103262000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.820724] >ffff888103262080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 27.821547] ^ [ 27.822088] ffff888103262100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.822734] ffff888103262180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.823240] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 27.735617] ================================================================== [ 27.736738] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x4d6/0x560 [ 27.737124] Read of size 8 at addr ffff88810325e500 by task kunit_try_catch/229 [ 27.737628] [ 27.737865] CPU: 0 UID: 0 PID: 229 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 27.737968] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.737992] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.738032] Call Trace: [ 27.738061] <TASK> [ 27.738115] dump_stack_lvl+0x73/0xb0 [ 27.738194] print_report+0xd1/0x650 [ 27.738246] ? __virt_addr_valid+0x1db/0x2d0 [ 27.738303] ? workqueue_uaf+0x4d6/0x560 [ 27.738340] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.738388] ? workqueue_uaf+0x4d6/0x560 [ 27.738430] kasan_report+0x141/0x180 [ 27.738518] ? workqueue_uaf+0x4d6/0x560 [ 27.738574] __asan_report_load8_noabort+0x18/0x20 [ 27.738640] workqueue_uaf+0x4d6/0x560 [ 27.738683] ? __pfx_workqueue_uaf+0x10/0x10 [ 27.738722] ? __schedule+0x10cc/0x2b60 [ 27.738761] ? __pfx_read_tsc+0x10/0x10 [ 27.738798] ? ktime_get_ts64+0x86/0x230 [ 27.738843] kunit_try_run_case+0x1a5/0x480 [ 27.738891] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.738948] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.739004] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.739047] ? __kthread_parkme+0x82/0x180 [ 27.739089] ? preempt_count_sub+0x50/0x80 [ 27.739153] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.739228] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.739274] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.739317] kthread+0x337/0x6f0 [ 27.739356] ? trace_preempt_on+0x20/0xc0 [ 27.739409] ? __pfx_kthread+0x10/0x10 [ 27.739455] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.739501] ? calculate_sigpending+0x7b/0xa0 [ 27.739554] ? __pfx_kthread+0x10/0x10 [ 27.739598] ret_from_fork+0x116/0x1d0 [ 27.739638] ? __pfx_kthread+0x10/0x10 [ 27.739679] ret_from_fork_asm+0x1a/0x30 [ 27.739765] </TASK> [ 27.739789] [ 27.749878] Allocated by task 229: [ 27.750485] kasan_save_stack+0x45/0x70 [ 27.750871] kasan_save_track+0x18/0x40 [ 27.751461] kasan_save_alloc_info+0x3b/0x50 [ 27.751862] __kasan_kmalloc+0xb7/0xc0 [ 27.752311] __kmalloc_cache_noprof+0x189/0x420 [ 27.752712] workqueue_uaf+0x152/0x560 [ 27.752957] kunit_try_run_case+0x1a5/0x480 [ 27.753413] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.753702] kthread+0x337/0x6f0 [ 27.753888] ret_from_fork+0x116/0x1d0 [ 27.754310] ret_from_fork_asm+0x1a/0x30 [ 27.754675] [ 27.754841] Freed by task 9: [ 27.755259] kasan_save_stack+0x45/0x70 [ 27.755497] kasan_save_track+0x18/0x40 [ 27.755807] kasan_save_free_info+0x3f/0x60 [ 27.756155] __kasan_slab_free+0x56/0x70 [ 27.756681] kfree+0x222/0x3f0 [ 27.756903] workqueue_uaf_work+0x12/0x20 [ 27.757247] process_one_work+0x5ee/0xf60 [ 27.757617] worker_thread+0x758/0x1220 [ 27.758013] kthread+0x337/0x6f0 [ 27.758316] ret_from_fork+0x116/0x1d0 [ 27.758770] ret_from_fork_asm+0x1a/0x30 [ 27.759302] [ 27.759452] Last potentially related work creation: [ 27.759643] kasan_save_stack+0x45/0x70 [ 27.759830] kasan_record_aux_stack+0xb2/0xc0 [ 27.760173] __queue_work+0x61a/0xe70 [ 27.760534] queue_work_on+0xb6/0xc0 [ 27.760955] workqueue_uaf+0x26d/0x560 [ 27.761297] kunit_try_run_case+0x1a5/0x480 [ 27.761770] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.762574] kthread+0x337/0x6f0 [ 27.762899] ret_from_fork+0x116/0x1d0 [ 27.763118] ret_from_fork_asm+0x1a/0x30 [ 27.763339] [ 27.763448] The buggy address belongs to the object at ffff88810325e500 [ 27.763448] which belongs to the cache kmalloc-32 of size 32 [ 27.763965] The buggy address is located 0 bytes inside of [ 27.763965] freed 32-byte region [ffff88810325e500, ffff88810325e520) [ 27.765181] [ 27.765380] The buggy address belongs to the physical page: [ 27.765821] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10325e [ 27.766480] flags: 0x200000000000000(node=0|zone=2) [ 27.766809] page_type: f5(slab) [ 27.767200] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.767577] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 27.767853] page dumped because: kasan: bad access detected [ 27.768058] [ 27.768173] Memory state around the buggy address: [ 27.768380] ffff88810325e400: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 27.768643] ffff88810325e480: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.768900] >ffff88810325e500: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 27.769359] ^ [ 27.769684] ffff88810325e580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.770278] ffff88810325e600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.770893] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 27.637214] ================================================================== [ 27.638071] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x50/0x60 [ 27.638454] Read of size 4 at addr ffff888103775240 by task swapper/1/0 [ 27.638738] [ 27.638898] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 27.638960] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.638974] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.638999] Call Trace: [ 27.639037] <IRQ> [ 27.639210] dump_stack_lvl+0x73/0xb0 [ 27.639287] print_report+0xd1/0x650 [ 27.639316] ? __virt_addr_valid+0x1db/0x2d0 [ 27.639343] ? rcu_uaf_reclaim+0x50/0x60 [ 27.639365] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.639391] ? rcu_uaf_reclaim+0x50/0x60 [ 27.639413] kasan_report+0x141/0x180 [ 27.639436] ? rcu_uaf_reclaim+0x50/0x60 [ 27.639461] __asan_report_load4_noabort+0x18/0x20 [ 27.639486] rcu_uaf_reclaim+0x50/0x60 [ 27.639508] rcu_core+0x66f/0x1c40 [ 27.639539] ? __pfx_rcu_core+0x10/0x10 [ 27.639562] ? ktime_get+0x6b/0x150 [ 27.639586] ? handle_softirqs+0x18e/0x730 [ 27.639613] rcu_core_si+0x12/0x20 [ 27.639635] handle_softirqs+0x209/0x730 [ 27.639656] ? hrtimer_interrupt+0x2fe/0x780 [ 27.639680] ? __pfx_handle_softirqs+0x10/0x10 [ 27.639707] __irq_exit_rcu+0xc9/0x110 [ 27.639729] irq_exit_rcu+0x12/0x20 [ 27.639803] sysvec_apic_timer_interrupt+0x81/0x90 [ 27.639835] </IRQ> [ 27.639893] <TASK> [ 27.639917] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 27.640035] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 27.640373] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 63 e8 1e 00 fb f4 <c3> cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 27.640473] RSP: 0000:ffff888100877dc8 EFLAGS: 00010206 [ 27.640582] RAX: ffff8881b295f000 RBX: ffff888100853000 RCX: ffffffffa629d285 [ 27.640634] RDX: ffffed102b626193 RSI: 0000000000000004 RDI: 000000000001b8f4 [ 27.640681] RBP: ffff888100877dd0 R08: 0000000000000001 R09: ffffed102b626192 [ 27.640728] R10: ffff88815b130c93 R11: 0000000000059c00 R12: 0000000000000001 [ 27.640775] R13: ffffed102010a600 R14: ffffffffa7fc1b90 R15: 0000000000000000 [ 27.640842] ? ct_kernel_exit.constprop.0+0xa5/0xd0 [ 27.640907] ? default_idle+0xd/0x20 [ 27.640935] arch_cpu_idle+0xd/0x20 [ 27.641001] default_idle_call+0x48/0x80 [ 27.641028] do_idle+0x379/0x4f0 [ 27.641058] ? __pfx_do_idle+0x10/0x10 [ 27.641080] ? _raw_spin_unlock_irqrestore+0x49/0x90 [ 27.641126] ? complete+0x15b/0x1d0 [ 27.641153] cpu_startup_entry+0x5c/0x70 [ 27.641179] start_secondary+0x211/0x290 [ 27.641204] ? __pfx_start_secondary+0x10/0x10 [ 27.641232] common_startup_64+0x13e/0x148 [ 27.641266] </TASK> [ 27.641279] [ 27.685560] Allocated by task 227: [ 27.687419] kasan_save_stack+0x45/0x70 [ 27.687758] kasan_save_track+0x18/0x40 [ 27.687986] kasan_save_alloc_info+0x3b/0x50 [ 27.692232] __kasan_kmalloc+0xb7/0xc0 [ 27.692573] __kmalloc_cache_noprof+0x189/0x420 [ 27.692797] rcu_uaf+0xb0/0x330 [ 27.694542] kunit_try_run_case+0x1a5/0x480 [ 27.696369] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.697132] kthread+0x337/0x6f0 [ 27.697637] ret_from_fork+0x116/0x1d0 [ 27.698194] ret_from_fork_asm+0x1a/0x30 [ 27.700267] [ 27.700809] Freed by task 0: [ 27.704549] kasan_save_stack+0x45/0x70 [ 27.705326] kasan_save_track+0x18/0x40 [ 27.705727] kasan_save_free_info+0x3f/0x60 [ 27.706251] __kasan_slab_free+0x56/0x70 [ 27.706560] kfree+0x222/0x3f0 [ 27.706888] rcu_uaf_reclaim+0x1f/0x60 [ 27.707538] rcu_core+0x66f/0x1c40 [ 27.707817] rcu_core_si+0x12/0x20 [ 27.708299] handle_softirqs+0x209/0x730 [ 27.708717] __irq_exit_rcu+0xc9/0x110 [ 27.709191] irq_exit_rcu+0x12/0x20 [ 27.709530] sysvec_apic_timer_interrupt+0x81/0x90 [ 27.710330] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 27.710802] [ 27.711045] Last potentially related work creation: [ 27.712355] kasan_save_stack+0x45/0x70 [ 27.712825] kasan_record_aux_stack+0xb2/0xc0 [ 27.713174] __call_rcu_common.constprop.0+0x7b/0x9e0 [ 27.713645] call_rcu+0x12/0x20 [ 27.713937] rcu_uaf+0x168/0x330 [ 27.714287] kunit_try_run_case+0x1a5/0x480 [ 27.714676] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.714944] kthread+0x337/0x6f0 [ 27.715235] ret_from_fork+0x116/0x1d0 [ 27.715592] ret_from_fork_asm+0x1a/0x30 [ 27.716189] [ 27.716391] The buggy address belongs to the object at ffff888103775240 [ 27.716391] which belongs to the cache kmalloc-32 of size 32 [ 27.717090] The buggy address is located 0 bytes inside of [ 27.717090] freed 32-byte region [ffff888103775240, ffff888103775260) [ 27.717933] [ 27.718194] The buggy address belongs to the physical page: [ 27.718693] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103775 [ 27.719145] flags: 0x200000000000000(node=0|zone=2) [ 27.719601] page_type: f5(slab) [ 27.719819] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.720616] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 27.721401] page dumped because: kasan: bad access detected [ 27.721877] [ 27.722090] Memory state around the buggy address: [ 27.722447] ffff888103775100: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.722838] ffff888103775180: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.723175] >ffff888103775200: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.723708] ^ [ 27.724289] ffff888103775280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.724733] ffff888103775300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.725207] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 27.554263] ================================================================== [ 27.555649] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5fe/0x6c0 [ 27.555982] Read of size 1 at addr ffff888103777100 by task kunit_try_catch/225 [ 27.556571] [ 27.556787] CPU: 1 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 27.556899] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.556925] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.556971] Call Trace: [ 27.557013] <TASK> [ 27.557051] dump_stack_lvl+0x73/0xb0 [ 27.557134] print_report+0xd1/0x650 [ 27.557181] ? __virt_addr_valid+0x1db/0x2d0 [ 27.557233] ? ksize_uaf+0x5fe/0x6c0 [ 27.557278] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.557332] ? ksize_uaf+0x5fe/0x6c0 [ 27.557377] kasan_report+0x141/0x180 [ 27.557421] ? ksize_uaf+0x5fe/0x6c0 [ 27.557465] __asan_report_load1_noabort+0x18/0x20 [ 27.557510] ksize_uaf+0x5fe/0x6c0 [ 27.557551] ? __pfx_ksize_uaf+0x10/0x10 [ 27.557589] ? __schedule+0x10cc/0x2b60 [ 27.557628] ? __pfx_read_tsc+0x10/0x10 [ 27.557669] ? ktime_get_ts64+0x86/0x230 [ 27.557713] kunit_try_run_case+0x1a5/0x480 [ 27.557761] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.557804] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.557849] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.557892] ? __kthread_parkme+0x82/0x180 [ 27.557958] ? preempt_count_sub+0x50/0x80 [ 27.558005] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.558048] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.558095] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.558156] kthread+0x337/0x6f0 [ 27.558193] ? trace_preempt_on+0x20/0xc0 [ 27.558220] ? __pfx_kthread+0x10/0x10 [ 27.558242] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.558265] ? calculate_sigpending+0x7b/0xa0 [ 27.558291] ? __pfx_kthread+0x10/0x10 [ 27.558314] ret_from_fork+0x116/0x1d0 [ 27.558338] ? __pfx_kthread+0x10/0x10 [ 27.558360] ret_from_fork_asm+0x1a/0x30 [ 27.558395] </TASK> [ 27.558408] [ 27.567141] Allocated by task 225: [ 27.567548] kasan_save_stack+0x45/0x70 [ 27.567963] kasan_save_track+0x18/0x40 [ 27.568320] kasan_save_alloc_info+0x3b/0x50 [ 27.568679] __kasan_kmalloc+0xb7/0xc0 [ 27.568879] __kmalloc_cache_noprof+0x189/0x420 [ 27.569282] ksize_uaf+0xaa/0x6c0 [ 27.569525] kunit_try_run_case+0x1a5/0x480 [ 27.569821] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.571012] kthread+0x337/0x6f0 [ 27.571256] ret_from_fork+0x116/0x1d0 [ 27.571472] ret_from_fork_asm+0x1a/0x30 [ 27.573156] [ 27.573363] Freed by task 225: [ 27.573668] kasan_save_stack+0x45/0x70 [ 27.574161] kasan_save_track+0x18/0x40 [ 27.574880] kasan_save_free_info+0x3f/0x60 [ 27.575071] __kasan_slab_free+0x56/0x70 [ 27.575195] kfree+0x222/0x3f0 [ 27.575279] ksize_uaf+0x12c/0x6c0 [ 27.575368] kunit_try_run_case+0x1a5/0x480 [ 27.575462] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.575569] kthread+0x337/0x6f0 [ 27.575647] ret_from_fork+0x116/0x1d0 [ 27.575731] ret_from_fork_asm+0x1a/0x30 [ 27.575820] [ 27.575871] The buggy address belongs to the object at ffff888103777100 [ 27.575871] which belongs to the cache kmalloc-128 of size 128 [ 27.576162] The buggy address is located 0 bytes inside of [ 27.576162] freed 128-byte region [ffff888103777100, ffff888103777180) [ 27.576717] [ 27.576837] The buggy address belongs to the physical page: [ 27.578495] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103777 [ 27.578837] flags: 0x200000000000000(node=0|zone=2) [ 27.579700] page_type: f5(slab) [ 27.579899] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.580326] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.580671] page dumped because: kasan: bad access detected [ 27.581090] [ 27.581211] Memory state around the buggy address: [ 27.581454] ffff888103777000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.581782] ffff888103777080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.582781] >ffff888103777100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.583193] ^ [ 27.583689] ffff888103777180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.583928] ffff888103777200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.584671] ================================================================== [ 27.586082] ================================================================== [ 27.587353] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5e4/0x6c0 [ 27.588210] Read of size 1 at addr ffff888103777178 by task kunit_try_catch/225 [ 27.589359] [ 27.589724] CPU: 1 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 27.589856] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.589885] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.589932] Call Trace: [ 27.589977] <TASK> [ 27.590016] dump_stack_lvl+0x73/0xb0 [ 27.590066] print_report+0xd1/0x650 [ 27.590091] ? __virt_addr_valid+0x1db/0x2d0 [ 27.590143] ? ksize_uaf+0x5e4/0x6c0 [ 27.590165] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.590192] ? ksize_uaf+0x5e4/0x6c0 [ 27.590214] kasan_report+0x141/0x180 [ 27.590237] ? ksize_uaf+0x5e4/0x6c0 [ 27.590262] __asan_report_load1_noabort+0x18/0x20 [ 27.590287] ksize_uaf+0x5e4/0x6c0 [ 27.590308] ? __pfx_ksize_uaf+0x10/0x10 [ 27.590330] ? __schedule+0x10cc/0x2b60 [ 27.590354] ? __pfx_read_tsc+0x10/0x10 [ 27.590376] ? ktime_get_ts64+0x86/0x230 [ 27.590404] kunit_try_run_case+0x1a5/0x480 [ 27.590430] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.590453] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.590477] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.590500] ? __kthread_parkme+0x82/0x180 [ 27.590522] ? preempt_count_sub+0x50/0x80 [ 27.590546] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.590570] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.590593] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.590616] kthread+0x337/0x6f0 [ 27.590636] ? trace_preempt_on+0x20/0xc0 [ 27.590660] ? __pfx_kthread+0x10/0x10 [ 27.590682] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.590703] ? calculate_sigpending+0x7b/0xa0 [ 27.590728] ? __pfx_kthread+0x10/0x10 [ 27.590750] ret_from_fork+0x116/0x1d0 [ 27.590770] ? __pfx_kthread+0x10/0x10 [ 27.590791] ret_from_fork_asm+0x1a/0x30 [ 27.590823] </TASK> [ 27.590835] [ 27.603118] Allocated by task 225: [ 27.604040] kasan_save_stack+0x45/0x70 [ 27.604348] kasan_save_track+0x18/0x40 [ 27.604645] kasan_save_alloc_info+0x3b/0x50 [ 27.605074] __kasan_kmalloc+0xb7/0xc0 [ 27.605647] __kmalloc_cache_noprof+0x189/0x420 [ 27.605823] ksize_uaf+0xaa/0x6c0 [ 27.606339] kunit_try_run_case+0x1a5/0x480 [ 27.606567] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.607318] kthread+0x337/0x6f0 [ 27.607614] ret_from_fork+0x116/0x1d0 [ 27.608127] ret_from_fork_asm+0x1a/0x30 [ 27.608349] [ 27.608463] Freed by task 225: [ 27.608779] kasan_save_stack+0x45/0x70 [ 27.609278] kasan_save_track+0x18/0x40 [ 27.609432] kasan_save_free_info+0x3f/0x60 [ 27.609754] __kasan_slab_free+0x56/0x70 [ 27.610193] kfree+0x222/0x3f0 [ 27.610715] ksize_uaf+0x12c/0x6c0 [ 27.610869] kunit_try_run_case+0x1a5/0x480 [ 27.611241] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.611951] kthread+0x337/0x6f0 [ 27.612238] ret_from_fork+0x116/0x1d0 [ 27.612759] ret_from_fork_asm+0x1a/0x30 [ 27.613116] [ 27.613215] The buggy address belongs to the object at ffff888103777100 [ 27.613215] which belongs to the cache kmalloc-128 of size 128 [ 27.614002] The buggy address is located 120 bytes inside of [ 27.614002] freed 128-byte region [ffff888103777100, ffff888103777180) [ 27.614662] [ 27.614785] The buggy address belongs to the physical page: [ 27.615340] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103777 [ 27.616361] flags: 0x200000000000000(node=0|zone=2) [ 27.616913] page_type: f5(slab) [ 27.617225] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.617812] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.618782] page dumped because: kasan: bad access detected [ 27.619178] [ 27.619300] Memory state around the buggy address: [ 27.619546] ffff888103777000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.619900] ffff888103777080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.620175] >ffff888103777100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.620508] ^ [ 27.620863] ffff888103777180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.622312] ffff888103777200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.622912] ================================================================== [ 27.514523] ================================================================== [ 27.515117] BUG: KASAN: slab-use-after-free in ksize_uaf+0x19d/0x6c0 [ 27.515755] Read of size 1 at addr ffff888103777100 by task kunit_try_catch/225 [ 27.516819] [ 27.517237] CPU: 1 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 27.517330] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.517355] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.517400] Call Trace: [ 27.517431] <TASK> [ 27.517515] dump_stack_lvl+0x73/0xb0 [ 27.517622] print_report+0xd1/0x650 [ 27.517677] ? __virt_addr_valid+0x1db/0x2d0 [ 27.517707] ? ksize_uaf+0x19d/0x6c0 [ 27.517729] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.517757] ? ksize_uaf+0x19d/0x6c0 [ 27.517779] kasan_report+0x141/0x180 [ 27.517802] ? ksize_uaf+0x19d/0x6c0 [ 27.517825] ? ksize_uaf+0x19d/0x6c0 [ 27.517847] __kasan_check_byte+0x3d/0x50 [ 27.517869] ksize+0x20/0x60 [ 27.517892] ksize_uaf+0x19d/0x6c0 [ 27.517993] ? __pfx_ksize_uaf+0x10/0x10 [ 27.518018] ? __schedule+0x10cc/0x2b60 [ 27.518043] ? __pfx_read_tsc+0x10/0x10 [ 27.518066] ? ktime_get_ts64+0x86/0x230 [ 27.518094] kunit_try_run_case+0x1a5/0x480 [ 27.518144] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.518168] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.518192] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.518216] ? __kthread_parkme+0x82/0x180 [ 27.518240] ? preempt_count_sub+0x50/0x80 [ 27.518266] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.518290] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.518314] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.518337] kthread+0x337/0x6f0 [ 27.518359] ? trace_preempt_on+0x20/0xc0 [ 27.518385] ? __pfx_kthread+0x10/0x10 [ 27.518407] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.518429] ? calculate_sigpending+0x7b/0xa0 [ 27.518455] ? __pfx_kthread+0x10/0x10 [ 27.518478] ret_from_fork+0x116/0x1d0 [ 27.518499] ? __pfx_kthread+0x10/0x10 [ 27.518521] ret_from_fork_asm+0x1a/0x30 [ 27.518553] </TASK> [ 27.518567] [ 27.532692] Allocated by task 225: [ 27.533074] kasan_save_stack+0x45/0x70 [ 27.533546] kasan_save_track+0x18/0x40 [ 27.533940] kasan_save_alloc_info+0x3b/0x50 [ 27.534423] __kasan_kmalloc+0xb7/0xc0 [ 27.534718] __kmalloc_cache_noprof+0x189/0x420 [ 27.535322] ksize_uaf+0xaa/0x6c0 [ 27.535793] kunit_try_run_case+0x1a5/0x480 [ 27.536147] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.536751] kthread+0x337/0x6f0 [ 27.537134] ret_from_fork+0x116/0x1d0 [ 27.537416] ret_from_fork_asm+0x1a/0x30 [ 27.537707] [ 27.537839] Freed by task 225: [ 27.538536] kasan_save_stack+0x45/0x70 [ 27.538996] kasan_save_track+0x18/0x40 [ 27.539184] kasan_save_free_info+0x3f/0x60 [ 27.539469] __kasan_slab_free+0x56/0x70 [ 27.539821] kfree+0x222/0x3f0 [ 27.540255] ksize_uaf+0x12c/0x6c0 [ 27.540548] kunit_try_run_case+0x1a5/0x480 [ 27.540832] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.541619] kthread+0x337/0x6f0 [ 27.542009] ret_from_fork+0x116/0x1d0 [ 27.542198] ret_from_fork_asm+0x1a/0x30 [ 27.542469] [ 27.542649] The buggy address belongs to the object at ffff888103777100 [ 27.542649] which belongs to the cache kmalloc-128 of size 128 [ 27.543393] The buggy address is located 0 bytes inside of [ 27.543393] freed 128-byte region [ffff888103777100, ffff888103777180) [ 27.544990] [ 27.545217] The buggy address belongs to the physical page: [ 27.545574] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103777 [ 27.546041] flags: 0x200000000000000(node=0|zone=2) [ 27.546450] page_type: f5(slab) [ 27.546773] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.547157] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.547907] page dumped because: kasan: bad access detected [ 27.548273] [ 27.548450] Memory state around the buggy address: [ 27.548806] ffff888103777000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.549754] ffff888103777080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.550531] >ffff888103777100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.551002] ^ [ 27.551553] ffff888103777180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.552027] ffff888103777200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.552487] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 27.473820] ================================================================== [ 27.474260] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 27.474576] Read of size 1 at addr ffff88810377707f by task kunit_try_catch/223 [ 27.474842] [ 27.474991] CPU: 1 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 27.475098] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.475913] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.475966] Call Trace: [ 27.476013] <TASK> [ 27.476055] dump_stack_lvl+0x73/0xb0 [ 27.476150] print_report+0xd1/0x650 [ 27.476203] ? __virt_addr_valid+0x1db/0x2d0 [ 27.476256] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 27.476307] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.476360] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 27.476412] kasan_report+0x141/0x180 [ 27.476460] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 27.476519] __asan_report_load1_noabort+0x18/0x20 [ 27.476936] ksize_unpoisons_memory+0x7b6/0x9b0 [ 27.476990] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 27.477043] ? finish_task_switch.isra.0+0x153/0x700 [ 27.477086] ? __switch_to+0x47/0xf50 [ 27.477158] ? __schedule+0x10cc/0x2b60 [ 27.477208] ? __pfx_read_tsc+0x10/0x10 [ 27.477254] ? ktime_get_ts64+0x86/0x230 [ 27.477308] kunit_try_run_case+0x1a5/0x480 [ 27.477358] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.477401] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.477626] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.477695] ? __kthread_parkme+0x82/0x180 [ 27.477743] ? preempt_count_sub+0x50/0x80 [ 27.477810] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.477858] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.477908] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.477971] kthread+0x337/0x6f0 [ 27.478173] ? trace_preempt_on+0x20/0xc0 [ 27.478223] ? __pfx_kthread+0x10/0x10 [ 27.478274] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.478319] ? calculate_sigpending+0x7b/0xa0 [ 27.478387] ? __pfx_kthread+0x10/0x10 [ 27.478429] ret_from_fork+0x116/0x1d0 [ 27.478471] ? __pfx_kthread+0x10/0x10 [ 27.478513] ret_from_fork_asm+0x1a/0x30 [ 27.478580] </TASK> [ 27.478609] [ 27.491524] Allocated by task 223: [ 27.491869] kasan_save_stack+0x45/0x70 [ 27.492227] kasan_save_track+0x18/0x40 [ 27.492534] kasan_save_alloc_info+0x3b/0x50 [ 27.492735] __kasan_kmalloc+0xb7/0xc0 [ 27.492904] __kmalloc_cache_noprof+0x189/0x420 [ 27.493317] ksize_unpoisons_memory+0xc7/0x9b0 [ 27.493701] kunit_try_run_case+0x1a5/0x480 [ 27.494161] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.494430] kthread+0x337/0x6f0 [ 27.494728] ret_from_fork+0x116/0x1d0 [ 27.495116] ret_from_fork_asm+0x1a/0x30 [ 27.495285] [ 27.495392] The buggy address belongs to the object at ffff888103777000 [ 27.495392] which belongs to the cache kmalloc-128 of size 128 [ 27.495804] The buggy address is located 12 bytes to the right of [ 27.495804] allocated 115-byte region [ffff888103777000, ffff888103777073) [ 27.496707] [ 27.496876] The buggy address belongs to the physical page: [ 27.497305] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103777 [ 27.497607] flags: 0x200000000000000(node=0|zone=2) [ 27.497825] page_type: f5(slab) [ 27.497999] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.498712] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.499453] page dumped because: kasan: bad access detected [ 27.499908] [ 27.500088] Memory state around the buggy address: [ 27.500503] ffff888103776f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.500968] ffff888103776f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.501279] >ffff888103777000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 27.501523] ^ [ 27.501874] ffff888103777080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.502401] ffff888103777100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.502943] ================================================================== [ 