Date
June 20, 2025, 12:38 p.m.
Failure - kunit - drm_modes_analog_tv_drm_test_modes_analog_tv_ntsc_480i_inlined
<8>[ 396.232451] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_modes_analog_tv_drm_test_modes_analog_tv_ntsc_480i_inlined RESULT=fail>
Failure - kunit - drm_modes_analog_tv_drm_test_modes_analog_tv_ntsc_480i
<8>[ 396.036045] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_modes_analog_tv_drm_test_modes_analog_tv_ntsc_480i RESULT=fail>
Failure - kunit - drm_modes_analog_tv_drm_test_modes_analog_tv_mono_576i
<8>[ 395.834150] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_modes_analog_tv_drm_test_modes_analog_tv_mono_576i RESULT=fail>
Failure - kunit - drm_managed_drm_managed
<8>[ 394.256225] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_managed_drm_managed RESULT=fail>
Failure - kunit - drm_managed_drm_test_managed_run_action
<8>[ 394.058464] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_managed_drm_test_managed_run_action RESULT=fail>
Failure - kunit - drm_managed_drm_test_managed_release_action
<8>[ 393.859432] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_managed_drm_test_managed_release_action RESULT=fail>
Failure - kunit - drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_output_bpc_format_vic_1
<8>[ 389.677771] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_output_bpc_format_vic_1 RESULT=fail>
Failure - kunit - drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_output_bpc_dvi
<8>[ 389.480822] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_output_bpc_dvi RESULT=fail>
Failure - kunit - drm_gem_shmem_drm_gem_shmem_test_pin_pages
<8>[ 383.910994] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_gem_shmem_drm_gem_shmem_test_pin_pages RESULT=fail>
Failure - kunit - drm_gem_shmem_drm_gem_shmem_test_obj_create_private
<8>[ 383.710480] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_gem_shmem_drm_gem_shmem_test_obj_create_private RESULT=fail>
Failure - kunit - drm_gem_shmem_drm_gem_shmem_test_obj_create
<8>[ 383.515161] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_gem_shmem_drm_gem_shmem_test_obj_create RESULT=fail>
Failure - kunit - drm_test_framebuffer_create_drm_framebuffer
<8>[ 383.317237] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_framebuffer_create_drm_framebuffer RESULT=fail>
Failure - kunit - drm_test_framebuffer_check_src_coords_drm_test_framebuffer_cleanup
<8>[ 371.589462] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_framebuffer_check_src_coords_drm_test_framebuffer_cleanup RESULT=fail>
Failure - kunit - _DPI
<8>[ 312.043138] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_DPI RESULT=fail> _DPI fail
Failure - kunit - _DSI
<8>[ 311.592421] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_DSI RESULT=fail> _DSI fail
Failure - kunit - _Virtual
<8>[ 311.083257] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_Virtual RESULT=fail> _Virtual fail
Failure - kunit - _eDP
<8>[ 310.542537] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_eDP RESULT=fail> _eDP fail
Failure - kunit - drm_atomic_helper_connector_hdmi_mode_valid_drm_atomic_helper_connector_hdmi_mode_valid
<8>[ 393.659973] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_mode_valid_drm_atomic_helper_connector_hdmi_mode_valid RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid_reject_max_clock
<8>[ 393.465182] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid_reject_max_clock RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid_reject_rate
<8>[ 393.271109] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid_reject_rate RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid_reject
<8>[ 393.071472] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid_reject RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid
<8>[ 392.867455] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid RESULT=fail>
Failure - kunit - _TV
<8>[ 310.047349] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_TV RESULT=fail> _TV fail
Failure - kunit - _HDMI-B
<8>[ 309.623293] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_HDMI-B RESULT=fail> _HDMI-B fail
Failure - kunit - _HDMI-A
<8>[ 309.173496] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_HDMI-A RESULT=fail> _HDMI-A fail
Failure - kunit - _DP
<8>[ 308.719517] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_DP RESULT=fail> _DP fail _DPI fail
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_atomic_helper_connector_hdmi_reset
<8>[ 392.669779] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_atomic_helper_connector_hdmi_reset RESULT=fail>
Failure - kunit - _DIN
<8>[ 308.189409] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_DIN RESULT=fail> _DIN fail
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_test_check_tmds_char_value
<8>[ 392.471480] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_test_check_tmds_char_value RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_test_check_format_value
<8>[ 392.252391] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_test_check_format_value RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_12_value
<8>[ 392.052478] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_12_value RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_10_value
<8>[ 391.840336] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_10_value RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_8_value
<8>[ 391.648717] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_8_value RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_test_check_broadcast_rgb_value
<8>[ 391.456869] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_test_check_broadcast_rgb_value RESULT=fail>
Failure - kunit - drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_atomic_helper_connector_hdmi_check
<8>[ 391.251524] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_atomic_helper_connector_hdmi_check RESULT=fail>
Failure - kunit - drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_tmds_char_rate_rgb_12bpc
<8>[ 391.056361] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_tmds_char_rate_rgb_12bpc RESULT=fail>
Failure - kunit - drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_tmds_char_rate_rgb_10bpc
<8>[ 390.858135] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_tmds_char_rate_rgb_10bpc RESULT=fail>
Failure - kunit - drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_tmds_char_rate_rgb_8bpc
<8>[ 390.658957] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_tmds_char_rate_rgb_8bpc RESULT=fail>
Failure - kunit - _Component
<8>[ 307.758552] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_Component RESULT=fail> _Component fail
Failure - kunit - _LVDS
<8>[ 307.255466] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_LVDS RESULT=fail> _LVDS fail
Failure - log-parser-boot - bug-bug-kernel-null-pointer-dereference-address
[ 183.113170] BUG: kernel NULL pointer dereference, address: 0000000000000690 [ 183.160289] BUG: kernel NULL pointer dereference, address: 0000000000000690 [ 183.204001] BUG: kernel NULL pointer dereference, address: 0000000000000690 [ 183.242941] BUG: kernel NULL pointer dereference, address: 0000000000000690
Failure - log-parser-boot - oops-oops-oops-smp-kasan-pti
[ 183.161789] Oops: Oops: 0002 [#50] SMP KASAN PTI [ 183.115387] Oops: Oops: 0002 [#49] SMP KASAN PTI [ 183.244288] Oops: Oops: 0002 [#52] SMP KASAN PTI [ 183.206189] Oops: Oops: 0002 [#51] SMP KASAN PTI
Failure - log-parser-boot - oops-oops-general-protection-fault-probably-for-non-canonical-address-smp-kasan-pti
[ 181.752904] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#16] SMP KASAN PTI [ 182.942860] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#45] SMP KASAN PTI [ 182.655431] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#38] SMP KASAN PTI [ 182.290446] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#29] SMP KASAN PTI [ 181.426585] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#8] SMP KASAN PTI [ 181.545944] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#11] SMP KASAN PTI [ 183.484339] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#58] SMP KASAN PTI [ 182.038976] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#23] SMP KASAN PTI [ 182.616511] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#37] SMP KASAN PTI [ 183.331549] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#54] SMP KASAN PTI [ 181.228367] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#3] SMP KASAN PTI [ 181.879018] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#19] SMP KASAN PTI [ 180.054317] Oops: general protection fault, probably for non-canonical address 0xe067fc17000000ca: 0000 [#2] SMP KASAN PTI [ 183.371192] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#55] SMP KASAN PTI [ 181.628296] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#13] SMP KASAN PTI [ 181.349189] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#6] SMP KASAN PTI [ 182.246044] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#28] SMP KASAN PTI [ 182.697334] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#39] SMP KASAN PTI [ 182.778437] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#41] SMP KASAN PTI [ 183.411229] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#56] SMP KASAN PTI [ 182.572233] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#36] SMP KASAN PTI [ 183.448048] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#57] SMP KASAN PTI [ 181.795719] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#17] SMP KASAN PTI [ 182.900870] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#44] SMP KASAN PTI [ 182.203877] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#27] SMP KASAN PTI [ 181.836960] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#18] SMP KASAN PTI [ 182.412447] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#32] SMP KASAN PTI [ 181.958094] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#21] SMP KASAN PTI [ 183.293967] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#53] SMP KASAN PTI [ 182.372823] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#31] SMP KASAN PTI [ 181.388214] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#7] SMP KASAN PTI [ 181.268699] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#4] SMP KASAN PTI [ 182.080247] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#24] SMP KASAN PTI [ 182.982126] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#46] SMP KASAN PTI [ 181.503053] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#10] SMP KASAN PTI [ 181.668461] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#14] SMP KASAN PTI [ 181.712364] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#15] SMP KASAN PTI [ 182.163972] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#26] SMP KASAN PTI [ 183.064532] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#48] SMP KASAN PTI [ 183.525216] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#59] SMP KASAN PTI [ 182.492951] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#34] SMP KASAN PTI [ 181.998477] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#22] SMP KASAN PTI [ 182.863534] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#43] SMP KASAN PTI [ 182.455367] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#33] SMP KASAN PTI [ 181.917147] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#20] SMP KASAN PTI [ 182.736597] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#40] SMP KASAN PTI [ 138.309252] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI [ 182.819799] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#42] SMP KASAN PTI [ 183.024882] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#47] SMP KASAN PTI [ 182.530951] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#35] SMP KASAN PTI [ 181.464020] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#9] SMP KASAN PTI [ 181.590463] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#12] SMP KASAN PTI [ 182.329437] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#30] SMP KASAN PTI [ 181.309487] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#5] SMP KASAN PTI [ 182.121515] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#25] SMP KASAN PTI
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 62.469951] ================================================================== [ 62.470545] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0 [ 62.470545] [ 62.470895] Use-after-free read at 0x(____ptrval____) (in kfence-#164): [ 62.471258] test_krealloc+0x6fc/0xbe0 [ 62.471595] kunit_try_run_case+0x1a5/0x480 [ 62.471863] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 62.472063] kthread+0x337/0x6f0 [ 62.472227] ret_from_fork+0x116/0x1d0 [ 62.472614] ret_from_fork_asm+0x1a/0x30 [ 62.472952] [ 62.473130] kfence-#164: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 62.473130] [ 62.473904] allocated by task 366 on cpu 1 at 62.468322s (0.005576s ago): [ 62.474261] test_alloc+0x364/0x10f0 [ 62.474464] test_krealloc+0xad/0xbe0 [ 62.474697] kunit_try_run_case+0x1a5/0x480 [ 62.475035] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 62.475764] kthread+0x337/0x6f0 [ 62.476142] ret_from_fork+0x116/0x1d0 [ 62.476490] ret_from_fork_asm+0x1a/0x30 [ 62.476690] [ 62.476798] freed by task 366 on cpu 1 at 62.468842s (0.007951s ago): [ 62.477403] krealloc_noprof+0x108/0x340 [ 62.477769] test_krealloc+0x226/0xbe0 [ 62.478098] kunit_try_run_case+0x1a5/0x480 [ 62.478340] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 62.478679] kthread+0x337/0x6f0 [ 62.478916] ret_from_fork+0x116/0x1d0 [ 62.479186] ret_from_fork_asm+0x1a/0x30 [ 62.479378] [ 62.479558] CPU: 1 UID: 0 PID: 366 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 62.480018] Tainted: [B]=BAD_PAGE, [N]=TEST [ 62.480301] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 62.481031] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-free-in-test_double_free
[ 32.204613] ================================================================== [ 32.205115] BUG: KFENCE: invalid free in test_double_free+0x1d3/0x260 [ 32.205115] [ 32.205395] Invalid free of 0x(____ptrval____) (in kfence-#104): [ 32.205955] test_double_free+0x1d3/0x260 [ 32.206382] kunit_try_run_case+0x1a5/0x480 [ 32.206576] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.206948] kthread+0x337/0x6f0 [ 32.207136] ret_from_fork+0x116/0x1d0 [ 32.207401] ret_from_fork_asm+0x1a/0x30 [ 32.207598] [ 32.207710] kfence-#104: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 32.207710] [ 32.208523] allocated by task 332 on cpu 0 at 32.204185s (0.004332s ago): [ 32.208883] test_alloc+0x364/0x10f0 [ 32.209233] test_double_free+0xdb/0x260 [ 32.209593] kunit_try_run_case+0x1a5/0x480 [ 32.209899] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.210185] kthread+0x337/0x6f0 [ 32.210492] ret_from_fork+0x116/0x1d0 [ 32.210827] ret_from_fork_asm+0x1a/0x30 [ 32.211112] [ 32.211310] freed by task 332 on cpu 0 at 32.204311s (0.006994s ago): [ 32.211731] test_double_free+0x1e0/0x260 [ 32.211962] kunit_try_run_case+0x1a5/0x480 [ 32.212211] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.212650] kthread+0x337/0x6f0 [ 32.212977] ret_from_fork+0x116/0x1d0 [ 32.213343] ret_from_fork_asm+0x1a/0x30 [ 32.213601] [ 32.213859] CPU: 0 UID: 0 PID: 332 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 32.214682] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.214879] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.215568] ================================================================== [ 32.308468] ================================================================== [ 32.308912] BUG: KFENCE: invalid free in test_double_free+0x112/0x260 [ 32.308912] [ 32.309174] Invalid free of 0x(____ptrval____) (in kfence-#105): [ 32.309484] test_double_free+0x112/0x260 [ 32.309799] kunit_try_run_case+0x1a5/0x480 [ 32.309985] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.310179] kthread+0x337/0x6f0 [ 32.310454] ret_from_fork+0x116/0x1d0 [ 32.310751] ret_from_fork_asm+0x1a/0x30 [ 32.311057] [ 32.311205] kfence-#105: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 32.311205] [ 32.311624] allocated by task 334 on cpu 0 at 32.308165s (0.003453s ago): [ 32.311914] test_alloc+0x2a6/0x10f0 [ 32.312168] test_double_free+0xdb/0x260 [ 32.312513] kunit_try_run_case+0x1a5/0x480 [ 32.312951] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.313394] kthread+0x337/0x6f0 [ 32.313564] ret_from_fork+0x116/0x1d0 [ 32.313793] ret_from_fork_asm+0x1a/0x30 [ 32.314138] [ 32.314245] freed by task 334 on cpu 0 at 32.308271s (0.005969s ago): [ 32.314668] test_double_free+0xfa/0x260 [ 32.314858] kunit_try_run_case+0x1a5/0x480 [ 32.315050] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.315558] kthread+0x337/0x6f0 [ 32.315812] ret_from_fork+0x116/0x1d0 [ 32.316125] ret_from_fork_asm+0x1a/0x30 [ 32.316488] [ 32.316712] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 32.317201] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.317385] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.317713] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 62.378186] ================================================================== [ 62.378609] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 62.378609] [ 62.378897] Use-after-free read at 0x(____ptrval____) (in kfence-#163): [ 62.379053] test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 62.379180] kunit_try_run_case+0x1a5/0x480 [ 62.379290] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 62.379584] kthread+0x337/0x6f0 [ 62.379909] ret_from_fork+0x116/0x1d0 [ 62.380176] ret_from_fork_asm+0x1a/0x30 [ 62.380506] [ 62.380663] kfence-#163: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 62.380663] [ 62.381292] allocated by task 364 on cpu 0 at 62.365894s (0.015394s ago): [ 62.382206] test_alloc+0x2a6/0x10f0 [ 62.382481] test_memcache_typesafe_by_rcu+0x16f/0x670 [ 62.382772] kunit_try_run_case+0x1a5/0x480 [ 62.383160] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 62.383467] kthread+0x337/0x6f0 [ 62.383667] ret_from_fork+0x116/0x1d0 [ 62.383883] ret_from_fork_asm+0x1a/0x30 [ 62.384105] [ 62.384238] freed by task 364 on cpu 0 at 62.366059s (0.018176s ago): [ 62.384694] test_memcache_typesafe_by_rcu+0x1bf/0x670 [ 62.385026] kunit_try_run_case+0x1a5/0x480 [ 62.385189] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 62.385572] kthread+0x337/0x6f0 [ 62.385704] ret_from_fork+0x116/0x1d0 [ 62.385921] ret_from_fork_asm+0x1a/0x30 [ 62.386292] [ 62.386419] CPU: 0 UID: 0 PID: 364 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 62.386723] Tainted: [B]=BAD_PAGE, [N]=TEST [ 62.387018] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 62.387441] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 38.157286] ================================================================== [ 38.157913] BUG: KFENCE: invalid read in test_invalid_access+0xf0/0x210 [ 38.157913] [ 38.158535] Invalid read at 0x(____ptrval____): [ 38.158961] test_invalid_access+0xf0/0x210 [ 38.159363] kunit_try_run_case+0x1a5/0x480 [ 38.159852] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 38.160140] kthread+0x337/0x6f0 [ 38.160426] ret_from_fork+0x116/0x1d0 [ 38.160727] ret_from_fork_asm+0x1a/0x30 [ 38.161278] [ 38.161539] CPU: 0 UID: 0 PID: 360 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 38.162067] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.162254] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 38.162994] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 37.924596] ================================================================== [ 37.925009] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x24f/0x340 [ 37.925009] [ 37.925298] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#159): [ 37.926436] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 37.926713] kunit_try_run_case+0x1a5/0x480 [ 37.927044] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 37.927425] kthread+0x337/0x6f0 [ 37.927657] ret_from_fork+0x116/0x1d0 [ 37.927853] ret_from_fork_asm+0x1a/0x30 [ 37.928153] [ 37.928310] kfence-#159: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 37.928310] [ 37.928820] allocated by task 354 on cpu 1 at 37.924159s (0.004654s ago): [ 37.929180] test_alloc+0x364/0x10f0 [ 37.929479] test_kmalloc_aligned_oob_write+0xc8/0x340 [ 37.929675] kunit_try_run_case+0x1a5/0x480 [ 37.930021] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 37.930346] kthread+0x337/0x6f0 [ 37.930585] ret_from_fork+0x116/0x1d0 [ 37.930844] ret_from_fork_asm+0x1a/0x30 [ 37.931154] [ 37.931338] freed by task 354 on cpu 1 at 37.924399s (0.006935s ago): [ 37.931712] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 37.931934] kunit_try_run_case+0x1a5/0x480 [ 37.932129] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 37.932566] kthread+0x337/0x6f0 [ 37.932870] ret_from_fork+0x116/0x1d0 [ 37.933173] ret_from_fork_asm+0x1a/0x30 [ 37.933517] [ 37.933740] CPU: 1 UID: 0 PID: 354 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 37.934362] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.934672] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 37.934989] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 37.716599] ================================================================== [ 37.717122] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x27e/0x560 [ 37.717122] [ 37.717649] Out-of-bounds read at 0x(____ptrval____) (105B right of kfence-#157): [ 37.718288] test_kmalloc_aligned_oob_read+0x27e/0x560 [ 37.719037] kunit_try_run_case+0x1a5/0x480 [ 37.719530] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 37.719956] kthread+0x337/0x6f0 [ 37.720180] ret_from_fork+0x116/0x1d0 [ 37.720533] ret_from_fork_asm+0x1a/0x30 [ 37.720733] [ 37.720840] kfence-#157: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 37.720840] [ 37.721216] allocated by task 352 on cpu 1 at 37.716170s (0.005040s ago): [ 37.721794] test_alloc+0x364/0x10f0 [ 37.722193] test_kmalloc_aligned_oob_read+0x105/0x560 [ 37.722649] kunit_try_run_case+0x1a5/0x480 [ 37.723026] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 37.723519] kthread+0x337/0x6f0 [ 37.723781] ret_from_fork+0x116/0x1d0 [ 37.724002] ret_from_fork_asm+0x1a/0x30 [ 37.724375] [ 37.724619] CPU: 1 UID: 0 PID: 352 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 37.725275] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.725655] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 37.726427] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-test_corruption