27.447625] ================================================================== [ 27.448052] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 27.448390] Read of size 1 at addr ffff888103777078 by task kunit_try_catch/223 [ 27.448957] [ 27.449183] CPU: 1 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 27.449294] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.449323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.449371] Call Trace: [ 27.449412] <TASK> [ 27.449448] dump_stack_lvl+0x73/0xb0 [ 27.449503] print_report+0xd1/0x650 [ 27.449538] ? __virt_addr_valid+0x1db/0x2d0 [ 27.449600] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 27.449639] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.449685] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 27.449730] kasan_report+0x141/0x180 [ 27.449771] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 27.449839] __asan_report_load1_noabort+0x18/0x20 [ 27.449922] ksize_unpoisons_memory+0x7e9/0x9b0 [ 27.449967] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 27.450027] ? finish_task_switch.isra.0+0x153/0x700 [ 27.450071] ? __switch_to+0x47/0xf50 [ 27.450138] ? __schedule+0x10cc/0x2b60 [ 27.450190] ? __pfx_read_tsc+0x10/0x10 [ 27.450232] ? ktime_get_ts64+0x86/0x230 [ 27.450286] kunit_try_run_case+0x1a5/0x480 [ 27.450336] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.450392] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.450454] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.450509] ? __kthread_parkme+0x82/0x180 [ 27.450568] ? preempt_count_sub+0x50/0x80 [ 27.450619] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.450670] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.450721] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.450767] kthread+0x337/0x6f0 [ 27.450803] ? trace_preempt_on+0x20/0xc0 [ 27.450841] ? __pfx_kthread+0x10/0x10 [ 27.450881] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.450920] ? calculate_sigpending+0x7b/0xa0 [ 27.450964] ? __pfx_kthread+0x10/0x10 [ 27.451014] ret_from_fork+0x116/0x1d0 [ 27.451056] ? __pfx_kthread+0x10/0x10 [ 27.451124] ret_from_fork_asm+0x1a/0x30 [ 27.451188] </TASK> [ 27.451215] [ 27.460714] Allocated by task 223: [ 27.460921] kasan_save_stack+0x45/0x70 [ 27.461317] kasan_save_track+0x18/0x40 [ 27.461658] kasan_save_alloc_info+0x3b/0x50 [ 27.462048] __kasan_kmalloc+0xb7/0xc0 [ 27.462397] __kmalloc_cache_noprof+0x189/0x420 [ 27.462664] ksize_unpoisons_memory+0xc7/0x9b0 [ 27.463091] kunit_try_run_case+0x1a5/0x480 [ 27.463312] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.463528] kthread+0x337/0x6f0 [ 27.463690] ret_from_fork+0x116/0x1d0 [ 27.464014] ret_from_fork_asm+0x1a/0x30 [ 27.464382] [ 27.464591] The buggy address belongs to the object at ffff888103777000 [ 27.464591] which belongs to the cache kmalloc-128 of size 128 [ 27.465641] The buggy address is located 5 bytes to the right of [ 27.465641] allocated 115-byte region [ffff888103777000, ffff888103777073) [ 27.466064] [ 27.466236] The buggy address belongs to the physical page: [ 27.466643] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103777 [ 27.467419] flags: 0x200000000000000(node=0|zone=2) [ 27.467751] page_type: f5(slab) [ 27.467933] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.468360] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.469084] page dumped because: kasan: bad access detected [ 27.469456] [ 27.469632] Memory state around the buggy address: [ 27.469905] ffff888103776f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.470305] ffff888103776f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.470570] >ffff888103777000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 27.470820] ^ [ 27.471294] ffff888103777080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.471981] ffff888103777100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.472550] ================================================================== [ 27.415242] ================================================================== [ 27.416675] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 27.417214] Read of size 1 at addr ffff888103777073 by task kunit_try_catch/223 [ 27.418059] [ 27.418265] CPU: 1 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 27.418335] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.418350] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.418376] Call Trace: [ 27.418396] <TASK> [ 27.418423] dump_stack_lvl+0x73/0xb0 [ 27.418468] print_report+0xd1/0x650 [ 27.418494] ? __virt_addr_valid+0x1db/0x2d0 [ 27.418521] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 27.418544] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.418570] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 27.418594] kasan_report+0x141/0x180 [ 27.418617] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 27.418645] __asan_report_load1_noabort+0x18/0x20 [ 27.418669] ksize_unpoisons_memory+0x81c/0x9b0 [ 27.418694] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 27.418717] ? finish_task_switch.isra.0+0x153/0x700 [ 27.418742] ? __switch_to+0x47/0xf50 [ 27.418770] ? __schedule+0x10cc/0x2b60 [ 27.418794] ? __pfx_read_tsc+0x10/0x10 [ 27.418817] ? ktime_get_ts64+0x86/0x230 [ 27.418845] kunit_try_run_case+0x1a5/0x480 [ 27.418873] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.418896] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.419258] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.419316] ? __kthread_parkme+0x82/0x180 [ 27.419426] ? preempt_count_sub+0x50/0x80 [ 27.419479] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.419523] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.419551] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.419575] kthread+0x337/0x6f0 [ 27.419597] ? trace_preempt_on+0x20/0xc0 [ 27.419623] ? __pfx_kthread+0x10/0x10 [ 27.419645] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.419667] ? calculate_sigpending+0x7b/0xa0 [ 27.419693] ? __pfx_kthread+0x10/0x10 [ 27.419715] ret_from_fork+0x116/0x1d0 [ 27.419737] ? __pfx_kthread+0x10/0x10 [ 27.419758] ret_from_fork_asm+0x1a/0x30 [ 27.419790] </TASK> [ 27.419803] [ 27.433752] Allocated by task 223: [ 27.434205] kasan_save_stack+0x45/0x70 [ 27.434524] kasan_save_track+0x18/0x40 [ 27.434708] kasan_save_alloc_info+0x3b/0x50 [ 27.435118] __kasan_kmalloc+0xb7/0xc0 [ 27.435439] __kmalloc_cache_noprof+0x189/0x420 [ 27.435804] ksize_unpoisons_memory+0xc7/0x9b0 [ 27.436150] kunit_try_run_case+0x1a5/0x480 [ 27.436426] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.436825] kthread+0x337/0x6f0 [ 27.437150] ret_from_fork+0x116/0x1d0 [ 27.437333] ret_from_fork_asm+0x1a/0x30 [ 27.437516] [ 27.437623] The buggy address belongs to the object at ffff888103777000 [ 27.437623] which belongs to the cache kmalloc-128 of size 128 [ 27.438536] The buggy address is located 0 bytes to the right of [ 27.438536] allocated 115-byte region [ffff888103777000, ffff888103777073) [ 27.439334] [ 27.439453] The buggy address belongs to the physical page: [ 27.439867] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103777 [ 27.440557] flags: 0x200000000000000(node=0|zone=2) [ 27.440801] page_type: f5(slab) [ 27.441197] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.441522] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.442060] page dumped because: kasan: bad access detected [ 27.442499] [ 27.442598] Memory state around the buggy address: [ 27.442795] ffff888103776f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.443205] ffff888103776f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.443760] >ffff888103777000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 27.444469] ^ [ 27.444811] ffff888103777080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.445127] ffff888103777100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.445659] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-kfree_sensitive
[ 27.372744] ================================================================== [ 27.373429] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 27.373945] Free of addr ffff8881022a26c0 by task kunit_try_catch/221 [ 27.375673] [ 27.376216] CPU: 1 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 27.376346] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.376376] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.376416] Call Trace: [ 27.376459] <TASK> [ 27.376500] dump_stack_lvl+0x73/0xb0 [ 27.376590] print_report+0xd1/0x650 [ 27.376659] ? __virt_addr_valid+0x1db/0x2d0 [ 27.376707] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.376757] ? kfree_sensitive+0x2e/0x90 [ 27.376801] kasan_report_invalid_free+0x10a/0x130 [ 27.376852] ? kfree_sensitive+0x2e/0x90 [ 27.376895] ? kfree_sensitive+0x2e/0x90 [ 27.376976] check_slab_allocation+0x101/0x130 [ 27.377023] __kasan_slab_pre_free+0x28/0x40 [ 27.377068] kfree+0xf0/0x3f0 [ 27.377170] ? kfree_sensitive+0x2e/0x90 [ 27.377235] kfree_sensitive+0x2e/0x90 [ 27.377281] kmalloc_double_kzfree+0x19c/0x350 [ 27.377334] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 27.377387] ? __schedule+0x10cc/0x2b60 [ 27.377438] ? __pfx_read_tsc+0x10/0x10 [ 27.377485] ? ktime_get_ts64+0x86/0x230 [ 27.377542] kunit_try_run_case+0x1a5/0x480 [ 27.377591] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.377635] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.377714] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.377802] ? __kthread_parkme+0x82/0x180 [ 27.377848] ? preempt_count_sub+0x50/0x80 [ 27.377946] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.377991] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.378038] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.378083] kthread+0x337/0x6f0 [ 27.378137] ? trace_preempt_on+0x20/0xc0 [ 27.378174] ? __pfx_kthread+0x10/0x10 [ 27.378197] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.378220] ? calculate_sigpending+0x7b/0xa0 [ 27.378245] ? __pfx_kthread+0x10/0x10 [ 27.378268] ret_from_fork+0x116/0x1d0 [ 27.378289] ? __pfx_kthread+0x10/0x10 [ 27.378310] ret_from_fork_asm+0x1a/0x30 [ 27.378342] </TASK> [ 27.378355] [ 27.389019] Allocated by task 221: [ 27.389426] kasan_save_stack+0x45/0x70 [ 27.389797] kasan_save_track+0x18/0x40 [ 27.390198] kasan_save_alloc_info+0x3b/0x50 [ 27.390523] __kasan_kmalloc+0xb7/0xc0 [ 27.390851] __kmalloc_cache_noprof+0x189/0x420 [ 27.391245] kmalloc_double_kzfree+0xa9/0x350 [ 27.391596] kunit_try_run_case+0x1a5/0x480 [ 27.392040] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.392551] kthread+0x337/0x6f0 [ 27.392745] ret_from_fork+0x116/0x1d0 [ 27.393025] ret_from_fork_asm+0x1a/0x30 [ 27.393383] [ 27.393606] Freed by task 221: [ 27.393783] kasan_save_stack+0x45/0x70 [ 27.394029] kasan_save_track+0x18/0x40 [ 27.394249] kasan_save_free_info+0x3f/0x60 [ 27.394469] __kasan_slab_free+0x56/0x70 [ 27.394677] kfree+0x222/0x3f0 [ 27.394830] kfree_sensitive+0x67/0x90 [ 27.395060] kmalloc_double_kzfree+0x12b/0x350 [ 27.395455] kunit_try_run_case+0x1a5/0x480 [ 27.395831] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.396286] kthread+0x337/0x6f0 [ 27.396576] ret_from_fork+0x116/0x1d0 [ 27.396932] ret_from_fork_asm+0x1a/0x30 [ 27.397284] [ 27.397427] The buggy address belongs to the object at ffff8881022a26c0 [ 27.397427] which belongs to the cache kmalloc-16 of size 16 [ 27.398184] The buggy address is located 0 bytes inside of [ 27.398184] 16-byte region [ffff8881022a26c0, ffff8881022a26d0) [ 27.398697] [ 27.398959] The buggy address belongs to the physical page: [ 27.399441] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022a2 [ 27.400160] flags: 0x200000000000000(node=0|zone=2) [ 27.400551] page_type: f5(slab) [ 27.400841] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 27.401423] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.401732] page dumped because: kasan: bad access detected [ 27.402050] [ 27.402231] Memory state around the buggy address: [ 27.402627] ffff8881022a2580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.403243] ffff8881022a2600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.403636] >ffff8881022a2680: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 27.404248] ^ [ 27.404678] ffff8881022a2700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.405115] ffff8881022a2780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.405668] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 27.339526] ================================================================== [ 27.340618] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350 [ 27.342010] Read of size 1 at addr ffff8881022a26c0 by task kunit_try_catch/221 [ 27.342488] [ 27.342661] CPU: 1 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 27.342748] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.342763] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.342790] Call Trace: [ 27.342810] <TASK> [ 27.342837] dump_stack_lvl+0x73/0xb0 [ 27.342909] print_report+0xd1/0x650 [ 27.342948] ? __virt_addr_valid+0x1db/0x2d0 [ 27.342976] ? kmalloc_double_kzfree+0x19c/0x350 [ 27.343001] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.343029] ? kmalloc_double_kzfree+0x19c/0x350 [ 27.343053] kasan_report+0x141/0x180 [ 27.343076] ? kmalloc_double_kzfree+0x19c/0x350 [ 27.343123] ? kmalloc_double_kzfree+0x19c/0x350 [ 27.343150] __kasan_check_byte+0x3d/0x50 [ 27.343173] kfree_sensitive+0x22/0x90 [ 27.343198] kmalloc_double_kzfree+0x19c/0x350 [ 27.343222] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 27.343246] ? __schedule+0x10cc/0x2b60 [ 27.343271] ? __pfx_read_tsc+0x10/0x10 [ 27.343295] ? ktime_get_ts64+0x86/0x230 [ 27.343323] kunit_try_run_case+0x1a5/0x480 [ 27.343351] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.343374] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.343398] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.343422] ? __kthread_parkme+0x82/0x180 [ 27.343445] ? preempt_count_sub+0x50/0x80 [ 27.343471] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.343495] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.343519] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.343543] kthread+0x337/0x6f0 [ 27.343564] ? trace_preempt_on+0x20/0xc0 [ 27.343589] ? __pfx_kthread+0x10/0x10 [ 27.343611] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.343633] ? calculate_sigpending+0x7b/0xa0 [ 27.343659] ? __pfx_kthread+0x10/0x10 [ 27.343681] ret_from_fork+0x116/0x1d0 [ 27.343702] ? __pfx_kthread+0x10/0x10 [ 27.343723] ret_from_fork_asm+0x1a/0x30 [ 27.343756] </TASK> [ 27.343769] [ 27.355092] Allocated by task 221: [ 27.355514] kasan_save_stack+0x45/0x70 [ 27.355943] kasan_save_track+0x18/0x40 [ 27.356253] kasan_save_alloc_info+0x3b/0x50 [ 27.356448] __kasan_kmalloc+0xb7/0xc0 [ 27.356621] __kmalloc_cache_noprof+0x189/0x420 [ 27.356822] kmalloc_double_kzfree+0xa9/0x350 [ 27.357183] kunit_try_run_case+0x1a5/0x480 [ 27.357552] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.358020] kthread+0x337/0x6f0 [ 27.358327] ret_from_fork+0x116/0x1d0 [ 27.358656] ret_from_fork_asm+0x1a/0x30 [ 27.358967] [ 27.359060] Freed by task 221: [ 27.359356] kasan_save_stack+0x45/0x70 [ 27.359650] kasan_save_track+0x18/0x40 [ 27.359827] kasan_save_free_info+0x3f/0x60 [ 27.360151] __kasan_slab_free+0x56/0x70 [ 27.360501] kfree+0x222/0x3f0 [ 27.360779] kfree_sensitive+0x67/0x90 [ 27.361167] kmalloc_double_kzfree+0x12b/0x350 [ 27.361462] kunit_try_run_case+0x1a5/0x480 [ 27.361819] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.362093] kthread+0x337/0x6f0 [ 27.362398] ret_from_fork+0x116/0x1d0 [ 27.362743] ret_from_fork_asm+0x1a/0x30 [ 27.363029] [ 27.363210] The buggy address belongs to the object at ffff8881022a26c0 [ 27.363210] which belongs to the cache kmalloc-16 of size 16 [ 27.363873] The buggy address is located 0 bytes inside of [ 27.363873] freed 16-byte region [ffff8881022a26c0, ffff8881022a26d0) [ 27.364558] [ 27.364678] The buggy address belongs to the physical page: [ 27.364893] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022a2 [ 27.365406] flags: 0x200000000000000(node=0|zone=2) [ 27.365822] page_type: f5(slab) [ 27.366179] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 27.366752] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.367378] page dumped because: kasan: bad access detected [ 27.367695] [ 27.367799] Memory state around the buggy address: [ 27.368034] ffff8881022a2580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.368578] ffff8881022a2600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.369146] >ffff8881022a2680: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 27.369648] ^ [ 27.369969] ffff8881022a2700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.370411] ffff8881022a2780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.370967] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 27.294117] ================================================================== [ 27.294700] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x4a8/0x520 [ 27.295535] Read of size 1 at addr ffff888103257a28 by task kunit_try_catch/217 [ 27.296292] [ 27.296799] CPU: 0 UID: 0 PID: 217 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 27.296887] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.296903] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.296931] Call Trace: [ 27.296951] <TASK> [ 27.296975] dump_stack_lvl+0x73/0xb0 [ 27.297023] print_report+0xd1/0x650 [ 27.297050] ? __virt_addr_valid+0x1db/0x2d0 [ 27.297076] ? kmalloc_uaf2+0x4a8/0x520 [ 27.297097] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.297279] ? kmalloc_uaf2+0x4a8/0x520 [ 27.297303] kasan_report+0x141/0x180 [ 27.297328] ? kmalloc_uaf2+0x4a8/0x520 [ 27.297354] __asan_report_load1_noabort+0x18/0x20 [ 27.297381] kmalloc_uaf2+0x4a8/0x520 [ 27.297403] ? __pfx_kmalloc_uaf2+0x10/0x10 [ 27.297425] ? finish_task_switch.isra.0+0x153/0x700 [ 27.297451] ? __switch_to+0x47/0xf50 [ 27.297480] ? __schedule+0x10cc/0x2b60 [ 27.297505] ? __pfx_read_tsc+0x10/0x10 [ 27.297529] ? ktime_get_ts64+0x86/0x230 [ 27.297557] kunit_try_run_case+0x1a5/0x480 [ 27.297586] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.297610] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.297636] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.297661] ? __kthread_parkme+0x82/0x180 [ 27.297684] ? preempt_count_sub+0x50/0x80 [ 27.297708] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.297734] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.297759] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.297783] kthread+0x337/0x6f0 [ 27.297804] ? trace_preempt_on+0x20/0xc0 [ 27.297830] ? __pfx_kthread+0x10/0x10 [ 27.297852] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.297875] ? calculate_sigpending+0x7b/0xa0 [ 27.297902] ? __pfx_kthread+0x10/0x10 [ 27.297925] ret_from_fork+0x116/0x1d0 [ 27.297946] ? __pfx_kthread+0x10/0x10 [ 27.298147] ret_from_fork_asm+0x1a/0x30 [ 27.298182] </TASK> [ 27.298196] [ 27.310625] Allocated by task 217: [ 27.311182] kasan_save_stack+0x45/0x70 [ 27.311559] kasan_save_track+0x18/0x40 [ 27.311827] kasan_save_alloc_info+0x3b/0x50 [ 27.312616] __kasan_kmalloc+0xb7/0xc0 [ 27.312804] __kmalloc_cache_noprof+0x189/0x420 [ 27.313207] kmalloc_uaf2+0xc6/0x520 [ 27.313374] kunit_try_run_case+0x1a5/0x480 [ 27.314249] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.314678] kthread+0x337/0x6f0 [ 27.314916] ret_from_fork+0x116/0x1d0 [ 27.315278] ret_from_fork_asm+0x1a/0x30 [ 27.315491] [ 27.315594] Freed by task 217: [ 27.315730] kasan_save_stack+0x45/0x70 [ 27.315921] kasan_save_track+0x18/0x40 [ 27.316261] kasan_save_free_info+0x3f/0x60 [ 27.316611] __kasan_slab_free+0x56/0x70 [ 27.316852] kfree+0x222/0x3f0 [ 27.317010] kmalloc_uaf2+0x14c/0x520 [ 27.317526] kunit_try_run_case+0x1a5/0x480 [ 27.317936] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.318530] kthread+0x337/0x6f0 [ 27.318845] ret_from_fork+0x116/0x1d0 [ 27.319354] ret_from_fork_asm+0x1a/0x30 [ 27.319692] [ 27.319796] The buggy address belongs to the object at ffff888103257a00 [ 27.319796] which belongs to the cache kmalloc-64 of size 64 [ 27.320950] The buggy address is located 40 bytes inside of [ 27.320950] freed 64-byte region [ffff888103257a00, ffff888103257a40) [ 27.321867] [ 27.321997] The buggy address belongs to the physical page: [ 27.322421] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103257 [ 27.322854] flags: 0x200000000000000(node=0|zone=2) [ 27.323139] page_type: f5(slab) [ 27.323314] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.323848] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.324257] page dumped because: kasan: bad access detected [ 27.324656] [ 27.324792] Memory state around the buggy address: [ 27.325483] ffff888103257900: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.325800] ffff888103257980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.326335] >ffff888103257a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.326631] ^ [ 27.327120] ffff888103257a80: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 27.327419] ffff888103257b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.327944] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 27.253707] ================================================================== [ 27.254241] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x1a3/0x360 [ 27.254603] Write of size 33 at addr ffff888103774080 by task kunit_try_catch/215 [ 27.255409] [ 27.255588] CPU: 1 UID: 0 PID: 215 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 27.255697] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.255725] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.255768] Call Trace: [ 27.255797] <TASK> [ 27.256161] dump_stack_lvl+0x73/0xb0 [ 27.256271] print_report+0xd1/0x650 [ 27.256327] ? __virt_addr_valid+0x1db/0x2d0 [ 27.256381] ? kmalloc_uaf_memset+0x1a3/0x360 [ 27.256430] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.256483] ? kmalloc_uaf_memset+0x1a3/0x360 [ 27.256527] kasan_report+0x141/0x180 [ 27.256575] ? kmalloc_uaf_memset+0x1a3/0x360 [ 27.256632] kasan_check_range+0x10c/0x1c0 [ 27.256674] __asan_memset+0x27/0x50 [ 27.256713] kmalloc_uaf_memset+0x1a3/0x360 [ 27.256737] ? __pfx_kmalloc_uaf_memset+0x10/0x10 [ 27.256760] ? __schedule+0x10cc/0x2b60 [ 27.256785] ? __pfx_read_tsc+0x10/0x10 [ 27.256808] ? ktime_get_ts64+0x86/0x230 [ 27.256835] kunit_try_run_case+0x1a5/0x480 [ 27.256862] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.256884] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.256933] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.256968] ? __kthread_parkme+0x82/0x180 [ 27.256991] ? preempt_count_sub+0x50/0x80 [ 27.257018] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.257042] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.257067] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.257091] kthread+0x337/0x6f0 [ 27.257133] ? trace_preempt_on+0x20/0xc0 [ 27.257159] ? __pfx_kthread+0x10/0x10 [ 27.257181] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.257204] ? calculate_sigpending+0x7b/0xa0 [ 27.257230] ? __pfx_kthread+0x10/0x10 [ 27.257253] ret_from_fork+0x116/0x1d0 [ 27.257274] ? __pfx_kthread+0x10/0x10 [ 27.257295] ret_from_fork_asm+0x1a/0x30 [ 27.257329] </TASK> [ 27.257342] [ 27.267170] Allocated by task 215: [ 27.267517] kasan_save_stack+0x45/0x70 [ 27.267827] kasan_save_track+0x18/0x40 [ 27.268245] kasan_save_alloc_info+0x3b/0x50 [ 27.268512] __kasan_kmalloc+0xb7/0xc0 [ 27.268694] __kmalloc_cache_noprof+0x189/0x420 [ 27.268878] kmalloc_uaf_memset+0xa9/0x360 [ 27.269223] kunit_try_run_case+0x1a5/0x480 [ 27.269662] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.270266] kthread+0x337/0x6f0 [ 27.270554] ret_from_fork+0x116/0x1d0 [ 27.270727] ret_from_fork_asm+0x1a/0x30 [ 27.271036] [ 27.271264] Freed by task 215: [ 27.271521] kasan_save_stack+0x45/0x70 [ 27.271706] kasan_save_track+0x18/0x40 [ 27.271880] kasan_save_free_info+0x3f/0x60 [ 27.272231] __kasan_slab_free+0x56/0x70 [ 27.272626] kfree+0x222/0x3f0 [ 27.273037] kmalloc_uaf_memset+0x12b/0x360 [ 27.273416] kunit_try_run_case+0x1a5/0x480 [ 27.273768] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.273965] kthread+0x337/0x6f0 [ 27.274141] ret_from_fork+0x116/0x1d0 [ 27.274298] ret_from_fork_asm+0x1a/0x30 [ 27.274477] [ 27.274585] The buggy address belongs to the object at ffff888103774080 [ 27.274585] which belongs to the cache kmalloc-64 of size 64 [ 27.275365] The buggy address is located 0 bytes inside of [ 27.275365] freed 64-byte region [ffff888103774080, ffff8881037740c0) [ 27.276518] [ 27.276697] The buggy address belongs to the physical page: [ 27.277196] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103774 [ 27.277865] flags: 0x200000000000000(node=0|zone=2) [ 27.278188] page_type: f5(slab) [ 27.278368] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.278645] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.278911] page dumped because: kasan: bad access detected [ 27.279160] [ 27.279272] Memory state around the buggy address: [ 27.279500] ffff888103773f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.279965] ffff888103774000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.280534] >ffff888103774080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.281114] ^ [ 27.281404] ffff888103774100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.282141] ffff888103774180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.282680] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 27.201853] ================================================================== [ 27.202670] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x320/0x380 [ 27.203282] Read of size 1 at addr ffff8881022a26a8 by task kunit_try_catch/213 [ 27.203718] [ 27.203904] CPU: 1 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 27.204010] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.204034] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.204064] Call Trace: [ 27.204087] <TASK> [ 27.204959] dump_stack_lvl+0x73/0xb0 [ 27.205212] print_report+0xd1/0x650 [ 27.205258] ? __virt_addr_valid+0x1db/0x2d0 [ 27.205297] ? kmalloc_uaf+0x320/0x380 [ 27.205363] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.205396] ? kmalloc_uaf+0x320/0x380 [ 27.205418] kasan_report+0x141/0x180 [ 27.205442] ? kmalloc_uaf+0x320/0x380 [ 27.205467] __asan_report_load1_noabort+0x18/0x20 [ 27.205492] kmalloc_uaf+0x320/0x380 [ 27.205513] ? __pfx_kmalloc_uaf+0x10/0x10 [ 27.205535] ? __schedule+0x10cc/0x2b60 [ 27.205559] ? __pfx_read_tsc+0x10/0x10 [ 27.205581] ? ktime_get_ts64+0x86/0x230 [ 27.205608] kunit_try_run_case+0x1a5/0x480 [ 27.205635] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.205657] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.205681] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.205705] ? __kthread_parkme+0x82/0x180 [ 27.205727] ? preempt_count_sub+0x50/0x80 [ 27.205752] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.205776] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.205799] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.205823] kthread+0x337/0x6f0 [ 27.205843] ? trace_preempt_on+0x20/0xc0 [ 27.205867] ? __pfx_kthread+0x10/0x10 [ 27.205889] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.205918] ? calculate_sigpending+0x7b/0xa0 [ 27.206057] ? __pfx_kthread+0x10/0x10 [ 27.206080] ret_from_fork+0x116/0x1d0 [ 27.206114] ? __pfx_kthread+0x10/0x10 [ 27.206139] ret_from_fork_asm+0x1a/0x30 [ 27.206172] </TASK> [ 27.206186] [ 27.221799] Allocated by task 213: [ 27.222582] kasan_save_stack+0x45/0x70 [ 27.222888] kasan_save_track+0x18/0x40 [ 27.223464] kasan_save_alloc_info+0x3b/0x50 [ 27.224124] __kasan_kmalloc+0xb7/0xc0 [ 27.224324] __kmalloc_cache_noprof+0x189/0x420 [ 27.224728] kmalloc_uaf+0xaa/0x380 [ 27.224983] kunit_try_run_case+0x1a5/0x480 [ 27.225362] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.226304] kthread+0x337/0x6f0 [ 27.226649] ret_from_fork+0x116/0x1d0 [ 27.227542] ret_from_fork_asm+0x1a/0x30 [ 27.228234] [ 27.228459] Freed by task 213: [ 27.228745] kasan_save_stack+0x45/0x70 [ 27.229290] kasan_save_track+0x18/0x40 [ 27.229856] kasan_save_free_info+0x3f/0x60 [ 27.230381] __kasan_slab_free+0x56/0x70 [ 27.230899] kfree+0x222/0x3f0 [ 27.231477] kmalloc_uaf+0x12c/0x380 [ 27.231692] kunit_try_run_case+0x1a5/0x480 [ 27.232413] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.233238] kthread+0x337/0x6f0 [ 27.233868] ret_from_fork+0x116/0x1d0 [ 27.234058] ret_from_fork_asm+0x1a/0x30 [ 27.234465] [ 27.234643] The buggy address belongs to the object at ffff8881022a26a0 [ 27.234643] which belongs to the cache kmalloc-16 of size 16 [ 27.235830] The buggy address is located 8 bytes inside of [ 27.235830] freed 16-byte region [ffff8881022a26a0, ffff8881022a26b0) [ 27.236940] [ 27.237407] The buggy address belongs to the physical page: [ 27.237816] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022a2 [ 27.238666] flags: 0x200000000000000(node=0|zone=2) [ 27.239288] page_type: f5(slab) [ 27.239476] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 27.239977] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.240404] page dumped because: kasan: bad access detected [ 27.240751] [ 27.240883] Memory state around the buggy address: [ 27.241813] ffff8881022a2580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.242136] ffff8881022a2600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.242961] >ffff8881022a2680: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 27.243609] ^ [ 27.244275] ffff8881022a2700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.244930] ffff8881022a2780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.245735] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 27.157171] ================================================================== [ 27.158144] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 27.159344] Read of size 64 at addr ffff888103257804 by task kunit_try_catch/211 [ 27.159813] [ 27.160616] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 27.160697] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.160712] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.160739] Call Trace: [ 27.160758] <TASK> [ 27.160783] dump_stack_lvl+0x73/0xb0 [ 27.160835] print_report+0xd1/0x650 [ 27.160862] ? __virt_addr_valid+0x1db/0x2d0 [ 27.160890] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 27.160925] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.161056] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 27.161084] kasan_report+0x141/0x180 [ 27.161129] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 27.161161] kasan_check_range+0x10c/0x1c0 [ 27.161186] __asan_memmove+0x27/0x70 [ 27.161212] kmalloc_memmove_invalid_size+0x16f/0x330 [ 27.161238] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 27.161265] ? __schedule+0x10cc/0x2b60 [ 27.161291] ? __pfx_read_tsc+0x10/0x10 [ 27.161315] ? ktime_get_ts64+0x86/0x230 [ 27.161344] kunit_try_run_case+0x1a5/0x480 [ 27.161373] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.161397] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.161422] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.161447] ? __kthread_parkme+0x82/0x180 [ 27.161472] ? preempt_count_sub+0x50/0x80 [ 27.161498] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.161523] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.161548] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.161572] kthread+0x337/0x6f0 [ 27.161593] ? trace_preempt_on+0x20/0xc0 [ 27.161620] ? __pfx_kthread+0x10/0x10 [ 27.161643] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.161665] ? calculate_sigpending+0x7b/0xa0 [ 27.161692] ? __pfx_kthread+0x10/0x10 [ 27.161716] ret_from_fork+0x116/0x1d0 [ 27.161737] ? __pfx_kthread+0x10/0x10 [ 27.161759] ret_from_fork_asm+0x1a/0x30 [ 27.161793] </TASK> [ 27.161806] [ 27.177581] Allocated by task 211: [ 27.178453] kasan_save_stack+0x45/0x70 [ 27.178851] kasan_save_track+0x18/0x40 [ 27.179468] kasan_save_alloc_info+0x3b/0x50 [ 27.179624] __kasan_kmalloc+0xb7/0xc0 [ 27.179719] __kmalloc_cache_noprof+0x189/0x420 [ 27.179833] kmalloc_memmove_invalid_size+0xac/0x330 [ 27.180533] kunit_try_run_case+0x1a5/0x480 [ 27.180868] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.182021] kthread+0x337/0x6f0 [ 27.182262] ret_from_fork+0x116/0x1d0 [ 27.182403] ret_from_fork_asm+0x1a/0x30 [ 27.182546] [ 27.182624] The buggy address belongs to the object at ffff888103257800 [ 27.182624] which belongs to the cache kmalloc-64 of size 64 [ 27.183861] The buggy address is located 4 bytes inside of [ 27.183861] allocated 64-byte region [ffff888103257800, ffff888103257840) [ 27.185439] [ 27.185533] The buggy address belongs to the physical page: [ 27.185660] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103257 [ 27.185834] flags: 0x200000000000000(node=0|zone=2) [ 27.186321] page_type: f5(slab) [ 27.186587] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.188504] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.189031] page dumped because: kasan: bad access detected [ 27.189454] [ 27.189587] Memory state around the buggy address: [ 27.189911] ffff888103257700: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.190343] ffff888103257780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.190753] >ffff888103257800: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 27.191028] ^ [ 27.191770] ffff888103257880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.192461] ffff888103257900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.192865] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 27.115685] ================================================================== [ 27.116286] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 27.116986] Read of size 18446744073709551614 at addr ffff8881024d4e84 by task kunit_try_catch/209 [ 27.117531] [ 27.117744] CPU: 1 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 27.117852] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.117876] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.117931] Call Trace: [ 27.117961] <TASK> [ 27.117998] dump_stack_lvl+0x73/0xb0 [ 27.118071] print_report+0xd1/0x650 [ 27.118134] ? __virt_addr_valid+0x1db/0x2d0 [ 27.118184] ? kmalloc_memmove_negative_size+0x171/0x330 [ 27.118225] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.118272] ? kmalloc_memmove_negative_size+0x171/0x330 [ 27.118402] kasan_report+0x141/0x180 [ 27.118449] ? kmalloc_memmove_negative_size+0x171/0x330 [ 27.118515] kasan_check_range+0x10c/0x1c0 [ 27.118561] __asan_memmove+0x27/0x70 [ 27.118608] kmalloc_memmove_negative_size+0x171/0x330 [ 27.118684] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 27.118749] ? __schedule+0x10cc/0x2b60 [ 27.118801] ? __pfx_read_tsc+0x10/0x10 [ 27.118846] ? ktime_get_ts64+0x86/0x230 [ 27.118899] kunit_try_run_case+0x1a5/0x480 [ 27.118950] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.119034] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.119077] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.119138] ? __kthread_parkme+0x82/0x180 [ 27.119179] ? preempt_count_sub+0x50/0x80 [ 27.119221] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.119267] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.119313] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.119385] kthread+0x337/0x6f0 [ 27.119427] ? trace_preempt_on+0x20/0xc0 [ 27.119473] ? __pfx_kthread+0x10/0x10 [ 27.119526] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.119565] ? calculate_sigpending+0x7b/0xa0 [ 27.119606] ? __pfx_kthread+0x10/0x10 [ 27.119635] ret_from_fork+0x116/0x1d0 [ 27.119658] ? __pfx_kthread+0x10/0x10 [ 27.119680] ret_from_fork_asm+0x1a/0x30 [ 27.119712] </TASK> [ 27.119726] [ 27.131911] Allocated by task 209: [ 27.132043] kasan_save_stack+0x45/0x70 [ 27.132840] kasan_save_track+0x18/0x40 [ 27.133577] kasan_save_alloc_info+0x3b/0x50 [ 27.134308] __kasan_kmalloc+0xb7/0xc0 [ 27.134680] __kmalloc_cache_noprof+0x189/0x420 [ 27.135350] kmalloc_memmove_negative_size+0xac/0x330 [ 27.135925] kunit_try_run_case+0x1a5/0x480 [ 27.136577] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.137305] kthread+0x337/0x6f0 [ 27.137524] ret_from_fork+0x116/0x1d0 [ 27.137873] ret_from_fork_asm+0x1a/0x30 [ 27.138461] [ 27.138914] The buggy address belongs to the object at ffff8881024d4e80 [ 27.138914] which belongs to the cache kmalloc-64 of size 64 [ 27.139713] The buggy address is located 4 bytes inside of [ 27.139713] 64-byte region [ffff8881024d4e80, ffff8881024d4ec0) [ 27.140542] [ 27.140747] The buggy address belongs to the physical page: [ 27.141700] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024d4 [ 27.142410] flags: 0x200000000000000(node=0|zone=2) [ 27.142773] page_type: f5(slab) [ 27.143542] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.143835] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.144758] page dumped because: kasan: bad access detected [ 27.145449] [ 27.145996] Memory state around the buggy address: [ 27.146540] ffff8881024d4d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.147148] ffff8881024d4e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.147511] >ffff8881024d4e80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 27.148279] ^ [ 27.148453] ffff8881024d4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.149257] ffff8881024d4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.150203] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 27.078731] ================================================================== [ 27.079220] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 27.079706] Write of size 16 at addr ffff888103259169 by task kunit_try_catch/207 [ 27.080316] [ 27.080741] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 27.080860] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.080887] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.080935] Call Trace: [ 27.080968] <TASK> [ 27.081011] dump_stack_lvl+0x73/0xb0 [ 27.081094] print_report+0xd1/0x650 [ 27.081155] ? __virt_addr_valid+0x1db/0x2d0 [ 27.081206] ? kmalloc_oob_memset_16+0x166/0x330 [ 27.081290] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.081388] ? kmalloc_oob_memset_16+0x166/0x330 [ 27.081574] kasan_report+0x141/0x180 [ 27.081618] ? kmalloc_oob_memset_16+0x166/0x330 [ 27.081670] kasan_check_range+0x10c/0x1c0 [ 27.081719] __asan_memset+0x27/0x50 [ 27.081805] kmalloc_oob_memset_16+0x166/0x330 [ 27.081871] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 27.081919] ? __schedule+0x10cc/0x2b60 [ 27.081963] ? __pfx_read_tsc+0x10/0x10 [ 27.082124] ? ktime_get_ts64+0x86/0x230 [ 27.082217] kunit_try_run_case+0x1a5/0x480 [ 27.082292] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.082339] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.082384] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.082421] ? __kthread_parkme+0x82/0x180 [ 27.082446] ? preempt_count_sub+0x50/0x80 [ 27.082472] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.082497] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.082522] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.082547] kthread+0x337/0x6f0 [ 27.082568] ? trace_preempt_on+0x20/0xc0 [ 27.082594] ? __pfx_kthread+0x10/0x10 [ 27.082616] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.082639] ? calculate_sigpending+0x7b/0xa0 [ 27.082666] ? __pfx_kthread+0x10/0x10 [ 27.082689] ret_from_fork+0x116/0x1d0 [ 27.082710] ? __pfx_kthread+0x10/0x10 [ 27.082732] ret_from_fork_asm+0x1a/0x30 [ 27.082765] </TASK> [ 27.082779] [ 27.094118] Allocated by task 207: [ 27.094674] kasan_save_stack+0x45/0x70 [ 27.095184] kasan_save_track+0x18/0x40 [ 27.095539] kasan_save_alloc_info+0x3b/0x50 [ 27.095889] __kasan_kmalloc+0xb7/0xc0 [ 27.096434] __kmalloc_cache_noprof+0x189/0x420 [ 27.096884] kmalloc_oob_memset_16+0xac/0x330 [ 27.097153] kunit_try_run_case+0x1a5/0x480 [ 27.097374] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.097776] kthread+0x337/0x6f0 [ 27.098116] ret_from_fork+0x116/0x1d0 [ 27.098666] ret_from_fork_asm+0x1a/0x30 [ 27.099052] [ 27.099248] The buggy address belongs to the object at ffff888103259100 [ 27.099248] which belongs to the cache kmalloc-128 of size 128 [ 27.099977] The buggy address is located 105 bytes inside of [ 27.099977] allocated 120-byte region [ffff888103259100, ffff888103259178) [ 27.100417] [ 27.100527] The buggy address belongs to the physical page: [ 27.100734] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103259 [ 27.101023] flags: 0x200000000000000(node=0|zone=2) [ 27.101617] page_type: f5(slab) [ 27.101930] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.102711] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.103520] page dumped because: kasan: bad access detected [ 27.103946] [ 27.104268] Memory state around the buggy address: [ 27.104860] ffff888103259000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.105456] ffff888103259080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.105767] >ffff888103259100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.106210] ^ [ 27.107052] ffff888103259180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.107528] ffff888103259200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.107790] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 27.036703] ================================================================== [ 27.037747] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 27.038316] Write of size 8 at addr ffff888102b36f71 by task kunit_try_catch/205 [ 27.038917] [ 27.039097] CPU: 1 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 27.039242] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.039271] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.039317] Call Trace: [ 27.039350] <TASK> [ 27.039520] dump_stack_lvl+0x73/0xb0 [ 27.039601] print_report+0xd1/0x650 [ 27.039653] ? __virt_addr_valid+0x1db/0x2d0 [ 27.039708] ? kmalloc_oob_memset_8+0x166/0x330 [ 27.039753] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.039804] ? kmalloc_oob_memset_8+0x166/0x330 [ 27.039871] kasan_report+0x141/0x180 [ 27.039917] ? kmalloc_oob_memset_8+0x166/0x330 [ 27.040069] kasan_check_range+0x10c/0x1c0 [ 27.040126] __asan_memset+0x27/0x50 [ 27.040155] kmalloc_oob_memset_8+0x166/0x330 [ 27.040178] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 27.040202] ? __schedule+0x10cc/0x2b60 [ 27.040228] ? __pfx_read_tsc+0x10/0x10 [ 27.040251] ? ktime_get_ts64+0x86/0x230 [ 27.040279] kunit_try_run_case+0x1a5/0x480 [ 27.040306] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.040329] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.040352] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.040376] ? __kthread_parkme+0x82/0x180 [ 27.040399] ? preempt_count_sub+0x50/0x80 [ 27.040425] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.040449] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.040473] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.040497] kthread+0x337/0x6f0 [ 27.040517] ? trace_preempt_on+0x20/0xc0 [ 27.040543] ? __pfx_kthread+0x10/0x10 [ 27.040564] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.040586] ? calculate_sigpending+0x7b/0xa0 [ 27.040611] ? __pfx_kthread+0x10/0x10 [ 27.040633] ret_from_fork+0x116/0x1d0 [ 27.040654] ? __pfx_kthread+0x10/0x10 [ 27.040675] ret_from_fork_asm+0x1a/0x30 [ 27.040707] </TASK> [ 27.040720] [ 27.052865] Allocated by task 205: [ 27.054157] kasan_save_stack+0x45/0x70 [ 27.054562] kasan_save_track+0x18/0x40 [ 27.055402] kasan_save_alloc_info+0x3b/0x50 [ 27.055714] __kasan_kmalloc+0xb7/0xc0 [ 27.056214] __kmalloc_cache_noprof+0x189/0x420 [ 27.056721] kmalloc_oob_memset_8+0xac/0x330 [ 27.057357] kunit_try_run_case+0x1a5/0x480 [ 27.057683] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.058703] kthread+0x337/0x6f0 [ 27.058970] ret_from_fork+0x116/0x1d0 [ 27.059481] ret_from_fork_asm+0x1a/0x30 [ 27.060197] [ 27.060328] The buggy address belongs to the object at ffff888102b36f00 [ 27.060328] which belongs to the cache kmalloc-128 of size 128 [ 27.061481] The buggy address is located 113 bytes inside of [ 27.061481] allocated 120-byte region [ffff888102b36f00, ffff888102b36f78) [ 27.062211] [ 27.062409] The buggy address belongs to the physical page: [ 27.062892] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b36 [ 27.063576] flags: 0x200000000000000(node=0|zone=2) [ 27.064143] page_type: f5(slab) [ 27.064838] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.065259] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.066085] page dumped because: kasan: bad access detected [ 27.066330] [ 27.066852] Memory state around the buggy address: [ 27.067067] ffff888102b36e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.067788] ffff888102b36e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.068724] >ffff888102b36f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.069620] ^ [ 27.070727] ffff888102b36f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.071269] ffff888102b37000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.071741] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 27.001644] ================================================================== [ 27.002240] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 27.002909] Write of size 4 at addr ffff888103259075 by task kunit_try_catch/203 [ 27.003368] [ 27.003582] CPU: 0 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 27.003712] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.003740] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.003790] Call Trace: [ 27.003823] <TASK> [ 27.003864] dump_stack_lvl+0x73/0xb0 [ 27.003937] print_report+0xd1/0x650 [ 27.003989] ? __virt_addr_valid+0x1db/0x2d0 [ 27.004055] ? kmalloc_oob_memset_4+0x166/0x330 [ 27.004121] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.004174] ? kmalloc_oob_memset_4+0x166/0x330 [ 27.004243] kasan_report+0x141/0x180 [ 27.004290] ? kmalloc_oob_memset_4+0x166/0x330 [ 27.004341] kasan_check_range+0x10c/0x1c0 [ 27.004390] __asan_memset+0x27/0x50 [ 27.004433] kmalloc_oob_memset_4+0x166/0x330 [ 27.004475] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 27.004521] ? __schedule+0x207f/0x2b60 [ 27.004566] ? __pfx_read_tsc+0x10/0x10 [ 27.004611] ? ktime_get_ts64+0x86/0x230 [ 27.004662] kunit_try_run_case+0x1a5/0x480 [ 27.004709] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.004780] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.004826] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.004875] ? __kthread_parkme+0x82/0x180 [ 27.004918] ? preempt_count_sub+0x50/0x80 [ 27.004968] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.005019] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.005061] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.005086] kthread+0x337/0x6f0 [ 27.005132] ? trace_preempt_on+0x20/0xc0 [ 27.005160] ? __pfx_kthread+0x10/0x10 [ 27.005182] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.005205] ? calculate_sigpending+0x7b/0xa0 [ 27.005233] ? __pfx_kthread+0x10/0x10 [ 27.005257] ret_from_fork+0x116/0x1d0 [ 27.005279] ? __pfx_kthread+0x10/0x10 [ 27.005301] ret_from_fork_asm+0x1a/0x30 [ 27.005334] </TASK> [ 27.005347] [ 27.016825] Allocated by task 203: [ 27.017438] kasan_save_stack+0x45/0x70 [ 27.017657] kasan_save_track+0x18/0x40 [ 27.017759] kasan_save_alloc_info+0x3b/0x50 [ 27.017865] __kasan_kmalloc+0xb7/0xc0 [ 27.018496] __kmalloc_cache_noprof+0x189/0x420 [ 27.019217] kmalloc_oob_memset_4+0xac/0x330 [ 27.019549] kunit_try_run_case+0x1a5/0x480 [ 27.019844] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.020158] kthread+0x337/0x6f0 [ 27.020407] ret_from_fork+0x116/0x1d0 [ 27.020674] ret_from_fork_asm+0x1a/0x30 [ 27.020917] [ 27.021020] The buggy address belongs to the object at ffff888103259000 [ 27.021020] which belongs to the cache kmalloc-128 of size 128 [ 27.022161] The buggy address is located 117 bytes inside of [ 27.022161] allocated 120-byte region [ffff888103259000, ffff888103259078) [ 27.023117] [ 27.023246] The buggy address belongs to the physical page: [ 27.023636] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103259 [ 27.023954] flags: 0x200000000000000(node=0|zone=2) [ 27.024119] page_type: f5(slab) [ 27.024226] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.024385] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.024535] page dumped because: kasan: bad access detected [ 27.024649] [ 27.024697] Memory state around the buggy address: [ 27.024805] ffff888103258f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.025975] ffff888103258f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.026740] >ffff888103259000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.027655] ^ [ 27.028167] ffff888103259080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.028725] ffff888103259100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.029459] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 26.956756] ================================================================== [ 26.957258] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 26.957451] Write of size 2 at addr ffff88810324df77 by task kunit_try_catch/201 [ 26.957593] [ 26.957671] CPU: 0 UID: 0 PID: 201 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 26.957732] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.957746] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.957772] Call Trace: [ 26.957789] <TASK> [ 26.957813] dump_stack_lvl+0x73/0xb0 [ 26.957849] print_report+0xd1/0x650 [ 26.957873] ? __virt_addr_valid+0x1db/0x2d0 [ 26.957900] ? kmalloc_oob_memset_2+0x166/0x330 [ 26.957950] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.958723] ? kmalloc_oob_memset_2+0x166/0x330 [ 26.959150] kasan_report+0x141/0x180 [ 26.959224] ? kmalloc_oob_memset_2+0x166/0x330 [ 26.959304] kasan_check_range+0x10c/0x1c0 [ 26.959350] __asan_memset+0x27/0x50 [ 26.959390] kmalloc_oob_memset_2+0x166/0x330 [ 26.959438] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 26.959488] ? __schedule+0x10cc/0x2b60 [ 26.959542] ? __pfx_read_tsc+0x10/0x10 [ 26.959587] ? ktime_get_ts64+0x86/0x230 [ 26.959631] kunit_try_run_case+0x1a5/0x480 [ 26.959675] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.959705] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.959731] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.959756] ? __kthread_parkme+0x82/0x180 [ 26.959779] ? preempt_count_sub+0x50/0x80 [ 26.959806] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.959831] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.959857] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.959881] kthread+0x337/0x6f0 [ 26.959906] ? trace_preempt_on+0x20/0xc0 [ 26.959954] ? __pfx_kthread+0x10/0x10 [ 26.959986] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.960022] ? calculate_sigpending+0x7b/0xa0 [ 26.960064] ? __pfx_kthread+0x10/0x10 [ 26.960116] ret_from_fork+0x116/0x1d0 [ 26.960145] ? __pfx_kthread+0x10/0x10 [ 26.960168] ret_from_fork_asm+0x1a/0x30 [ 26.960203] </TASK> [ 26.960217] [ 26.973403] Allocated by task 201: [ 26.973766] kasan_save_stack+0x45/0x70 [ 26.974421] kasan_save_track+0x18/0x40 [ 26.974704] kasan_save_alloc_info+0x3b/0x50 [ 26.975779] __kasan_kmalloc+0xb7/0xc0 [ 26.976000] __kmalloc_cache_noprof+0x189/0x420 [ 26.976222] kmalloc_oob_memset_2+0xac/0x330 [ 26.976558] kunit_try_run_case+0x1a5/0x480 [ 26.976896] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.978050] kthread+0x337/0x6f0 [ 26.978240] ret_from_fork+0x116/0x1d0 [ 26.978626] ret_from_fork_asm+0x1a/0x30 [ 26.979152] [ 26.979274] The buggy address belongs to the object at ffff88810324df00 [ 26.979274] which belongs to the cache kmalloc-128 of size 128 [ 26.980509] The buggy address is located 119 bytes inside of [ 26.980509] allocated 120-byte region [ffff88810324df00, ffff88810324df78) [ 26.981640] [ 26.981838] The buggy address belongs to the physical page: [ 26.982208] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10324d [ 26.982640] flags: 0x200000000000000(node=0|zone=2) [ 26.983503] page_type: f5(slab) [ 26.983698] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.985091] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.985433] page dumped because: kasan: bad access detected [ 26.985847] [ 26.986513] Memory state around the buggy address: [ 26.986765] ffff88810324de00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.988125] ffff88810324de80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.992507] >ffff88810324df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.992791] ^ [ 26.993221] ffff88810324df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.993801] ffff88810324e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.994454] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 26.914487] ================================================================== [ 26.915020] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 26.915592] Write of size 128 at addr ffff88810324de00 by task kunit_try_catch/199 [ 26.916014] [ 26.917467] CPU: 0 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 26.917554] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.917570] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.917598] Call Trace: [ 26.917618] <TASK> [ 26.917646] dump_stack_lvl+0x73/0xb0 [ 26.917701] print_report+0xd1/0x650 [ 26.917729] ? __virt_addr_valid+0x1db/0x2d0 [ 26.917757] ? kmalloc_oob_in_memset+0x15f/0x320 [ 26.917781] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.917810] ? kmalloc_oob_in_memset+0x15f/0x320 [ 26.917834] kasan_report+0x141/0x180 [ 26.917857] ? kmalloc_oob_in_memset+0x15f/0x320 [ 26.917885] kasan_check_range+0x10c/0x1c0 [ 26.917917] __asan_memset+0x27/0x50 [ 26.917980] kmalloc_oob_in_memset+0x15f/0x320 [ 26.918011] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 26.918036] ? __schedule+0x10cc/0x2b60 [ 26.918061] ? __pfx_read_tsc+0x10/0x10 [ 26.918086] ? ktime_get_ts64+0x86/0x230 [ 26.918144] kunit_try_run_case+0x1a5/0x480 [ 26.918189] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.918224] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.918263] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.918290] ? __kthread_parkme+0x82/0x180 [ 26.918315] ? preempt_count_sub+0x50/0x80 [ 26.918341] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.918367] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.918392] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.918417] kthread+0x337/0x6f0 [ 26.918438] ? trace_preempt_on+0x20/0xc0 [ 26.918465] ? __pfx_kthread+0x10/0x10 [ 