[ 32.932608] ================================================================== [ 32.933065] BUG: KFENCE: memory corruption in test_corruption+0x2df/0x3e0 [ 32.933065] [ 32.933427] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#111): [ 32.934187] test_corruption+0x2df/0x3e0 [ 32.934628] kunit_try_run_case+0x1a5/0x480 [ 32.934866] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.935121] kthread+0x337/0x6f0 [ 32.935457] ret_from_fork+0x116/0x1d0 [ 32.935807] ret_from_fork_asm+0x1a/0x30 [ 32.936363] [ 32.936497] kfence-#111: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 32.936497] [ 32.937237] allocated by task 340 on cpu 0 at 32.932197s (0.005034s ago): [ 32.937707] test_alloc+0x364/0x10f0 [ 32.937957] test_corruption+0x1cb/0x3e0 [ 32.938383] kunit_try_run_case+0x1a5/0x480 [ 32.938696] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.939162] kthread+0x337/0x6f0 [ 32.939431] ret_from_fork+0x116/0x1d0 [ 32.939724] ret_from_fork_asm+0x1a/0x30 [ 32.939966] [ 32.940097] freed by task 340 on cpu 0 at 32.932334s (0.007758s ago): [ 32.940696] test_corruption+0x2df/0x3e0 [ 32.941186] kunit_try_run_case+0x1a5/0x480 [ 32.941668] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.941975] kthread+0x337/0x6f0 [ 32.942341] ret_from_fork+0x116/0x1d0 [ 32.942607] ret_from_fork_asm+0x1a/0x30 [ 32.942860] [ 32.943121] CPU: 0 UID: 0 PID: 340 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 32.943863] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.944113] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.944759] ================================================================== [ 33.244398] ================================================================== [ 33.244918] BUG: KFENCE: memory corruption in test_corruption+0x216/0x3e0 [ 33.244918] [ 33.245227] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#114): [ 33.245868] test_corruption+0x216/0x3e0 [ 33.246115] kunit_try_run_case+0x1a5/0x480 [ 33.246292] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.246785] kthread+0x337/0x6f0 [ 33.247072] ret_from_fork+0x116/0x1d0 [ 33.247389] ret_from_fork_asm+0x1a/0x30 [ 33.247705] [ 33.247821] kfence-#114: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 33.247821] [ 33.248412] allocated by task 342 on cpu 1 at 33.244181s (0.004227s ago): [ 33.249003] test_alloc+0x2a6/0x10f0 [ 33.249302] test_corruption+0x1cb/0x3e0 [ 33.249587] kunit_try_run_case+0x1a5/0x480 [ 33.249800] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.250253] kthread+0x337/0x6f0 [ 33.250622] ret_from_fork+0x116/0x1d0 [ 33.250859] ret_from_fork_asm+0x1a/0x30 [ 33.251056] [ 33.251163] freed by task 342 on cpu 1 at 33.244276s (0.006882s ago): [ 33.251599] test_corruption+0x216/0x3e0 [ 33.251952] kunit_try_run_case+0x1a5/0x480 [ 33.252605] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.252871] kthread+0x337/0x6f0 [ 33.253223] ret_from_fork+0x116/0x1d0 [ 33.253529] ret_from_fork_asm+0x1a/0x30 [ 33.253852] [ 33.254017] CPU: 1 UID: 0 PID: 342 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 33.254656] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.255057] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.256286] ================================================================== [ 32.828521] ================================================================== [ 32.828964] BUG: KFENCE: memory corruption in test_corruption+0x2d2/0x3e0 [ 32.828964] [ 32.829236] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#110): [ 32.830411] test_corruption+0x2d2/0x3e0 [ 32.830716] kunit_try_run_case+0x1a5/0x480 [ 32.831026] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.831370] kthread+0x337/0x6f0 [ 32.831791] ret_from_fork+0x116/0x1d0 [ 32.831978] ret_from_fork_asm+0x1a/0x30 [ 32.832295] [ 32.832481] kfence-#110: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 32.832481] [ 32.833068] allocated by task 340 on cpu 0 at 32.828216s (0.004846s ago): [ 32.833979] test_alloc+0x364/0x10f0 [ 32.834354] test_corruption+0xe6/0x3e0 [ 32.834712] kunit_try_run_case+0x1a5/0x480 [ 32.834899] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.835116] kthread+0x337/0x6f0 [ 32.835287] ret_from_fork+0x116/0x1d0 [ 32.835682] ret_from_fork_asm+0x1a/0x30 [ 32.836036] [ 32.836259] freed by task 340 on cpu 0 at 32.828380s (0.007873s ago): [ 32.836694] test_corruption+0x2d2/0x3e0 [ 32.836930] kunit_try_run_case+0x1a5/0x480 [ 32.837219] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.837666] kthread+0x337/0x6f0 [ 32.837949] ret_from_fork+0x116/0x1d0 [ 32.838317] ret_from_fork_asm+0x1a/0x30 [ 32.838672] [ 32.838930] CPU: 0 UID: 0 PID: 340 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 32.839560] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.839752] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.840189] ================================================================== [ 33.140393] ================================================================== [ 33.140879] BUG: KFENCE: memory corruption in test_corruption+0x131/0x3e0 [ 33.140879] [ 33.141175] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#113): [ 33.141904] test_corruption+0x131/0x3e0 [ 33.142117] kunit_try_run_case+0x1a5/0x480 [ 33.142357] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.142738] kthread+0x337/0x6f0 [ 33.142948] ret_from_fork+0x116/0x1d0 [ 33.143186] ret_from_fork_asm+0x1a/0x30 [ 33.143420] [ 33.143575] kfence-#113: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 33.143575] [ 33.144165] allocated by task 342 on cpu 1 at 33.140237s (0.003926s ago): [ 33.144598] test_alloc+0x2a6/0x10f0 [ 33.144835] test_corruption+0xe6/0x3e0 [ 33.145088] kunit_try_run_case+0x1a5/0x480 [ 33.145388] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.145728] kthread+0x337/0x6f0 [ 33.145947] ret_from_fork+0x116/0x1d0 [ 33.146194] ret_from_fork_asm+0x1a/0x30 [ 33.146347] [ 33.146410] freed by task 342 on cpu 1 at 33.140301s (0.006106s ago): [ 33.146765] test_corruption+0x131/0x3e0 [ 33.147039] kunit_try_run_case+0x1a5/0x480 [ 33.147198] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.147502] kthread+0x337/0x6f0 [ 33.147599] ret_from_fork+0x116/0x1d0 [ 33.147902] ret_from_fork_asm+0x1a/0x30 [ 33.148066] [ 33.148179] CPU: 1 UID: 0 PID: 342 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 33.148824] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.149051] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.149465] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 32.412585] ================================================================== [ 32.413050] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1e1/0x260 [ 32.413050] [ 32.413337] Invalid free of 0x(____ptrval____) (in kfence-#106): [ 32.413718] test_invalid_addr_free+0x1e1/0x260 [ 32.414001] kunit_try_run_case+0x1a5/0x480 [ 32.414175] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.414352] kthread+0x337/0x6f0 [ 32.414496] ret_from_fork+0x116/0x1d0 [ 32.414646] ret_from_fork_asm+0x1a/0x30 [ 32.414913] [ 32.415044] kfence-#106: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 32.415044] [ 32.415684] allocated by task 336 on cpu 0 at 32.412342s (0.003336s ago): [ 32.416115] test_alloc+0x364/0x10f0 [ 32.416268] test_invalid_addr_free+0xdb/0x260 [ 32.416425] kunit_try_run_case+0x1a5/0x480 [ 32.416600] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.416775] kthread+0x337/0x6f0 [ 32.416937] ret_from_fork+0x116/0x1d0 [ 32.417243] ret_from_fork_asm+0x1a/0x30 [ 32.417851] [ 32.418012] CPU: 0 UID: 0 PID: 336 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 32.418934] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.419317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.419952] ================================================================== [ 32.516401] ================================================================== [ 32.516855] BUG: KFENCE: invalid free in test_invalid_addr_free+0xfb/0x260 [ 32.516855] [ 32.517122] Invalid free of 0x(____ptrval____) (in kfence-#107): [ 32.517494] test_invalid_addr_free+0xfb/0x260 [ 32.517844] kunit_try_run_case+0x1a5/0x480 [ 32.518015] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.518437] kthread+0x337/0x6f0 [ 32.518604] ret_from_fork+0x116/0x1d0 [ 32.518779] ret_from_fork_asm+0x1a/0x30 [ 32.518961] [ 32.519121] kfence-#107: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 32.519121] [ 32.519794] allocated by task 338 on cpu 0 at 32.516206s (0.003583s ago): [ 32.520356] test_alloc+0x2a6/0x10f0 [ 32.520594] test_invalid_addr_free+0xdb/0x260 [ 32.520806] kunit_try_run_case+0x1a5/0x480 [ 32.521109] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.521422] kthread+0x337/0x6f0 [ 32.521685] ret_from_fork+0x116/0x1d0 [ 32.521976] ret_from_fork_asm+0x1a/0x30 [ 32.522180] [ 32.522341] CPU: 0 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 32.523216] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.523548] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.524194] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 26.182362] ================================================================== [ 26.183860] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5fe/0x6c0 [ 26.184363] Read of size 1 at addr ffff88810232a300 by task kunit_try_catch/225 [ 26.184914] [ 26.185116] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 26.185253] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.185281] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.185328] Call Trace: [ 26.185371] <TASK> [ 26.185413] dump_stack_lvl+0x73/0xb0 [ 26.185493] print_report+0xd1/0x650 [ 26.185541] ? __virt_addr_valid+0x1db/0x2d0 [ 26.185761] ? ksize_uaf+0x5fe/0x6c0 [ 26.185804] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.185850] ? ksize_uaf+0x5fe/0x6c0 [ 26.185890] kasan_report+0x141/0x180 [ 26.185938] ? ksize_uaf+0x5fe/0x6c0 [ 26.185994] __asan_report_load1_noabort+0x18/0x20 [ 26.186053] ksize_uaf+0x5fe/0x6c0 [ 26.186091] ? __pfx_ksize_uaf+0x10/0x10 [ 26.186116] ? __schedule+0x207f/0x2b60 [ 26.186155] ? __pfx_read_tsc+0x10/0x10 [ 26.186192] ? ktime_get_ts64+0x86/0x230 [ 26.186222] kunit_try_run_case+0x1a5/0x480 [ 26.186251] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.186275] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.186300] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.186324] ? __kthread_parkme+0x82/0x180 [ 26.186348] ? preempt_count_sub+0x50/0x80 [ 26.186373] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.186398] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.186424] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.186467] kthread+0x337/0x6f0 [ 26.186492] ? trace_preempt_on+0x20/0xc0 [ 26.186517] ? __pfx_kthread+0x10/0x10 [ 26.186540] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.186602] ? calculate_sigpending+0x7b/0xa0 [ 26.186653] ? __pfx_kthread+0x10/0x10 [ 26.186691] ret_from_fork+0x116/0x1d0 [ 26.186714] ? __pfx_kthread+0x10/0x10 [ 26.186737] ret_from_fork_asm+0x1a/0x30 [ 26.186770] </TASK> [ 26.186785] [ 26.200712] Allocated by task 225: [ 26.200991] kasan_save_stack+0x45/0x70 [ 26.202256] kasan_save_track+0x18/0x40 [ 26.202500] kasan_save_alloc_info+0x3b/0x50 [ 26.202755] __kasan_kmalloc+0xb7/0xc0 [ 26.202931] __kmalloc_cache_noprof+0x189/0x420 [ 26.203349] ksize_uaf+0xaa/0x6c0 [ 26.203638] kunit_try_run_case+0x1a5/0x480 [ 26.203875] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.204163] kthread+0x337/0x6f0 [ 26.204434] ret_from_fork+0x116/0x1d0 [ 26.205682] ret_from_fork_asm+0x1a/0x30 [ 26.205977] [ 26.206080] Freed by task 225: [ 26.206299] kasan_save_stack+0x45/0x70 [ 26.206841] kasan_save_track+0x18/0x40 [ 26.207123] kasan_save_free_info+0x3f/0x60 [ 26.207427] __kasan_slab_free+0x56/0x70 [ 26.208025] kfree+0x222/0x3f0 [ 26.208799] ksize_uaf+0x12c/0x6c0 [ 26.209305] kunit_try_run_case+0x1a5/0x480 [ 26.209524] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.209962] kthread+0x337/0x6f0 [ 26.210259] ret_from_fork+0x116/0x1d0 [ 26.210665] ret_from_fork_asm+0x1a/0x30 [ 26.211213] [ 26.211671] The buggy address belongs to the object at ffff88810232a300 [ 26.211671] which belongs to the cache kmalloc-128 of size 128 [ 26.212573] The buggy address is located 0 bytes inside of [ 26.212573] freed 128-byte region [ffff88810232a300, ffff88810232a380) [ 26.213202] [ 26.213387] The buggy address belongs to the physical page: [ 26.213799] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10232a [ 26.214177] flags: 0x200000000000000(node=0|zone=2) [ 26.214490] page_type: f5(slab) [ 26.214779] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.215067] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.215719] page dumped because: kasan: bad access detected [ 26.215941] [ 26.216069] Memory state around the buggy address: [ 26.216476] ffff88810232a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.217059] ffff88810232a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.217479] >ffff88810232a300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.218512] ^ [ 26.218952] ffff88810232a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.219480] ffff88810232a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.220104] ================================================================== [ 26.145215] ================================================================== [ 26.146239] BUG: KASAN: slab-use-after-free in ksize_uaf+0x19d/0x6c0 [ 26.146968] Read of size 1 at addr ffff88810232a300 by task kunit_try_catch/225 [ 26.147353] [ 26.147971] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 26.148119] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.148149] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.148195] Call Trace: [ 26.148221] <TASK> [ 26.148257] dump_stack_lvl+0x73/0xb0 [ 26.148332] print_report+0xd1/0x650 [ 26.148374] ? __virt_addr_valid+0x1db/0x2d0 [ 26.148431] ? ksize_uaf+0x19d/0x6c0 [ 26.148497] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.148552] ? ksize_uaf+0x19d/0x6c0 [ 26.148590] kasan_report+0x141/0x180 [ 26.148630] ? ksize_uaf+0x19d/0x6c0 [ 26.148676] ? ksize_uaf+0x19d/0x6c0 [ 26.148718] __kasan_check_byte+0x3d/0x50 [ 26.148773] ksize+0x20/0x60 [ 26.148816] ksize_uaf+0x19d/0x6c0 [ 26.149000] ? __pfx_ksize_uaf+0x10/0x10 [ 26.149054] ? __schedule+0x207f/0x2b60 [ 26.149119] ? __pfx_read_tsc+0x10/0x10 [ 26.149170] ? ktime_get_ts64+0x86/0x230 [ 26.149219] kunit_try_run_case+0x1a5/0x480 [ 26.149267] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.149304] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.149329] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.149354] ? __kthread_parkme+0x82/0x180 [ 26.149378] ? preempt_count_sub+0x50/0x80 [ 26.149404] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.149429] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.149479] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.149506] kthread+0x337/0x6f0 [ 26.149528] ? trace_preempt_on+0x20/0xc0 [ 26.149564] ? __pfx_kthread+0x10/0x10 [ 26.149599] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.149632] ? calculate_sigpending+0x7b/0xa0 [ 26.149672] ? __pfx_kthread+0x10/0x10 [ 26.149704] ret_from_fork+0x116/0x1d0 [ 26.149725] ? __pfx_kthread+0x10/0x10 [ 26.149747] ret_from_fork_asm+0x1a/0x30 [ 26.149782] </TASK> [ 26.149796] [ 26.162979] Allocated by task 225: [ 26.163965] kasan_save_stack+0x45/0x70 [ 26.164355] kasan_save_track+0x18/0x40 [ 26.164547] kasan_save_alloc_info+0x3b/0x50 [ 26.165101] __kasan_kmalloc+0xb7/0xc0 [ 26.165278] __kmalloc_cache_noprof+0x189/0x420 [ 26.165436] ksize_uaf+0xaa/0x6c0 [ 26.165569] kunit_try_run_case+0x1a5/0x480 [ 26.165706] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.165930] kthread+0x337/0x6f0 [ 26.166389] ret_from_fork+0x116/0x1d0 [ 26.167333] ret_from_fork_asm+0x1a/0x30 [ 26.167685] [ 26.167833] Freed by task 225: [ 26.167973] kasan_save_stack+0x45/0x70 [ 26.168314] kasan_save_track+0x18/0x40 [ 26.168613] kasan_save_free_info+0x3f/0x60 [ 26.168887] __kasan_slab_free+0x56/0x70 [ 26.169132] kfree+0x222/0x3f0 [ 26.169346] ksize_uaf+0x12c/0x6c0 [ 26.169843] kunit_try_run_case+0x1a5/0x480 [ 26.170296] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.170916] kthread+0x337/0x6f0 [ 26.171316] ret_from_fork+0x116/0x1d0 [ 26.172149] ret_from_fork_asm+0x1a/0x30 [ 26.172370] [ 26.172567] The buggy address belongs to the object at ffff88810232a300 [ 26.172567] which belongs to the cache kmalloc-128 of size 128 [ 26.173586] The buggy address is located 0 bytes inside of [ 26.173586] freed 128-byte region [ffff88810232a300, ffff88810232a380) [ 26.174212] [ 26.174392] The buggy address belongs to the physical page: [ 26.174863] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10232a [ 26.175678] flags: 0x200000000000000(node=0|zone=2) [ 26.176032] page_type: f5(slab) [ 26.176213] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.176477] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.177039] page dumped because: kasan: bad access detected [ 26.177722] [ 26.178215] Memory state around the buggy address: [ 26.178620] ffff88810232a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.178890] ffff88810232a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.179233] >ffff88810232a300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.179951] ^ [ 26.180289] ffff88810232a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.180914] ffff88810232a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.181311] ================================================================== [ 26.222865] ================================================================== [ 26.223437] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5e4/0x6c0 [ 26.223831] Read of size 1 at addr ffff88810232a378 by task kunit_try_catch/225 [ 26.224653] [ 26.224886] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 26.224984] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.225008] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.225053] Call Trace: [ 26.225081] <TASK> [ 26.225118] dump_stack_lvl+0x73/0xb0 [ 26.225182] print_report+0xd1/0x650 [ 26.225221] ? __virt_addr_valid+0x1db/0x2d0 [ 26.225270] ? ksize_uaf+0x5e4/0x6c0 [ 26.225309] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.225354] ? ksize_uaf+0x5e4/0x6c0 [ 26.225393] kasan_report+0x141/0x180 [ 26.225438] ? ksize_uaf+0x5e4/0x6c0 [ 26.225666] __asan_report_load1_noabort+0x18/0x20 [ 26.225710] ksize_uaf+0x5e4/0x6c0 [ 26.225734] ? __pfx_ksize_uaf+0x10/0x10 [ 26.225757] ? __schedule+0x207f/0x2b60 [ 26.225783] ? __pfx_read_tsc+0x10/0x10 [ 26.225806] ? ktime_get_ts64+0x86/0x230 [ 26.225835] kunit_try_run_case+0x1a5/0x480 [ 