26.918488] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.918511] ? calculate_sigpending+0x7b/0xa0 [ 26.918539] ? __pfx_kthread+0x10/0x10 [ 26.918562] ret_from_fork+0x116/0x1d0 [ 26.918583] ? __pfx_kthread+0x10/0x10 [ 26.918605] ret_from_fork_asm+0x1a/0x30 [ 26.918640] </TASK> [ 26.918654] [ 26.933296] Allocated by task 199: [ 26.933666] kasan_save_stack+0x45/0x70 [ 26.934065] kasan_save_track+0x18/0x40 [ 26.934246] kasan_save_alloc_info+0x3b/0x50 [ 26.934553] __kasan_kmalloc+0xb7/0xc0 [ 26.934788] __kmalloc_cache_noprof+0x189/0x420 [ 26.936150] kmalloc_oob_in_memset+0xac/0x320 [ 26.936393] kunit_try_run_case+0x1a5/0x480 [ 26.936937] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.937534] kthread+0x337/0x6f0 [ 26.937820] ret_from_fork+0x116/0x1d0 [ 26.938046] ret_from_fork_asm+0x1a/0x30 [ 26.938302] [ 26.938388] The buggy address belongs to the object at ffff88810324de00 [ 26.938388] which belongs to the cache kmalloc-128 of size 128 [ 26.938968] The buggy address is located 0 bytes inside of [ 26.938968] allocated 120-byte region [ffff88810324de00, ffff88810324de78) [ 26.940061] [ 26.940228] The buggy address belongs to the physical page: [ 26.941092] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10324d [ 26.941706] flags: 0x200000000000000(node=0|zone=2) [ 26.942326] page_type: f5(slab) [ 26.942618] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.943531] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.944383] page dumped because: kasan: bad access detected [ 26.944736] [ 26.944844] Memory state around the buggy address: [ 26.945754] ffff88810324dd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.946250] ffff88810324dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.946791] >ffff88810324de00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.947341] ^ [ 26.947695] ffff88810324de80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.948543] ffff88810324df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.948918] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 26.876265] ================================================================== [ 26.876727] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x47b/0x4c0 [ 26.877555] Read of size 16 at addr ffff8881022a2680 by task kunit_try_catch/197 [ 26.878052] [ 26.878664] CPU: 1 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 26.878916] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.878944] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.878977] Call Trace: [ 26.878995] <TASK> [ 26.879020] dump_stack_lvl+0x73/0xb0 [ 26.879068] print_report+0xd1/0x650 [ 26.879094] ? __virt_addr_valid+0x1db/0x2d0 [ 26.879142] ? kmalloc_uaf_16+0x47b/0x4c0 [ 26.879164] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.879191] ? kmalloc_uaf_16+0x47b/0x4c0 [ 26.879213] kasan_report+0x141/0x180 [ 26.879236] ? kmalloc_uaf_16+0x47b/0x4c0 [ 26.879262] __asan_report_load16_noabort+0x18/0x20 [ 26.879287] kmalloc_uaf_16+0x47b/0x4c0 [ 26.879309] ? __pfx_kmalloc_uaf_16+0x10/0x10 [ 26.879332] ? __schedule+0x10cc/0x2b60 [ 26.879356] ? __pfx_read_tsc+0x10/0x10 [ 26.879379] ? ktime_get_ts64+0x86/0x230 [ 26.879406] kunit_try_run_case+0x1a5/0x480 [ 26.879433] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.879456] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.879479] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.879503] ? __kthread_parkme+0x82/0x180 [ 26.879525] ? preempt_count_sub+0x50/0x80 [ 26.879551] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.879574] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.879598] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.879622] kthread+0x337/0x6f0 [ 26.879642] ? trace_preempt_on+0x20/0xc0 [ 26.879667] ? __pfx_kthread+0x10/0x10 [ 26.879689] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.879711] ? calculate_sigpending+0x7b/0xa0 [ 26.879736] ? __pfx_kthread+0x10/0x10 [ 26.879758] ret_from_fork+0x116/0x1d0 [ 26.879779] ? __pfx_kthread+0x10/0x10 [ 26.879800] ret_from_fork_asm+0x1a/0x30 [ 26.879831] </TASK> [ 26.879844] [ 26.889383] Allocated by task 197: [ 26.889703] kasan_save_stack+0x45/0x70 [ 26.890509] kasan_save_track+0x18/0x40 [ 26.890770] kasan_save_alloc_info+0x3b/0x50 [ 26.891144] __kasan_kmalloc+0xb7/0xc0 [ 26.891684] __kmalloc_cache_noprof+0x189/0x420 [ 26.891891] kmalloc_uaf_16+0x15b/0x4c0 [ 26.892325] kunit_try_run_case+0x1a5/0x480 [ 26.892717] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.892990] kthread+0x337/0x6f0 [ 26.893181] ret_from_fork+0x116/0x1d0 [ 26.893503] ret_from_fork_asm+0x1a/0x30 [ 26.893844] [ 26.894021] Freed by task 197: [ 26.894351] kasan_save_stack+0x45/0x70 [ 26.894590] kasan_save_track+0x18/0x40 [ 26.894777] kasan_save_free_info+0x3f/0x60 [ 26.895036] __kasan_slab_free+0x56/0x70 [ 26.895389] kfree+0x222/0x3f0 [ 26.895669] kmalloc_uaf_16+0x1d6/0x4c0 [ 26.896038] kunit_try_run_case+0x1a5/0x480 [ 26.896431] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.896726] kthread+0x337/0x6f0 [ 26.896934] ret_from_fork+0x116/0x1d0 [ 26.897282] ret_from_fork_asm+0x1a/0x30 [ 26.897612] [ 26.897792] The buggy address belongs to the object at ffff8881022a2680 [ 26.897792] which belongs to the cache kmalloc-16 of size 16 [ 26.898785] The buggy address is located 0 bytes inside of [ 26.898785] freed 16-byte region [ffff8881022a2680, ffff8881022a2690) [ 26.899770] [ 26.900011] The buggy address belongs to the physical page: [ 26.900516] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022a2 [ 26.901122] flags: 0x200000000000000(node=0|zone=2) [ 26.901572] page_type: f5(slab) [ 26.901886] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.902335] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.902734] page dumped because: kasan: bad access detected [ 26.903554] [ 26.903675] Memory state around the buggy address: [ 26.904552] ffff8881022a2580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.904917] ffff8881022a2600: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 26.905174] >ffff8881022a2680: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.905505] ^ [ 26.905691] ffff8881022a2700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.906895] ffff8881022a2780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.907163] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 26.838819] ================================================================== [ 26.839403] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 26.839961] Write of size 16 at addr ffff8881022a2620 by task kunit_try_catch/195 [ 26.840348] [ 26.840860] CPU: 1 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 26.840968] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.840996] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.841039] Call Trace: [ 26.841069] <TASK> [ 26.841120] dump_stack_lvl+0x73/0xb0 [ 26.841222] print_report+0xd1/0x650 [ 26.841273] ? __virt_addr_valid+0x1db/0x2d0 [ 26.841331] ? kmalloc_oob_16+0x452/0x4a0 [ 26.841594] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.841650] ? kmalloc_oob_16+0x452/0x4a0 [ 26.841702] kasan_report+0x141/0x180 [ 26.841747] ? kmalloc_oob_16+0x452/0x4a0 [ 26.842204] __asan_report_store16_noabort+0x1b/0x30 [ 26.842239] kmalloc_oob_16+0x452/0x4a0 [ 26.842262] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 26.842286] ? __schedule+0x10cc/0x2b60 [ 26.842311] ? __pfx_read_tsc+0x10/0x10 [ 26.842335] ? ktime_get_ts64+0x86/0x230 [ 26.842364] kunit_try_run_case+0x1a5/0x480 [ 26.842392] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.842415] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.842439] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.842462] ? __kthread_parkme+0x82/0x180 [ 26.842486] ? preempt_count_sub+0x50/0x80 [ 26.842511] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.842535] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.842560] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.842584] kthread+0x337/0x6f0 [ 26.842605] ? trace_preempt_on+0x20/0xc0 [ 26.842630] ? __pfx_kthread+0x10/0x10 [ 26.842652] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.842674] ? calculate_sigpending+0x7b/0xa0 [ 26.842699] ? __pfx_kthread+0x10/0x10 [ 26.842722] ret_from_fork+0x116/0x1d0 [ 26.842742] ? __pfx_kthread+0x10/0x10 [ 26.842764] ret_from_fork_asm+0x1a/0x30 [ 26.842796] </TASK> [ 26.842809] [ 26.852824] Allocated by task 195: [ 26.853780] kasan_save_stack+0x45/0x70 [ 26.854446] kasan_save_track+0x18/0x40 [ 26.854763] kasan_save_alloc_info+0x3b/0x50 [ 26.855048] __kasan_kmalloc+0xb7/0xc0 [ 26.855992] __kmalloc_cache_noprof+0x189/0x420 [ 26.856479] kmalloc_oob_16+0xa8/0x4a0 [ 26.856718] kunit_try_run_case+0x1a5/0x480 [ 26.857315] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.858000] kthread+0x337/0x6f0 [ 26.858582] ret_from_fork+0x116/0x1d0 [ 26.858856] ret_from_fork_asm+0x1a/0x30 [ 26.859539] [ 26.859794] The buggy address belongs to the object at ffff8881022a2620 [ 26.859794] which belongs to the cache kmalloc-16 of size 16 [ 26.860610] The buggy address is located 0 bytes inside of [ 26.860610] allocated 13-byte region [ffff8881022a2620, ffff8881022a262d) [ 26.861048] [ 26.861150] The buggy address belongs to the physical page: [ 26.861338] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022a2 [ 26.861593] flags: 0x200000000000000(node=0|zone=2) [ 26.861776] page_type: f5(slab) [ 26.861919] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.863077] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.863321] page dumped because: kasan: bad access detected [ 26.864445] [ 26.864556] Memory state around the buggy address: [ 26.864794] ffff8881022a2500: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 26.865602] ffff8881022a2580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.866410] >ffff8881022a2600: fa fb fc fc 00 05 fc fc 00 00 fc fc fc fc fc fc [ 26.866788] ^ [ 26.867597] ffff8881022a2680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.868542] ffff8881022a2700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.868879] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 26.744455] ================================================================== [ 26.745000] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x1b8/0x5e0 [ 26.746180] Read of size 1 at addr ffff888103914200 by task kunit_try_catch/193 [ 26.747191] [ 26.747395] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 26.747925] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.747954] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.748054] Call Trace: [ 26.748076] <TASK> [ 26.748132] dump_stack_lvl+0x73/0xb0 [ 26.748194] print_report+0xd1/0x650 [ 26.748221] ? __virt_addr_valid+0x1db/0x2d0 [ 26.748249] ? krealloc_uaf+0x1b8/0x5e0 [ 26.748272] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.748299] ? krealloc_uaf+0x1b8/0x5e0 [ 26.748321] kasan_report+0x141/0x180 [ 26.748344] ? krealloc_uaf+0x1b8/0x5e0 [ 26.748369] ? krealloc_uaf+0x1b8/0x5e0 [ 26.748390] __kasan_check_byte+0x3d/0x50 [ 26.748413] krealloc_noprof+0x3f/0x340 [ 26.748438] krealloc_uaf+0x1b8/0x5e0 [ 26.748460] ? __pfx_krealloc_uaf+0x10/0x10 [ 26.748482] ? finish_task_switch.isra.0+0x153/0x700 [ 26.748507] ? __switch_to+0x47/0xf50 [ 26.748535] ? __schedule+0x10cc/0x2b60 [ 26.748558] ? __pfx_read_tsc+0x10/0x10 [ 26.748582] ? ktime_get_ts64+0x86/0x230 [ 26.748610] kunit_try_run_case+0x1a5/0x480 [ 26.748637] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.748660] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.748683] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.748707] ? __kthread_parkme+0x82/0x180 [ 26.748730] ? preempt_count_sub+0x50/0x80 [ 26.748754] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.748778] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.748802] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.748825] kthread+0x337/0x6f0 [ 26.748846] ? trace_preempt_on+0x20/0xc0 [ 26.748872] ? __pfx_kthread+0x10/0x10 [ 26.748894] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.748947] ? calculate_sigpending+0x7b/0xa0 [ 26.748995] ? __pfx_kthread+0x10/0x10 [ 26.749019] ret_from_fork+0x116/0x1d0 [ 26.749040] ? __pfx_kthread+0x10/0x10 [ 26.749061] ret_from_fork_asm+0x1a/0x30 [ 26.749093] </TASK> [ 26.749125] [ 26.763591] Allocated by task 193: [ 26.763837] kasan_save_stack+0x45/0x70 [ 26.764806] kasan_save_track+0x18/0x40 [ 26.765011] kasan_save_alloc_info+0x3b/0x50 [ 26.765472] __kasan_kmalloc+0xb7/0xc0 [ 26.765772] __kmalloc_cache_noprof+0x189/0x420 [ 26.766034] krealloc_uaf+0xbb/0x5e0 [ 26.766208] kunit_try_run_case+0x1a5/0x480 [ 26.767443] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.767883] kthread+0x337/0x6f0 [ 26.768485] ret_from_fork+0x116/0x1d0 [ 26.768676] ret_from_fork_asm+0x1a/0x30 [ 26.769139] [ 26.769345] Freed by task 193: [ 26.769522] kasan_save_stack+0x45/0x70 [ 26.769729] kasan_save_track+0x18/0x40 [ 26.770428] kasan_save_free_info+0x3f/0x60 [ 26.770918] __kasan_slab_free+0x56/0x70 [ 26.771285] kfree+0x222/0x3f0 [ 26.771541] krealloc_uaf+0x13d/0x5e0 [ 26.771706] kunit_try_run_case+0x1a5/0x480 [ 26.772046] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.773193] kthread+0x337/0x6f0 [ 26.773443] ret_from_fork+0x116/0x1d0 [ 26.773630] ret_from_fork_asm+0x1a/0x30 [ 26.773790] [ 26.773935] The buggy address belongs to the object at ffff888103914200 [ 26.773935] which belongs to the cache kmalloc-256 of size 256 [ 26.775703] The buggy address is located 0 bytes inside of [ 26.775703] freed 256-byte region [ffff888103914200, ffff888103914300) [ 26.776574] [ 26.776763] The buggy address belongs to the physical page: [ 26.777846] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103914 [ 26.778248] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.778411] flags: 0x200000000000040(head|node=0|zone=2) [ 26.778542] page_type: f5(slab) [ 26.778635] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.778775] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.778922] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.780587] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.780860] head: 0200000000000001 ffffea00040e4501 00000000ffffffff 00000000ffffffff [ 26.781558] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 26.782307] page dumped because: kasan: bad access detected [ 26.782585] [ 26.782760] Memory state around the buggy address: [ 26.783792] ffff888103914100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.784212] ffff888103914180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.785288] >ffff888103914200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.785550] ^ [ 26.785894] ffff888103914280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.786397] ffff888103914300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.787354] ================================================================== [ 26.789480] ================================================================== [ 26.789978] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x53c/0x5e0 [ 26.790395] Read of size 1 at addr ffff888103914200 by task kunit_try_catch/193 [ 26.790636] [ 26.790768] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 26.790842] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.790857] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.790882] Call Trace: [ 26.790898] <TASK> [ 26.790922] dump_stack_lvl+0x73/0xb0 [ 26.790963] print_report+0xd1/0x650 [ 26.790988] ? __virt_addr_valid+0x1db/0x2d0 [ 26.791519] ? krealloc_uaf+0x53c/0x5e0 [ 26.791571] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.791616] ? krealloc_uaf+0x53c/0x5e0 [ 26.791658] kasan_report+0x141/0x180 [ 26.791704] ? krealloc_uaf+0x53c/0x5e0 [ 26.791755] __asan_report_load1_noabort+0x18/0x20 [ 26.791805] krealloc_uaf+0x53c/0x5e0 [ 26.791850] ? __pfx_krealloc_uaf+0x10/0x10 [ 26.791890] ? finish_task_switch.isra.0+0x153/0x700 [ 26.792465] ? __switch_to+0x47/0xf50 [ 26.792528] ? __schedule+0x10cc/0x2b60 [ 26.792555] ? __pfx_read_tsc+0x10/0x10 [ 26.792578] ? ktime_get_ts64+0x86/0x230 [ 26.792607] kunit_try_run_case+0x1a5/0x480 [ 26.792637] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.792659] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.792684] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.792708] ? __kthread_parkme+0x82/0x180 [ 26.792730] ? preempt_count_sub+0x50/0x80 [ 26.792755] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.792779] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.792804] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.792828] kthread+0x337/0x6f0 [ 26.792849] ? trace_preempt_on+0x20/0xc0 [ 26.792873] ? __pfx_kthread+0x10/0x10 [ 26.792895] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.792933] ? calculate_sigpending+0x7b/0xa0 [ 26.792970] ? __pfx_kthread+0x10/0x10 [ 26.793411] ret_from_fork+0x116/0x1d0 [ 26.793438] ? __pfx_kthread+0x10/0x10 [ 26.793459] ret_from_fork_asm+0x1a/0x30 [ 26.793492] </TASK> [ 26.793506] [ 26.807417] Allocated by task 193: [ 26.807717] kasan_save_stack+0x45/0x70 [ 26.808589] kasan_save_track+0x18/0x40 [ 26.809184] kasan_save_alloc_info+0x3b/0x50 [ 26.809893] __kasan_kmalloc+0xb7/0xc0 [ 26.810422] __kmalloc_cache_noprof+0x189/0x420 [ 26.810570] krealloc_uaf+0xbb/0x5e0 [ 26.810658] kunit_try_run_case+0x1a5/0x480 [ 26.810751] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.810857] kthread+0x337/0x6f0 [ 26.811499] ret_from_fork+0x116/0x1d0 [ 26.811909] ret_from_fork_asm+0x1a/0x30 [ 26.812306] [ 26.812709] Freed by task 193: [ 26.813384] kasan_save_stack+0x45/0x70 [ 26.813626] kasan_save_track+0x18/0x40 [ 26.814709] kasan_save_free_info+0x3f/0x60 [ 26.815006] __kasan_slab_free+0x56/0x70 [ 26.815177] kfree+0x222/0x3f0 [ 26.815696] krealloc_uaf+0x13d/0x5e0 [ 26.816120] kunit_try_run_case+0x1a5/0x480 [ 26.816310] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.816810] kthread+0x337/0x6f0 [ 26.817002] ret_from_fork+0x116/0x1d0 [ 26.817363] ret_from_fork_asm+0x1a/0x30 [ 26.817616] [ 26.817720] The buggy address belongs to the object at ffff888103914200 [ 26.817720] which belongs to the cache kmalloc-256 of size 256 [ 26.818505] The buggy address is located 0 bytes inside of [ 26.818505] freed 256-byte region [ffff888103914200, ffff888103914300) [ 26.819429] [ 26.819584] The buggy address belongs to the physical page: [ 26.819750] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103914 [ 26.821758] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.822468] flags: 0x200000000000040(head|node=0|zone=2) [ 26.822918] page_type: f5(slab) [ 26.823380] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.823637] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.823900] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.825054] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.825833] head: 0200000000000001 ffffea00040e4501 00000000ffffffff 00000000ffffffff [ 26.826656] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 26.827292] page dumped because: kasan: bad access detected [ 26.828333] [ 26.828466] Memory state around the buggy address: [ 26.829285] ffff888103914100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.829670] ffff888103914180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.830335] >ffff888103914200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.830594] ^ [ 26.831298] ffff888103914280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.831678] ffff888103914300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.832834] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 26.392304] ================================================================== [ 26.392681] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 26.393020] Write of size 1 at addr ffff8881003744da by task kunit_try_catch/187 [ 26.394528] [ 26.395255] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 26.395338] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.395352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.395379] Call Trace: [ 26.395405] <TASK> [ 26.395430] dump_stack_lvl+0x73/0xb0 [ 26.395480] print_report+0xd1/0x650 [ 26.395506] ? __virt_addr_valid+0x1db/0x2d0 [ 26.395532] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 26.395558] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.395586] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 26.395611] kasan_report+0x141/0x180 [ 26.395635] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 26.395664] __asan_report_store1_noabort+0x1b/0x30 [ 26.395691] krealloc_less_oob_helper+0xec6/0x11d0 [ 26.395718] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 26.395743] ? finish_task_switch.isra.0+0x153/0x700 [ 26.395767] ? __switch_to+0x47/0xf50 [ 26.395794] ? __schedule+0x10cc/0x2b60 [ 26.395818] ? __pfx_read_tsc+0x10/0x10 [ 26.395846] krealloc_less_oob+0x1c/0x30 [ 26.395869] kunit_try_run_case+0x1a5/0x480 [ 26.395896] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.395951] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.395990] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.396027] ? __kthread_parkme+0x82/0x180 [ 26.396062] ? preempt_count_sub+0x50/0x80 [ 26.396123] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.396152] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.396178] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.396204] kthread+0x337/0x6f0 [ 26.396226] ? trace_preempt_on+0x20/0xc0 [ 26.396252] ? __pfx_kthread+0x10/0x10 [ 26.396274] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.396297] ? calculate_sigpending+0x7b/0xa0 [ 26.396324] ? __pfx_kthread+0x10/0x10 [ 26.396347] ret_from_fork+0x116/0x1d0 [ 26.396368] ? __pfx_kthread+0x10/0x10 [ 26.396391] ret_from_fork_asm+0x1a/0x30 [ 26.396426] </TASK> [ 26.396439] [ 26.411302] Allocated by task 187: [ 26.411686] kasan_save_stack+0x45/0x70 [ 26.412803] kasan_save_track+0x18/0x40 [ 26.413062] kasan_save_alloc_info+0x3b/0x50 [ 26.413289] __kasan_krealloc+0x190/0x1f0 [ 26.413768] krealloc_noprof+0xf3/0x340 [ 26.414228] krealloc_less_oob_helper+0x1aa/0x11d0 [ 26.414655] krealloc_less_oob+0x1c/0x30 [ 26.415282] kunit_try_run_case+0x1a5/0x480 [ 26.415564] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.415882] kthread+0x337/0x6f0 [ 26.416297] ret_from_fork+0x116/0x1d0 [ 26.416653] ret_from_fork_asm+0x1a/0x30 [ 26.416948] [ 26.417080] The buggy address belongs to the object at ffff888100374400 [ 26.417080] which belongs to the cache kmalloc-256 of size 256 [ 26.417881] The buggy address is located 17 bytes to the right of [ 26.417881] allocated 201-byte region [ffff888100374400, ffff8881003744c9) [ 26.419700] [ 26.419938] The buggy address belongs to the physical page: [ 26.420518] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100374 [ 26.421284] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.421674] flags: 0x200000000000040(head|node=0|zone=2) [ 26.422230] page_type: f5(slab) [ 26.423164] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.423529] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.424249] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.424694] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.425168] head: 0200000000000001 ffffea000400dd01 00000000ffffffff 00000000ffffffff [ 26.425865] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 26.426470] page dumped because: kasan: bad access detected [ 26.426687] [ 26.426845] Memory state around the buggy address: [ 26.427260] ffff888100374380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.427825] ffff888100374400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.428381] >ffff888100374480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 26.428667] ^ [ 26.429372] ffff888100374500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.430456] ffff888100374580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.431275] ================================================================== [ 26.675494] ================================================================== [ 26.675848] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 26.677511] Write of size 1 at addr ffff8881029fe0ea by task kunit_try_catch/191 [ 26.677879] [ 26.678079] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 26.678503] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.678523] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.678564] Call Trace: [ 26.678597] <TASK> [ 26.678623] dump_stack_lvl+0x73/0xb0 [ 26.678676] print_report+0xd1/0x650 [ 26.678704] ? __virt_addr_valid+0x1db/0x2d0 [ 26.678730] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 26.678756] ? kasan_addr_to_slab+0x11/0xa0 [ 26.678778] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 26.678804] kasan_report+0x141/0x180 [ 26.678827] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 26.678857] __asan_report_store1_noabort+0x1b/0x30 [ 26.678884] krealloc_less_oob_helper+0xe90/0x11d0 [ 26.678917] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 26.679182] ? finish_task_switch.isra.0+0x153/0x700 [ 26.679211] ? __switch_to+0x47/0xf50 [ 26.679241] ? __schedule+0x10cc/0x2b60 [ 26.679266] ? __pfx_read_tsc+0x10/0x10 [ 26.679293] krealloc_large_less_oob+0x1c/0x30 [ 26.679319] kunit_try_run_case+0x1a5/0x480 [ 26.679347] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.679371] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.679396] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.679420] ? __kthread_parkme+0x82/0x180 [ 26.679443] ? preempt_count_sub+0x50/0x80 [ 26.679467] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.679492] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.679517] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.679541] kthread+0x337/0x6f0 [ 26.679562] ? trace_preempt_on+0x20/0xc0 [ 26.679588] ? __pfx_kthread+0x10/0x10 [ 26.679610] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.679633] ? calculate_sigpending+0x7b/0xa0 [ 26.679659] ? __pfx_kthread+0x10/0x10 [ 26.679682] ret_from_fork+0x116/0x1d0 [ 26.679703] ? __pfx_kthread+0x10/0x10 [ 26.679725] ret_from_fork_asm+0x1a/0x30 [ 26.679758] </TASK> [ 26.679771] [ 26.693079] The buggy address belongs to the physical page: [ 26.693605] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029fc [ 26.694333] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.694861] flags: 0x200000000000040(head|node=0|zone=2) [ 26.695326] page_type: f8(unknown) [ 26.695711] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.696441] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.696953] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.697764] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.698092] head: 0200000000000002 ffffea00040a7f01 00000000ffffffff 00000000ffffffff [ 26.698783] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.699206] page dumped because: kasan: bad access detected [ 26.699629] [ 26.699785] Memory state around the buggy address: [ 26.700281] ffff8881029fdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.700850] ffff8881029fe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.701370] >ffff8881029fe080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 26.702078] ^ [ 26.702880] ffff8881029fe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.704000] ffff8881029fe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.704462] ================================================================== [ 26.705085] ================================================================== [ 26.705389] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 26.705765] Write of size 1 at addr ffff8881029fe0eb by task kunit_try_catch/191 [ 26.707209] [ 26.707390] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 26.707484] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.707504] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.707542] Call Trace: [ 26.707582] <TASK> [ 26.707618] dump_stack_lvl+0x73/0xb0 [ 26.707670] print_report+0xd1/0x650 [ 26.707698] ? __virt_addr_valid+0x1db/0x2d0 [ 26.707725] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 26.707751] ? kasan_addr_to_slab+0x11/0xa0 [ 26.707773] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 26.707798] kasan_report+0x141/0x180 [ 26.707822] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 26.707852] __asan_report_store1_noabort+0x1b/0x30 [ 26.707879] krealloc_less_oob_helper+0xd47/0x11d0 [ 26.707912] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 26.708613] ? finish_task_switch.isra.0+0x153/0x700 [ 26.708683] ? __switch_to+0x47/0xf50 [ 26.708717] ? __schedule+0x10cc/0x2b60 [ 26.708742] ? __pfx_read_tsc+0x10/0x10 [ 26.708770] krealloc_large_less_oob+0x1c/0x30 [ 26.708801] kunit_try_run_case+0x1a5/0x480 [ 26.708829] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.708853] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.708878] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.708906] ? __kthread_parkme+0x82/0x180 [ 26.708950] ? preempt_count_sub+0x50/0x80 [ 26.708982] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.709028] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.709065] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.709114] kthread+0x337/0x6f0 [ 26.709149] ? trace_preempt_on+0x20/0xc0 [ 26.709177] ? __pfx_kthread+0x10/0x10 [ 26.709200] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.709224] ? calculate_sigpending+0x7b/0xa0 [ 26.709251] ? __pfx_kthread+0x10/0x10 [ 26.709275] ret_from_fork+0x116/0x1d0 [ 26.709297] ? __pfx_kthread+0x10/0x10 [ 26.709320] ret_from_fork_asm+0x1a/0x30 [ 26.709354] </TASK> [ 26.709368] [ 26.723284] The buggy address belongs to the physical page: [ 26.724865] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029fc [ 26.725743] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.727028] flags: 0x200000000000040(head|node=0|zone=2) [ 26.727297] page_type: f8(unknown) [ 26.727820] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.728720] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.729007] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.729783] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.730868] head: 0200000000000002 ffffea00040a7f01 00000000ffffffff 00000000ffffffff [ 26.731348] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.731798] page dumped because: kasan: bad access detected [ 26.732837] [ 26.732989] Memory state around the buggy address: [ 26.733208] ffff8881029fdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.734168] ffff8881029fe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.734331] >ffff8881029fe080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 26.734462] ^ [ 26.734585] ffff8881029fe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.734714] ffff8881029fe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.734840] ================================================================== [ 26.613808] ================================================================== [ 26.614722] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 26.615398] Write of size 1 at addr ffff8881029fe0d0 by task kunit_try_catch/191 [ 26.616812] [ 26.617209] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 26.617303] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.617327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.617364] Call Trace: [ 26.617393] <TASK> [ 26.617418] dump_stack_lvl+0x73/0xb0 [ 26.617470] print_report+0xd1/0x650 [ 26.617497] ? __virt_addr_valid+0x1db/0x2d0 [ 26.617523] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 26.617549] ? kasan_addr_to_slab+0x11/0xa0 [ 26.617571] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 26.617597] kasan_report+0x141/0x180 [ 26.617621] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 26.617651] __asan_report_store1_noabort+0x1b/0x30 [ 26.617678] krealloc_less_oob_helper+0xe23/0x11d0 [ 26.617706] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 26.617731] ? finish_task_switch.isra.0+0x153/0x700 [ 26.617755] ? __switch_to+0x47/0xf50 [ 26.617783] ? __schedule+0x10cc/0x2b60 [ 26.617807] ? __pfx_read_tsc+0x10/0x10 [ 26.617834] krealloc_large_less_oob+0x1c/0x30 [ 26.617859] kunit_try_run_case+0x1a5/0x480 [ 26.617886] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.617916] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.618188] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.618234] ? __kthread_parkme+0x82/0x180 [ 26.618271] ? preempt_count_sub+0x50/0x80 [ 26.618312] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.618350] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.618388] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.618428] kthread+0x337/0x6f0 [ 26.618464] ? trace_preempt_on+0x20/0xc0 [ 26.618491] ? __pfx_kthread+0x10/0x10 [ 26.618514] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.618538] ? calculate_sigpending+0x7b/0xa0 [ 26.618565] ? __pfx_kthread+0x10/0x10 [ 26.618588] ret_from_fork+0x116/0x1d0 [ 26.618610] ? __pfx_kthread+0x10/0x10 [ 26.618632] ret_from_fork_asm+0x1a/0x30 [ 26.618666] </TASK> [ 26.618680] [ 26.629261] The buggy address belongs to the physical page: [ 26.629642] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029fc [ 26.630368] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.631057] flags: 0x200000000000040(head|node=0|zone=2) [ 26.631400] page_type: f8(unknown) [ 26.631808] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.632451] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.633092] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.633603] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.634324] head: 0200000000000002 ffffea00040a7f01 00000000ffffffff 00000000ffffffff [ 26.634636] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.634942] page dumped because: kasan: bad access detected [ 26.635294] [ 26.635457] Memory state around the buggy address: [ 26.635896] ffff8881029fdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.636577] ffff8881029fe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.637313] >ffff8881029fe080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 26.637820] ^ [ 26.638060] ffff8881029fe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.638508] ffff8881029fe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.639232] ================================================================== [ 26.351720] ================================================================== [ 26.351923] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 26.352126] Write of size 1 at addr ffff8881003744d0 by task kunit_try_catch/187 [ 26.352273] [ 26.352374] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 26.352465] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.352489] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.352532] Call Trace: [ 26.352559] <TASK> [ 26.352628] dump_stack_lvl+0x73/0xb0 [ 26.352690] print_report+0xd1/0x650 [ 26.352730] ? __virt_addr_valid+0x1db/0x2d0 [ 26.352768] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 26.352807] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.352854] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 26.352900] kasan_report+0x141/0x180 [ 26.353154] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 26.353228] __asan_report_store1_noabort+0x1b/0x30 [ 26.353538] krealloc_less_oob_helper+0xe23/0x11d0 [ 26.353589] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 26.353633] ? finish_task_switch.isra.0+0x153/0x700 [ 26.353677] ? __switch_to+0x47/0xf50 [ 26.353721] ? __schedule+0x10cc/0x2b60 [ 26.353761] ? __pfx_read_tsc+0x10/0x10 [ 26.353811] krealloc_less_oob+0x1c/0x30 [ 26.353853] kunit_try_run_case+0x1a5/0x480 [ 26.353905] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.354501] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.354560] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.354610] ? __kthread_parkme+0x82/0x180 [ 26.354656] ? preempt_count_sub+0x50/0x80 [ 26.354707] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.354752] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.355194] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.355230] kthread+0x337/0x6f0 [ 26.355257] ? trace_preempt_on+0x20/0xc0 [ 26.355282] ? __pfx_kthread+0x10/0x10 [ 26.355305] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.355329] ? calculate_sigpending+0x7b/0xa0 [ 26.355355] ? __pfx_kthread+0x10/0x10 [ 26.355378] ret_from_fork+0x116/0x1d0 [ 26.355399] ? __pfx_kthread+0x10/0x10 [ 26.355421] ret_from_fork_asm+0x1a/0x30 [ 26.355454] </TASK> [ 26.355467] [ 26.369838] Allocated by task 187: [ 26.370287] kasan_save_stack+0x45/0x70 [ 26.370692] kasan_save_track+0x18/0x40 [ 26.371891] kasan_save_alloc_info+0x3b/0x50 [ 26.372167] __kasan_krealloc+0x190/0x1f0 [ 26.372532] krealloc_noprof+0xf3/0x340 [ 26.373306] krealloc_less_oob_helper+0x1aa/0x11d0 [ 26.373626] krealloc_less_oob+0x1c/0x30 [ 26.374051] kunit_try_run_case+0x1a5/0x480 [ 26.374335] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.374679] kthread+0x337/0x6f0 [ 26.375590] ret_from_fork+0x116/0x1d0 [ 26.375828] ret_from_fork_asm+0x1a/0x30 [ 26.375978] [ 26.376075] The buggy address belongs to the object at ffff888100374400 [ 26.376075] which belongs to the cache kmalloc-256 of size 256 [ 26.377341] The buggy address is located 7 bytes to the right of [ 26.377341] allocated 201-byte region [ffff888100374400, ffff8881003744c9) [ 26.377697] [ 26.377790] The buggy address belongs to the physical page: [ 26.378002] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100374 [ 26.378593] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.379654] flags: 0x200000000000040(head|node=0|zone=2) [ 26.380485] page_type: f5(slab) [ 26.380689] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.382342] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.383163] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.384262] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.384696] head: 0200000000000001 ffffea000400dd01 00000000ffffffff 00000000ffffffff [ 26.385191] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 26.385408] page dumped because: kasan: bad access detected [ 26.385761] [ 26.386668] Memory state around the buggy address: [ 26.387202] ffff888100374380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.387581] ffff888100374400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.388487] >ffff888100374480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 26.388768] ^ [ 26.389571] ffff888100374500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.390372] ffff888100374580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.390793] ================================================================== [ 26.433532] ================================================================== [ 26.434419] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 26.435142] Write of size 1 at addr ffff8881003744ea by task kunit_try_catch/187 [ 26.436267] [ 26.436532] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 26.436630] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.436653] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.436679] Call Trace: [ 26.436705] <TASK> [ 26.436730] dump_stack_lvl+0x73/0xb0 [ 26.436780] print_report+0xd1/0x650 [ 26.436807] ? __virt_addr_valid+0x1db/0x2d0 [ 26.436833] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 26.436859] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.436888] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 26.436922] kasan_report+0x141/0x180 [ 26.437442] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 26.437522] __asan_report_store1_noabort+0x1b/0x30 [ 26.437576] krealloc_less_oob_helper+0xe90/0x11d0 [ 26.437634] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 26.437685] ? finish_task_switch.isra.0+0x153/0x700 [ 26.437735] ? __switch_to+0x47/0xf50 [ 26.437772] ? __schedule+0x10cc/0x2b60 [ 26.437798] ? __pfx_read_tsc+0x10/0x10 [ 26.437825] krealloc_less_oob+0x1c/0x30 [ 26.437849] kunit_try_run_case+0x1a5/0x480 [ 26.437877] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.437903] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.438017] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.438056] ? __kthread_parkme+0x82/0x180 [ 26.438090] ? preempt_count_sub+0x50/0x80 [ 26.438141] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.438178] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.438212] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.438245] kthread+0x337/0x6f0 [ 26.438275] ? trace_preempt_on+0x20/0xc0 [ 26.438311] ? __pfx_kthread+0x10/0x10 [ 26.438341] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.438374] ? calculate_sigpending+0x7b/0xa0 [ 26.438409] ? __pfx_kthread+0x10/0x10 [ 26.438443] ret_from_fork+0x116/0x1d0 [ 26.438473] ? __pfx_kthread+0x10/0x10 [ 26.438506] ret_from_fork_asm+0x1a/0x30 [ 26.438554] </TASK> [ 26.438574] [ 26.451759] Allocated by task 187: [ 26.452295] kasan_save_stack+0x45/0x70 [ 26.452773] kasan_save_track+0x18/0x40 [ 26.453175] kasan_save_alloc_info+0x3b/0x50 [ 26.453486] __kasan_krealloc+0x190/0x1f0 [ 26.453916] krealloc_noprof+0xf3/0x340 [ 26.454171] krealloc_less_oob_helper+0x1aa/0x11d0 [ 26.454396] krealloc_less_oob+0x1c/0x30 [ 26.454635] kunit_try_run_case+0x1a5/0x480 [ 26.455547] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.456085] kthread+0x337/0x6f0 [ 26.456418] ret_from_fork+0x116/0x1d0 [ 26.456760] ret_from_fork_asm+0x1a/0x30 [ 26.457838] [ 26.457999] The buggy address belongs to the object at ffff888100374400 [ 26.457999] which belongs to the cache kmalloc-256 of size 256 [ 26.459069] The buggy address is located 33 bytes to the right of [ 26.459069] allocated 201-byte region [ffff888100374400, ffff8881003744c9) [ 26.460282] [ 26.460535] The buggy address belongs to the physical page: [ 26.460922] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100374 [ 26.461588] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.462492] flags: 0x200000000000040(head|node=0|zone=2) [ 26.463622] page_type: f5(slab) [ 26.463853] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.464152] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.464788] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.465277] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.465715] head: 0200000000000001 ffffea000400dd01 00000000ffffffff 00000000ffffffff [ 26.466381] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 26.467210] page dumped because: kasan: bad access detected [ 26.467597] [ 26.467715] Memory state around the buggy address: [ 26.468290] ffff888100374380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.468860] ffff888100374400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.469810] >ffff888100374480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 26.470282] ^ [ 26.470811] ffff888100374500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.471568] ffff888100374580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.471925] ================================================================== [ 26.474734] ================================================================== [ 26.475329] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 26.475884] Write of size 1 at addr ffff8881003744eb by task kunit_try_catch/187 [ 26.476386] [ 26.476555] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 26.476660] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.476730] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.476777] Call Trace: [ 26.476806] <TASK> [ 26.476845] dump_stack_lvl+0x73/0xb0 [ 26.476935] print_report+0xd1/0x650 [ 26.476986] ? __virt_addr_valid+0x1db/0x2d0 [ 26.477035] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 26.477086] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.477161] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 26.477214] kasan_report+0x141/0x180 [ 26.477375] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 26.477465] __asan_report_store1_noabort+0x1b/0x30 [ 26.477515] krealloc_less_oob_helper+0xd47/0x11d0 [ 26.477568] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 26.477616] ? finish_task_switch.isra.0+0x153/0x700 [ 26.477659] ? __switch_to+0x47/0xf50 [ 26.477695] ? __schedule+0x10cc/0x2b60 [ 26.477720] ? __pfx_read_tsc+0x10/0x10 [ 26.477747] krealloc_less_oob+0x1c/0x30 [ 26.477771] kunit_try_run_case+0x1a5/0x480 [ 26.477800] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.477824] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.477848] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.477873] ? __kthread_parkme+0x82/0x180 [ 26.477897] ? preempt_count_sub+0x50/0x80 [ 26.477932] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.477969] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.478091] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.478141] kthread+0x337/0x6f0 [ 26.478164] ? trace_preempt_on+0x20/0xc0 [ 26.478190] ? __pfx_kthread+0x10/0x10 [ 26.478213] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.478236] ? calculate_sigpending+0x7b/0xa0 [ 26.478263] ? __pfx_kthread+0x10/0x10 [ 26.478286] ret_from_fork+0x116/0x1d0 [ 26.478307] ? __pfx_kthread+0x10/0x10 [ 26.478329] ret_from_fork_asm+0x1a/0x30 [ 26.478363] </TASK> [ 26.478377] [ 26.495599] Allocated by task 187: [ 26.495911] kasan_save_stack+0x45/0x70 [ 26.496332] kasan_save_track+0x18/0x40 [ 26.496632] kasan_save_alloc_info+0x3b/0x50 [ 26.498151] __kasan_krealloc+0x190/0x1f0 [ 26.498523] krealloc_noprof+0xf3/0x340 [ 26.498766] krealloc_less_oob_helper+0x1aa/0x11d0 [ 26.499157] krealloc_less_oob+0x1c/0x30 [ 26.499423] kunit_try_run_case+0x1a5/0x480 [ 26.499694] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.500016] kthread+0x337/0x6f0 [ 26.500355] ret_from_fork+0x116/0x1d0 [ 26.500659] ret_from_fork_asm+0x1a/0x30 [ 26.500854] [ 26.501025] The buggy address belongs to the object at ffff888100374400 [ 26.501025] which belongs to the cache kmalloc-256 of size 256 [ 26.502123] The buggy address is located 34 bytes to the right of [ 26.502123] allocated 201-byte region [ffff888100374400, ffff8881003744c9) [ 26.502729] [ 26.502824] The buggy address belongs to the physical page: [ 26.503195] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100374 [ 26.503875] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.504546] flags: 0x200000000000040(head|node=0|zone=2) [ 26.504833] page_type: f5(slab) [ 26.505310] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.505733] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.506490] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.506996] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.507685] head: 0200000000000001 ffffea000400dd01 00000000ffffffff 00000000ffffffff [ 26.508141] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 26.508377] page dumped because: kasan: bad access detected [ 26.508553] [ 26.508721] Memory state around the buggy address: [ 26.509239] ffff888100374380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.509924] ffff888100374400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.510528] >ffff888100374480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 26.510969] ^ [ 26.511245] ffff888100374500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.511514] ffff888100374580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.512279] ================================================================== [ 26.314075] ================================================================== [ 26.315196] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 26.316466] Write of size 1 at addr ffff8881003744c9 by task kunit_try_catch/187 [ 26.317721] [ 26.317886] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 26.317991] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.318231] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.318283] Call Trace: [ 26.318313] <TASK> [ 26.318354] dump_stack_lvl+0x73/0xb0 [ 26.318427] print_report+0xd1/0x650 [ 26.318466] ? __virt_addr_valid+0x1db/0x2d0 [ 26.318510] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 26.318550] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.318590] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 26.318628] kasan_report+0x141/0x180 [ 26.318666] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 26.318719] __asan_report_store1_noabort+0x1b/0x30 [ 26.318765] krealloc_less_oob_helper+0xd70/0x11d0 [ 26.318987] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 26.319043] ? finish_task_switch.isra.0+0x153/0x700 [ 26.319085] ? __switch_to+0x47/0xf50 [ 26.319145] ? __schedule+0x10cc/0x2b60 [ 26.319179] ? __pfx_read_tsc+0x10/0x10 [ 26.319207] krealloc_less_oob+0x1c/0x30 [ 26.319232] kunit_try_run_case+0x1a5/0x480 [ 26.319261] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.319285] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.319311] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.319339] ? __kthread_parkme+0x82/0x180 [ 26.319363] ? preempt_count_sub+0x50/0x80 [ 26.319387] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.319413] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.319437] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.319462] kthread+0x337/0x6f0 [ 26.319484] ? trace_preempt_on+0x20/0xc0 [ 26.319511] ? __pfx_kthread+0x10/0x10 [ 26.319534] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.319557] ? calculate_sigpending+0x7b/0xa0 [ 26.319584] ? __pfx_kthread+0x10/0x10 [ 26.319608] ret_from_fork+0x116/0x1d0 [ 26.319629] ? __pfx_kthread+0x10/0x10 [ 26.319651] ret_from_fork_asm+0x1a/0x30 [ 26.319685] </TASK> [ 26.319698] [ 26.333530] Allocated by task 187: [ 26.333842] kasan_save_stack+0x45/0x70 [ 26.334344] kasan_save_track+0x18/0x40 [ 26.334524] kasan_save_alloc_info+0x3b/0x50 [ 26.335069] __kasan_krealloc+0x190/0x1f0 [ 26.335646] krealloc_noprof+0xf3/0x340 [ 26.336594] krealloc_less_oob_helper+0x1aa/0x11d0 [ 26.336842] krealloc_less_oob+0x1c/0x30 [ 26.337362] kunit_try_run_case+0x1a5/0x480 [ 26.337592] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.337848] kthread+0x337/0x6f0 [ 26.338910] ret_from_fork+0x116/0x1d0 [ 26.339147] ret_from_fork_asm+0x1a/0x30 [ 26.339259] [ 26.339337] The buggy address belongs to the object at ffff888100374400 [ 26.339337] which belongs to the cache kmalloc-256 of size 256 [ 26.339570] The buggy address is located 0 bytes to the right of [ 26.339570] allocated 201-byte region [ffff888100374400, ffff8881003744c9) [ 26.339788] [ 26.339839] The buggy address belongs to the physical page: [ 26.340009] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100374 [ 26.340648] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.342090] flags: 0x200000000000040(head|node=0|zone=2) [ 26.342342] page_type: f5(slab) [ 26.342490] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.342839] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.344175] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.344866] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.345410] head: 0200000000000001 ffffea000400dd01 00000000ffffffff 00000000ffffffff [ 26.345622] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 26.345763] page dumped because: kasan: bad access detected [ 26.345871] [ 26.346311] Memory state around the buggy address: [ 26.346603] ffff888100374380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.347439] ffff888100374400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.348433] >ffff888100374480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 26.348857] ^ [ 26.349449] ffff888100374500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.349954] ffff888100374580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.350642] ================================================================== [ 26.640602] ================================================================== [ 26.641218] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 26.641656] Write of size 1 at addr ffff8881029fe0da by task kunit_try_catch/191 [ 26.641977] [ 26.642136] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 26.642265] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.642304] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.642340] Call Trace: [ 26.642369] <TASK> [ 26.642403] dump_stack_lvl+0x73/0xb0 [ 26.642463] print_report+0xd1/0x650 [ 26.642503] ? __virt_addr_valid+0x1db/0x2d0 [ 26.642541] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 26.642579] ? kasan_addr_to_slab+0x11/0xa0 [ 26.642612] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 26.642650] kasan_report+0x141/0x180 [ 26.642684] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 26.642728] __asan_report_store1_noabort+0x1b/0x30 [ 26.642768] krealloc_less_oob_helper+0xec6/0x11d0 [ 26.642810] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 26.642857] ? finish_task_switch.isra.0+0x153/0x700 [ 26.642982] ? __switch_to+0x47/0xf50 [ 26.643053] ? __schedule+0x10cc/0x2b60 [ 26.643113] ? __pfx_read_tsc+0x10/0x10 [ 26.643169] krealloc_large_less_oob+0x1c/0x30 [ 26.643222] kunit_try_run_case+0x1a5/0x480 [ 26.643277] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.643323] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.643370] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.643421] ? __kthread_parkme+0x82/0x180 [ 26.643468] ? preempt_count_sub+0x50/0x80 [ 26.643520] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.643573] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.643625] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.643676] kthread+0x337/0x6f0 [ 26.643722] ? trace_preempt_on+0x20/0xc0 [ 26.643774] ? __pfx_kthread+0x10/0x10 [ 26.643821] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.643862] ? calculate_sigpending+0x7b/0xa0 [ 26.643936] ? __pfx_kthread+0x10/0x10 [ 26.643989] ret_from_fork+0x116/0x1d0 [ 26.644034] ? __pfx_kthread+0x10/0x10 [ 26.644081] ret_from_fork_asm+0x1a/0x30 [ 26.644172] </TASK> [ 26.644200] [ 26.661036] The buggy address belongs to the physical page: [ 26.661874] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029fc [ 26.662227] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.663145] flags: 0x200000000000040(head|node=0|zone=2) [ 26.663383] page_type: f8(unknown) [ 26.663534] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.663906] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.665239] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.665626] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.666811] head: 0200000000000002 ffffea00040a7f01 00000000ffffffff 00000000ffffffff [ 26.667639] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.667998] page dumped because: kasan: bad access detected [ 26.668360] [ 26.668521] Memory state around the buggy address: [ 