26.225862] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.225886] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.225910] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.225934] ? __kthread_parkme+0x82/0x180 [ 26.225957] ? preempt_count_sub+0x50/0x80 [ 26.225982] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.226008] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.226050] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.226078] kthread+0x337/0x6f0 [ 26.226099] ? trace_preempt_on+0x20/0xc0 [ 26.226124] ? __pfx_kthread+0x10/0x10 [ 26.226167] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.226202] ? calculate_sigpending+0x7b/0xa0 [ 26.226228] ? __pfx_kthread+0x10/0x10 [ 26.226251] ret_from_fork+0x116/0x1d0 [ 26.226271] ? __pfx_kthread+0x10/0x10 [ 26.226293] ret_from_fork_asm+0x1a/0x30 [ 26.226325] </TASK> [ 26.226339] [ 26.237527] Allocated by task 225: [ 26.237954] kasan_save_stack+0x45/0x70 [ 26.238290] kasan_save_track+0x18/0x40 [ 26.238525] kasan_save_alloc_info+0x3b/0x50 [ 26.238778] __kasan_kmalloc+0xb7/0xc0 [ 26.239007] __kmalloc_cache_noprof+0x189/0x420 [ 26.240096] ksize_uaf+0xaa/0x6c0 [ 26.241010] kunit_try_run_case+0x1a5/0x480 [ 26.241274] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.241502] kthread+0x337/0x6f0 [ 26.241658] ret_from_fork+0x116/0x1d0 [ 26.241890] ret_from_fork_asm+0x1a/0x30 [ 26.242126] [ 26.242297] Freed by task 225: [ 26.242562] kasan_save_stack+0x45/0x70 [ 26.243020] kasan_save_track+0x18/0x40 [ 26.243969] kasan_save_free_info+0x3f/0x60 [ 26.244353] __kasan_slab_free+0x56/0x70 [ 26.244548] kfree+0x222/0x3f0 [ 26.244799] ksize_uaf+0x12c/0x6c0 [ 26.245096] kunit_try_run_case+0x1a5/0x480 [ 26.245298] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.245697] kthread+0x337/0x6f0 [ 26.245927] ret_from_fork+0x116/0x1d0 [ 26.246335] ret_from_fork_asm+0x1a/0x30 [ 26.246574] [ 26.246680] The buggy address belongs to the object at ffff88810232a300 [ 26.246680] which belongs to the cache kmalloc-128 of size 128 [ 26.247364] The buggy address is located 120 bytes inside of [ 26.247364] freed 128-byte region [ffff88810232a300, ffff88810232a380) [ 26.248552] [ 26.249187] The buggy address belongs to the physical page: [ 26.249667] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10232a [ 26.250306] flags: 0x200000000000000(node=0|zone=2) [ 26.250896] page_type: f5(slab) [ 26.251367] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.252137] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.252766] page dumped because: kasan: bad access detected [ 26.253363] [ 26.253599] Memory state around the buggy address: [ 26.254616] ffff88810232a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.254926] ffff88810232a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.255157] >ffff88810232a300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.256037] ^ [ 26.256535] ffff88810232a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.257474] ffff88810232a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.257916] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 26.034512] ================================================================== [ 26.035650] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 26.036100] Read of size 1 at addr ffff88810232a273 by task kunit_try_catch/223 [ 26.036576] [ 26.036846] CPU: 0 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 26.036946] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.036970] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.037022] Call Trace: [ 26.037064] <TASK> [ 26.037105] dump_stack_lvl+0x73/0xb0 [ 26.037175] print_report+0xd1/0x650 [ 26.037218] ? __virt_addr_valid+0x1db/0x2d0 [ 26.037266] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 26.037314] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.037367] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 26.037412] kasan_report+0x141/0x180 [ 26.037471] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 26.037543] __asan_report_load1_noabort+0x18/0x20 [ 26.037593] ksize_unpoisons_memory+0x81c/0x9b0 [ 26.037646] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 26.037695] ? finish_task_switch.isra.0+0x153/0x700 [ 26.037743] ? __switch_to+0x47/0xf50 [ 26.037791] ? __schedule+0x10cc/0x2b60 [ 26.037834] ? __pfx_read_tsc+0x10/0x10 [ 26.037878] ? ktime_get_ts64+0x86/0x230 [ 26.037929] kunit_try_run_case+0x1a5/0x480 [ 26.037983] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.038037] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.038081] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.038118] ? __kthread_parkme+0x82/0x180 [ 26.038153] ? preempt_count_sub+0x50/0x80 [ 26.038191] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.038246] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.038311] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.038363] kthread+0x337/0x6f0 [ 26.038404] ? trace_preempt_on+0x20/0xc0 [ 26.038467] ? __pfx_kthread+0x10/0x10 [ 26.038508] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.038546] ? calculate_sigpending+0x7b/0xa0 [ 26.038588] ? __pfx_kthread+0x10/0x10 [ 26.038622] ret_from_fork+0x116/0x1d0 [ 26.038654] ? __pfx_kthread+0x10/0x10 [ 26.038686] ret_from_fork_asm+0x1a/0x30 [ 26.038737] </TASK> [ 26.038758] [ 26.052367] Allocated by task 223: [ 26.052872] kasan_save_stack+0x45/0x70 [ 26.053281] kasan_save_track+0x18/0x40 [ 26.053473] kasan_save_alloc_info+0x3b/0x50 [ 26.053670] __kasan_kmalloc+0xb7/0xc0 [ 26.054218] __kmalloc_cache_noprof+0x189/0x420 [ 26.055072] ksize_unpoisons_memory+0xc7/0x9b0 [ 26.055481] kunit_try_run_case+0x1a5/0x480 [ 26.055945] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.056851] kthread+0x337/0x6f0 [ 26.057094] ret_from_fork+0x116/0x1d0 [ 26.057976] ret_from_fork_asm+0x1a/0x30 [ 26.058297] [ 26.058453] The buggy address belongs to the object at ffff88810232a200 [ 26.058453] which belongs to the cache kmalloc-128 of size 128 [ 26.059270] The buggy address is located 0 bytes to the right of [ 26.059270] allocated 115-byte region [ffff88810232a200, ffff88810232a273) [ 26.060883] [ 26.061086] The buggy address belongs to the physical page: [ 26.061505] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10232a [ 26.062388] flags: 0x200000000000000(node=0|zone=2) [ 26.063006] page_type: f5(slab) [ 26.063254] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.063935] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.064868] page dumped because: kasan: bad access detected [ 26.065059] [ 26.065138] Memory state around the buggy address: [ 26.065972] ffff88810232a100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.066413] ffff88810232a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.067406] >ffff88810232a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 26.067968] ^ [ 26.068261] ffff88810232a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.069080] ffff88810232a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.069342] ================================================================== [ 26.070943] ================================================================== [ 26.071750] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 26.072505] Read of size 1 at addr ffff88810232a278 by task kunit_try_catch/223 [ 26.073167] [ 26.073400] CPU: 0 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 26.073578] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.073606] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.073645] Call Trace: [ 26.073677] <TASK> [ 26.073715] dump_stack_lvl+0x73/0xb0 [ 26.073817] print_report+0xd1/0x650 [ 26.073865] ? __virt_addr_valid+0x1db/0x2d0 [ 26.073934] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 26.073984] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.074049] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 26.074099] kasan_report+0x141/0x180 [ 26.074134] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 26.074192] __asan_report_load1_noabort+0x18/0x20 [ 26.074220] ksize_unpoisons_memory+0x7e9/0x9b0 [ 26.074247] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 26.074286] ? finish_task_switch.isra.0+0x153/0x700 [ 26.074322] ? __switch_to+0x47/0xf50 [ 26.074353] ? __schedule+0x10cc/0x2b60 [ 26.074378] ? __pfx_read_tsc+0x10/0x10 [ 26.074402] ? ktime_get_ts64+0x86/0x230 [ 26.074431] kunit_try_run_case+0x1a5/0x480 [ 26.074479] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.074503] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.074529] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.074561] ? __kthread_parkme+0x82/0x180 [ 26.074598] ? preempt_count_sub+0x50/0x80 [ 26.074634] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.074674] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.074704] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.074729] kthread+0x337/0x6f0 [ 26.074751] ? trace_preempt_on+0x20/0xc0 [ 26.074776] ? __pfx_kthread+0x10/0x10 [ 26.074798] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.074821] ? calculate_sigpending+0x7b/0xa0 [ 26.074847] ? __pfx_kthread+0x10/0x10 [ 26.074870] ret_from_fork+0x116/0x1d0 [ 26.074890] ? __pfx_kthread+0x10/0x10 [ 26.074912] ret_from_fork_asm+0x1a/0x30 [ 26.074945] </TASK> [ 26.074959] [ 26.087368] Allocated by task 223: [ 26.087971] kasan_save_stack+0x45/0x70 [ 26.088573] kasan_save_track+0x18/0x40 [ 26.089048] kasan_save_alloc_info+0x3b/0x50 [ 26.089421] __kasan_kmalloc+0xb7/0xc0 [ 26.089805] __kmalloc_cache_noprof+0x189/0x420 [ 26.090490] ksize_unpoisons_memory+0xc7/0x9b0 [ 26.090889] kunit_try_run_case+0x1a5/0x480 [ 26.091095] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.091528] kthread+0x337/0x6f0 [ 26.091862] ret_from_fork+0x116/0x1d0 [ 26.092451] ret_from_fork_asm+0x1a/0x30 [ 26.092864] [ 26.093033] The buggy address belongs to the object at ffff88810232a200 [ 26.093033] which belongs to the cache kmalloc-128 of size 128 [ 26.094368] The buggy address is located 5 bytes to the right of [ 26.094368] allocated 115-byte region [ffff88810232a200, ffff88810232a273) [ 26.095227] [ 26.095391] The buggy address belongs to the physical page: [ 26.095611] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10232a [ 26.096216] flags: 0x200000000000000(node=0|zone=2) [ 26.097042] page_type: f5(slab) [ 26.097917] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.098462] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.099170] page dumped because: kasan: bad access detected [ 26.099704] [ 26.099829] Memory state around the buggy address: [ 26.100319] ffff88810232a100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.100693] ffff88810232a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.101203] >ffff88810232a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 26.101914] ^ [ 26.102665] ffff88810232a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.103140] ffff88810232a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.103674] ================================================================== [ 26.104780] ================================================================== [ 26.105042] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 26.105223] Read of size 1 at addr ffff88810232a27f by task kunit_try_catch/223 [ 26.105366] [ 26.105472] CPU: 0 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 26.105561] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.105586] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.105629] Call Trace: [ 26.105710] <TASK> [ 26.105765] dump_stack_lvl+0x73/0xb0 [ 26.105844] print_report+0xd1/0x650 [ 26.105894] ? __virt_addr_valid+0x1db/0x2d0 [ 26.105946] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 26.105996] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.106059] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 26.106101] kasan_report+0x141/0x180 [ 26.106144] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 26.106197] __asan_report_load1_noabort+0x18/0x20 [ 26.106245] ksize_unpoisons_memory+0x7b6/0x9b0 [ 26.106290] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 26.106327] ? finish_task_switch.isra.0+0x153/0x700 [ 26.106365] ? __switch_to+0x47/0xf50 [ 26.106411] ? __schedule+0x10cc/0x2b60 [ 26.106461] ? __pfx_read_tsc+0x10/0x10 [ 26.106501] ? ktime_get_ts64+0x86/0x230 [ 26.106551] kunit_try_run_case+0x1a5/0x480 [ 26.106596] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.106638] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.106677] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.106716] ? __kthread_parkme+0x82/0x180 [ 26.106757] ? preempt_count_sub+0x50/0x80 [ 26.106803] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.106849] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.106902] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.106949] kthread+0x337/0x6f0 [ 26.106993] ? trace_preempt_on+0x20/0xc0 [ 26.107045] ? __pfx_kthread+0x10/0x10 [ 26.107088] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.107130] ? calculate_sigpending+0x7b/0xa0 [ 26.107177] ? __pfx_kthread+0x10/0x10 [ 26.107222] ret_from_fork+0x116/0x1d0 [ 26.107263] ? __pfx_kthread+0x10/0x10 [ 26.107308] ret_from_fork_asm+0x1a/0x30 [ 26.107368] </TASK> [ 26.107391] [ 26.121953] Allocated by task 223: [ 26.122362] kasan_save_stack+0x45/0x70 [ 26.122852] kasan_save_track+0x18/0x40 [ 26.123163] kasan_save_alloc_info+0x3b/0x50 [ 26.123485] __kasan_kmalloc+0xb7/0xc0 [ 26.123849] __kmalloc_cache_noprof+0x189/0x420 [ 26.124134] ksize_unpoisons_memory+0xc7/0x9b0 [ 26.124522] kunit_try_run_case+0x1a5/0x480 [ 26.124952] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.125505] kthread+0x337/0x6f0 [ 26.126481] ret_from_fork+0x116/0x1d0 [ 26.126909] ret_from_fork_asm+0x1a/0x30 [ 26.127429] [ 26.127654] The buggy address belongs to the object at ffff88810232a200 [ 26.127654] which belongs to the cache kmalloc-128 of size 128 [ 26.128713] The buggy address is located 12 bytes to the right of [ 26.128713] allocated 115-byte region [ffff88810232a200, ffff88810232a273) [ 26.129611] [ 26.129803] The buggy address belongs to the physical page: [ 26.130310] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10232a [ 26.130793] flags: 0x200000000000000(node=0|zone=2) [ 26.131318] page_type: f5(slab) [ 26.131717] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.132552] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.132851] page dumped because: kasan: bad access detected [ 26.133104] [ 26.134127] Memory state around the buggy address: [ 26.134574] ffff88810232a100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.135454] ffff88810232a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.135984] >ffff88810232a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 26.136747] ^ [ 26.137730] ffff88810232a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.138414] ffff88810232a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.138965] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 25.952580] ================================================================== [ 25.953237] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x4a8/0x520 [ 25.953731] Read of size 1 at addr ffff88810232b328 by task kunit_try_catch/217 [ 25.954048] [ 25.954187] CPU: 0 UID: 0 PID: 217 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 25.954293] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.954315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.954354] Call Trace: [ 25.954380] <TASK> [ 25.954412] dump_stack_lvl+0x73/0xb0 [ 25.954490] print_report+0xd1/0x650 [ 25.954536] ? __virt_addr_valid+0x1db/0x2d0 [ 25.954577] ? kmalloc_uaf2+0x4a8/0x520 [ 25.954609] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.954652] ? kmalloc_uaf2+0x4a8/0x520 [ 25.954684] kasan_report+0x141/0x180 [ 25.954722] ? kmalloc_uaf2+0x4a8/0x520 [ 25.954768] __asan_report_load1_noabort+0x18/0x20 [ 25.954815] kmalloc_uaf2+0x4a8/0x520 [ 25.954853] ? __pfx_kmalloc_uaf2+0x10/0x10 [ 25.954886] ? finish_task_switch.isra.0+0x153/0x700 [ 25.954930] ? __switch_to+0x47/0xf50 [ 25.954983] ? __schedule+0x10cc/0x2b60 [ 25.955029] ? __pfx_read_tsc+0x10/0x10 [ 25.955070] ? ktime_get_ts64+0x86/0x230 [ 25.955121] kunit_try_run_case+0x1a5/0x480 [ 25.955169] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.955208] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.955252] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.955290] ? __kthread_parkme+0x82/0x180 [ 25.955324] ? preempt_count_sub+0x50/0x80 [ 25.955362] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.955402] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.955455] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.955501] kthread+0x337/0x6f0 [ 25.955542] ? trace_preempt_on+0x20/0xc0 [ 25.955585] ? __pfx_kthread+0x10/0x10 [ 25.955627] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.955673] ? calculate_sigpending+0x7b/0xa0 [ 25.955719] ? __pfx_kthread+0x10/0x10 [ 25.955755] ret_from_fork+0x116/0x1d0 [ 25.955793] ? __pfx_kthread+0x10/0x10 [ 25.955834] ret_from_fork_asm+0x1a/0x30 [ 25.955901] </TASK> [ 25.955930] [ 25.968007] Allocated by task 217: [ 25.968421] kasan_save_stack+0x45/0x70 [ 25.968979] kasan_save_track+0x18/0x40 [ 25.969337] kasan_save_alloc_info+0x3b/0x50 [ 25.969829] __kasan_kmalloc+0xb7/0xc0 [ 25.970200] __kmalloc_cache_noprof+0x189/0x420 [ 25.971346] kmalloc_uaf2+0xc6/0x520 [ 25.971871] kunit_try_run_case+0x1a5/0x480 [ 25.972291] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.972893] kthread+0x337/0x6f0 [ 25.973237] ret_from_fork+0x116/0x1d0 [ 25.973723] ret_from_fork_asm+0x1a/0x30 [ 25.973987] [ 25.974193] Freed by task 217: [ 25.974497] kasan_save_stack+0x45/0x70 [ 25.974842] kasan_save_track+0x18/0x40 [ 25.975030] kasan_save_free_info+0x3f/0x60 [ 25.975428] __kasan_slab_free+0x56/0x70 [ 25.976534] kfree+0x222/0x3f0 [ 25.976886] kmalloc_uaf2+0x14c/0x520 [ 25.977063] kunit_try_run_case+0x1a5/0x480 [ 25.977415] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.977786] kthread+0x337/0x6f0 [ 25.978138] ret_from_fork+0x116/0x1d0 [ 25.978492] ret_from_fork_asm+0x1a/0x30 [ 25.978895] [ 25.979041] The buggy address belongs to the object at ffff88810232b300 [ 25.979041] which belongs to the cache kmalloc-64 of size 64 [ 25.979863] The buggy address is located 40 bytes inside of [ 25.979863] freed 64-byte region [ffff88810232b300, ffff88810232b340) [ 25.980497] [ 25.980671] The buggy address belongs to the physical page: [ 25.981054] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10232b [ 25.981456] flags: 0x200000000000000(node=0|zone=2) [ 25.981707] page_type: f5(slab) [ 25.981876] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.982508] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.983194] page dumped because: kasan: bad access detected [ 25.983437] [ 25.983518] Memory state around the buggy address: [ 25.983656] ffff88810232b200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.983833] ffff88810232b280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.984405] >ffff88810232b300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.984857] ^ [ 25.985036] ffff88810232b380: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 25.985328] ffff88810232b400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.985586] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 25.908347] ================================================================== [ 25.908979] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x1a3/0x360 [ 25.909450] Write of size 33 at addr ffff888102b16e00 by task kunit_try_catch/215 [ 25.910062] [ 25.910567] CPU: 1 UID: 0 PID: 215 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 25.910685] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.910713] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.910866] Call Trace: [ 25.910901] <TASK> [ 25.910942] dump_stack_lvl+0x73/0xb0 [ 25.911099] print_report+0xd1/0x650 [ 25.911164] ? __virt_addr_valid+0x1db/0x2d0 [ 25.911234] ? kmalloc_uaf_memset+0x1a3/0x360 [ 25.911271] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.911342] ? kmalloc_uaf_memset+0x1a3/0x360 [ 25.911404] kasan_report+0x141/0x180 [ 25.911462] ? kmalloc_uaf_memset+0x1a3/0x360 [ 25.911511] kasan_check_range+0x10c/0x1c0 [ 25.911541] __asan_memset+0x27/0x50 [ 25.911562] kmalloc_uaf_memset+0x1a3/0x360 [ 25.911583] ? __pfx_kmalloc_uaf_memset+0x10/0x10 [ 25.911606] ? __schedule+0x10cc/0x2b60 [ 25.911631] ? __pfx_read_tsc+0x10/0x10 [ 25.911654] ? ktime_get_ts64+0x86/0x230 [ 25.911684] kunit_try_run_case+0x1a5/0x480 [ 25.911722] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.911794] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.911838] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.911875] ? __kthread_parkme+0x82/0x180 [ 