26.668832] ffff8881029fdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.669896] ffff8881029fe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.670630] >ffff8881029fe080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 26.671666] ^ [ 26.671940] ffff8881029fe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.672617] ffff8881029fe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.673572] ================================================================== [ 26.582399] ================================================================== [ 26.582950] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 26.583435] Write of size 1 at addr ffff8881029fe0c9 by task kunit_try_catch/191 [ 26.583730] [ 26.583936] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 26.584040] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.584064] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.584168] Call Trace: [ 26.584204] <TASK> [ 26.584246] dump_stack_lvl+0x73/0xb0 [ 26.584315] print_report+0xd1/0x650 [ 26.584354] ? __virt_addr_valid+0x1db/0x2d0 [ 26.584395] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 26.584435] ? kasan_addr_to_slab+0x11/0xa0 [ 26.584467] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 26.584508] kasan_report+0x141/0x180 [ 26.584547] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 26.584606] __asan_report_store1_noabort+0x1b/0x30 [ 26.584658] krealloc_less_oob_helper+0xd70/0x11d0 [ 26.584700] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 26.584745] ? finish_task_switch.isra.0+0x153/0x700 [ 26.584787] ? __switch_to+0x47/0xf50 [ 26.584846] ? __schedule+0x10cc/0x2b60 [ 26.584886] ? __pfx_read_tsc+0x10/0x10 [ 26.584988] krealloc_large_less_oob+0x1c/0x30 [ 26.585034] kunit_try_run_case+0x1a5/0x480 [ 26.585084] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.585142] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.585193] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.585239] ? __kthread_parkme+0x82/0x180 [ 26.585287] ? preempt_count_sub+0x50/0x80 [ 26.585330] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.585371] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.585410] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.585448] kthread+0x337/0x6f0 [ 26.585483] ? trace_preempt_on+0x20/0xc0 [ 26.585527] ? __pfx_kthread+0x10/0x10 [ 26.585561] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.585599] ? calculate_sigpending+0x7b/0xa0 [ 26.585649] ? __pfx_kthread+0x10/0x10 [ 26.585691] ret_from_fork+0x116/0x1d0 [ 26.585735] ? __pfx_kthread+0x10/0x10 [ 26.585777] ret_from_fork_asm+0x1a/0x30 [ 26.585838] </TASK> [ 26.585860] [ 26.599369] The buggy address belongs to the physical page: [ 26.599722] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029fc [ 26.601173] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.602175] flags: 0x200000000000040(head|node=0|zone=2) [ 26.602716] page_type: f8(unknown) [ 26.603297] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.603595] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.604412] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.604905] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.605648] head: 0200000000000002 ffffea00040a7f01 00000000ffffffff 00000000ffffffff [ 26.606539] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.606927] page dumped because: kasan: bad access detected [ 26.607344] [ 26.607612] Memory state around the buggy address: [ 26.607799] ffff8881029fdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.608477] ffff8881029fe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.609669] >ffff8881029fe080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 26.610024] ^ [ 26.610737] ffff8881029fe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.611355] ffff8881029fe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.612242] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 26.275385] ================================================================== [ 26.276117] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 26.276513] Write of size 1 at addr ffff8881003742f0 by task kunit_try_catch/185 [ 26.277089] [ 26.277279] CPU: 0 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 26.277386] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.277413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.277460] Call Trace: [ 26.277492] <TASK> [ 26.277531] dump_stack_lvl+0x73/0xb0 [ 26.277602] print_report+0xd1/0x650 [ 26.277652] ? __virt_addr_valid+0x1db/0x2d0 [ 26.277698] ? krealloc_more_oob_helper+0x7eb/0x930 [ 26.277744] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.277796] ? krealloc_more_oob_helper+0x7eb/0x930 [ 26.277845] kasan_report+0x141/0x180 [ 26.277892] ? krealloc_more_oob_helper+0x7eb/0x930 [ 26.277942] __asan_report_store1_noabort+0x1b/0x30 [ 26.277987] krealloc_more_oob_helper+0x7eb/0x930 [ 26.278029] ? __schedule+0x10cc/0x2b60 [ 26.278075] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 26.278138] ? finish_task_switch.isra.0+0x153/0x700 [ 26.278184] ? __switch_to+0x47/0xf50 [ 26.278237] ? __schedule+0x10cc/0x2b60 [ 26.278280] ? __pfx_read_tsc+0x10/0x10 [ 26.278331] krealloc_more_oob+0x1c/0x30 [ 26.278379] kunit_try_run_case+0x1a5/0x480 [ 26.278432] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.278479] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.278526] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.278576] ? __kthread_parkme+0x82/0x180 [ 26.278619] ? preempt_count_sub+0x50/0x80 [ 26.278664] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.278696] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.278722] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.278747] kthread+0x337/0x6f0 [ 26.278770] ? trace_preempt_on+0x20/0xc0 [ 26.278810] ? __pfx_kthread+0x10/0x10 [ 26.278846] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.278890] ? calculate_sigpending+0x7b/0xa0 [ 26.278965] ? __pfx_kthread+0x10/0x10 [ 26.279006] ret_from_fork+0x116/0x1d0 [ 26.279045] ? __pfx_kthread+0x10/0x10 [ 26.279083] ret_from_fork_asm+0x1a/0x30 [ 26.279157] </TASK> [ 26.279185] [ 26.288897] Allocated by task 185: [ 26.289292] kasan_save_stack+0x45/0x70 [ 26.289700] kasan_save_track+0x18/0x40 [ 26.290150] kasan_save_alloc_info+0x3b/0x50 [ 26.290513] __kasan_krealloc+0x190/0x1f0 [ 26.290871] krealloc_noprof+0xf3/0x340 [ 26.291229] krealloc_more_oob_helper+0x1a9/0x930 [ 26.291594] krealloc_more_oob+0x1c/0x30 [ 26.291802] kunit_try_run_case+0x1a5/0x480 [ 26.292259] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.292501] kthread+0x337/0x6f0 [ 26.292674] ret_from_fork+0x116/0x1d0 [ 26.292999] ret_from_fork_asm+0x1a/0x30 [ 26.293361] [ 26.293527] The buggy address belongs to the object at ffff888100374200 [ 26.293527] which belongs to the cache kmalloc-256 of size 256 [ 26.294307] The buggy address is located 5 bytes to the right of [ 26.294307] allocated 235-byte region [ffff888100374200, ffff8881003742eb) [ 26.295082] [ 26.295274] The buggy address belongs to the physical page: [ 26.295637] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100374 [ 26.296053] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.296352] flags: 0x200000000000040(head|node=0|zone=2) [ 26.296603] page_type: f5(slab) [ 26.296785] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.297082] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.297384] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.297913] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.298522] head: 0200000000000001 ffffea000400dd01 00000000ffffffff 00000000ffffffff [ 26.299302] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 26.299935] page dumped because: kasan: bad access detected [ 26.300356] [ 26.300529] Memory state around the buggy address: [ 26.300965] ffff888100374180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.301546] ffff888100374200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.301938] >ffff888100374280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 26.302395] ^ [ 26.302675] ffff888100374300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.302955] ffff888100374380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.303564] ================================================================== [ 26.520899] ================================================================== [ 26.521509] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 26.522378] Write of size 1 at addr ffff888102aea0eb by task kunit_try_catch/189 [ 26.522743] [ 26.522886] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 26.522965] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.522980] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.523006] Call Trace: [ 26.523025] <TASK> [ 26.523050] dump_stack_lvl+0x73/0xb0 [ 26.523094] print_report+0xd1/0x650 [ 26.523141] ? __virt_addr_valid+0x1db/0x2d0 [ 26.523169] ? krealloc_more_oob_helper+0x821/0x930 [ 26.523193] ? kasan_addr_to_slab+0x11/0xa0 [ 26.523215] ? krealloc_more_oob_helper+0x821/0x930 [ 26.523239] kasan_report+0x141/0x180 [ 26.523262] ? krealloc_more_oob_helper+0x821/0x930 [ 26.523291] __asan_report_store1_noabort+0x1b/0x30 [ 26.523317] krealloc_more_oob_helper+0x821/0x930 [ 26.523340] ? __schedule+0x10cc/0x2b60 [ 26.523364] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 26.523388] ? finish_task_switch.isra.0+0x153/0x700 [ 26.523413] ? __switch_to+0x47/0xf50 [ 26.523440] ? __schedule+0x10cc/0x2b60 [ 26.523463] ? __pfx_read_tsc+0x10/0x10 [ 26.523489] krealloc_large_more_oob+0x1c/0x30 [ 26.523512] kunit_try_run_case+0x1a5/0x480 [ 26.523540] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.523562] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.523586] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.523610] ? __kthread_parkme+0x82/0x180 [ 26.523632] ? preempt_count_sub+0x50/0x80 [ 26.523656] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.523680] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.523704] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.523727] kthread+0x337/0x6f0 [ 26.523748] ? trace_preempt_on+0x20/0xc0 [ 26.523774] ? __pfx_kthread+0x10/0x10 [ 26.523796] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.523819] ? calculate_sigpending+0x7b/0xa0 [ 26.523844] ? __pfx_kthread+0x10/0x10 [ 26.523867] ret_from_fork+0x116/0x1d0 [ 26.523887] ? __pfx_kthread+0x10/0x10 [ 26.523917] ret_from_fork_asm+0x1a/0x30 [ 26.523957] </TASK> [ 26.523970] [ 26.536756] The buggy address belongs to the physical page: [ 26.537465] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ae8 [ 26.537893] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.538176] flags: 0x200000000000040(head|node=0|zone=2) [ 26.538466] page_type: f8(unknown) [ 26.538677] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.540212] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.540476] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.541727] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.542161] head: 0200000000000002 ffffea00040aba01 00000000ffffffff 00000000ffffffff [ 26.542673] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.543280] page dumped because: kasan: bad access detected [ 26.543749] [ 26.544130] Memory state around the buggy address: [ 26.544377] ffff888102ae9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.544829] ffff888102aea000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.545280] >ffff888102aea080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 26.545648] ^ [ 26.546616] ffff888102aea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.546982] ffff888102aea180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.547333] ================================================================== [ 26.549374] ================================================================== [ 26.549862] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 26.550443] Write of size 1 at addr ffff888102aea0f0 by task kunit_try_catch/189 [ 26.550745] [ 26.551187] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 26.551285] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.551305] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.551341] Call Trace: [ 26.551380] <TASK> [ 26.551415] dump_stack_lvl+0x73/0xb0 [ 26.551475] print_report+0xd1/0x650 [ 26.551512] ? __virt_addr_valid+0x1db/0x2d0 [ 26.551547] ? krealloc_more_oob_helper+0x7eb/0x930 [ 26.551583] ? kasan_addr_to_slab+0x11/0xa0 [ 26.551615] ? krealloc_more_oob_helper+0x7eb/0x930 [ 26.551650] kasan_report+0x141/0x180 [ 26.551684] ? krealloc_more_oob_helper+0x7eb/0x930 [ 26.551724] __asan_report_store1_noabort+0x1b/0x30 [ 26.551760] krealloc_more_oob_helper+0x7eb/0x930 [ 26.551794] ? __schedule+0x10cc/0x2b60 [ 26.551829] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 26.551865] ? finish_task_switch.isra.0+0x153/0x700 [ 26.551901] ? __switch_to+0x47/0xf50 [ 26.551973] ? __schedule+0x10cc/0x2b60 [ 26.552017] ? __pfx_read_tsc+0x10/0x10 [ 26.552061] krealloc_large_more_oob+0x1c/0x30 [ 26.552346] kunit_try_run_case+0x1a5/0x480 [ 26.552400] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.552440] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.552467] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.552490] ? __kthread_parkme+0x82/0x180 [ 26.552523] ? preempt_count_sub+0x50/0x80 [ 26.552565] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.552609] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.552654] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.552702] kthread+0x337/0x6f0 [ 26.552743] ? trace_preempt_on+0x20/0xc0 [ 26.552792] ? __pfx_kthread+0x10/0x10 [ 26.552836] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.552881] ? calculate_sigpending+0x7b/0xa0 [ 26.552923] ? __pfx_kthread+0x10/0x10 [ 26.552960] ret_from_fork+0x116/0x1d0 [ 26.552996] ? __pfx_kthread+0x10/0x10 [ 26.553032] ret_from_fork_asm+0x1a/0x30 [ 26.553071] </TASK> [ 26.553090] [ 26.561920] The buggy address belongs to the physical page: [ 26.562381] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ae8 [ 26.563238] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.563537] flags: 0x200000000000040(head|node=0|zone=2) [ 26.563776] page_type: f8(unknown) [ 26.563950] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.564638] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.566584] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.567312] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.567750] head: 0200000000000002 ffffea00040aba01 00000000ffffffff 00000000ffffffff [ 26.568295] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.568622] page dumped because: kasan: bad access detected [ 26.568833] [ 26.568930] Memory state around the buggy address: [ 26.569142] ffff888102ae9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.569635] ffff888102aea000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.570083] >ffff888102aea080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 26.570738] ^ [ 26.571333] ffff888102aea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.571733] ffff888102aea180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.572172] ================================================================== [ 26.240670] ================================================================== [ 26.241332] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 26.242283] Write of size 1 at addr ffff8881003742eb by task kunit_try_catch/185 [ 26.242976] [ 26.243147] CPU: 0 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 26.243254] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.243293] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.243335] Call Trace: [ 26.243375] <TASK> [ 26.243411] dump_stack_lvl+0x73/0xb0 [ 26.243482] print_report+0xd1/0x650 [ 26.243520] ? __virt_addr_valid+0x1db/0x2d0 [ 26.243556] ? krealloc_more_oob_helper+0x821/0x930 [ 26.243596] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.243642] ? krealloc_more_oob_helper+0x821/0x930 [ 26.243689] kasan_report+0x141/0x180 [ 26.243737] ? krealloc_more_oob_helper+0x821/0x930 [ 26.243797] __asan_report_store1_noabort+0x1b/0x30 [ 26.243847] krealloc_more_oob_helper+0x821/0x930 [ 26.243885] ? __schedule+0x10cc/0x2b60 [ 26.243924] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 26.243969] ? finish_task_switch.isra.0+0x153/0x700 [ 26.244012] ? __switch_to+0x47/0xf50 [ 26.244061] ? __schedule+0x10cc/0x2b60 [ 26.244144] ? __pfx_read_tsc+0x10/0x10 [ 26.244195] krealloc_more_oob+0x1c/0x30 [ 26.244232] kunit_try_run_case+0x1a5/0x480 [ 26.244280] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.244322] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.244364] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.244410] ? __kthread_parkme+0x82/0x180 [ 26.244451] ? preempt_count_sub+0x50/0x80 [ 26.244505] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.244556] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.244623] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.244668] kthread+0x337/0x6f0 [ 26.244704] ? trace_preempt_on+0x20/0xc0 [ 26.244734] ? __pfx_kthread+0x10/0x10 [ 26.244757] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.244780] ? calculate_sigpending+0x7b/0xa0 [ 26.244807] ? __pfx_kthread+0x10/0x10 [ 26.244831] ret_from_fork+0x116/0x1d0 [ 26.244852] ? __pfx_kthread+0x10/0x10 [ 26.244874] ret_from_fork_asm+0x1a/0x30 [ 26.244917] </TASK> [ 26.244937] [ 26.255953] Allocated by task 185: [ 26.256344] kasan_save_stack+0x45/0x70 [ 26.256649] kasan_save_track+0x18/0x40 [ 26.256846] kasan_save_alloc_info+0x3b/0x50 [ 26.257045] __kasan_krealloc+0x190/0x1f0 [ 26.257437] krealloc_noprof+0xf3/0x340 [ 26.257836] krealloc_more_oob_helper+0x1a9/0x930 [ 26.258280] krealloc_more_oob+0x1c/0x30 [ 26.258658] kunit_try_run_case+0x1a5/0x480 [ 26.259083] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.259358] kthread+0x337/0x6f0 [ 26.259532] ret_from_fork+0x116/0x1d0 [ 26.259884] ret_from_fork_asm+0x1a/0x30 [ 26.260298] [ 26.260511] The buggy address belongs to the object at ffff888100374200 [ 26.260511] which belongs to the cache kmalloc-256 of size 256 [ 26.261305] The buggy address is located 0 bytes to the right of [ 26.261305] allocated 235-byte region [ffff888100374200, ffff8881003742eb) [ 26.262049] [ 26.262272] The buggy address belongs to the physical page: [ 26.262668] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100374 [ 26.263155] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.263650] flags: 0x200000000000040(head|node=0|zone=2) [ 26.264080] page_type: f5(slab) [ 26.264308] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.264598] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.264894] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.265610] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.266526] head: 0200000000000001 ffffea000400dd01 00000000ffffffff 00000000ffffffff [ 26.267394] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 26.267922] page dumped because: kasan: bad access detected [ 26.268267] [ 26.268379] Memory state around the buggy address: [ 26.268800] ffff888100374180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.269347] ffff888100374200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.269797] >ffff888100374280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 26.270267] ^ [ 26.270722] ffff888100374300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.271250] ffff888100374380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.271750] ==================================================================
Failure - kunit - drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid_reject_rate
<8>[ 387.506856] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid_reject_rate RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid_reject
<8>[ 387.312313] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid_reject RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid
<8>[ 387.126820] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid RESULT=fail>
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 26.203724] ================================================================== [ 26.204585] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 26.204996] Read of size 1 at addr ffff888103a00000 by task kunit_try_catch/183 [ 26.205603] [ 26.205769] CPU: 0 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 26.205833] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.205847] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.205873] Call Trace: [ 26.205892] <TASK> [ 26.205924] dump_stack_lvl+0x73/0xb0 [ 26.205964] print_report+0xd1/0x650 [ 26.205990] ? __virt_addr_valid+0x1db/0x2d0 [ 26.206016] ? page_alloc_uaf+0x356/0x3d0 [ 26.206040] ? kasan_addr_to_slab+0x11/0xa0 [ 26.206062] ? page_alloc_uaf+0x356/0x3d0 [ 26.206085] kasan_report+0x141/0x180 [ 26.206147] ? page_alloc_uaf+0x356/0x3d0 [ 26.206201] __asan_report_load1_noabort+0x18/0x20 [ 26.206247] page_alloc_uaf+0x356/0x3d0 [ 26.206288] ? __pfx_page_alloc_uaf+0x10/0x10 [ 26.206331] ? __schedule+0x10cc/0x2b60 [ 26.206375] ? __pfx_read_tsc+0x10/0x10 [ 26.206419] ? ktime_get_ts64+0x86/0x230 [ 26.206488] kunit_try_run_case+0x1a5/0x480 [ 26.206548] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.206596] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.206648] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.206692] ? __kthread_parkme+0x82/0x180 [ 26.207534] ? preempt_count_sub+0x50/0x80 [ 26.207616] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.207647] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.207676] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.207702] kthread+0x337/0x6f0 [ 26.207725] ? trace_preempt_on+0x20/0xc0 [ 26.207751] ? __pfx_kthread+0x10/0x10 [ 26.207773] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.207798] ? calculate_sigpending+0x7b/0xa0 [ 26.207824] ? __pfx_kthread+0x10/0x10 [ 26.207847] ret_from_fork+0x116/0x1d0 [ 26.207869] ? __pfx_kthread+0x10/0x10 [ 26.207891] ret_from_fork_asm+0x1a/0x30 [ 26.207941] </TASK> [ 26.207955] [ 26.224133] The buggy address belongs to the physical page: [ 26.225405] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a00 [ 26.226293] flags: 0x200000000000000(node=0|zone=2) [ 26.226660] page_type: f0(buddy) [ 26.226901] raw: 0200000000000000 ffff88817fffc5c8 ffff88817fffc5c8 0000000000000000 [ 26.228072] raw: 0000000000000000 0000000000000009 00000000f0000000 0000000000000000 [ 26.228611] page dumped because: kasan: bad access detected [ 26.229610] [ 26.229760] Memory state around the buggy address: [ 26.230032] ffff8881039fff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.230783] ffff8881039fff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.231713] >ffff888103a00000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.231892] ^ [ 26.232433] ffff888103a00080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.233041] ffff888103a00100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.233698] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-kfree
[ 26.158744] ================================================================== [ 26.159409] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 26.159715] Free of addr ffff8881029f8001 by task kunit_try_catch/179 [ 26.160994] [ 26.161218] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 26.161542] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.161577] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.161623] Call Trace: [ 26.161656] <TASK> [ 26.161693] dump_stack_lvl+0x73/0xb0 [ 26.161751] print_report+0xd1/0x650 [ 26.161778] ? __virt_addr_valid+0x1db/0x2d0 [ 26.161805] ? kasan_addr_to_slab+0x11/0xa0 [ 26.161827] ? kfree+0x274/0x3f0 [ 26.161851] kasan_report_invalid_free+0x10a/0x130 [ 26.161877] ? kfree+0x274/0x3f0 [ 26.161905] ? kfree+0x274/0x3f0 [ 26.161962] __kasan_kfree_large+0x86/0xd0 [ 26.162088] free_large_kmalloc+0x52/0x110 [ 26.162137] kfree+0x274/0x3f0 [ 26.162165] kmalloc_large_invalid_free+0x120/0x2b0 [ 26.162191] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 26.162217] ? __schedule+0x10cc/0x2b60 [ 26.162243] ? __pfx_read_tsc+0x10/0x10 [ 26.162266] ? ktime_get_ts64+0x86/0x230 [ 26.162294] kunit_try_run_case+0x1a5/0x480 [ 26.162322] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.162346] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.162370] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.162395] ? __kthread_parkme+0x82/0x180 [ 26.162418] ? preempt_count_sub+0x50/0x80 [ 26.162444] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.162469] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.162494] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.162519] kthread+0x337/0x6f0 [ 26.162540] ? trace_preempt_on+0x20/0xc0 [ 26.162566] ? __pfx_kthread+0x10/0x10 [ 26.162588] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.162611] ? calculate_sigpending+0x7b/0xa0 [ 26.162637] ? __pfx_kthread+0x10/0x10 [ 26.162660] ret_from_fork+0x116/0x1d0 [ 26.162680] ? __pfx_kthread+0x10/0x10 [ 26.162703] ret_from_fork_asm+0x1a/0x30 [ 26.162736] </TASK> [ 26.162749] [ 26.176883] The buggy address belongs to the physical page: [ 26.177318] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029f8 [ 26.177802] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.179283] flags: 0x200000000000040(head|node=0|zone=2) [ 26.180252] page_type: f8(unknown) [ 26.180446] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.181249] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.181718] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.182682] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.183506] head: 0200000000000002 ffffea00040a7e01 00000000ffffffff 00000000ffffffff [ 26.184684] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.185388] page dumped because: kasan: bad access detected [ 26.185749] [ 26.185890] Memory state around the buggy address: [ 26.186730] ffff8881029f7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.187424] ffff8881029f7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.187911] >ffff8881029f8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.188684] ^ [ 26.189296] ffff8881029f8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.189809] ffff8881029f8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.190609] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 26.125573] ================================================================== [ 26.126088] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f1/0x340 [ 26.126409] Read of size 1 at addr ffff8881029f8000 by task kunit_try_catch/177 [ 26.126671] [ 26.126815] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 26.126919] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.126944] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.126990] Call Trace: [ 26.127014] <TASK> [ 26.127039] dump_stack_lvl+0x73/0xb0 [ 26.127085] print_report+0xd1/0x650 [ 26.127140] ? __virt_addr_valid+0x1db/0x2d0 [ 26.127168] ? kmalloc_large_uaf+0x2f1/0x340 [ 26.127191] ? kasan_addr_to_slab+0x11/0xa0 [ 26.127212] ? kmalloc_large_uaf+0x2f1/0x340 [ 26.127235] kasan_report+0x141/0x180 [ 26.127258] ? kmalloc_large_uaf+0x2f1/0x340 [ 26.127285] __asan_report_load1_noabort+0x18/0x20 [ 26.127311] kmalloc_large_uaf+0x2f1/0x340 [ 26.127333] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 26.127357] ? __schedule+0x207f/0x2b60 [ 