25.911900] ? preempt_count_sub+0x50/0x80 [ 25.911928] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.911955] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.911979] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.912002] kthread+0x337/0x6f0 [ 25.912023] ? trace_preempt_on+0x20/0xc0 [ 25.912049] ? __pfx_kthread+0x10/0x10 [ 25.912071] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.912092] ? calculate_sigpending+0x7b/0xa0 [ 25.912118] ? __pfx_kthread+0x10/0x10 [ 25.912140] ret_from_fork+0x116/0x1d0 [ 25.912187] ? __pfx_kthread+0x10/0x10 [ 25.912212] ret_from_fork_asm+0x1a/0x30 [ 25.912248] </TASK> [ 25.912262] [ 25.925230] Allocated by task 215: [ 25.925613] kasan_save_stack+0x45/0x70 [ 25.925989] kasan_save_track+0x18/0x40 [ 25.926325] kasan_save_alloc_info+0x3b/0x50 [ 25.927469] __kasan_kmalloc+0xb7/0xc0 [ 25.928004] __kmalloc_cache_noprof+0x189/0x420 [ 25.928423] kmalloc_uaf_memset+0xa9/0x360 [ 25.928934] kunit_try_run_case+0x1a5/0x480 [ 25.929167] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.929589] kthread+0x337/0x6f0 [ 25.930192] ret_from_fork+0x116/0x1d0 [ 25.931111] ret_from_fork_asm+0x1a/0x30 [ 25.931593] [ 25.931706] Freed by task 215: [ 25.931868] kasan_save_stack+0x45/0x70 [ 25.932185] kasan_save_track+0x18/0x40 [ 25.932521] kasan_save_free_info+0x3f/0x60 [ 25.932768] __kasan_slab_free+0x56/0x70 [ 25.932964] kfree+0x222/0x3f0 [ 25.933996] kmalloc_uaf_memset+0x12b/0x360 [ 25.934305] kunit_try_run_case+0x1a5/0x480 [ 25.934487] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.935405] kthread+0x337/0x6f0 [ 25.936059] ret_from_fork+0x116/0x1d0 [ 25.936532] ret_from_fork_asm+0x1a/0x30 [ 25.936883] [ 25.937052] The buggy address belongs to the object at ffff888102b16e00 [ 25.937052] which belongs to the cache kmalloc-64 of size 64 [ 25.937922] The buggy address is located 0 bytes inside of [ 25.937922] freed 64-byte region [ffff888102b16e00, ffff888102b16e40) [ 25.938945] [ 25.939345] The buggy address belongs to the physical page: [ 25.939863] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b16 [ 25.940189] flags: 0x200000000000000(node=0|zone=2) [ 25.940644] page_type: f5(slab) [ 25.941604] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.942021] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.942785] page dumped because: kasan: bad access detected [ 25.943118] [ 25.943272] Memory state around the buggy address: [ 25.943733] ffff888102b16d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.944562] ffff888102b16d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.944995] >ffff888102b16e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.945267] ^ [ 25.945431] ffff888102b16e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.945687] ffff888102b16f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.946169] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 25.865068] ================================================================== [ 25.865692] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x320/0x380 [ 25.866463] Read of size 1 at addr ffff8881022cf728 by task kunit_try_catch/213 [ 25.867057] [ 25.867231] CPU: 0 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 25.867338] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.867367] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.867415] Call Trace: [ 25.867457] <TASK> [ 25.867496] dump_stack_lvl+0x73/0xb0 [ 25.867551] print_report+0xd1/0x650 [ 25.867588] ? __virt_addr_valid+0x1db/0x2d0 [ 25.867615] ? kmalloc_uaf+0x320/0x380 [ 25.867642] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.867685] ? kmalloc_uaf+0x320/0x380 [ 25.867724] kasan_report+0x141/0x180 [ 25.867770] ? kmalloc_uaf+0x320/0x380 [ 25.867822] __asan_report_load1_noabort+0x18/0x20 [ 25.867871] kmalloc_uaf+0x320/0x380 [ 25.867911] ? __pfx_kmalloc_uaf+0x10/0x10 [ 25.867944] ? __schedule+0x10cc/0x2b60 [ 25.867969] ? __pfx_read_tsc+0x10/0x10 [ 25.867992] ? ktime_get_ts64+0x86/0x230 [ 25.868021] kunit_try_run_case+0x1a5/0x480 [ 25.868049] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.868072] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.868097] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.868121] ? __kthread_parkme+0x82/0x180 [ 25.868149] ? preempt_count_sub+0x50/0x80 [ 25.868190] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.868381] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.868452] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.868505] kthread+0x337/0x6f0 [ 25.868553] ? trace_preempt_on+0x20/0xc0 [ 25.868606] ? __pfx_kthread+0x10/0x10 [ 25.868653] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.868702] ? calculate_sigpending+0x7b/0xa0 [ 25.868780] ? __pfx_kthread+0x10/0x10 [ 25.868814] ret_from_fork+0x116/0x1d0 [ 25.868838] ? __pfx_kthread+0x10/0x10 [ 25.868860] ret_from_fork_asm+0x1a/0x30 [ 25.868893] </TASK> [ 25.868908] [ 25.880333] Allocated by task 213: [ 25.881453] kasan_save_stack+0x45/0x70 [ 25.882047] kasan_save_track+0x18/0x40 [ 25.882477] kasan_save_alloc_info+0x3b/0x50 [ 25.882830] __kasan_kmalloc+0xb7/0xc0 [ 25.883005] __kmalloc_cache_noprof+0x189/0x420 [ 25.883208] kmalloc_uaf+0xaa/0x380 [ 25.883373] kunit_try_run_case+0x1a5/0x480 [ 25.883811] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.884184] kthread+0x337/0x6f0 [ 25.884540] ret_from_fork+0x116/0x1d0 [ 25.885332] ret_from_fork_asm+0x1a/0x30 [ 25.885829] [ 25.886006] Freed by task 213: [ 25.886716] kasan_save_stack+0x45/0x70 [ 25.887321] kasan_save_track+0x18/0x40 [ 25.887529] kasan_save_free_info+0x3f/0x60 [ 25.887871] __kasan_slab_free+0x56/0x70 [ 25.888214] kfree+0x222/0x3f0 [ 25.888408] kmalloc_uaf+0x12c/0x380 [ 25.888583] kunit_try_run_case+0x1a5/0x480 [ 25.888860] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.889270] kthread+0x337/0x6f0 [ 25.889578] ret_from_fork+0x116/0x1d0 [ 25.889861] ret_from_fork_asm+0x1a/0x30 [ 25.889998] [ 25.890088] The buggy address belongs to the object at ffff8881022cf720 [ 25.890088] which belongs to the cache kmalloc-16 of size 16 [ 25.890386] The buggy address is located 8 bytes inside of [ 25.890386] freed 16-byte region [ffff8881022cf720, ffff8881022cf730) [ 25.890677] [ 25.890757] The buggy address belongs to the physical page: [ 25.891314] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022cf [ 25.892112] flags: 0x200000000000000(node=0|zone=2) [ 25.892802] page_type: f5(slab) [ 25.894196] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.895671] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.896268] page dumped because: kasan: bad access detected [ 25.897241] [ 25.897359] Memory state around the buggy address: [ 25.897563] ffff8881022cf600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.898401] ffff8881022cf680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.898673] >ffff8881022cf700: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 25.899213] ^ [ 25.899588] ffff8881022cf780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.900011] ffff8881022cf800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.900436] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 31.788538] ================================================================== [ 31.788977] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 31.788977] [ 31.789321] Use-after-free read at 0x(____ptrval____) (in kfence-#100): [ 31.789902] test_use_after_free_read+0x129/0x270 [ 31.790322] kunit_try_run_case+0x1a5/0x480 [ 31.790598] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.790808] kthread+0x337/0x6f0 [ 31.790971] ret_from_fork+0x116/0x1d0 [ 31.791266] ret_from_fork_asm+0x1a/0x30 [ 31.791675] [ 31.791850] kfence-#100: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 31.791850] [ 31.792498] allocated by task 324 on cpu 0 at 31.788172s (0.004321s ago): [ 31.792909] test_alloc+0x364/0x10f0 [ 31.793224] test_use_after_free_read+0xdc/0x270 [ 31.793435] kunit_try_run_case+0x1a5/0x480 [ 31.793774] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.794099] kthread+0x337/0x6f0 [ 31.794270] ret_from_fork+0x116/0x1d0 [ 31.794610] ret_from_fork_asm+0x1a/0x30 [ 31.794969] [ 31.795154] freed by task 324 on cpu 0 at 31.788319s (0.006830s ago): [ 31.795572] test_use_after_free_read+0x1e7/0x270 [ 31.795895] kunit_try_run_case+0x1a5/0x480 [ 31.796238] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.796751] kthread+0x337/0x6f0 [ 31.796959] ret_from_fork+0x116/0x1d0 [ 31.797124] ret_from_fork_asm+0x1a/0x30 [ 31.797303] [ 31.797554] CPU: 0 UID: 0 PID: 324 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 31.798788] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.798977] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.799471] ================================================================== [ 31.892384] ================================================================== [ 31.892863] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 31.892863] [ 31.893229] Use-after-free read at 0x(____ptrval____) (in kfence-#101): [ 31.893777] test_use_after_free_read+0x129/0x270 [ 31.894012] kunit_try_run_case+0x1a5/0x480 [ 31.894194] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.894678] kthread+0x337/0x6f0 [ 31.894972] ret_from_fork+0x116/0x1d0 [ 31.895309] ret_from_fork_asm+0x1a/0x30 [ 31.895546] [ 31.895665] kfence-#101: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 31.895665] [ 31.896049] allocated by task 326 on cpu 0 at 31.892148s (0.003897s ago): [ 31.896830] test_alloc+0x2a6/0x10f0 [ 31.897056] test_use_after_free_read+0xdc/0x270 [ 31.897498] kunit_try_run_case+0x1a5/0x480 [ 31.897733] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.898064] kthread+0x337/0x6f0 [ 31.898357] ret_from_fork+0x116/0x1d0 [ 31.898712] ret_from_fork_asm+0x1a/0x30 [ 31.899061] [ 31.899254] freed by task 326 on cpu 0 at 31.892248s (0.007002s ago): [ 31.899606] test_use_after_free_read+0xfb/0x270 [ 31.899854] kunit_try_run_case+0x1a5/0x480 [ 31.900222] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.900666] kthread+0x337/0x6f0 [ 31.900965] ret_from_fork+0x116/0x1d0 [ 31.901340] ret_from_fork_asm+0x1a/0x30 [ 31.901649] [ 31.901883] CPU: 0 UID: 0 PID: 326 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 31.902602] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.902941] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.903547] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 31.476316] ================================================================== [ 31.476803] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 31.476803] [ 31.477160] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#97): [ 31.477719] test_out_of_bounds_write+0x10d/0x260 [ 31.477939] kunit_try_run_case+0x1a5/0x480 [ 31.478232] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.478720] kthread+0x337/0x6f0 [ 31.479034] ret_from_fork+0x116/0x1d0 [ 31.479335] ret_from_fork_asm+0x1a/0x30 [ 31.479562] [ 31.479698] kfence-#97: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 31.479698] [ 31.480398] allocated by task 320 on cpu 0 at 31.476108s (0.004285s ago): [ 31.480969] test_alloc+0x364/0x10f0 [ 31.481198] test_out_of_bounds_write+0xd4/0x260 [ 31.481572] kunit_try_run_case+0x1a5/0x480 [ 31.482018] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.482565] kthread+0x337/0x6f0 [ 31.482745] ret_from_fork+0x116/0x1d0 [ 31.483056] ret_from_fork_asm+0x1a/0x30 [ 31.483370] [ 31.483625] CPU: 0 UID: 0 PID: 320 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 31.484107] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.484289] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.485010] ================================================================== [ 31.684385] ================================================================== [ 31.685077] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 31.685077] [ 31.685776] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#99): [ 31.686409] test_out_of_bounds_write+0x10d/0x260 [ 31.686815] kunit_try_run_case+0x1a5/0x480 [ 31.687045] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.687261] kthread+0x337/0x6f0 [ 31.687430] ret_from_fork+0x116/0x1d0 [ 31.687635] ret_from_fork_asm+0x1a/0x30 [ 31.687823] [ 31.687926] kfence-#99: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 31.687926] [ 31.688271] allocated by task 322 on cpu 0 at 31.684279s (0.003987s ago): [ 31.688553] test_alloc+0x2a6/0x10f0 [ 31.688706] test_out_of_bounds_write+0xd4/0x260 [ 31.688884] kunit_try_run_case+0x1a5/0x480 [ 31.689070] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.689565] kthread+0x337/0x6f0 [ 31.689880] ret_from_fork+0x116/0x1d0 [ 31.690262] ret_from_fork_asm+0x1a/0x30 [ 31.690610] [ 31.690843] CPU: 0 UID: 0 PID: 322 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 31.691720] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.692084] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.692640] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 31.268264] ================================================================== [ 31.268805] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 31.268805] [ 31.269204] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#95): [ 31.269793] test_out_of_bounds_read+0x216/0x4e0 [ 31.270095] kunit_try_run_case+0x1a5/0x480 [ 31.270275] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.270515] kthread+0x337/0x6f0 [ 31.270802] ret_from_fork+0x116/0x1d0 [ 31.271151] ret_from_fork_asm+0x1a/0x30 [ 31.271642] [ 31.271843] kfence-#95: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 31.271843] [ 31.272547] allocated by task 318 on cpu 1 at 31.268168s (0.004374s ago): [ 31.272870] test_alloc+0x2a6/0x10f0 [ 31.273128] test_out_of_bounds_read+0x1e2/0x4e0 [ 31.273603] kunit_try_run_case+0x1a5/0x480 [ 31.274011] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.274631] kthread+0x337/0x6f0 [ 31.275001] ret_from_fork+0x116/0x1d0 [ 31.275238] ret_from_fork_asm+0x1a/0x30 [ 31.275616] [ 31.275830] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 31.276392] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.276901] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.277705] ================================================================== [ 30.957317] ================================================================== [ 30.957907] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 30.957907] [ 30.958689] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#92): [ 30.959366] test_out_of_bounds_read+0x126/0x4e0 [ 30.959863] kunit_try_run_case+0x1a5/0x480 [ 30.960310] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.960620] kthread+0x337/0x6f0 [ 30.960805] ret_from_fork+0x116/0x1d0 [ 30.961153] ret_from_fork_asm+0x1a/0x30 [ 30.961505] [ 30.961654] kfence-#92: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 30.961654] [ 30.962352] allocated by task 316 on cpu 0 at 30.956404s (0.005943s ago): [ 30.962920] test_alloc+0x364/0x10f0 [ 30.963112] test_out_of_bounds_read+0xed/0x4e0 [ 30.963534] kunit_try_run_case+0x1a5/0x480 [ 30.964093] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.964420] kthread+0x337/0x6f0 [ 30.964671] ret_from_fork+0x116/0x1d0 [ 30.964864] ret_from_fork_asm+0x1a/0x30 [ 30.965113] [ 30.965343] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 30.966417] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.966766] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.967134] ================================================================== [ 31.164477] ================================================================== [ 31.164988] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 31.164988] [ 31.165538] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#94): [ 31.165962] test_out_of_bounds_read+0x126/0x4e0 [ 31.166203] kunit_try_run_case+0x1a5/0x480 [ 31.166635] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.167086] kthread+0x337/0x6f0 [ 31.167418] ret_from_fork+0x116/0x1d0 [ 31.167630] ret_from_fork_asm+0x1a/0x30 [ 31.167900] [ 31.168089] kfence-#94: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 31.168089] [ 31.168783] allocated by task 318 on cpu 1 at 31.164237s (0.004541s ago): [ 31.169378] test_alloc+0x2a6/0x10f0 [ 31.169762] test_out_of_bounds_read+0xed/0x4e0 [ 31.170256] kunit_try_run_case+0x1a5/0x480 [ 31.170566] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.170927] kthread+0x337/0x6f0 [ 31.171167] ret_from_fork+0x116/0x1d0 [ 31.171360] ret_from_fork_asm+0x1a/0x30 [ 31.171739] [ 31.171996] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 31.172870] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.173088] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.173889] ================================================================== [ 31.060528] ================================================================== [ 31.061011] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 31.061011] [ 31.061504] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#93): [ 31.062072] test_out_of_bounds_read+0x216/0x4e0 [ 31.062437] kunit_try_run_case+0x1a5/0x480 [ 31.062717] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.062981] kthread+0x337/0x6f0 [ 31.063328] ret_from_fork+0x116/0x1d0 [ 31.063677] ret_from_fork_asm+0x1a/0x30 [ 31.063945] [ 31.064059] kfence-#93: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 31.064059] [ 31.064625] allocated by task 316 on cpu 0 at 31.060302s (0.004317s ago): [ 31.065332] test_alloc+0x364/0x10f0 [ 31.065641] test_out_of_bounds_read+0x1e2/0x4e0 [ 31.066021] kunit_try_run_case+0x1a5/0x480 [ 31.066252] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.066735] kthread+0x337/0x6f0 [ 31.067043] ret_from_fork+0x116/0x1d0 [ 31.067372] ret_from_fork_asm+0x1a/0x30 [ 31.067642] [ 31.067869] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 31.068578] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.068780] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.069393] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-free-in-kfree_sensitive
[ 26.013131] ================================================================== [ 26.013684] BUG: KFENCE: invalid free in kfree_sensitive+0x67/0x90 [ 26.013684] [ 26.014263] Invalid free of 0x(____ptrval____) (in kfence-#68): [ 26.014723] kfree_sensitive+0x67/0x90 [ 26.015061] kmalloc_double_kzfree+0x19c/0x350 [ 26.015585] kunit_try_run_case+0x1a5/0x480 [ 26.015888] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.016323] kthread+0x337/0x6f0 [ 26.016533] ret_from_fork+0x116/0x1d0 [ 26.016717] ret_from_fork_asm+0x1a/0x30 [ 26.016903] [ 26.017091] kfence-#68: 0x(____ptrval____)-0x(____ptrval____), size=16, cache=kmalloc-16 [ 26.017091] [ 26.017895] allocated by task 221 on cpu 0 at 25.997099s (0.020791s ago): [ 26.018891] kmalloc_double_kzfree+0xa9/0x350 [ 26.019303] kunit_try_run_case+0x1a5/0x480 [ 26.019682] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.020101] kthread+0x337/0x6f0 [ 26.020918] ret_from_fork+0x116/0x1d0 [ 26.021351] ret_from_fork_asm+0x1a/0x30 [ 26.021608] [ 26.021712] freed by task 221 on cpu 0 at 25.997213s (0.024494s ago): [ 26.021975] kfree_sensitive+0x67/0x90 [ 26.022161] kmalloc_double_kzfree+0x12b/0x350 [ 26.022535] kunit_try_run_case+0x1a5/0x480 [ 26.022889] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.023347] kthread+0x337/0x6f0 [ 26.023673] ret_from_fork+0x116/0x1d0 [ 26.023857] ret_from_fork_asm+0x1a/0x30 [ 26.024041] [ 26.024189] CPU: 0 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 26.025293] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.025679] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.026278] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 25.825794] ================================================================== [ 25.826426] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 25.827558] Read of size 64 at addr ffff88810232b084 by task kunit_try_catch/211 [ 25.828581] [ 25.829000] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 25.829113] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.829140] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.829215] Call Trace: [ 25.829245] <TASK> [ 25.829294] dump_stack_lvl+0x73/0xb0 [ 25.829386] print_report+0xd1/0x650 [ 25.829435] ? __virt_addr_valid+0x1db/0x2d0 [ 25.829496] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 25.829524] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.829573] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 25.829645] kasan_report+0x141/0x180 [ 25.829686] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 25.829726] kasan_check_range+0x10c/0x1c0 [ 25.829752] __asan_memmove+0x27/0x70 [ 25.829773] kmalloc_memmove_invalid_size+0x16f/0x330 [ 25.829799] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 25.829826] ? __schedule+0x10cc/0x2b60 [ 25.829853] ? __pfx_read_tsc+0x10/0x10 [ 25.829878] ? ktime_get_ts64+0x86/0x230 [ 25.829907] kunit_try_run_case+0x1a5/0x480 [ 25.829936] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.829959] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.829984] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.830008] ? __kthread_parkme+0x82/0x180 [ 25.830043] ? preempt_count_sub+0x50/0x80 [ 25.830071] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.830097] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.830122] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.830162] kthread+0x337/0x6f0 [ 25.830197] ? trace_preempt_on+0x20/0xc0 [ 25.830224] ? __pfx_kthread+0x10/0x10 [ 25.830247] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.830269] ? calculate_sigpending+0x7b/0xa0 [ 25.830296] ? __pfx_kthread+0x10/0x10 [ 25.830319] ret_from_fork+0x116/0x1d0 [ 25.830339] ? __pfx_kthread+0x10/0x10 [ 25.830361] ret_from_fork_asm+0x1a/0x30 [ 25.830396] </TASK> [ 25.830409] [ 25.843236] Allocated by task 211: [ 25.843653] kasan_save_stack+0x45/0x70 [ 25.844126] kasan_save_track+0x18/0x40 [ 25.844477] kasan_save_alloc_info+0x3b/0x50 [ 25.845058] __kasan_kmalloc+0xb7/0xc0 [ 25.845438] __kmalloc_cache_noprof+0x189/0x420 [ 25.845671] kmalloc_memmove_invalid_size+0xac/0x330 [ 25.846086] kunit_try_run_case+0x1a5/0x480 [ 25.846516] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.847495] kthread+0x337/0x6f0 [ 25.847992] ret_from_fork+0x116/0x1d0 [ 25.848342] ret_from_fork_asm+0x1a/0x30 [ 25.848806] [ 25.849022] The buggy address belongs to the object at ffff88810232b080 [ 25.849022] which belongs to the cache kmalloc-64 of size 64 [ 25.849898] The buggy address is located 4 bytes inside of [ 25.849898] allocated 64-byte region [ffff88810232b080, ffff88810232b0c0) [ 25.850805] [ 25.850972] The buggy address belongs to the physical page: [ 25.851456] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10232b [ 25.851872] flags: 0x200000000000000(node=0|zone=2) [ 25.852066] page_type: f5(slab) [ 25.852408] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.853202] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.853951] page dumped because: kasan: bad access detected [ 25.854325] [ 25.854512] Memory state around the buggy address: [ 25.854948] ffff88810232af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.855462] ffff88810232b000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.856210] >ffff88810232b080: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 25.857256] ^ [ 25.857479] ffff88810232b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.858072] ffff88810232b180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.858387] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 25.792544] ================================================================== [ 25.793108] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 25.793650] Read of size 18446744073709551614 at addr ffff888102323f04 by task kunit_try_catch/209 [ 25.794608] [ 25.794766] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 25.794857] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.794874] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.794900] Call Trace: [ 25.794918] <TASK> [ 25.794941] dump_stack_lvl+0x73/0xb0 [ 25.794995] print_report+0xd1/0x650 [ 25.795028] ? __virt_addr_valid+0x1db/0x2d0 [ 25.795054] ? kmalloc_memmove_negative_size+0x171/0x330 [ 25.795080] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.795107] ? kmalloc_memmove_negative_size+0x171/0x330 [ 25.795176] kasan_report+0x141/0x180 [ 25.795215] ? kmalloc_memmove_negative_size+0x171/0x330 [ 25.795268] kasan_check_range+0x10c/0x1c0 [ 25.795315] __asan_memmove+0x27/0x70 [ 25.795359] kmalloc_memmove_negative_size+0x171/0x330 [ 25.795410] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 25.795509] ? __schedule+0x10cc/0x2b60 [ 25.795560] ? __pfx_read_tsc+0x10/0x10 [ 25.795607] ? ktime_get_ts64+0x86/0x230 [ 25.795666] kunit_try_run_case+0x1a5/0x480 [ 25.795724] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.795769] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.795798] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.795823] ? __kthread_parkme+0x82/0x180 [ 25.795847] ? preempt_count_sub+0x50/0x80 [ 25.795873] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.795898] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.795923] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.795947] kthread+0x337/0x6f0 [ 25.795969] ? trace_preempt_on+0x20/0xc0 [ 25.795994] ? __pfx_kthread+0x10/0x10 [ 25.796017] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.796039] ? calculate_sigpending+0x7b/0xa0 [ 25.796065] ? __pfx_kthread+0x10/0x10 [ 25.796088] ret_from_fork+0x116/0x1d0 [ 25.796109] ? __pfx_kthread+0x10/0x10 [ 25.796131] ret_from_fork_asm+0x1a/0x30 [ 25.796196] </TASK> [ 25.796210] [ 25.806695] Allocated by task 209: [ 25.807069] kasan_save_stack+0x45/0x70 [ 25.807430] kasan_save_track+0x18/0x40 [ 25.807665] kasan_save_alloc_info+0x3b/0x50 [ 25.808047] __kasan_kmalloc+0xb7/0xc0 [ 25.808320] __kmalloc_cache_noprof+0x189/0x420 [ 25.808602] kmalloc_memmove_negative_size+0xac/0x330 [ 25.808870] kunit_try_run_case+0x1a5/0x480 [ 25.809099] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.809390] kthread+0x337/0x6f0 [ 25.809600] ret_from_fork+0x116/0x1d0 [ 25.809790] ret_from_fork_asm+0x1a/0x30 [ 25.810175] [ 25.810354] The buggy address belongs to the object at ffff888102323f00 [ 25.810354] which belongs to the cache kmalloc-64 of size 64 [ 25.811286] The buggy address is located 4 bytes inside of [ 25.811286] 64-byte region [ffff888102323f00, ffff888102323f40) [ 25.812074] [ 25.812283] The buggy address belongs to the physical page: [ 25.812695] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102323 [ 25.813072] flags: 0x200000000000000(node=0|zone=2) [ 25.813329] page_type: f5(slab) [ 25.813636] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.814249] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.814709] page dumped because: kasan: bad access detected [ 25.814990] [ 25.815173] Memory state around the buggy address: [ 25.815419] ffff888102323e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.815663] ffff888102323e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.816190] >ffff888102323f00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 25.816645] ^ [ 25.816871] ffff888102323f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.817346] ffff888102324000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.817711] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 25.759239] ================================================================== [ 25.759713] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 25.760384] Write of size 16 at addr ffff88810232a069 by task kunit_try_catch/207 [ 25.760741] [ 25.760881] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 25.760971] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.760993] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.761031] Call Trace: [ 25.761056] <TASK> [ 25.761087] dump_stack_lvl+0x73/0xb0 [ 25.761149] print_report+0xd1/0x650 [ 25.761187] ? __virt_addr_valid+0x1db/0x2d0 [ 25.761225] ? kmalloc_oob_memset_16+0x166/0x330 [ 25.761261] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.761305] ? kmalloc_oob_memset_16+0x166/0x330 [ 25.761349] kasan_report+0x141/0x180 [ 25.761393] ? kmalloc_oob_memset_16+0x166/0x330 [ 25.762202] kasan_check_range+0x10c/0x1c0 [ 25.762310] __asan_memset+0x27/0x50 [ 25.762357] kmalloc_oob_memset_16+0x166/0x330 [ 25.762408] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 25.762468] ? __schedule+0x10cc/0x2b60 [ 25.762503] ? __pfx_read_tsc+0x10/0x10 [ 25.762541] ? ktime_get_ts64+0x86/0x230 [ 25.762571] kunit_try_run_case+0x1a5/0x480 [ 25.762599] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.762623] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.762647] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.762671] ? __kthread_parkme+0x82/0x180 [ 25.762694] ? preempt_count_sub+0x50/0x80 [ 25.762720] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.762745] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.762770] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.762794] kthread+0x337/0x6f0 [ 25.762815] ? trace_preempt_on+0x20/0xc0 [ 25.762840] ? __pfx_kthread+0x10/0x10 [ 25.762862] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.762885] ? calculate_sigpending+0x7b/0xa0 [ 25.762911] ? __pfx_kthread+0x10/0x10 [ 25.762934] ret_from_fork+0x116/0x1d0 [ 25.762954] ? __pfx_kthread+0x10/0x10 [ 25.762976] ret_from_fork_asm+0x1a/0x30 [ 25.763008] </TASK> [ 25.763022] [ 25.774002] Allocated by task 207: [ 25.774262] kasan_save_stack+0x45/0x70 [ 25.774649] kasan_save_track+0x18/0x40 [ 25.774975] kasan_save_alloc_info+0x3b/0x50 [ 25.775309] __kasan_kmalloc+0xb7/0xc0 [ 25.775688] __kmalloc_cache_noprof+0x189/0x420 [ 25.776092] kmalloc_oob_memset_16+0xac/0x330 [ 25.776510] kunit_try_run_case+0x1a5/0x480 [ 25.776817] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.777209] kthread+0x337/0x6f0 [ 25.777379] ret_from_fork+0x116/0x1d0 [ 25.777728] ret_from_fork_asm+0x1a/0x30 [ 25.778078] [ 25.778293] The buggy address belongs to the object at ffff88810232a000 [ 25.778293] which belongs to the cache kmalloc-128 of size 128 [ 25.778793] The buggy address is located 105 bytes inside of [ 25.778793] allocated 120-byte region [ffff88810232a000, ffff88810232a078) [ 25.779390] [ 25.779599] The buggy address belongs to the physical page: [ 25.779938] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10232a [ 25.780381] flags: 0x200000000000000(node=0|zone=2) [ 25.780856] page_type: f5(slab) [ 25.781242] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.781911] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.782503] page dumped because: kasan: bad access detected [ 25.782693] [ 25.782788] Memory state around the buggy address: [ 25.783226] ffff888102329f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.783668] ffff888102329f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.784074] >ffff88810232a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.784576] ^ [ 25.785012] ffff88810232a080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.785497] ffff88810232a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.785814] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 25.720829] ================================================================== [ 25.721350] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 25.722066] Write of size 8 at addr ffff88810231cf71 by task kunit_try_catch/205 [ 25.722814] [ 25.723074] CPU: 0 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 25.723191] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.723218] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.723264] Call Trace: [ 25.723293] <TASK> [ 25.723328] dump_stack_lvl+0x73/0xb0 [ 25.723400] print_report+0xd1/0x650 [ 25.723459] ? __virt_addr_valid+0x1db/0x2d0 [ 25.723510] ? kmalloc_oob_memset_8+0x166/0x330 [ 25.723558] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.723610] ? kmalloc_oob_memset_8+0x166/0x330 [ 25.723653] kasan_report+0x141/0x180 [ 25.723688] ? kmalloc_oob_memset_8+0x166/0x330 [ 25.723734] kasan_check_range+0x10c/0x1c0 [ 25.723772] __asan_memset+0x27/0x50 [ 25.723810] kmalloc_oob_memset_8+0x166/0x330 [ 25.723852] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 25.723899] ? __schedule+0x10cc/0x2b60 [ 25.723951] ? __pfx_read_tsc+0x10/0x10 [ 25.724000] ? ktime_get_ts64+0x86/0x230 [ 25.724061] kunit_try_run_case+0x1a5/0x480 [ 25.724117] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.724167] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.724208] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.724248] ? __kthread_parkme+0x82/0x180 [ 25.724290] ? preempt_count_sub+0x50/0x80 [ 25.724339] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.724386] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.724436] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.724525] kthread+0x337/0x6f0 [ 25.724563] ? trace_preempt_on+0x20/0xc0 [ 25.724604] ? __pfx_kthread+0x10/0x10 [ 25.724638] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.724673] ? calculate_sigpending+0x7b/0xa0 [ 25.724711] ? __pfx_kthread+0x10/0x10 [ 25.724745] ret_from_fork+0x116/0x1d0 [ 25.724775] ? __pfx_kthread+0x10/0x10 [ 25.724808] ret_from_fork_asm+0x1a/0x30 [ 25.724860] </TASK> [ 25.724881] [ 25.737233] Allocated by task 205: [ 25.737610] kasan_save_stack+0x45/0x70 [ 25.737862] kasan_save_track+0x18/0x40 [ 25.738175] kasan_save_alloc_info+0x3b/0x50 [ 25.739410] __kasan_kmalloc+0xb7/0xc0 [ 25.739803] __kmalloc_cache_noprof+0x189/0x420 [ 25.740190] kmalloc_oob_memset_8+0xac/0x330 [ 25.740671] kunit_try_run_case+0x1a5/0x480 [ 25.741103] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.741631] kthread+0x337/0x6f0 [ 25.742087] ret_from_fork+0x116/0x1d0 [ 25.742482] ret_from_fork_asm+0x1a/0x30 [ 25.743165] [ 25.743361] The buggy address belongs to the object at ffff88810231cf00 [ 25.743361] which belongs to the cache kmalloc-128 of size 128 [ 25.744178] The buggy address is located 113 bytes inside of [ 25.744178] allocated 120-byte region [ffff88810231cf00, ffff88810231cf78) [ 25.745181] [ 25.745391] The buggy address belongs to the physical page: [ 25.745848] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10231c [ 25.746356] flags: 0x200000000000000(node=0|zone=2) [ 25.747293] page_type: f5(slab) [ 25.747575] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.747920] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.748261] page dumped because: kasan: bad access detected [ 25.748610] [ 25.749060] Memory state around the buggy address: [ 25.749776] ffff88810231ce00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.750099] ffff88810231ce80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.751216] >ffff88810231cf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.751466] ^ [ 25.752235] ffff88810231cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.752402] ffff88810231d000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.753093] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 25.687379] ================================================================== [ 25.687982] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 25.688641] Write of size 4 at addr ffff888102b17275 by task kunit_try_catch/203 [ 25.689081] [ 25.689225] CPU: 1 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 25.689334] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.689359] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.689404] Call Trace: [ 25.689435] <TASK> [ 25.689486] dump_stack_lvl+0x73/0xb0 [ 25.689556] print_report+0xd1/0x650 [ 25.689604] ? __virt_addr_valid+0x1db/0x2d0 [ 25.689654] ? kmalloc_oob_memset_4+0x166/0x330 [ 25.689680] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.689708] ? kmalloc_oob_memset_4+0x166/0x330 [ 25.689730] kasan_report+0x141/0x180 [ 25.689753] ? kmalloc_oob_memset_4+0x166/0x330 [ 25.689779] kasan_check_range+0x10c/0x1c0 [ 25.689803] __asan_memset+0x27/0x50 [ 25.689823] kmalloc_oob_memset_4+0x166/0x330 [ 25.689846] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 25.689869] ? __schedule+0x10cc/0x2b60 [ 25.689896] ? __pfx_read_tsc+0x10/0x10 [ 25.689919] ? ktime_get_ts64+0x86/0x230 [ 25.689948] kunit_try_run_case+0x1a5/0x480 [ 25.689975] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.689998] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.690021] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.690060] ? __kthread_parkme+0x82/0x180 [ 25.690084] ? preempt_count_sub+0x50/0x80 [ 25.690110] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.690133] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.690169] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.690208] kthread+0x337/0x6f0 [ 25.690244] ? trace_preempt_on+0x20/0xc0 [ 25.690292] ? __pfx_kthread+0x10/0x10 [ 25.690333] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.690369] ? calculate_sigpending+0x7b/0xa0 [ 25.690414] ? __pfx_kthread+0x10/0x10 [ 25.690470] ret_from_fork+0x116/0x1d0 [ 25.690513] ? __pfx_kthread+0x10/0x10 [ 25.690552] ret_from_fork_asm+0x1a/0x30 [ 25.690616] </TASK> [ 25.690640] [ 25.701271] Allocated by task 203: [ 25.701600] kasan_save_stack+0x45/0x70 [ 25.701900] kasan_save_track+0x18/0x40 [ 25.702306] kasan_save_alloc_info+0x3b/0x50 [ 25.702635] __kasan_kmalloc+0xb7/0xc0 [ 25.702809] __kmalloc_cache_noprof+0x189/0x420 [ 25.703011] kmalloc_oob_memset_4+0xac/0x330 [ 25.703377] kunit_try_run_case+0x1a5/0x480 [ 25.703738] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.704160] kthread+0x337/0x6f0 [ 25.704544] ret_from_fork+0x116/0x1d0 [ 25.704878] ret_from_fork_asm+0x1a/0x30 [ 25.705068] [ 25.705181] The buggy address belongs to the object at ffff888102b17200 [ 25.705181] which belongs to the cache kmalloc-128 of size 128 [ 25.705882] The buggy address is located 117 bytes inside of [ 25.705882] allocated 120-byte region [ffff888102b17200, ffff888102b17278) [ 25.706314] [ 25.706424] The buggy address belongs to the physical page: [ 25.706759] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b17 [ 25.707277] flags: 0x200000000000000(node=0|zone=2) [ 25.707854] page_type: f5(slab) [ 25.708334] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.709354] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.709985] page dumped because: kasan: bad access detected [ 25.710452] [ 25.710660] Memory state around the buggy address: [ 25.711110] ffff888102b17100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.711672] ffff888102b17180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.712092] >ffff888102b17200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.712666] ^ [ 25.713023] ffff888102b17280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.713667] ffff888102b17300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.713923] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 25.621108] ================================================================== [ 25.621604] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 25.622464] Write of size 128 at addr ffff888102b17100 by task kunit_try_catch/199 [ 25.622726] [ 25.622872] CPU: 1 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 25.622977] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.623004] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.623044] Call Trace: [ 25.623067] <TASK> [ 25.623103] dump_stack_lvl+0x73/0xb0 [ 25.623166] print_report+0xd1/0x650 [ 25.623209] ? __virt_addr_valid+0x1db/0x2d0 [ 25.623242] ? kmalloc_oob_in_memset+0x15f/0x320 [ 25.623265] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.623291] ? kmalloc_oob_in_memset+0x15f/0x320 [ 25.623313] kasan_report+0x141/0x180 [ 25.623335] ? kmalloc_oob_in_memset+0x15f/0x320 [ 25.623360] kasan_check_range+0x10c/0x1c0 [ 25.623383] __asan_memset+0x27/0x50 [ 25.623403] kmalloc_oob_in_memset+0x15f/0x320 [ 25.623424] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 25.624003] ? __schedule+0x10cc/0x2b60 [ 25.624386] ? __pfx_read_tsc+0x10/0x10 [ 25.624463] ? ktime_get_ts64+0x86/0x230 [ 25.624527] kunit_try_run_case+0x1a5/0x480 [ 25.624582] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.624619] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.624657] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.624693] ? __kthread_parkme+0x82/0x180 [ 25.624727] ? preempt_count_sub+0x50/0x80 [ 25.624766] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.624805] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.624842] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.624878] kthread+0x337/0x6f0 [ 25.624911] ? trace_preempt_on+0x20/0xc0 [ 25.624951] ? __pfx_kthread+0x10/0x10 [ 25.624986] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.625022] ? calculate_sigpending+0x7b/0xa0 [ 25.625061] ? __pfx_kthread+0x10/0x10 [ 25.625102] ret_from_fork+0x116/0x1d0 [ 25.625139] ? __pfx_kthread+0x10/0x10 [ 25.625174] ret_from_fork_asm+0x1a/0x30 [ 25.625214] </TASK> [ 25.625228] [ 25.638881] Allocated by task 199: [ 25.639161] kasan_save_stack+0x45/0x70 [ 25.639374] kasan_save_track+0x18/0x40 [ 25.640156] kasan_save_alloc_info+0x3b/0x50 [ 25.640467] __kasan_kmalloc+0xb7/0xc0 [ 25.640786] __kmalloc_cache_noprof+0x189/0x420 [ 25.641076] kmalloc_oob_in_memset+0xac/0x320 [ 25.641351] kunit_try_run_case+0x1a5/0x480 [ 25.641664] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.642061] kthread+0x337/0x6f0 [ 25.642365] ret_from_fork+0x116/0x1d0 [ 25.643406] ret_from_fork_asm+0x1a/0x30 [ 25.643832] [ 25.644016] The buggy address belongs to the object at ffff888102b17100 [ 25.644016] which belongs to the cache kmalloc-128 of size 128 [ 25.644860] The buggy address is located 0 bytes inside of [ 25.644860] allocated 120-byte region [ffff888102b17100, ffff888102b17178) [ 25.645490] [ 25.645745] The buggy address belongs to the physical page: [ 25.646071] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b17 [ 25.646728] flags: 0x200000000000000(node=0|zone=2) [ 25.647763] page_type: f5(slab) [ 25.648313] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.648713] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.649487] page dumped because: kasan: bad access detected [ 25.650032] [ 25.650220] Memory state around the buggy address: [ 25.650876] ffff888102b17000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.651358] ffff888102b17080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.651631] >ffff888102b17100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.652347] ^ [ 25.652864] ffff888102b17180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.653330] ffff888102b17200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.653668] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 25.582982] ================================================================== [ 25.583522] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x47b/0x4c0 [ 25.584160] Read of size 16 at addr ffff8881022cf700 by task kunit_try_catch/197 [ 25.584424] [ 25.584651] CPU: 0 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 25.584747] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.584774] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.584819] Call Trace: [ 25.584844] <TASK> [ 25.584879] dump_stack_lvl+0x73/0xb0 [ 25.584943] print_report+0xd1/0x650 [ 25.584992] ? __virt_addr_valid+0x1db/0x2d0 [ 25.585041] ? kmalloc_uaf_16+0x47b/0x4c0 [ 25.585071] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.585099] ? kmalloc_uaf_16+0x47b/0x4c0 [ 25.585121] kasan_report+0x141/0x180 [ 25.585146] ? kmalloc_uaf_16+0x47b/0x4c0 [ 25.585190] __asan_report_load16_noabort+0x18/0x20 [ 25.585230] kmalloc_uaf_16+0x47b/0x4c0 [ 25.585271] ? __pfx_kmalloc_uaf_16+0x10/0x10 [ 25.585316] ? __schedule+0x10cc/0x2b60 [ 25.585362] ? __pfx_read_tsc+0x10/0x10 [ 25.585409] ? ktime_get_ts64+0x86/0x230 [ 25.585695] kunit_try_run_case+0x1a5/0x480 [ 25.585779] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.585831] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.585883] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.585935] ? __kthread_parkme+0x82/0x180 [ 25.585984] ? preempt_count_sub+0x50/0x80 [ 25.586050] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.586105] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.586169] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.586221] kthread+0x337/0x6f0 [ 25.586259] ? trace_preempt_on+0x20/0xc0 [ 25.586294] ? __pfx_kthread+0x10/0x10 [ 25.586317] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.586340] ? calculate_sigpending+0x7b/0xa0 [ 25.586366] ? __pfx_kthread+0x10/0x10 [ 25.586389] ret_from_fork+0x116/0x1d0 [ 25.586410] ? __pfx_kthread+0x10/0x10 [ 25.586432] ret_from_fork_asm+0x1a/0x30 [ 25.586490] </TASK> [ 25.586504] [ 25.598394] Allocated by task 197: [ 25.598685] kasan_save_stack+0x45/0x70 [ 25.598959] kasan_save_track+0x18/0x40 [ 25.599216] kasan_save_alloc_info+0x3b/0x50 [ 25.599554] __kasan_kmalloc+0xb7/0xc0 [ 25.599857] __kmalloc_cache_noprof+0x189/0x420 [ 25.600308] kmalloc_uaf_16+0x15b/0x4c0 [ 25.600702] kunit_try_run_case+0x1a5/0x480 [ 25.601135] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.601543] kthread+0x337/0x6f0 [ 25.601878] ret_from_fork+0x116/0x1d0 [ 25.602265] ret_from_fork_asm+0x1a/0x30 [ 25.602601] [ 25.602802] Freed by task 197: [ 25.603064] kasan_save_stack+0x45/0x70 [ 25.603387] kasan_save_track+0x18/0x40 [ 25.603752] kasan_save_free_info+0x3f/0x60 [ 25.604052] __kasan_slab_free+0x56/0x70 [ 25.604471] kfree+0x222/0x3f0 [ 25.604662] kmalloc_uaf_16+0x1d6/0x4c0 [ 25.604861] kunit_try_run_case+0x1a5/0x480 [ 25.605291] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.605770] kthread+0x337/0x6f0 [ 25.605991] ret_from_fork+0x116/0x1d0 [ 25.606277] ret_from_fork_asm+0x1a/0x30 [ 25.606627] [ 25.606801] The buggy address belongs to the object at ffff8881022cf700 [ 25.606801] which belongs to the cache kmalloc-16 of size 16 [ 25.607550] The buggy address is located 0 bytes inside of [ 25.607550] freed 16-byte region [ffff8881022cf700, ffff8881022cf710) [ 25.608114] [ 25.608291] The buggy address belongs to the physical page: [ 25.608643] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022cf [ 25.608950] flags: 0x200000000000000(node=0|zone=2) [ 25.609200] page_type: f5(slab) [ 25.609367] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.609648] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.610218] page dumped because: kasan: bad access detected [ 25.610722] [ 25.610922] Memory state around the buggy address: [ 25.611438] ffff8881022cf600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.612015] ffff8881022cf680: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 25.612591] >ffff8881022cf700: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.612910] ^ [ 25.613071] ffff8881022cf780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.613739] ffff8881022cf800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.614340] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 25.542533] ================================================================== [ 25.543634] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 25.544640] Write of size 16 at addr ffff8881022cf6a0 by task kunit_try_catch/195 [ 25.545714] [ 25.546005] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 25.546121] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.546149] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.546193] Call Trace: [ 25.546220] <TASK> [ 25.546257] dump_stack_lvl+0x73/0xb0 [ 25.546305] print_report+0xd1/0x650 [ 25.546331] ? __virt_addr_valid+0x1db/0x2d0 [ 25.546360] ? kmalloc_oob_16+0x452/0x4a0 [ 25.546382] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.546410] ? kmalloc_oob_16+0x452/0x4a0 [ 25.546432] kasan_report+0x141/0x180 [ 25.546483] ? kmalloc_oob_16+0x452/0x4a0 [ 25.546526] __asan_report_store16_noabort+0x1b/0x30 [ 25.546568] kmalloc_oob_16+0x452/0x4a0 [ 25.546608] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 25.546653] ? __schedule+0x10cc/0x2b60 [ 25.546703] ? __pfx_read_tsc+0x10/0x10 [ 25.546754] ? ktime_get_ts64+0x86/0x230 [ 25.546801] kunit_try_run_case+0x1a5/0x480 [ 25.546845] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.546880] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.546915] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.546950] ? __kthread_parkme+0x82/0x180 [ 25.546985] ? preempt_count_sub+0x50/0x80 [ 25.547023] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.547057] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.547096] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.547134] kthread+0x337/0x6f0 [ 25.547166] ? trace_preempt_on+0x20/0xc0 [ 25.547202] ? __pfx_kthread+0x10/0x10 [ 25.547224] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.547246] ? calculate_sigpending+0x7b/0xa0 [ 25.547272] ? __pfx_kthread+0x10/0x10 [ 25.547295] ret_from_fork+0x116/0x1d0 [ 25.547316] ? __pfx_kthread+0x10/0x10 [ 25.547338] ret_from_fork_asm+0x1a/0x30 [ 25.547372] </TASK> [ 25.547387] [ 25.560128] Allocated by task 195: [ 25.560716] kasan_save_stack+0x45/0x70 [ 25.561232] kasan_save_track+0x18/0x40 [ 25.561726] kasan_save_alloc_info+0x3b/0x50 [ 25.562181] __kasan_kmalloc+0xb7/0xc0 [ 25.563007] __kmalloc_cache_noprof+0x189/0x420 [ 25.563245] kmalloc_oob_16+0xa8/0x4a0 [ 25.563409] kunit_try_run_case+0x1a5/0x480 [ 25.563627] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.564104] kthread+0x337/0x6f0 [ 25.564785] ret_from_fork+0x116/0x1d0 [ 25.565136] ret_from_fork_asm+0x1a/0x30 [ 25.565403] [ 25.565729] The buggy address belongs to the object at ffff8881022cf6a0 [ 25.565729] which belongs to the cache kmalloc-16 of size 16 [ 25.566459] The buggy address is located 0 bytes inside of [ 25.566459] allocated 13-byte region [ffff8881022cf6a0, ffff8881022cf6ad) [ 25.567736] [ 25.567917] The buggy address belongs to the physical page: [ 25.568465] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022cf [ 25.569209] flags: 0x200000000000000(node=0|zone=2) [ 25.569419] page_type: f5(slab) [ 25.569713] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.570369] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.571037] page dumped because: kasan: bad access detected [ 25.571566] [ 25.571749] Memory state around the buggy address: [ 25.572107] ffff8881022cf580: 00 06 fc fc 00 06 fc fc 00 00 fc fc 00 04 fc fc [ 25.572745] ffff8881022cf600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.573131] >ffff8881022cf680: fa fb fc fc 00 05 fc fc 00 00 fc fc fc fc fc fc [ 25.573858] ^ [ 25.574836] ffff8881022cf700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.576009] ffff8881022cf780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.576617] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-write-in-memset_orig
[ 25.998576] ================================================================== [ 25.999480] BUG: KFENCE: use-after-free write in memset_orig+0x72/0xb0 [ 25.999480] [ 26.000127] Use-after-free write at 0x(____ptrval____) (in kfence-#68): [ 26.000616] memset_orig+0x72/0xb0 [ 26.000961] kmalloc_double_kzfree+0x19c/0x350 [ 26.001304] kunit_try_run_case+0x1a5/0x480 [ 26.001597] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.001972] kthread+0x337/0x6f0 [ 26.002214] ret_from_fork+0x116/0x1d0 [ 26.002574] ret_from_fork_asm+0x1a/0x30 [ 26.002813] [ 26.002927] kfence-#68: 0x(____ptrval____)-0x(____ptrval____), size=16, cache=kmalloc-16 [ 26.002927] [ 26.003576] allocated by task 221 on cpu 0 at 25.997099s (0.006471s ago): [ 26.003958] kmalloc_double_kzfree+0xa9/0x350 [ 26.004352] kunit_try_run_case+0x1a5/0x480 [ 26.004670] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.004887] kthread+0x337/0x6f0 [ 26.005047] ret_from_fork+0x116/0x1d0 [ 26.005431] ret_from_fork_asm+0x1a/0x30 [ 26.005789] [ 26.005949] freed by task 221 on cpu 0 at 25.997213s (0.008731s ago): [ 26.006407] kfree_sensitive+0x67/0x90 [ 26.006724] kmalloc_double_kzfree+0x12b/0x350 [ 26.007092] kunit_try_run_case+0x1a5/0x480 [ 26.007423] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.007806] kthread+0x337/0x6f0 [ 26.008019] ret_from_fork+0x116/0x1d0 [ 26.008200] ret_from_fork_asm+0x1a/0x30 [ 26.008387] [ 26.008618] CPU: 0 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 26.009580] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.009914] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.010413] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-kmalloc_oob_memset_2
[ 25.663837] ================================================================== [ 25.665178] BUG: KFENCE: memory corruption in kmalloc_oob_memset_2+0x187/0x330 [ 25.665178] [ 25.665672] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#65): [ 25.667612] kmalloc_oob_memset_2+0x187/0x330 [ 25.668009] kunit_try_run_case+0x1a5/0x480 [ 25.668298] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.668741] kthread+0x337/0x6f0 [ 25.669019] ret_from_fork+0x116/0x1d0 [ 25.669437] ret_from_fork_asm+0x1a/0x30 [ 25.669702] [ 25.670266] kfence-#65: 0x(____ptrval____)-0x(____ptrval____), size=120, cache=kmalloc-128 [ 25.670266] [ 25.671254] allocated by task 201 on cpu 1 at 25.660019s (0.011063s ago): [ 25.671938] kmalloc_oob_memset_2+0xac/0x330 [ 25.672462] kunit_try_run_case+0x1a5/0x480 [ 25.672776] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.673067] kthread+0x337/0x6f0 [ 25.673622] ret_from_fork+0x116/0x1d0 [ 25.674056] ret_from_fork_asm+0x1a/0x30 [ 25.674358] [ 25.674889] freed by task 201 on cpu 1 at 25.663180s (0.011434s ago): [ 25.675420] kmalloc_oob_memset_2+0x187/0x330 [ 25.675787] kunit_try_run_case+0x1a5/0x480 [ 25.676052] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.677589] kthread+0x337/0x6f0 [ 25.677862] ret_from_fork+0x116/0x1d0 [ 25.678020] ret_from_fork_asm+0x1a/0x30 [ 25.678555] [ 25.678875] CPU: 1 UID: 0 PID: 201 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 25.679581] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.679769] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.680606] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-drm_encoder_cleanup
[ 180.007397] ================================================================== [ 180.007948] BUG: KASAN: slab-use-after-free in drm_encoder_cleanup+0x265/0x270 [ 180.008555] Read of size 8 at addr ffff88810769ac70 by task kunit_try_catch/1610 [ 180.009120] [ 180.009285] CPU: 0 UID: 0 PID: 1610 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 180.009384] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 180.010184] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 180.010232] Call Trace: [ 180.010253] <TASK> [ 180.010285] dump_stack_lvl+0x73/0xb0 [ 180.010337] print_report+0xd1/0x650 [ 180.010366] ? __virt_addr_valid+0x1db/0x2d0 [ 180.010392] ? drm_encoder_cleanup+0x265/0x270 [ 180.010444] ? kasan_complete_mode_report_info+0x64/0x200 [ 180.010473] ? drm_encoder_cleanup+0x265/0x270 [ 180.010498] kasan_report+0x141/0x180 [ 180.010522] ? drm_encoder_cleanup+0x265/0x270 [ 180.010551] __asan_report_load8_noabort+0x18/0x20 [ 180.010576] drm_encoder_cleanup+0x265/0x270 [ 180.010602] drmm_encoder_alloc_release+0x36/0x60 [ 180.010627] drm_managed_release+0x15c/0x470 [ 180.010652] ? simple_release_fs+0x86/0xb0 [ 180.010680] drm_dev_put.part.0+0xa1/0x100 [ 180.010706] ? __pfx_devm_drm_dev_init_release+0x10/0x10 [ 180.010731] devm_drm_dev_init_release+0x17/0x30 [ 180.010756] devm_action_release+0x50/0x80 [ 180.010784] devres_release_all+0x186/0x240 [ 180.010809] ? __pfx_devres_release_all+0x10/0x10 [ 180.010833] ? kernfs_remove_by_name_ns+0x166/0x1d0 [ 180.010861] ? sysfs_remove_file_ns+0x56/0xa0 [ 180.010887] device_unbind_cleanup+0x1b/0x1b0 [ 180.010911] device_release_driver_internal+0x3e4/0x540 [ 180.010935] ? klist_devices_put+0x35/0x50 [ 180.010958] device_release_driver+0x16/0x20 [ 180.010981] bus_remove_device+0x1e9/0x3d0 [ 180.011005] device_del+0x397/0x980 [ 180.011031] ? __pfx_device_del+0x10/0x10 [ 180.011053] ? __kasan_check_write+0x18/0x20 [ 180.011077] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 180.011101] ? __pfx_device_unregister_wrapper+0x10/0x10 [ 180.011144] device_unregister+0x1b/0xa0 [ 180.011169] device_unregister_wrapper+0x12/0x20 [ 180.011191] __kunit_action_free+0x57/0x70 [ 180.011215] kunit_remove_resource+0x133/0x200 [ 180.011239] ? preempt_count_sub+0x50/0x80 [ 180.011265] kunit_cleanup+0x7a/0x120 [ 180.011291] kunit_try_run_case_cleanup+0xbd/0xf0 [ 180.011315] ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [ 180.011340] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 180.011362] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 180.011384] kthread+0x337/0x6f0 [ 180.011417] ? trace_preempt_on+0x20/0xc0 [ 180.011449] ? __pfx_kthread+0x10/0x10 [ 180.011472] ? _raw_spin_unlock_irq+0x47/0x80 [ 180.011494] ? calculate_sigpending+0x7b/0xa0 [ 180.011520] ? __pfx_kthread+0x10/0x10 [ 180.011543] ret_from_fork+0x116/0x1d0 [ 180.011565] ? __pfx_kthread+0x10/0x10 [ 180.011588] ret_from_fork_asm+0x1a/0x30 [ 180.011622] </TASK> [ 180.011638] [ 180.025925] Allocated by task 1609: [ 180.026359] kasan_save_stack+0x45/0x70 [ 180.026674] kasan_save_track+0x18/0x40 [ 180.026859] kasan_save_alloc_info+0x3b/0x50 [ 180.027295] __kasan_kmalloc+0xb7/0xc0 [ 180.027630] __kmalloc_noprof+0x1c9/0x500 [ 180.027967] __devm_drm_bridge_alloc+0x33/0x170 [ 180.028248] drm_test_bridge_init+0x188/0x5c0 [ 180.028456] drm_test_drm_bridge_get_current_state_atomic+0xea/0x870 [ 180.028695] kunit_try_run_case+0x1a5/0x480 [ 180.028891] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 180.029136] kthread+0x337/0x6f0 [ 180.029305] ret_from_fork+0x116/0x1d0 [ 180.029624] ret_from_fork_asm+0x1a/0x30 [ 180.030050] [ 180.030324] Freed by task 1610: [ 180.030618] kasan_save_stack+0x45/0x70 [ 180.030947] kasan_save_track+0x18/0x40 [ 180.031342] kasan_save_free_info+0x3f/0x60 [ 180.031752] __kasan_slab_free+0x56/0x70 [ 180.032147] kfree+0x222/0x3f0 [ 180.032463] drm_bridge_put.part.0+0xc7/0x100 [ 180.032828] drm_bridge_put_void+0x17/0x30 [ 180.033267] devm_action_release+0x50/0x80 [ 180.033503] devres_release_all+0x186/0x240 [ 180.033896] device_unbind_cleanup+0x1b/0x1b0 [ 180.034341] device_release_driver_internal+0x3e4/0x540 [ 180.034736] device_release_driver+0x16/0x20 [ 180.035034] bus_remove_device+0x1e9/0x3d0 [ 180.035417] device_del+0x397/0x980 [ 180.035685] device_unregister+0x1b/0xa0 [ 180.036039] device_unregister_wrapper+0x12/0x20 [ 180.036396] __kunit_action_free+0x57/0x70 [ 180.036741] kunit_remove_resource+0x133/0x200 [ 180.037134] kunit_cleanup+0x7a/0x120 [ 180.037512] kunit_try_run_case_cleanup+0xbd/0xf0 [ 180.037827] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 180.038318] kthread+0x337/0x6f0 [ 180.038550] ret_from_fork+0x116/0x1d0 [ 180.038730] ret_from_fork_asm+0x1a/0x30 [ 180.038919] [ 180.039027] The buggy address belongs to the object at ffff88810769ac00 [ 180.039027] which belongs to the cache kmalloc-512 of size 512 [ 180.039447] The buggy address is located 112 bytes inside of [ 180.039447] freed 512-byte region [ffff88810769ac00, ffff88810769ae00) [ 180.040385] [ 180.040584] The buggy address belongs to the physical page: [ 180.041010] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107698 [ 180.041792] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 180.042454] flags: 0x200000000000040(head|node=0|zone=2) [ 180.042945] page_type: f5(slab) [ 180.043260] raw: 0200000000000040 ffff888100041c80 dead000000000122 0000000000000000 [ 180.044180] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 180.044626] head: 0200000000000040 ffff888100041c80 dead000000000122 0000000000000000 [ 180.045208] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 180.045677] head: 0200000000000002 ffffea00041da601 00000000ffffffff 00000000ffffffff [ 180.046131] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 180.047692] page dumped because: kasan: bad access detected [ 180.048220] [ 180.048402] Memory state around the buggy address: [ 180.048820] ffff88810769ab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 180.049489] ffff88810769ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 180.049937] >ffff88810769ac00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 180.050213] ^ [ 180.050464] ffff88810769ac80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 180.050942] ffff88810769ad00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 180.051379] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 30.817923] ================================================================== [ 30.818950] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 30.819586] Write of size 1 at addr ffff888102337178 by task kunit_try_catch/314 [ 30.820128] [ 30.820384] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 30.820506] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.820539] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.820588] Call Trace: [ 30.820634] <TASK> [ 30.820681] dump_stack_lvl+0x73/0xb0 [ 30.820751] print_report+0xd1/0x650 [ 30.820805] ? __virt_addr_valid+0x1db/0x2d0 [ 30.820853] ? strncpy_from_user+0x1a5/0x1d0 [ 30.820899] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.820949] ? strncpy_from_user+0x1a5/0x1d0 [ 30.821003] kasan_report+0x141/0x180 [ 30.821057] ? strncpy_from_user+0x1a5/0x1d0 [ 30.821117] __asan_report_store1_noabort+0x1b/0x30 [ 30.821208] strncpy_from_user+0x1a5/0x1d0 [ 30.821269] copy_user_test_oob+0x760/0x10f0 [ 30.821320] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.821368] ? finish_task_switch.isra.0+0x153/0x700 [ 30.821420] ? __switch_to+0x47/0xf50 [ 30.821490] ? __schedule+0x10cc/0x2b60 [ 30.821540] ? __pfx_read_tsc+0x10/0x10 [ 30.821581] ? ktime_get_ts64+0x86/0x230 [ 30.821638] kunit_try_run_case+0x1a5/0x480 [ 30.821698] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.821739] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.821767] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.821793] ? __kthread_parkme+0x82/0x180 [ 30.821819] ? preempt_count_sub+0x50/0x80 [ 