26.127382] ? __pfx_read_tsc+0x10/0x10 [ 26.127405] ? ktime_get_ts64+0x86/0x230 [ 26.127432] kunit_try_run_case+0x1a5/0x480 [ 26.127461] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.127485] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.127509] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.127534] ? __kthread_parkme+0x82/0x180 [ 26.127557] ? preempt_count_sub+0x50/0x80 [ 26.127583] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.127608] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.127632] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.127657] kthread+0x337/0x6f0 [ 26.127680] ? trace_preempt_on+0x20/0xc0 [ 26.127705] ? __pfx_kthread+0x10/0x10 [ 26.127727] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.127750] ? calculate_sigpending+0x7b/0xa0 [ 26.127777] ? __pfx_kthread+0x10/0x10 [ 26.127800] ret_from_fork+0x116/0x1d0 [ 26.127820] ? __pfx_kthread+0x10/0x10 [ 26.127842] ret_from_fork_asm+0x1a/0x30 [ 26.127875] </TASK> [ 26.127887] [ 26.144768] The buggy address belongs to the physical page: [ 26.145356] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029f8 [ 26.145658] flags: 0x200000000000000(node=0|zone=2) [ 26.145885] raw: 0200000000000000 ffffea00040a7f08 ffff88815b039fc0 0000000000000000 [ 26.146179] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 26.146896] page dumped because: kasan: bad access detected [ 26.147560] [ 26.147711] Memory state around the buggy address: [ 26.148851] ffff8881029f7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.149498] ffff8881029f7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.149728] >ffff8881029f8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.150691] ^ [ 26.151148] ffff8881029f8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.151670] ffff8881029f8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.152618] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 26.090828] ================================================================== [ 26.091662] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 26.091994] Write of size 1 at addr ffff888102aea00a by task kunit_try_catch/175 [ 26.092705] [ 26.092983] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 26.093097] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.093136] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.093176] Call Trace: [ 26.093204] <TASK> [ 26.093241] dump_stack_lvl+0x73/0xb0 [ 26.093327] print_report+0xd1/0x650 [ 26.093392] ? __virt_addr_valid+0x1db/0x2d0 [ 26.093443] ? kmalloc_large_oob_right+0x2e9/0x330 [ 26.093492] ? kasan_addr_to_slab+0x11/0xa0 [ 26.093548] ? kmalloc_large_oob_right+0x2e9/0x330 [ 26.093591] kasan_report+0x141/0x180 [ 26.093639] ? kmalloc_large_oob_right+0x2e9/0x330 [ 26.093697] __asan_report_store1_noabort+0x1b/0x30 [ 26.093751] kmalloc_large_oob_right+0x2e9/0x330 [ 26.093792] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 26.093836] ? __schedule+0x10cc/0x2b60 [ 26.093884] ? __pfx_read_tsc+0x10/0x10 [ 26.093922] ? ktime_get_ts64+0x86/0x230 [ 26.093984] kunit_try_run_case+0x1a5/0x480 [ 26.094046] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.094084] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.094138] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.094175] ? __kthread_parkme+0x82/0x180 [ 26.094213] ? preempt_count_sub+0x50/0x80 [ 26.094252] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.094290] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.094329] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.094368] kthread+0x337/0x6f0 [ 26.094400] ? trace_preempt_on+0x20/0xc0 [ 26.094442] ? __pfx_kthread+0x10/0x10 [ 26.094481] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.094516] ? calculate_sigpending+0x7b/0xa0 [ 26.094560] ? __pfx_kthread+0x10/0x10 [ 26.094603] ret_from_fork+0x116/0x1d0 [ 26.094641] ? __pfx_kthread+0x10/0x10 [ 26.094682] ret_from_fork_asm+0x1a/0x30 [ 26.094737] </TASK> [ 26.094757] [ 26.106886] The buggy address belongs to the physical page: [ 26.107761] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ae8 [ 26.108695] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.109470] flags: 0x200000000000040(head|node=0|zone=2) [ 26.110211] page_type: f8(unknown) [ 26.110582] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.110994] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.111949] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.112557] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.113148] head: 0200000000000002 ffffea00040aba01 00000000ffffffff 00000000ffffffff [ 26.113531] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.113885] page dumped because: kasan: bad access detected [ 26.114486] [ 26.114670] Memory state around the buggy address: [ 26.115579] ffff888102ae9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.116282] ffff888102ae9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.116603] >ffff888102aea000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.117260] ^ [ 26.117574] ffff888102aea080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.118124] ffff888102aea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.118586] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 26.046697] ================================================================== [ 26.047218] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 26.048208] Write of size 1 at addr ffff8881038e1f00 by task kunit_try_catch/173 [ 26.049145] [ 26.049520] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 26.049660] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.049682] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.049710] Call Trace: [ 26.049730] <TASK> [ 26.049759] dump_stack_lvl+0x73/0xb0 [ 26.049811] print_report+0xd1/0x650 [ 26.049838] ? __virt_addr_valid+0x1db/0x2d0 [ 26.049865] ? kmalloc_big_oob_right+0x316/0x370 [ 26.049986] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.050017] ? kmalloc_big_oob_right+0x316/0x370 [ 26.050041] kasan_report+0x141/0x180 [ 26.050065] ? kmalloc_big_oob_right+0x316/0x370 [ 26.050093] __asan_report_store1_noabort+0x1b/0x30 [ 26.050144] kmalloc_big_oob_right+0x316/0x370 [ 26.050178] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 26.050345] ? __schedule+0x10cc/0x2b60 [ 26.050375] ? __pfx_read_tsc+0x10/0x10 [ 26.050400] ? ktime_get_ts64+0x86/0x230 [ 26.050429] kunit_try_run_case+0x1a5/0x480 [ 26.050458] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.050482] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.050508] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.050533] ? __kthread_parkme+0x82/0x180 [ 26.050557] ? preempt_count_sub+0x50/0x80 [ 26.050583] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.050608] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.050634] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.050658] kthread+0x337/0x6f0 [ 26.050680] ? trace_preempt_on+0x20/0xc0 [ 26.050706] ? __pfx_kthread+0x10/0x10 [ 26.050728] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.050751] ? calculate_sigpending+0x7b/0xa0 [ 26.050777] ? __pfx_kthread+0x10/0x10 [ 26.050800] ret_from_fork+0x116/0x1d0 [ 26.050821] ? __pfx_kthread+0x10/0x10 [ 26.050843] ret_from_fork_asm+0x1a/0x30 [ 26.050883] </TASK> [ 26.050898] [ 26.064522] Allocated by task 173: [ 26.064913] kasan_save_stack+0x45/0x70 [ 26.065176] kasan_save_track+0x18/0x40 [ 26.065447] kasan_save_alloc_info+0x3b/0x50 [ 26.065741] __kasan_kmalloc+0xb7/0xc0 [ 26.066370] __kmalloc_cache_noprof+0x189/0x420 [ 26.066714] kmalloc_big_oob_right+0xa9/0x370 [ 26.067411] kunit_try_run_case+0x1a5/0x480 [ 26.067790] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.068369] kthread+0x337/0x6f0 [ 26.068816] ret_from_fork+0x116/0x1d0 [ 26.069254] ret_from_fork_asm+0x1a/0x30 [ 26.069478] [ 26.069675] The buggy address belongs to the object at ffff8881038e0000 [ 26.069675] which belongs to the cache kmalloc-8k of size 8192 [ 26.070250] The buggy address is located 0 bytes to the right of [ 26.070250] allocated 7936-byte region [ffff8881038e0000, ffff8881038e1f00) [ 26.071379] [ 26.071583] The buggy address belongs to the physical page: [ 26.072138] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038e0 [ 26.072666] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.073384] flags: 0x200000000000040(head|node=0|zone=2) [ 26.073753] page_type: f5(slab) [ 26.074125] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 26.074688] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 26.075514] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 26.076164] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 26.077053] head: 0200000000000003 ffffea00040e3801 00000000ffffffff 00000000ffffffff [ 26.077339] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 26.078276] page dumped because: kasan: bad access detected [ 26.078481] [ 26.078795] Memory state around the buggy address: [ 26.079035] ffff8881038e1e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.080014] ffff8881038e1e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.080486] >ffff8881038e1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.081593] ^ [ 26.081827] ffff8881038e1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.082071] ffff8881038e2000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.082682] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 26.011094] ================================================================== [ 26.011479] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 26.012088] Write of size 1 at addr ffff88810324dd78 by task kunit_try_catch/171 [ 26.012682] [ 26.012843] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 26.012919] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.012941] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.012973] Call Trace: [ 26.012994] <TASK> [ 26.013022] dump_stack_lvl+0x73/0xb0 [ 26.013072] print_report+0xd1/0x650 [ 26.013116] ? __virt_addr_valid+0x1db/0x2d0 [ 26.013160] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 26.013205] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.013255] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 26.013298] kasan_report+0x141/0x180 [ 26.013615] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 26.013784] __asan_report_store1_noabort+0x1b/0x30 [ 26.013823] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 26.013864] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 26.013908] ? __schedule+0x10cc/0x2b60 [ 26.013967] ? __pfx_read_tsc+0x10/0x10 [ 26.013992] ? ktime_get_ts64+0x86/0x230 [ 26.014023] kunit_try_run_case+0x1a5/0x480 [ 26.014052] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.014076] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.014120] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.014149] ? __kthread_parkme+0x82/0x180 [ 26.014173] ? preempt_count_sub+0x50/0x80 [ 26.014199] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.014225] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.014250] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.014275] kthread+0x337/0x6f0 [ 26.014297] ? trace_preempt_on+0x20/0xc0 [ 26.014323] ? __pfx_kthread+0x10/0x10 [ 26.014345] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.014370] ? calculate_sigpending+0x7b/0xa0 [ 26.014398] ? __pfx_kthread+0x10/0x10 [ 26.014421] ret_from_fork+0x116/0x1d0 [ 26.014441] ? __pfx_kthread+0x10/0x10 [ 26.014464] ret_from_fork_asm+0x1a/0x30 [ 26.014496] </TASK> [ 26.014510] [ 26.026432] Allocated by task 171: [ 26.026798] kasan_save_stack+0x45/0x70 [ 26.027180] kasan_save_track+0x18/0x40 [ 26.027373] kasan_save_alloc_info+0x3b/0x50 [ 26.027557] __kasan_kmalloc+0xb7/0xc0 [ 26.027727] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 26.027975] kmalloc_track_caller_oob_right+0x19a/0x520 [ 26.028381] kunit_try_run_case+0x1a5/0x480 [ 26.029022] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.029528] kthread+0x337/0x6f0 [ 26.029833] ret_from_fork+0x116/0x1d0 [ 26.030069] ret_from_fork_asm+0x1a/0x30 [ 26.030269] [ 26.030441] The buggy address belongs to the object at ffff88810324dd00 [ 26.030441] which belongs to the cache kmalloc-128 of size 128 [ 26.031034] The buggy address is located 0 bytes to the right of [ 26.031034] allocated 120-byte region [ffff88810324dd00, ffff88810324dd78) [ 26.031848] [ 26.032616] The buggy address belongs to the physical page: [ 26.033303] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10324d [ 26.033826] flags: 0x200000000000000(node=0|zone=2) [ 26.034529] page_type: f5(slab) [ 26.034727] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.035256] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.035415] page dumped because: kasan: bad access detected [ 26.035523] [ 26.035570] Memory state around the buggy address: [ 26.035671] ffff88810324dc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.035802] ffff88810324dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.036335] >ffff88810324dd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.036732] ^ [ 26.038156] ffff88810324dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.038414] ffff88810324de00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.038939] ================================================================== [ 25.977745] ================================================================== [ 25.978231] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 25.978835] Write of size 1 at addr ffff88810324dc78 by task kunit_try_catch/171 [ 25.979720] [ 25.979877] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 25.980175] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.980206] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.980244] Call Trace: [ 25.980262] <TASK> [ 25.980288] dump_stack_lvl+0x73/0xb0 [ 25.980337] print_report+0xd1/0x650 [ 25.980364] ? __virt_addr_valid+0x1db/0x2d0 [ 25.980390] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 25.980417] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.980446] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 25.980473] kasan_report+0x141/0x180 [ 25.980496] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 25.980527] __asan_report_store1_noabort+0x1b/0x30 [ 25.980553] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 25.980579] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 25.980607] ? __schedule+0x10cc/0x2b60 [ 25.980631] ? __pfx_read_tsc+0x10/0x10 [ 25.980654] ? ktime_get_ts64+0x86/0x230 [ 25.980682] kunit_try_run_case+0x1a5/0x480 [ 25.980709] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.980732] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.980757] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.980781] ? __kthread_parkme+0x82/0x180 [ 25.980804] ? preempt_count_sub+0x50/0x80 [ 25.980830] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.980855] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.980880] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.980929] kthread+0x337/0x6f0 [ 25.981247] ? trace_preempt_on+0x20/0xc0 [ 25.981277] ? __pfx_kthread+0x10/0x10 [ 25.981300] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.981324] ? calculate_sigpending+0x7b/0xa0 [ 25.981352] ? __pfx_kthread+0x10/0x10 [ 25.981379] ret_from_fork+0x116/0x1d0 [ 25.981400] ? __pfx_kthread+0x10/0x10 [ 25.981423] ret_from_fork_asm+0x1a/0x30 [ 25.981458] </TASK> [ 25.981471] [ 25.991806] Allocated by task 171: [ 25.992219] kasan_save_stack+0x45/0x70 [ 25.992607] kasan_save_track+0x18/0x40 [ 25.994155] kasan_save_alloc_info+0x3b/0x50 [ 25.994551] __kasan_kmalloc+0xb7/0xc0 [ 25.994719] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 25.995408] kmalloc_track_caller_oob_right+0x99/0x520 [ 25.996002] kunit_try_run_case+0x1a5/0x480 [ 25.996469] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.996753] kthread+0x337/0x6f0 [ 25.997299] ret_from_fork+0x116/0x1d0 [ 25.997479] ret_from_fork_asm+0x1a/0x30 [ 25.998177] [ 25.998555] The buggy address belongs to the object at ffff88810324dc00 [ 25.998555] which belongs to the cache kmalloc-128 of size 128 [ 25.999494] The buggy address is located 0 bytes to the right of [ 25.999494] allocated 120-byte region [ffff88810324dc00, ffff88810324dc78) [ 26.000398] [ 26.000759] The buggy address belongs to the physical page: [ 26.001121] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10324d [ 26.001647] flags: 0x200000000000000(node=0|zone=2) [ 26.002430] page_type: f5(slab) [ 26.002645] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.002882] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.003769] page dumped because: kasan: bad access detected [ 26.004227] [ 26.004679] Memory state around the buggy address: [ 26.005040] ffff88810324db00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.005398] ffff88810324db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.005743] >ffff88810324dc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.006738] ^ [ 26.006996] ffff88810324dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.007834] ffff88810324dd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.008461] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 25.929800] ================================================================== [ 25.930556] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0 [ 25.931307] Read of size 1 at addr ffff8881038cd000 by task kunit_try_catch/169 [ 25.931891] [ 25.932303] CPU: 0 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 25.932431] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.932460] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.932511] Call Trace: [ 25.932539] <TASK> [ 25.932578] dump_stack_lvl+0x73/0xb0 [ 25.932654] print_report+0xd1/0x650 [ 25.932731] ? __virt_addr_valid+0x1db/0x2d0 [ 25.932783] ? kmalloc_node_oob_right+0x369/0x3c0 [ 25.932826] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.932878] ? kmalloc_node_oob_right+0x369/0x3c0 [ 25.932966] kasan_report+0x141/0x180 [ 25.933037] ? kmalloc_node_oob_right+0x369/0x3c0 [ 25.933118] __asan_report_load1_noabort+0x18/0x20 [ 25.933172] kmalloc_node_oob_right+0x369/0x3c0 [ 25.933219] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 25.933262] ? __schedule+0x10cc/0x2b60 [ 25.933292] ? __pfx_read_tsc+0x10/0x10 [ 25.933318] ? ktime_get_ts64+0x86/0x230 [ 25.933346] kunit_try_run_case+0x1a5/0x480 [ 25.933376] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.933400] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.933425] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.933449] ? __kthread_parkme+0x82/0x180 [ 25.933473] ? preempt_count_sub+0x50/0x80 [ 25.933499] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.933524] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.933549] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.933574] kthread+0x337/0x6f0 [ 25.933595] ? trace_preempt_on+0x20/0xc0 [ 25.933621] ? __pfx_kthread+0x10/0x10 [ 25.933643] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.933666] ? calculate_sigpending+0x7b/0xa0 [ 25.933693] ? __pfx_kthread+0x10/0x10 [ 25.933716] ret_from_fork+0x116/0x1d0 [ 25.933737] ? __pfx_kthread+0x10/0x10 [ 25.933759] ret_from_fork_asm+0x1a/0x30 [ 25.933793] </TASK> [ 25.933807] [ 25.946876] Allocated by task 169: [ 25.947267] kasan_save_stack+0x45/0x70 [ 25.947722] kasan_save_track+0x18/0x40 [ 25.948144] kasan_save_alloc_info+0x3b/0x50 [ 25.948888] __kasan_kmalloc+0xb7/0xc0 [ 25.949488] __kmalloc_cache_node_noprof+0x188/0x420 [ 25.950273] kmalloc_node_oob_right+0xab/0x3c0 [ 25.950624] kunit_try_run_case+0x1a5/0x480 [ 25.950917] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.951523] kthread+0x337/0x6f0 [ 25.952477] ret_from_fork+0x116/0x1d0 [ 25.952747] ret_from_fork_asm+0x1a/0x30 [ 25.954378] [ 25.954708] The buggy address belongs to the object at ffff8881038cc000 [ 25.954708] which belongs to the cache kmalloc-4k of size 4096 [ 25.955933] The buggy address is located 0 bytes to the right of [ 25.955933] allocated 4096-byte region [ffff8881038cc000, ffff8881038cd000) [ 25.956886] [ 25.957018] The buggy address belongs to the physical page: [ 25.957435] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038c8 [ 25.957966] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.959847] flags: 0x200000000000040(head|node=0|zone=2) [ 25.960749] page_type: f5(slab) [ 25.961271] raw: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 25.961621] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 25.962661] head: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 25.963288] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 25.963586] head: 0200000000000003 ffffea00040e3201 00000000ffffffff 00000000ffffffff [ 25.964534] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 25.965451] page dumped because: kasan: bad access detected [ 25.965885] [ 25.966724] Memory state around the buggy address: [ 25.967059] ffff8881038ccf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.967640] ffff8881038ccf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.968148] >ffff8881038cd000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.968643] ^ [ 25.968889] ffff8881038cd080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.969963] ffff8881038cd100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.970683] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 25.873812] ================================================================== [ 25.875527] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 25.876316] Read of size 1 at addr ffff8881022a25ff by task kunit_try_catch/167 [ 25.876791] [ 25.876952] CPU: 1 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 25.877050] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.877072] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.877122] Call Trace: [ 25.877149] <TASK> [ 25.877183] dump_stack_lvl+0x73/0xb0 [ 25.877260] print_report+0xd1/0x650 [ 25.877301] ? __virt_addr_valid+0x1db/0x2d0 [ 25.877338] ? kmalloc_oob_left+0x361/0x3c0 [ 25.877372] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.877411] ? kmalloc_oob_left+0x361/0x3c0 [ 25.877448] kasan_report+0x141/0x180 [ 25.877880] ? kmalloc_oob_left+0x361/0x3c0 [ 25.877999] __asan_report_load1_noabort+0x18/0x20 [ 25.878059] kmalloc_oob_left+0x361/0x3c0 [ 25.878120] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 25.878173] ? __schedule+0x10cc/0x2b60 [ 25.878223] ? __pfx_read_tsc+0x10/0x10 [ 25.878270] ? ktime_get_ts64+0x86/0x230 [ 25.878422] kunit_try_run_case+0x1a5/0x480 [ 25.878526] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.878556] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.878583] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.878607] ? __kthread_parkme+0x82/0x180 [ 25.878631] ? preempt_count_sub+0x50/0x80 [ 25.878657] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.878681] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.878722] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.878747] kthread+0x337/0x6f0 [ 25.878769] ? trace_preempt_on+0x20/0xc0 [ 25.878794] ? __pfx_kthread+0x10/0x10 [ 25.878816] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.878839] ? calculate_sigpending+0x7b/0xa0 [ 25.878864] ? __pfx_kthread+0x10/0x10 [ 25.878887] ret_from_fork+0x116/0x1d0 [ 25.878930] ? __pfx_kthread+0x10/0x10 [ 25.879229] ret_from_fork_asm+0x1a/0x30 [ 25.879266] </TASK> [ 25.879279] [ 25.893995] Allocated by task 21: [ 25.894317] kasan_save_stack+0x45/0x70 [ 25.894623] kasan_save_track+0x18/0x40 [ 25.894882] kasan_save_alloc_info+0x3b/0x50 [ 25.895085] __kasan_kmalloc+0xb7/0xc0 [ 25.896753] __kmalloc_cache_node_noprof+0x188/0x420 [ 25.897231] build_sched_domains+0x38c/0x5dd0 [ 25.897862] partition_sched_domains+0x471/0x9c0 [ 25.898484] rebuild_sched_domains_locked+0x97d/0xd50 [ 25.898728] cpuset_update_active_cpus+0x80f/0x1a90 [ 25.898948] sched_cpu_activate+0x2bf/0x330 [ 25.899875] cpuhp_invoke_callback+0x2a1/0xf00 [ 25.900521] cpuhp_thread_fun+0x2ce/0x5c0 [ 25.901160] smpboot_thread_fn+0x2bc/0x730 [ 25.901471] kthread+0x337/0x6f0 [ 25.901769] ret_from_fork+0x116/0x1d0 [ 25.902526] ret_from_fork_asm+0x1a/0x30 [ 25.902937] [ 25.903387] Freed by task 21: [ 25.903629] kasan_save_stack+0x45/0x70 [ 25.904497] kasan_save_track+0x18/0x40 [ 25.904810] kasan_save_free_info+0x3f/0x60 [ 25.905275] __kasan_slab_free+0x56/0x70 [ 25.905655] kfree+0x222/0x3f0 [ 25.905858] build_sched_domains+0x1fff/0x5dd0 [ 25.906488] partition_sched_domains+0x471/0x9c0 [ 25.907133] rebuild_sched_domains_locked+0x97d/0xd50 [ 25.907414] cpuset_update_active_cpus+0x80f/0x1a90 [ 25.907830] sched_cpu_activate+0x2bf/0x330 [ 25.908718] cpuhp_invoke_callback+0x2a1/0xf00 [ 25.909245] cpuhp_thread_fun+0x2ce/0x5c0 [ 25.909462] smpboot_thread_fn+0x2bc/0x730 [ 25.909840] kthread+0x337/0x6f0 [ 25.910363] ret_from_fork+0x116/0x1d0 [ 25.910695] ret_from_fork_asm+0x1a/0x30 [ 25.911346] [ 25.911559] The buggy address belongs to the object at ffff8881022a25e0 [ 25.911559] which belongs to the cache kmalloc-16 of size 16 [ 25.912295] The buggy address is located 15 bytes to the right of [ 25.912295] allocated 16-byte region [ffff8881022a25e0, ffff8881022a25f0) [ 25.913645] [ 25.913873] The buggy address belongs to the physical page: [ 25.914632] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022a2 [ 25.915363] flags: 0x200000000000000(node=0|zone=2) [ 25.915785] page_type: f5(slab) [ 25.916422] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.916921] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.917241] page dumped because: kasan: bad access detected [ 25.917633] [ 25.917752] Memory state around the buggy address: [ 25.918091] ffff8881022a2480: fa fb fc fc 00 06 fc fc 00 06 fc fc 00 06 fc fc [ 25.919166] ffff8881022a2500: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 25.919747] >ffff8881022a2580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.920832] ^ [ 25.921541] ffff8881022a2600: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.921959] ffff8881022a2680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.922660] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 25.768736] ================================================================== [ 25.769910] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 25.770907] Write of size 1 at addr ffff888102b36e73 by task kunit_try_catch/165 [ 25.771658] [ 25.773558] CPU: 1 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 25.774061] Tainted: [N]=TEST [ 25.774129] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.774440] Call Trace: [ 25.774530] <TASK> [ 25.774712] dump_stack_lvl+0x73/0xb0 [ 25.774836] print_report+0xd1/0x650 [ 25.774871] ? __virt_addr_valid+0x1db/0x2d0 [ 25.774901] ? kmalloc_oob_right+0x6f0/0x7f0 [ 25.774958] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.775002] ? kmalloc_oob_right+0x6f0/0x7f0 [ 25.775039] kasan_report+0x141/0x180 [ 25.775079] ? kmalloc_oob_right+0x6f0/0x7f0 [ 25.775130] __asan_report_store1_noabort+0x1b/0x30 [ 25.775158] kmalloc_oob_right+0x6f0/0x7f0 [ 25.775181] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 25.775205] ? __schedule+0x10cc/0x2b60 [ 25.775229] ? __pfx_read_tsc+0x10/0x10 [ 25.775254] ? ktime_get_ts64+0x86/0x230 [ 25.775282] kunit_try_run_case+0x1a5/0x480 [ 25.775310] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.775333] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.775357] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.775381] ? __kthread_parkme+0x82/0x180 [ 25.775404] ? preempt_count_sub+0x50/0x80 [ 25.775430] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.775454] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.775478] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.775501] kthread+0x337/0x6f0 [ 25.775522] ? trace_preempt_on+0x20/0xc0 [ 25.775547] ? __pfx_kthread+0x10/0x10 [ 25.775569] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.775591] ? calculate_sigpending+0x7b/0xa0 [ 25.775617] ? __pfx_kthread+0x10/0x10 [ 25.775639] ret_from_fork+0x116/0x1d0 [ 25.775660] ? __pfx_kthread+0x10/0x10 [ 25.775681] ret_from_fork_asm+0x1a/0x30 [ 25.775746] </TASK> [ 25.775829] [ 25.787467] Allocated by task 165: [ 25.788335] kasan_save_stack+0x45/0x70 [ 25.788682] kasan_save_track+0x18/0x40 [ 25.788882] kasan_save_alloc_info+0x3b/0x50 [ 25.789270] __kasan_kmalloc+0xb7/0xc0 [ 25.789595] __kmalloc_cache_noprof+0x189/0x420 [ 25.789990] kmalloc_oob_right+0xa9/0x7f0 [ 25.790353] kunit_try_run_case+0x1a5/0x480 [ 25.790727] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.791033] kthread+0x337/0x6f0 [ 25.791647] ret_from_fork+0x116/0x1d0 [ 25.792218] ret_from_fork_asm+0x1a/0x30 [ 25.792713] [ 25.793156] The buggy address belongs to the object at ffff888102b36e00 [ 25.793156] which belongs to the cache kmalloc-128 of size 128 [ 25.794236] The buggy address is located 0 bytes to the right of [ 25.794236] allocated 115-byte region [ffff888102b36e00, ffff888102b36e73) [ 25.795013] [ 25.795635] The buggy address belongs to the physical page: [ 25.797316] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b36 [ 25.798306] flags: 0x200000000000000(node=0|zone=2) [ 25.798927] page_type: f5(slab) [ 25.799876] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.800795] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.801528] page dumped because: kasan: bad access detected [ 25.801829] [ 25.802172] Memory state around the buggy address: [ 25.802953] ffff888102b36d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.803565] ffff888102b36d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.804151] >ffff888102b36e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 25.804658] ^ [ 25.805565] ffff888102b36e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.806040] ffff888102b36f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.806632] ================================================================== [ 25.809881] ================================================================== [ 25.810418] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 25.811027] Write of size 1 at addr ffff888102b36e78 by task kunit_try_catch/165 [ 25.811600] [ 25.811763] CPU: 1 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 25.811868] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.811891] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.811931] Call Trace: [ 25.811970] <TASK> [ 25.812006] dump_stack_lvl+0x73/0xb0 [ 25.812063] print_report+0xd1/0x650 [ 25.812118] ? __virt_addr_valid+0x1db/0x2d0 [ 25.812156] ? kmalloc_oob_right+0x6bd/0x7f0 [ 25.812186] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.812223] ? kmalloc_oob_right+0x6bd/0x7f0 [ 25.812257] kasan_report+0x141/0x180 [ 25.812289] ? kmalloc_oob_right+0x6bd/0x7f0 [ 25.812327] __asan_report_store1_noabort+0x1b/0x30 [ 25.812361] kmalloc_oob_right+0x6bd/0x7f0 [ 25.812392] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 25.812426] ? __schedule+0x10cc/0x2b60 [ 25.812458] ? __pfx_read_tsc+0x10/0x10 [ 25.812491] ? ktime_get_ts64+0x86/0x230 [ 25.812529] kunit_try_run_case+0x1a5/0x480 [ 25.812567] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.812599] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.812634] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.812671] ? __kthread_parkme+0x82/0x180 [ 25.813276] ? preempt_count_sub+0x50/0x80 [ 25.813316] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.813343] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.813370] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.813394] kthread+0x337/0x6f0 [ 25.813414] ? trace_preempt_on+0x20/0xc0 [ 25.813439] ? __pfx_kthread+0x10/0x10 [ 25.813460] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.813484] ? calculate_sigpending+0x7b/0xa0 [ 25.813509] ? __pfx_kthread+0x10/0x10 [ 25.813531] ret_from_fork+0x116/0x1d0 [ 25.813552] ? __pfx_kthread+0x10/0x10 [ 25.813573] ret_from_fork_asm+0x1a/0x30 [ 25.813606] </TASK> [ 25.813621] [ 25.825003] Allocated by task 165: [ 25.825252] kasan_save_stack+0x45/0x70 [ 25.825575] kasan_save_track+0x18/0x40 [ 25.825830] kasan_save_alloc_info+0x3b/0x50 [ 25.826242] __kasan_kmalloc+0xb7/0xc0 [ 25.826458] __kmalloc_cache_noprof+0x189/0x420 [ 25.826871] kmalloc_oob_right+0xa9/0x7f0 [ 25.827241] kunit_try_run_case+0x1a5/0x480 [ 25.827449] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.827669] kthread+0x337/0x6f0 [ 25.827831] ret_from_fork+0x116/0x1d0 [ 25.827997] ret_from_fork_asm+0x1a/0x30 [ 25.828303] [ 25.828501] The buggy address belongs to the object at ffff888102b36e00 [ 25.828501] which belongs to the cache kmalloc-128 of size 128 [ 25.829595] The buggy address is located 5 bytes to the right of [ 25.829595] allocated 115-byte region [ffff888102b36e00, ffff888102b36e73) [ 25.831342] [ 25.831829] The buggy address belongs to the physical page: [ 25.832652] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b36 [ 25.833229] flags: 0x200000000000000(node=0|zone=2) [ 25.833701] page_type: f5(slab) [ 25.833892] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.834165] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.834522] page dumped because: kasan: bad access detected [ 25.834796] [ 25.834898] Memory state around the buggy address: [ 25.835072] ffff888102b36d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.836398] ffff888102b36d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.836705] >ffff888102b36e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 25.837263] ^ [ 25.837583] ffff888102b36e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.838058] ffff888102b36f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.838657] ================================================================== [ 25.839831] ================================================================== [ 25.840779] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 25.841246] Read of size 1 at addr ffff888102b36e80 by task kunit_try_catch/165 [ 25.841855] [ 25.842430] CPU: 1 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 25.842558] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.842575] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.842602] Call Trace: [ 25.842641] <TASK> [ 25.842675] dump_stack_lvl+0x73/0xb0 [ 25.842719] print_report+0xd1/0x650 [ 25.842745] ? __virt_addr_valid+0x1db/0x2d0 [ 25.842770] ? kmalloc_oob_right+0x68a/0x7f0 [ 25.842792] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.842819] ? kmalloc_oob_right+0x68a/0x7f0 [ 25.842841] kasan_report+0x141/0x180 [ 25.842864] ? kmalloc_oob_right+0x68a/0x7f0 [ 25.842890] __asan_report_load1_noabort+0x18/0x20 [ 25.842926] kmalloc_oob_right+0x68a/0x7f0 [ 25.842955] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 25.842978] ? __schedule+0x10cc/0x2b60 [ 25.843002] ? __pfx_read_tsc+0x10/0x10 [ 25.843024] ? ktime_get_ts64+0x86/0x230 [ 25.843050] kunit_try_run_case+0x1a5/0x480 [ 25.843076] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.843099] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.843268] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.843294] ? __kthread_parkme+0x82/0x180 [ 25.843317] ? preempt_count_sub+0x50/0x80 [ 25.843343] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.843367] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.843391] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.843415] kthread+0x337/0x6f0 [ 25.843436] ? trace_preempt_on+0x20/0xc0 [ 25.843460] ? __pfx_kthread+0x10/0x10 [ 25.843482] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.843504] ? calculate_sigpending+0x7b/0xa0 [ 25.843529] ? __pfx_kthread+0x10/0x10 [ 25.843551] ret_from_fork+0x116/0x1d0 [ 25.843572] ? __pfx_kthread+0x10/0x10 [ 25.843594] ret_from_fork_asm+0x1a/0x30 [ 25.843626] </TASK> [ 25.843640] [ 25.853436] Allocated by task 165: [ 25.853787] kasan_save_stack+0x45/0x70 [ 25.854195] kasan_save_track+0x18/0x40 [ 25.854547] kasan_save_alloc_info+0x3b/0x50 [ 25.854754] __kasan_kmalloc+0xb7/0xc0 [ 25.855111] __kmalloc_cache_noprof+0x189/0x420 [ 25.855455] kmalloc_oob_right+0xa9/0x7f0 [ 25.855656] kunit_try_run_case+0x1a5/0x480 [ 25.856046] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.856467] kthread+0x337/0x6f0 [ 25.856764] ret_from_fork+0x116/0x1d0 [ 25.857004] ret_from_fork_asm+0x1a/0x30 [ 25.857374] [ 25.857490] The buggy address belongs to the object at ffff888102b36e00 [ 25.857490] which belongs to the cache kmalloc-128 of size 128 [ 25.858169] The buggy address is located 13 bytes to the right of [ 25.858169] allocated 115-byte region [ffff888102b36e00, ffff888102b36e73) [ 25.858635] [ 25.858744] The buggy address belongs to the physical page: [ 25.858966] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b36 [ 25.859635] flags: 0x200000000000000(node=0|zone=2) [ 25.860126] page_type: f5(slab) [ 25.860447] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.861107] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.861707] page dumped because: kasan: bad access detected [ 25.862123] [ 25.862235] Memory state around the buggy address: [ 25.862566] ffff888102b36d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.863039] ffff888102b36e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 25.863325] >ffff888102b36e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.863594] ^ [ 25.863756] ffff888102b36f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.864063] ffff888102b36f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.864642] ==================================================================
Failure - log-parser-boot - exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_vscale
------------[ cut here ]------------ [ 187.067798] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#1: kunit_try_catch/2791 [ 187.068634] Modules linked in: [ 187.069398] CPU: 1 UID: 0 PID: 2791 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 187.071478] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 187.071815] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 187.072861] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 187.073373] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 187.074806] RSP: 0000:ffff888102617c78 EFLAGS: 00010286 [ 187.075454] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 187.076326] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffffa6837dd4 [ 187.076802] RBP: ffff888102617ca0 R08: 0000000000000000 R09: ffffed1020d54be0 [ 187.077804] R10: ffff888106aa5f07 R11: 0000000000000000 R12: ffffffffa6837dc0 [ 187.078440] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888102617d38 [ 187.079312] FS: 0000000000000000(0000) GS:ffff8881b295f000(0000) knlGS:0000000000000000 [ 187.079842] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 187.080630] CR2: dffffc00000000c5 CR3: 0000000158ebc000 CR4: 00000000000006f0 [ 187.081459] DR0: ffffffffa8867484 DR1: ffffffffa8867489 DR2: ffffffffa886748a [ 187.081852] DR3: ffffffffa886748b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 187.082681] Call Trace: [ 187.083314] <TASK> [ 187.083509] drm_test_rect_calc_vscale+0x108/0x270 [ 187.084224] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 187.084855] ? __schedule+0x10cc/0x2b60 [ 187.085593] ? __pfx_read_tsc+0x10/0x10 [ 187.086196] ? ktime_get_ts64+0x86/0x230 [ 187.086479] kunit_try_run_case+0x1a5/0x480 [ 187.086820] ? __pfx_kunit_try_run_case+0x10/0x10 [ 187.087685] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 187.088378] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 187.088726] ? __kthread_parkme+0x82/0x180 [ 187.088902] ? preempt_count_sub+0x50/0x80 [ 187.089258] ? __pfx_kunit_try_run_case+0x10/0x10 [ 187.089654] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 187.090060] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 187.090829] kthread+0x337/0x6f0 [ 187.091155] ? trace_preempt_on+0x20/0xc0 [ 187.091746] ? __pfx_kthread+0x10/0x10 [ 187.092467] ? _raw_spin_unlock_irq+0x47/0x80 [ 187.092852] ? calculate_sigpending+0x7b/0xa0 [ 187.093553] ? __pfx_kthread+0x10/0x10 [ 187.093904] ret_from_fork+0x116/0x1d0 [ 187.094382] ? __pfx_kthread+0x10/0x10 [ 187.094734] ret_from_fork_asm+0x1a/0x30 [ 187.095360] </TASK> [ 187.095727] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 187.032849] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#1: kunit_try_catch/2789 [ 187.033950] Modules linked in: [ 187.035488] CPU: 1 UID: 0 PID: 2789 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 187.036608] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 187.036977] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 187.037561] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 187.037872] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 187.039926] RSP: 0000:ffff8881025bfc78 EFLAGS: 00010286 [ 187.040434] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 187.040722] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffffa6837d9c [ 187.041441] RBP: ffff8881025bfca0 R08: 0000000000000000 R09: ffffed1020d54ba0 [ 187.042481] R10: ffff888106aa5d07 R11: 0000000000000000 R12: ffffffffa6837d88 [ 187.043374] R13: 0000000000000000 R14: 000000007fffffff R15: ffff8881025bfd38 [ 187.043752] FS: 0000000000000000(0000) GS:ffff8881b295f000(0000) knlGS:0000000000000000 [ 187.044287] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 187.044900] CR2: dffffc00000000c5 CR3: 0000000158ebc000 CR4: 00000000000006f0 [ 187.046061] DR0: ffffffffa8867484 DR1: ffffffffa8867489 DR2: ffffffffa886748a [ 187.046578] DR3: ffffffffa886748b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 187.046979] Call Trace: [ 187.047424] <TASK> [ 187.047753] drm_test_rect_calc_vscale+0x108/0x270 [ 187.048403] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 187.048810] ? __schedule+0x10cc/0x2b60 [ 187.049547] ? __pfx_read_tsc+0x10/0x10 [ 187.049896] ? ktime_get_ts64+0x86/0x230 [ 187.050541] kunit_try_run_case+0x1a5/0x480 [ 187.050911] ? __pfx_kunit_try_run_case+0x10/0x10 [ 187.051308] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 187.051622] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 187.052376] ? __kthread_parkme+0x82/0x180 [ 187.052750] ? preempt_count_sub+0x50/0x80 [ 187.054033] ? __pfx_kunit_try_run_case+0x10/0x10 [ 187.054375] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 187.054898] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 187.055480] kthread+0x337/0x6f0 [ 187.055863] ? trace_preempt_on+0x20/0xc0 [ 187.056491] ? __pfx_kthread+0x10/0x10 [ 187.056805] ? _raw_spin_unlock_irq+0x47/0x80 [ 187.057134] ? calculate_sigpending+0x7b/0xa0 [ 187.058176] ? __pfx_kthread+0x10/0x10 [ 187.058634] ret_from_fork+0x116/0x1d0 [ 187.058983] ? __pfx_kthread+0x10/0x10 [ 187.059649] ret_from_fork_asm+0x1a/0x30 [ 187.059952] </TASK> [ 187.060399] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_hscale
------------[ cut here ]------------ [ 186.983177] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#1: kunit_try_catch/2779 [ 186.983650] Modules linked in: [ 186.983972] CPU: 1 UID: 0 PID: 2779 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 186.985032] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 186.985288] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 186.985695] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 186.986357] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 cb f4 20 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 186.988047] RSP: 0000:ffff8881025bfc78 EFLAGS: 00010286 [ 186.988623] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 186.989271] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffa6837dd8 [ 186.989625] RBP: ffff8881025bfca0 R08: 0000000000000000 R09: ffffed1020d54b20 [ 186.990089] R10: ffff888106aa5907 R11: 0000000000000000 R12: ffffffffa6837dc0 [ 186.990643] R13: 0000000000000000 R14: 000000007fffffff R15: ffff8881025bfd38 [ 186.991752] FS: 0000000000000000(0000) GS:ffff8881b295f000(0000) knlGS:0000000000000000 [ 186.992095] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 186.992618] CR2: dffffc00000000c5 CR3: 0000000158ebc000 CR4: 00000000000006f0 [ 186.992807] DR0: ffffffffa8867484 DR1: ffffffffa8867489 DR2: ffffffffa886748a [ 186.993357] DR3: ffffffffa886748b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 186.993920] Call Trace: [ 186.994105] <TASK> [ 186.994606] drm_test_rect_calc_hscale+0x108/0x270 [ 186.995518] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 186.995921] ? __schedule+0x10cc/0x2b60 [ 186.996240] ? __pfx_read_tsc+0x10/0x10 [ 186.997220] ? ktime_get_ts64+0x86/0x230 [ 186.997633] kunit_try_run_case+0x1a5/0x480 [ 186.998018] ? __pfx_kunit_try_run_case+0x10/0x10 [ 186.998429] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 186.999343] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 186.999685] ? __kthread_parkme+0x82/0x180 [ 187.000996] ? preempt_count_sub+0x50/0x80 [ 187.001640] ? __pfx_kunit_try_run_case+0x10/0x10 [ 187.002249] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 187.002596] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 187.003449] kthread+0x337/0x6f0 [ 187.003894] ? trace_preempt_on+0x20/0xc0 [ 187.004756] ? __pfx_kthread+0x10/0x10 [ 187.005412] ? _raw_spin_unlock_irq+0x47/0x80 [ 187.005798] ? calculate_sigpending+0x7b/0xa0 [ 187.006366] ? __pfx_kthread+0x10/0x10 [ 187.006640] ret_from_fork+0x116/0x1d0 [ 187.006886] ? __pfx_kthread+0x10/0x10 [ 187.007752] ret_from_fork_asm+0x1a/0x30 [ 187.008410] </TASK> [ 187.008746] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 186.949357] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#1: kunit_try_catch/2777 [ 186.950452] Modules linked in: [ 186.950728] CPU: 1 UID: 0 PID: 2777 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 186.952007] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 186.952556] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 186.953679] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 186.954499] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 cb f4 20 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 186.956142] RSP: 0000:ffff8881026c7c78 EFLAGS: 00010286 [ 186.956524] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 186.956965] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffa6837da0 [ 186.957769] RBP: ffff8881026c7ca0 R08: 0000000000000000 R09: ffffed1020d54ae0 [ 186.958605] R10: ffff888106aa5707 R11: 0000000000000000 R12: ffffffffa6837d88 [ 186.959290] R13: 0000000000000000 R14: 000000007fffffff R15: ffff8881026c7d38 [ 186.959621] FS: 0000000000000000(0000) GS:ffff8881b295f000(0000) knlGS:0000000000000000 [ 186.960470] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 186.960854] CR2: dffffc00000000c5 CR3: 0000000158ebc000 CR4: 00000000000006f0 [ 186.961790] DR0: ffffffffa8867484 DR1: ffffffffa8867489 DR2: ffffffffa886748a [ 186.962473] DR3: ffffffffa886748b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 186.963339] Call Trace: [ 186.963588] <TASK> [ 186.964801] drm_test_rect_calc_hscale+0x108/0x270 [ 186.965898] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 186.966596] ? __schedule+0x10cc/0x2b60 [ 186.966956] ? __pfx_read_tsc+0x10/0x10 [ 186.967225] ? ktime_get_ts64+0x86/0x230 [ 186.967489] kunit_try_run_case+0x1a5/0x480 [ 186.967765] ? __pfx_kunit_try_run_case+0x10/0x10 [ 186.968335] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 186.968587] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 186.968822] ? __kthread_parkme+0x82/0x180 [ 186.969255] ? preempt_count_sub+0x50/0x80 [ 186.969704] ? __pfx_kunit_try_run_case+0x10/0x10 [ 186.970407] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 186.970941] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 186.971379] kthread+0x337/0x6f0 [ 186.971741] ? trace_preempt_on+0x20/0xc0 [ 186.972378] ? __pfx_kthread+0x10/0x10 [ 186.972786] ? _raw_spin_unlock_irq+0x47/0x80 [ 186.973387] ? calculate_sigpending+0x7b/0xa0 [ 186.973639] ? __pfx_kthread+0x10/0x10 [ 186.973919] ret_from_fork+0x116/0x1d0 [ 186.974436] ? __pfx_kthread+0x10/0x10 [ 186.974803] ret_from_fork_asm+0x1a/0x30 [ 186.975430] </TASK> [ 186.975660] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-warning-libmathint_log-at-intlog10
------------[ cut here ]------------ [ 141.464875] WARNING: lib/math/int_log.c:120 at intlog10+0x2a/0x40, CPU#0: kunit_try_catch/687 [ 141.466484] Modules linked in: [ 141.466910] CPU: 0 UID: 0 PID: 687 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 141.467606] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 141.467986] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 141.468461] RIP: 0010:intlog10+0x2a/0x40 [ 141.468863] Code: f3 0f 1e fa 0f 1f 44 00 00 85 ff 74 1c 55 48 89 e5 e8 ca fe ff ff 5d 89 c0 48 69 c0 a1 26 88 26 48 c1 e8 1f e9 57 e7 88 02 90 <0f> 0b 90 31 c0 e9 4c e7 88 02 66 2e 0f 1f 84 00 00 00 00 00 66 90 [ 141.470117] RSP: 0000:ffff88810a8efcb0 EFLAGS: 00010246 [ 141.470369] RAX: 0000000000000000 RBX: ffff88810039fae8 RCX: 1ffff1102151dfb4 [ 141.470937] RDX: 1ffffffff4cd3184 RSI: 1ffff1102151dfb3 RDI: 0000000000000000 [ 141.471541] RBP: ffff88810a8efd60 R08: 0000000000000000 R09: ffffed1020885660 [ 141.471924] R10: ffff88810442b307 R11: 0000000000000053 R12: 1ffff1102151df97 [ 141.472623] R13: ffffffffa6698c20 R14: 0000000000000000 R15: ffff88810a8efd38 [ 141.472937] FS: 0000000000000000(0000) GS:ffff8881b285f000(0000) knlGS:0000000000000000 [ 141.473761] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 141.474244] CR2: dffffc0000000000 CR3: 0000000158ebc000 CR4: 00000000000006f0 [ 141.474817] DR0: ffffffffa8867480 DR1: ffffffffa8867481 DR2: ffffffffa8867483 [ 141.475367] DR3: ffffffffa8867485 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 141.475816] Call Trace: [ 141.476263] <TASK> [ 141.476508] ? intlog10_test+0xf2/0x220 [ 141.476833] ? __pfx_intlog10_test+0x10/0x10 [ 141.477379] ? __schedule+0x10cc/0x2b60 [ 141.477906] ? __pfx_read_tsc+0x10/0x10 [ 141.478318] ? ktime_get_ts64+0x86/0x230 [ 141.478698] kunit_try_run_case+0x1a5/0x480 [ 141.478934] ? __pfx_kunit_try_run_case+0x10/0x10 [ 141.479451] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 141.479805] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 141.480273] ? __kthread_parkme+0x82/0x180 [ 141.480564] ? preempt_count_sub+0x50/0x80 [ 141.480971] ? __pfx_kunit_try_run_case+0x10/0x10 [ 141.481431] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 141.481804] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 141.482203] kthread+0x337/0x6f0 [ 141.482493] ? trace_preempt_on+0x20/0xc0 [ 141.482701] ? __pfx_kthread+0x10/0x10 [ 141.483023] ? _raw_spin_unlock_irq+0x47/0x80 [ 141.483402] ? calculate_sigpending+0x7b/0xa0 [ 141.483777] ? __pfx_kthread+0x10/0x10 [ 141.484053] ret_from_fork+0x116/0x1d0 [ 141.484810] ? __pfx_kthread+0x10/0x10 [ 141.485763] ret_from_fork_asm+0x1a/0x30 [ 141.486485] </TASK> [ 141.486745] ---[ end trace 0000000000000000 ]---
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_atomic_helper_connector_hdmi_reset
<8>[ 386.940737] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_atomic_helper_connector_hdmi_reset RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_test_check_tmds_char_value
(no logs available)
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_test_check_format_value
<8>[ 386.528250] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_test_check_format_value RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_12_value
<8>[ 386.341415] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_12_value RESULT=fail>
Failure - log-parser-boot - exception-warning-libmathint_log-at-intlog2
------------[ cut here ]------------ [ 141.399973] WARNING: lib/math/int_log.c:63 at intlog2+0xdf/0x110, CPU#1: kunit_try_catch/669 [ 141.400609] Modules linked in: [ 141.400862] CPU: 1 UID: 0 PID: 669 Comm: kunit_try_catch Tainted: G B D N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 141.402269] Tainted: [B]=BAD_PAGE, [D]=DIE, [N]=TEST [ 141.402745] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 141.403890] RIP: 0010:intlog2+0xdf/0x110 [ 141.404608] Code: 69 a6 c1 e0 18 48 83 c4 08 89 d1 c1 e2 08 29 cb 01 d0 0f b7 db 41 0f af dc c1 eb 0f 01 d8 5b 41 5c 41 5d 5d e9 c2 e7 88 02 90 <0f> 0b 90 31 c0 c3 cc cc cc cc 89 45 e4 e8 af f6 55 ff 8b 45 e4 eb [ 141.405765] RSP: 0000:ffff88810aacfcb0 EFLAGS: 00010246 [ 141.406391] RAX: 0000000000000000 RBX: ffff88810039fae8 RCX: 1ffff11021559fb4 [ 141.407001] RDX: 1ffffffff4cd31d8 RSI: 1ffff11021559fb3 RDI: 0000000000000000 [ 141.407241] RBP: ffff88810aacfd60 R08: 0000000000000000 R09: ffffed1020884d40 [ 141.408303] R10: ffff888104426a07 R11: 0000000000000000 R12: 1ffff11021559f97 [ 141.408909] R13: ffffffffa6698ec0 R14: 0000000000000000 R15: ffff88810aacfd38 [ 141.409395] FS: 0000000000000000(0000) GS:ffff8881b295f000(0000) knlGS:0000000000000000 [ 141.409762] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 141.410579] CR2: ffff88815a968000 CR3: 0000000158ebc000 CR4: 00000000000006f0 [ 141.411149] DR0: ffffffffa8867484 DR1: ffffffffa8867489 DR2: ffffffffa886748a [ 141.411837] DR3: ffffffffa886748b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 141.412568] Call Trace: [ 141.413210] <TASK> [ 141.413494] ? intlog2_test+0xf2/0x220 [ 141.413937] ? __pfx_intlog2_test+0x10/0x10 [ 141.414661] ? __schedule+0x10cc/0x2b60 [ 141.414979] ? __pfx_read_tsc+0x10/0x10 [ 141.415495] ? ktime_get_ts64+0x86/0x230 [ 141.415986] kunit_try_run_case+0x1a5/0x480 [ 141.416626] ? __pfx_kunit_try_run_case+0x10/0x10 [ 141.416820] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 141.417440] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 141.417923] ? __kthread_parkme+0x82/0x180 [ 141.418810] ? preempt_count_sub+0x50/0x80 [ 141.419252] ? __pfx_kunit_try_run_case+0x10/0x10 [ 141.419778] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 141.420554] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 141.421246] kthread+0x337/0x6f0 [ 141.421477] ? trace_preempt_on+0x20/0xc0 [ 141.422234] ? __pfx_kthread+0x10/0x10 [ 141.422767] ? _raw_spin_unlock_irq+0x47/0x80 [ 141.423295] ? calculate_sigpending+0x7b/0xa0 [ 141.423724] ? __pfx_kthread+0x10/0x10 [ 141.424341] ret_from_fork+0x116/0x1d0 [ 141.424552] ? __pfx_kthread+0x10/0x10 [ 141.425479] ret_from_fork_asm+0x1a/0x30 [ 141.425785] </TASK> [ 141.425943] ---[ end trace 0000000000000000 ]---
Failure - kunit - drm_test_sysfb_build_fourcc_list_drm_sysfb_modeset_test
<8>[ 405.782823] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_sysfb_build_fourcc_list_drm_sysfb_modeset_test RESULT=fail>
Failure - kunit - drm_test_sysfb_build_fourcc_list_drm_test_sysfb_build_fourcc_list
<8>[ 405.598690] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_sysfb_build_fourcc_list_drm_test_sysfb_build_fourcc_list RESULT=fail>