30.821845] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.821873] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.821900] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.821926] kthread+0x337/0x6f0 [ 30.821949] ? trace_preempt_on+0x20/0xc0 [ 30.821975] ? __pfx_kthread+0x10/0x10 [ 30.821999] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.822032] ? calculate_sigpending+0x7b/0xa0 [ 30.822066] ? __pfx_kthread+0x10/0x10 [ 30.822091] ret_from_fork+0x116/0x1d0 [ 30.822112] ? __pfx_kthread+0x10/0x10 [ 30.822136] ret_from_fork_asm+0x1a/0x30 [ 30.822206] </TASK> [ 30.822223] [ 30.834781] Allocated by task 314: [ 30.835147] kasan_save_stack+0x45/0x70 [ 30.836063] kasan_save_track+0x18/0x40 [ 30.836273] kasan_save_alloc_info+0x3b/0x50 [ 30.836700] __kasan_kmalloc+0xb7/0xc0 [ 30.837017] __kmalloc_noprof+0x1c9/0x500 [ 30.837248] kunit_kmalloc_array+0x25/0x60 [ 30.837587] copy_user_test_oob+0xab/0x10f0 [ 30.837820] kunit_try_run_case+0x1a5/0x480 [ 30.838384] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.838681] kthread+0x337/0x6f0 [ 30.838860] ret_from_fork+0x116/0x1d0 [ 30.839025] ret_from_fork_asm+0x1a/0x30 [ 30.839297] [ 30.839485] The buggy address belongs to the object at ffff888102337100 [ 30.839485] which belongs to the cache kmalloc-128 of size 128 [ 30.840388] The buggy address is located 0 bytes to the right of [ 30.840388] allocated 120-byte region [ffff888102337100, ffff888102337178) [ 30.840963] [ 30.841211] The buggy address belongs to the physical page: [ 30.841777] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102337 [ 30.842500] flags: 0x200000000000000(node=0|zone=2) [ 30.842886] page_type: f5(slab) [ 30.843074] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.843677] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.844341] page dumped because: kasan: bad access detected [ 30.844559] [ 30.844744] Memory state around the buggy address: [ 30.845150] ffff888102337000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.845659] ffff888102337080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.846043] >ffff888102337100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.846699] ^ [ 30.847308] ffff888102337180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.847572] ffff888102337200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.848083] ================================================================== [ 30.788161] ================================================================== [ 30.788786] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 30.789103] Write of size 121 at addr ffff888102337100 by task kunit_try_catch/314 [ 30.789546] [ 30.789797] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 30.789883] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.789907] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.789945] Call Trace: [ 30.789984] <TASK> [ 30.790019] dump_stack_lvl+0x73/0xb0 [ 30.790082] print_report+0xd1/0x650 [ 30.790131] ? __virt_addr_valid+0x1db/0x2d0 [ 30.790175] ? strncpy_from_user+0x2e/0x1d0 [ 30.790216] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.790264] ? strncpy_from_user+0x2e/0x1d0 [ 30.790312] kasan_report+0x141/0x180 [ 30.790358] ? strncpy_from_user+0x2e/0x1d0 [ 30.790490] kasan_check_range+0x10c/0x1c0 [ 30.790571] __kasan_check_write+0x18/0x20 [ 30.790648] strncpy_from_user+0x2e/0x1d0 [ 30.790718] ? __kasan_check_read+0x15/0x20 [ 30.790771] copy_user_test_oob+0x760/0x10f0 [ 30.790831] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.790903] ? finish_task_switch.isra.0+0x153/0x700 [ 30.790979] ? __switch_to+0x47/0xf50 [ 30.791061] ? __schedule+0x10cc/0x2b60 [ 30.791129] ? __pfx_read_tsc+0x10/0x10 [ 30.791170] ? ktime_get_ts64+0x86/0x230 [ 30.791224] kunit_try_run_case+0x1a5/0x480 [ 30.791278] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.791329] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.791382] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.791438] ? __kthread_parkme+0x82/0x180 [ 30.791503] ? preempt_count_sub+0x50/0x80 [ 30.791560] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.791620] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.791676] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.791732] kthread+0x337/0x6f0 [ 30.791779] ? trace_preempt_on+0x20/0xc0 [ 30.791830] ? __pfx_kthread+0x10/0x10 [ 30.791881] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.791935] ? calculate_sigpending+0x7b/0xa0 [ 30.791990] ? __pfx_kthread+0x10/0x10 [ 30.792031] ret_from_fork+0x116/0x1d0 [ 30.792072] ? __pfx_kthread+0x10/0x10 [ 30.792116] ret_from_fork_asm+0x1a/0x30 [ 30.792230] </TASK> [ 30.792259] [ 30.803111] Allocated by task 314: [ 30.803346] kasan_save_stack+0x45/0x70 [ 30.803699] kasan_save_track+0x18/0x40 [ 30.804029] kasan_save_alloc_info+0x3b/0x50 [ 30.804526] __kasan_kmalloc+0xb7/0xc0 [ 30.804863] __kmalloc_noprof+0x1c9/0x500 [ 30.805245] kunit_kmalloc_array+0x25/0x60 [ 30.805469] copy_user_test_oob+0xab/0x10f0 [ 30.805866] kunit_try_run_case+0x1a5/0x480 [ 30.806153] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.806517] kthread+0x337/0x6f0 [ 30.806690] ret_from_fork+0x116/0x1d0 [ 30.806868] ret_from_fork_asm+0x1a/0x30 [ 30.807058] [ 30.807252] The buggy address belongs to the object at ffff888102337100 [ 30.807252] which belongs to the cache kmalloc-128 of size 128 [ 30.807766] The buggy address is located 0 bytes inside of [ 30.807766] allocated 120-byte region [ffff888102337100, ffff888102337178) [ 30.808152] [ 30.808255] The buggy address belongs to the physical page: [ 30.808451] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102337 [ 30.808819] flags: 0x200000000000000(node=0|zone=2) [ 30.809068] page_type: f5(slab) [ 30.811675] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.812002] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.812292] page dumped because: kasan: bad access detected [ 30.812517] [ 30.812619] Memory state around the buggy address: [ 30.812823] ffff888102337000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.813092] ffff888102337080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.813358] >ffff888102337100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.814586] ^ [ 30.815117] ffff888102337180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.816081] ffff888102337200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.816657] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 30.729477] ================================================================== [ 30.730639] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 30.731290] Write of size 121 at addr ffff888102337100 by task kunit_try_catch/314 [ 30.731874] [ 30.732108] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 30.732253] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.732289] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.732345] Call Trace: [ 30.732395] <TASK> [ 30.732450] dump_stack_lvl+0x73/0xb0 [ 30.732529] print_report+0xd1/0x650 [ 30.732580] ? __virt_addr_valid+0x1db/0x2d0 [ 30.732645] ? copy_user_test_oob+0x557/0x10f0 [ 30.732722] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.732800] ? copy_user_test_oob+0x557/0x10f0 [ 30.732864] kasan_report+0x141/0x180 [ 30.732934] ? copy_user_test_oob+0x557/0x10f0 [ 30.733004] kasan_check_range+0x10c/0x1c0 [ 30.733063] __kasan_check_write+0x18/0x20 [ 30.733119] copy_user_test_oob+0x557/0x10f0 [ 30.733174] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.733220] ? finish_task_switch.isra.0+0x153/0x700 [ 30.733272] ? __switch_to+0x47/0xf50 [ 30.733333] ? __schedule+0x10cc/0x2b60 [ 30.733387] ? __pfx_read_tsc+0x10/0x10 [ 30.733437] ? ktime_get_ts64+0x86/0x230 [ 30.733665] kunit_try_run_case+0x1a5/0x480 [ 30.734578] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.734644] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.734703] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.734759] ? __kthread_parkme+0x82/0x180 [ 30.734814] ? preempt_count_sub+0x50/0x80 [ 30.734870] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.734929] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.734986] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.735043] kthread+0x337/0x6f0 [ 30.735092] ? trace_preempt_on+0x20/0xc0 [ 30.736087] ? __pfx_kthread+0x10/0x10 [ 30.736222] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.736281] ? calculate_sigpending+0x7b/0xa0 [ 30.736343] ? __pfx_kthread+0x10/0x10 [ 30.736396] ret_from_fork+0x116/0x1d0 [ 30.736458] ? __pfx_kthread+0x10/0x10 [ 30.736513] ret_from_fork_asm+0x1a/0x30 [ 30.736587] </TASK> [ 30.736620] [ 30.746193] Allocated by task 314: [ 30.746434] kasan_save_stack+0x45/0x70 [ 30.746877] kasan_save_track+0x18/0x40 [ 30.747243] kasan_save_alloc_info+0x3b/0x50 [ 30.747623] __kasan_kmalloc+0xb7/0xc0 [ 30.747953] __kmalloc_noprof+0x1c9/0x500 [ 30.748260] kunit_kmalloc_array+0x25/0x60 [ 30.748553] copy_user_test_oob+0xab/0x10f0 [ 30.748912] kunit_try_run_case+0x1a5/0x480 [ 30.749109] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.749368] kthread+0x337/0x6f0 [ 30.749668] ret_from_fork+0x116/0x1d0 [ 30.749982] ret_from_fork_asm+0x1a/0x30 [ 30.750365] [ 30.750549] The buggy address belongs to the object at ffff888102337100 [ 30.750549] which belongs to the cache kmalloc-128 of size 128 [ 30.751337] The buggy address is located 0 bytes inside of [ 30.751337] allocated 120-byte region [ffff888102337100, ffff888102337178) [ 30.751837] [ 30.751947] The buggy address belongs to the physical page: [ 30.752210] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102337 [ 30.752813] flags: 0x200000000000000(node=0|zone=2) [ 30.753252] page_type: f5(slab) [ 30.753558] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.754166] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.754462] page dumped because: kasan: bad access detected [ 30.754723] [ 30.754883] Memory state around the buggy address: [ 30.755300] ffff888102337000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.755843] ffff888102337080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.756232] >ffff888102337100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.756718] ^ [ 30.756990] ffff888102337180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.757286] ffff888102337200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.757681] ================================================================== [ 30.759374] ================================================================== [ 30.760088] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 30.760730] Read of size 121 at addr ffff888102337100 by task kunit_try_catch/314 [ 30.761130] [ 30.761319] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 30.761437] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.761478] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.761529] Call Trace: [ 30.761575] <TASK> [ 30.761624] dump_stack_lvl+0x73/0xb0 [ 30.761703] print_report+0xd1/0x650 [ 30.761787] ? __virt_addr_valid+0x1db/0x2d0 [ 30.761843] ? copy_user_test_oob+0x604/0x10f0 [ 30.761899] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.761952] ? copy_user_test_oob+0x604/0x10f0 [ 30.762000] kasan_report+0x141/0x180 [ 30.762063] ? copy_user_test_oob+0x604/0x10f0 [ 30.762131] kasan_check_range+0x10c/0x1c0 [ 30.762227] __kasan_check_read+0x15/0x20 [ 30.762282] copy_user_test_oob+0x604/0x10f0 [ 30.762343] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.762396] ? finish_task_switch.isra.0+0x153/0x700 [ 30.762463] ? __switch_to+0x47/0xf50 [ 30.762519] ? __schedule+0x10cc/0x2b60 [ 30.762563] ? __pfx_read_tsc+0x10/0x10 [ 30.762610] ? ktime_get_ts64+0x86/0x230 [ 30.762662] kunit_try_run_case+0x1a5/0x480 [ 30.762746] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.762794] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.762856] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.762910] ? __kthread_parkme+0x82/0x180 [ 30.762957] ? preempt_count_sub+0x50/0x80 [ 30.763006] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.763053] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.763098] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.763179] kthread+0x337/0x6f0 [ 30.763228] ? trace_preempt_on+0x20/0xc0 [ 30.763281] ? __pfx_kthread+0x10/0x10 [ 30.763329] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.763377] ? calculate_sigpending+0x7b/0xa0 [ 30.763433] ? __pfx_kthread+0x10/0x10 [ 30.763495] ret_from_fork+0x116/0x1d0 [ 30.763536] ? __pfx_kthread+0x10/0x10 [ 30.763585] ret_from_fork_asm+0x1a/0x30 [ 30.763656] </TASK> [ 30.763690] [ 30.775393] Allocated by task 314: [ 30.775652] kasan_save_stack+0x45/0x70 [ 30.776058] kasan_save_track+0x18/0x40 [ 30.776392] kasan_save_alloc_info+0x3b/0x50 [ 30.776608] __kasan_kmalloc+0xb7/0xc0 [ 30.776915] __kmalloc_noprof+0x1c9/0x500 [ 30.777170] kunit_kmalloc_array+0x25/0x60 [ 30.777562] copy_user_test_oob+0xab/0x10f0 [ 30.777788] kunit_try_run_case+0x1a5/0x480 [ 30.777983] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.778476] kthread+0x337/0x6f0 [ 30.778787] ret_from_fork+0x116/0x1d0 [ 30.779026] ret_from_fork_asm+0x1a/0x30 [ 30.779303] [ 30.779402] The buggy address belongs to the object at ffff888102337100 [ 30.779402] which belongs to the cache kmalloc-128 of size 128 [ 30.779993] The buggy address is located 0 bytes inside of [ 30.779993] allocated 120-byte region [ffff888102337100, ffff888102337178) [ 30.780867] [ 30.781074] The buggy address belongs to the physical page: [ 30.781399] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102337 [ 30.781756] flags: 0x200000000000000(node=0|zone=2) [ 30.781982] page_type: f5(slab) [ 30.782169] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.782775] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.783364] page dumped because: kasan: bad access detected [ 30.783724] [ 30.783885] Memory state around the buggy address: [ 30.784095] ffff888102337000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.784555] ffff888102337080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.784932] >ffff888102337100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.785449] ^ [ 30.785749] ffff888102337180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.786033] ffff888102337200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.786611] ================================================================== [ 30.701597] ================================================================== [ 30.702281] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 30.702867] Read of size 121 at addr ffff888102337100 by task kunit_try_catch/314 [ 30.703313] [ 30.703525] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 30.703644] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.703679] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.703732] Call Trace: [ 30.703780] <TASK> [ 30.703829] dump_stack_lvl+0x73/0xb0 [ 30.703906] print_report+0xd1/0x650 [ 30.703963] ? __virt_addr_valid+0x1db/0x2d0 [ 30.704015] ? copy_user_test_oob+0x4aa/0x10f0 [ 30.704076] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.704146] ? copy_user_test_oob+0x4aa/0x10f0 [ 30.704195] kasan_report+0x141/0x180 [ 30.704248] ? copy_user_test_oob+0x4aa/0x10f0 [ 30.704311] kasan_check_range+0x10c/0x1c0 [ 30.704362] __kasan_check_read+0x15/0x20 [ 30.704417] copy_user_test_oob+0x4aa/0x10f0 [ 30.704492] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.704544] ? finish_task_switch.isra.0+0x153/0x700 [ 30.704597] ? __switch_to+0x47/0xf50 [ 30.704668] ? __schedule+0x10cc/0x2b60 [ 30.704737] ? __pfx_read_tsc+0x10/0x10 [ 30.704789] ? ktime_get_ts64+0x86/0x230 [ 30.704840] kunit_try_run_case+0x1a5/0x480 [ 30.704895] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.704953] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.705006] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.705077] ? __kthread_parkme+0x82/0x180 [ 30.705130] ? preempt_count_sub+0x50/0x80 [ 30.705178] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.705240] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.705311] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.705367] kthread+0x337/0x6f0 [ 30.705415] ? trace_preempt_on+0x20/0xc0 [ 30.705486] ? __pfx_kthread+0x10/0x10 [ 30.705533] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.705601] ? calculate_sigpending+0x7b/0xa0 [ 30.705652] ? __pfx_kthread+0x10/0x10 [ 30.705703] ret_from_fork+0x116/0x1d0 [ 30.705758] ? __pfx_kthread+0x10/0x10 [ 30.705825] ret_from_fork_asm+0x1a/0x30 [ 30.705900] </TASK> [ 30.705932] [ 30.715980] Allocated by task 314: [ 30.716501] kasan_save_stack+0x45/0x70 [ 30.716932] kasan_save_track+0x18/0x40 [ 30.717288] kasan_save_alloc_info+0x3b/0x50 [ 30.717596] __kasan_kmalloc+0xb7/0xc0 [ 30.717789] __kmalloc_noprof+0x1c9/0x500 [ 30.717975] kunit_kmalloc_array+0x25/0x60 [ 30.718187] copy_user_test_oob+0xab/0x10f0 [ 30.718586] kunit_try_run_case+0x1a5/0x480 [ 30.718953] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.719438] kthread+0x337/0x6f0 [ 30.719746] ret_from_fork+0x116/0x1d0 [ 30.720071] ret_from_fork_asm+0x1a/0x30 [ 30.720462] [ 30.720592] The buggy address belongs to the object at ffff888102337100 [ 30.720592] which belongs to the cache kmalloc-128 of size 128 [ 30.721133] The buggy address is located 0 bytes inside of [ 30.721133] allocated 120-byte region [ffff888102337100, ffff888102337178) [ 30.721934] [ 30.722134] The buggy address belongs to the physical page: [ 30.722372] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102337 [ 30.722928] flags: 0x200000000000000(node=0|zone=2) [ 30.723436] page_type: f5(slab) [ 30.723617] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.724107] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.724606] page dumped because: kasan: bad access detected [ 30.724839] [ 30.725009] Memory state around the buggy address: [ 30.725409] ffff888102337000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.725812] ffff888102337080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.726292] >ffff888102337100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.726743] ^ [ 30.727015] ffff888102337180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.727275] ffff888102337200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.727543] ================================================================== [ 30.674748] ================================================================== [ 30.675199] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 30.675603] Write of size 121 at addr ffff888102337100 by task kunit_try_catch/314 [ 30.676209] [ 30.676412] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 30.676538] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.676572] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.676627] Call Trace: [ 30.676669] <TASK> [ 30.676713] dump_stack_lvl+0x73/0xb0 [ 30.676802] print_report+0xd1/0x650 [ 30.676874] ? __virt_addr_valid+0x1db/0x2d0 [ 30.676936] ? copy_user_test_oob+0x3fd/0x10f0 [ 30.677002] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.677065] ? copy_user_test_oob+0x3fd/0x10f0 [ 30.677121] kasan_report+0x141/0x180 [ 30.677169] ? copy_user_test_oob+0x3fd/0x10f0 [ 30.677228] kasan_check_range+0x10c/0x1c0 [ 30.677276] __kasan_check_write+0x18/0x20 [ 30.677327] copy_user_test_oob+0x3fd/0x10f0 [ 30.677386] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.677435] ? finish_task_switch.isra.0+0x153/0x700 [ 30.677506] ? __switch_to+0x47/0xf50 [ 30.677564] ? __schedule+0x10cc/0x2b60 [ 30.677615] ? __pfx_read_tsc+0x10/0x10 [ 30.677661] ? ktime_get_ts64+0x86/0x230 [ 30.677730] kunit_try_run_case+0x1a5/0x480 [ 30.677811] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.677858] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.677901] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.677936] ? __kthread_parkme+0x82/0x180 [ 30.677962] ? preempt_count_sub+0x50/0x80 [ 30.677989] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.678016] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.678058] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.678086] kthread+0x337/0x6f0 [ 30.678110] ? trace_preempt_on+0x20/0xc0 [ 30.678138] ? __pfx_kthread+0x10/0x10 [ 30.678176] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.678212] ? calculate_sigpending+0x7b/0xa0 [ 30.678241] ? __pfx_kthread+0x10/0x10 [ 30.678266] ret_from_fork+0x116/0x1d0 [ 30.678289] ? __pfx_kthread+0x10/0x10 [ 30.678313] ret_from_fork_asm+0x1a/0x30 [ 30.678349] </TASK> [ 30.678366] [ 30.688340] Allocated by task 314: [ 30.688616] kasan_save_stack+0x45/0x70 [ 30.688865] kasan_save_track+0x18/0x40 [ 30.689045] kasan_save_alloc_info+0x3b/0x50 [ 30.689407] __kasan_kmalloc+0xb7/0xc0 [ 30.689744] __kmalloc_noprof+0x1c9/0x500 [ 30.690091] kunit_kmalloc_array+0x25/0x60 [ 30.690411] copy_user_test_oob+0xab/0x10f0 [ 30.690623] kunit_try_run_case+0x1a5/0x480 [ 30.690820] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.691044] kthread+0x337/0x6f0 [ 30.691448] ret_from_fork+0x116/0x1d0 [ 30.691793] ret_from_fork_asm+0x1a/0x30 [ 30.692182] [ 30.692377] The buggy address belongs to the object at ffff888102337100 [ 30.692377] which belongs to the cache kmalloc-128 of size 128 [ 30.693353] The buggy address is located 0 bytes inside of [ 30.693353] allocated 120-byte region [ffff888102337100, ffff888102337178) [ 30.694052] [ 30.694300] The buggy address belongs to the physical page: [ 30.694751] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102337 [ 30.695187] flags: 0x200000000000000(node=0|zone=2) [ 30.695629] page_type: f5(slab) [ 30.695908] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.696372] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.696827] page dumped because: kasan: bad access detected [ 30.697153] [ 30.697340] Memory state around the buggy address: [ 30.697559] ffff888102337000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.698098] ffff888102337080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.698571] >ffff888102337100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.698852] ^ [ 30.699123] ffff888102337180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.699382] ffff888102337200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.699930] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-_copy_to_user
[ 30.639148] ================================================================== [ 30.639563] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70 [ 30.640015] Read of size 121 at addr ffff888102337100 by task kunit_try_catch/314 [ 30.640285] [ 30.640756] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 30.640895] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.640928] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.640978] Call Trace: [ 30.641022] <TASK> [ 30.641069] dump_stack_lvl+0x73/0xb0 [ 30.641150] print_report+0xd1/0x650 [ 30.641199] ? __virt_addr_valid+0x1db/0x2d0 [ 30.641249] ? _copy_to_user+0x3c/0x70 [ 30.641291] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.641348] ? _copy_to_user+0x3c/0x70 [ 30.641393] kasan_report+0x141/0x180 [ 30.641453] ? _copy_to_user+0x3c/0x70 [ 30.641502] kasan_check_range+0x10c/0x1c0 [ 30.641581] __kasan_check_read+0x15/0x20 [ 30.641661] _copy_to_user+0x3c/0x70 [ 30.641714] copy_user_test_oob+0x364/0x10f0 [ 30.641780] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.641828] ? finish_task_switch.isra.0+0x153/0x700 [ 30.641859] ? __switch_to+0x47/0xf50 [ 30.641891] ? __schedule+0x10cc/0x2b60 [ 30.641919] ? __pfx_read_tsc+0x10/0x10 [ 30.641944] ? ktime_get_ts64+0x86/0x230 [ 30.641976] kunit_try_run_case+0x1a5/0x480 [ 30.642004] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.642040] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.642070] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.642097] ? __kthread_parkme+0x82/0x180 [ 30.642123] ? preempt_count_sub+0x50/0x80 [ 30.642172] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.642210] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.642239] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.642268] kthread+0x337/0x6f0 [ 30.642291] ? trace_preempt_on+0x20/0xc0 [ 30.642320] ? __pfx_kthread+0x10/0x10 [ 30.642345] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.642369] ? calculate_sigpending+0x7b/0xa0 [ 30.642398] ? __pfx_kthread+0x10/0x10 [ 30.642423] ret_from_fork+0x116/0x1d0 [ 30.642463] ? __pfx_kthread+0x10/0x10 [ 30.642491] ret_from_fork_asm+0x1a/0x30 [ 30.642526] </TASK> [ 30.642542] [ 30.654466] Allocated by task 314: [ 30.654853] kasan_save_stack+0x45/0x70 [ 30.655159] kasan_save_track+0x18/0x40 [ 30.655685] kasan_save_alloc_info+0x3b/0x50 [ 30.656100] __kasan_kmalloc+0xb7/0xc0 [ 30.656287] __kmalloc_noprof+0x1c9/0x500 [ 30.656648] kunit_kmalloc_array+0x25/0x60 [ 30.657015] copy_user_test_oob+0xab/0x10f0 [ 30.657379] kunit_try_run_case+0x1a5/0x480 [ 30.658116] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.658405] kthread+0x337/0x6f0 [ 30.658727] ret_from_fork+0x116/0x1d0 [ 30.659279] ret_from_fork_asm+0x1a/0x30 [ 30.659648] [ 30.659822] The buggy address belongs to the object at ffff888102337100 [ 30.659822] which belongs to the cache kmalloc-128 of size 128 [ 30.660686] The buggy address is located 0 bytes inside of [ 30.660686] allocated 120-byte region [ffff888102337100, ffff888102337178) [ 30.661460] [ 30.661643] The buggy address belongs to the physical page: [ 30.662065] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102337 [ 30.662623] flags: 0x200000000000000(node=0|zone=2) [ 30.662852] page_type: f5(slab) [ 30.663144] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.663625] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.664167] page dumped because: kasan: bad access detected [ 30.664492] [ 30.664665] Memory state around the buggy address: [ 30.664934] ffff888102337000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.665343] ffff888102337080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.665847] >ffff888102337100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.666499] ^ [ 30.667124] ffff888102337180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.667708] ffff888102337200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.667867] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-_copy_from_user
[ 30.606348] ================================================================== [ 30.607022] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 30.607753] Write of size 121 at addr ffff888102337100 by task kunit_try_catch/314 [ 30.608341] [ 30.608801] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 30.608927] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.608960] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.609008] Call Trace: [ 30.609041] <TASK> [ 30.609090] dump_stack_lvl+0x73/0xb0 [ 30.609170] print_report+0xd1/0x650 [ 30.609218] ? __virt_addr_valid+0x1db/0x2d0 [ 30.609273] ? _copy_from_user+0x32/0x90 [ 30.609318] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.609369] ? _copy_from_user+0x32/0x90 [ 30.609412] kasan_report+0x141/0x180 [ 30.609475] ? _copy_from_user+0x32/0x90 [ 30.609537] kasan_check_range+0x10c/0x1c0 [ 30.609594] __kasan_check_write+0x18/0x20 [ 30.609630] _copy_from_user+0x32/0x90 [ 30.609655] copy_user_test_oob+0x2be/0x10f0 [ 30.609687] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.609714] ? finish_task_switch.isra.0+0x153/0x700 [ 30.609744] ? __switch_to+0x47/0xf50 [ 30.609776] ? __schedule+0x10cc/0x2b60 [ 30.609803] ? __pfx_read_tsc+0x10/0x10 [ 30.609829] ? ktime_get_ts64+0x86/0x230 [ 30.609859] kunit_try_run_case+0x1a5/0x480 [ 30.609886] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.609913] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.609939] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.609966] ? __kthread_parkme+0x82/0x180 [ 30.609992] ? preempt_count_sub+0x50/0x80 [ 30.610018] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.610061] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.610089] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.610116] kthread+0x337/0x6f0 [ 30.610140] ? trace_preempt_on+0x20/0xc0 [ 30.610184] ? __pfx_kthread+0x10/0x10 [ 30.610212] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.610237] ? calculate_sigpending+0x7b/0xa0 [ 30.610265] ? __pfx_kthread+0x10/0x10 [ 30.610290] ret_from_fork+0x116/0x1d0 [ 30.610311] ? __pfx_kthread+0x10/0x10 [ 30.610335] ret_from_fork_asm+0x1a/0x30 [ 30.610370] </TASK> [ 30.610388] [ 30.620330] Allocated by task 314: [ 30.620712] kasan_save_stack+0x45/0x70 [ 30.621089] kasan_save_track+0x18/0x40 [ 30.621457] kasan_save_alloc_info+0x3b/0x50 [ 30.621838] __kasan_kmalloc+0xb7/0xc0 [ 30.622109] __kmalloc_noprof+0x1c9/0x500 [ 30.622426] kunit_kmalloc_array+0x25/0x60 [ 30.622792] copy_user_test_oob+0xab/0x10f0 [ 30.623121] kunit_try_run_case+0x1a5/0x480 [ 30.623483] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.623707] kthread+0x337/0x6f0 [ 30.623874] ret_from_fork+0x116/0x1d0 [ 30.624052] ret_from_fork_asm+0x1a/0x30 [ 30.624349] [ 30.624566] The buggy address belongs to the object at ffff888102337100 [ 30.624566] which belongs to the cache kmalloc-128 of size 128 [ 30.625431] The buggy address is located 0 bytes inside of [ 30.625431] allocated 120-byte region [ffff888102337100, ffff888102337178) [ 30.626134] [ 30.626294] The buggy address belongs to the physical page: [ 30.626640] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102337 [ 30.627133] flags: 0x200000000000000(node=0|zone=2) [ 30.627543] page_type: f5(slab) [ 30.627729] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.628015] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.628407] page dumped because: kasan: bad access detected [ 30.628897] [ 30.629080] Memory state around the buggy address: [ 30.629511] ffff888102337000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.630202] ffff888102337080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.630643] >ffff888102337100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.631132] ^ [ 30.631880] ffff888102337180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.632668] ffff888102337200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.632953] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 30.550202] ================================================================== [ 30.550799] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 30.551401] Write of size 8 at addr ffff888102b17878 by task kunit_try_catch/310 [ 30.551986] [ 30.552226] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 30.552359] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.552401] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.552462] Call Trace: [ 30.552509] <TASK> [ 30.552556] dump_stack_lvl+0x73/0xb0 [ 30.552633] print_report+0xd1/0x650 [ 30.552692] ? __virt_addr_valid+0x1db/0x2d0 [ 30.552747] ? copy_to_kernel_nofault+0x99/0x260 [ 30.552803] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.552849] ? copy_to_kernel_nofault+0x99/0x260 [ 30.552895] kasan_report+0x141/0x180 [ 30.552944] ? copy_to_kernel_nofault+0x99/0x260 [ 30.553026] kasan_check_range+0x10c/0x1c0 [ 30.553079] __kasan_check_write+0x18/0x20 [ 30.553146] copy_to_kernel_nofault+0x99/0x260 [ 30.553201] copy_to_kernel_nofault_oob+0x288/0x560 [ 30.553246] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 30.553285] ? finish_task_switch.isra.0+0x153/0x700 [ 30.553324] ? __schedule+0x10cc/0x2b60 [ 30.553363] ? trace_hardirqs_on+0x37/0xe0 [ 30.553419] ? __pfx_read_tsc+0x10/0x10 [ 30.553478] ? ktime_get_ts64+0x86/0x230 [ 30.553532] ? irqentry_exit+0x2a/0x60 [ 30.553589] kunit_try_run_case+0x1a5/0x480 [ 30.553644] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.553684] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.553725] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.553762] ? __kthread_parkme+0x82/0x180 [ 30.553800] ? preempt_count_sub+0x50/0x80 [ 30.553839] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.553876] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.553915] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.553952] kthread+0x337/0x6f0 [ 30.553983] ? trace_preempt_on+0x20/0xc0 [ 30.554017] ? __pfx_kthread+0x10/0x10 [ 30.554062] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.554100] ? calculate_sigpending+0x7b/0xa0 [ 30.554139] ? __pfx_kthread+0x10/0x10 [ 30.554180] ret_from_fork+0x116/0x1d0 [ 30.554208] ? __pfx_kthread+0x10/0x10 [ 30.554230] ret_from_fork_asm+0x1a/0x30 [ 30.554265] </TASK> [ 30.554279] [ 30.568319] Allocated by task 310: [ 30.568661] kasan_save_stack+0x45/0x70 [ 30.569787] kasan_save_track+0x18/0x40 [ 30.570038] kasan_save_alloc_info+0x3b/0x50 [ 30.570671] __kasan_kmalloc+0xb7/0xc0 [ 30.570995] __kmalloc_cache_noprof+0x189/0x420 [ 30.571452] copy_to_kernel_nofault_oob+0x12f/0x560 [ 30.572107] kunit_try_run_case+0x1a5/0x480 [ 30.572539] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.573095] kthread+0x337/0x6f0 [ 30.573378] ret_from_fork+0x116/0x1d0 [ 30.573795] ret_from_fork_asm+0x1a/0x30 [ 30.574382] [ 30.574533] The buggy address belongs to the object at ffff888102b17800 [ 30.574533] which belongs to the cache kmalloc-128 of size 128 [ 30.575939] The buggy address is located 0 bytes to the right of [ 30.575939] allocated 120-byte region [ffff888102b17800, ffff888102b17878) [ 30.576404] [ 30.576617] The buggy address belongs to the physical page: [ 30.577253] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b17 [ 30.578187] flags: 0x200000000000000(node=0|zone=2) [ 30.578716] page_type: f5(slab) [ 30.579148] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.579526] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.579804] page dumped because: kasan: bad access detected [ 30.580017] [ 30.580164] Memory state around the buggy address: [ 30.580550] ffff888102b17700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.581085] ffff888102b17780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.582598] >ffff888102b17800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.583056] ^ [ 30.583570] ffff888102b17880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.584300] ffff888102b17900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.584846] ================================================================== [ 30.517295] ================================================================== [ 30.518626] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 30.519087] Read of size 8 at addr ffff888102b17878 by task kunit_try_catch/310 [ 30.519544] [ 30.519711] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 30.519795] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.519813] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.519842] Call Trace: [ 30.519862] <TASK> [ 30.519893] dump_stack_lvl+0x73/0xb0 [ 30.519958] print_report+0xd1/0x650 [ 30.520015] ? __virt_addr_valid+0x1db/0x2d0 [ 30.520071] ? copy_to_kernel_nofault+0x225/0x260 [ 30.520126] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.520178] ? copy_to_kernel_nofault+0x225/0x260 [ 30.520224] kasan_report+0x141/0x180 [ 30.520251] ? copy_to_kernel_nofault+0x225/0x260 [ 30.520281] __asan_report_load8_noabort+0x18/0x20 [ 30.520308] copy_to_kernel_nofault+0x225/0x260 [ 30.520336] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 30.520362] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 30.520388] ? finish_task_switch.isra.0+0x153/0x700 [ 30.520416] ? __schedule+0x10cc/0x2b60 [ 30.520476] ? trace_hardirqs_on+0x37/0xe0 [ 30.520546] ? __pfx_read_tsc+0x10/0x10 [ 30.520587] ? ktime_get_ts64+0x86/0x230 [ 30.520656] ? irqentry_exit+0x2a/0x60 [ 30.520707] kunit_try_run_case+0x1a5/0x480 [ 30.520762] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.520811] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.520863] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.520917] ? __kthread_parkme+0x82/0x180 [ 30.520970] ? preempt_count_sub+0x50/0x80 [ 30.521026] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.521084] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.521141] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.521195] kthread+0x337/0x6f0 [ 30.521244] ? trace_preempt_on+0x20/0xc0 [ 30.521300] ? __pfx_kthread+0x10/0x10 [ 30.521345] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.521385] ? calculate_sigpending+0x7b/0xa0 [ 30.521430] ? __pfx_kthread+0x10/0x10 [ 30.521486] ret_from_fork+0x116/0x1d0 [ 30.521517] ? __pfx_kthread+0x10/0x10 [ 30.521541] ret_from_fork_asm+0x1a/0x30 [ 30.521604] </TASK> [ 30.521633] [ 30.534232] Allocated by task 310: [ 30.534491] kasan_save_stack+0x45/0x70 [ 30.535105] kasan_save_track+0x18/0x40 [ 30.535485] kasan_save_alloc_info+0x3b/0x50 [ 30.535864] __kasan_kmalloc+0xb7/0xc0 [ 30.536231] __kmalloc_cache_noprof+0x189/0x420 [ 30.536790] copy_to_kernel_nofault_oob+0x12f/0x560 [ 30.537145] kunit_try_run_case+0x1a5/0x480 [ 30.537389] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.537855] kthread+0x337/0x6f0 [ 30.538172] ret_from_fork+0x116/0x1d0 [ 30.538508] ret_from_fork_asm+0x1a/0x30 [ 30.538850] [ 30.539151] The buggy address belongs to the object at ffff888102b17800 [ 30.539151] which belongs to the cache kmalloc-128 of size 128 [ 30.539980] The buggy address is located 0 bytes to the right of [ 30.539980] allocated 120-byte region [ffff888102b17800, ffff888102b17878) [ 30.540656] [ 30.540910] The buggy address belongs to the physical page: [ 30.541382] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b17 [ 30.541714] flags: 0x200000000000000(node=0|zone=2) [ 30.541939] page_type: f5(slab) [ 30.542123] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.542687] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.543470] page dumped because: kasan: bad access detected [ 30.544272] [ 30.544494] Memory state around the buggy address: [ 30.544947] ffff888102b17700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.545368] ffff888102b17780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.546065] >ffff888102b17800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.546603] ^ [ 30.547115] ffff888102b17880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.547388] ffff888102b17900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.547661] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 30.010927] ================================================================== [ 30.011434] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1c18/0x5450 [ 30.012026] Write of size 8 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 30.012530] [ 30.012973] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 30.013046] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.013063] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.013091] Call Trace: [ 30.013118] <TASK> [ 30.013149] dump_stack_lvl+0x73/0xb0 [ 30.013210] print_report+0xd1/0x650 [ 30.013255] ? __virt_addr_valid+0x1db/0x2d0 [ 30.013304] ? kasan_atomics_helper+0x1c18/0x5450 [ 30.013349] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.013578] ? kasan_atomics_helper+0x1c18/0x5450 [ 30.013685] kasan_report+0x141/0x180 [ 30.013772] ? kasan_atomics_helper+0x1c18/0x5450 [ 30.013851] kasan_check_range+0x10c/0x1c0 [ 30.013909] __kasan_check_write+0x18/0x20 [ 30.013954] kasan_atomics_helper+0x1c18/0x5450 [ 30.014002] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.014062] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.014114] ? kasan_atomics+0x152/0x310 [ 30.014188] kasan_atomics+0x1dc/0x310 [ 30.014236] ? __pfx_kasan_atomics+0x10/0x10 [ 30.014283] ? __pfx_read_tsc+0x10/0x10 [ 30.014325] ? ktime_get_ts64+0x86/0x230 [ 30.014387] kunit_try_run_case+0x1a5/0x480 [ 30.014460] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.014516] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.014564] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.014603] ? __kthread_parkme+0x82/0x180 [ 30.014630] ? preempt_count_sub+0x50/0x80 [ 30.014669] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.014697] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.014724] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.014751] kthread+0x337/0x6f0 [ 30.014773] ? trace_preempt_on+0x20/0xc0 [ 30.014801] ? __pfx_kthread+0x10/0x10 [ 30.014825] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.014850] ? calculate_sigpending+0x7b/0xa0 [ 30.014878] ? __pfx_kthread+0x10/0x10 [ 30.014903] ret_from_fork+0x116/0x1d0 [ 30.014925] ? __pfx_kthread+0x10/0x10 [ 30.014947] ret_from_fork_asm+0x1a/0x30 [ 30.014982] </TASK> [ 30.014997] [ 30.023974] Allocated by task 294: [ 30.024362] kasan_save_stack+0x45/0x70 [ 30.024767] kasan_save_track+0x18/0x40 [ 30.025090] kasan_save_alloc_info+0x3b/0x50 [ 30.025471] __kasan_kmalloc+0xb7/0xc0 [ 30.025774] __kmalloc_cache_noprof+0x189/0x420 [ 30.026106] kasan_atomics+0x95/0x310 [ 30.026363] kunit_try_run_case+0x1a5/0x480 [ 30.026714] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.027013] kthread+0x337/0x6f0 [ 30.027231] ret_from_fork+0x116/0x1d0 [ 30.027418] ret_from_fork_asm+0x1a/0x30 [ 30.027611] [ 30.027765] The buggy address belongs to the object at ffff888102338080 [ 30.027765] which belongs to the cache kmalloc-64 of size 64 [ 30.028674] The buggy address is located 0 bytes to the right of [ 30.028674] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 30.029271] [ 30.029392] The buggy address belongs to the physical page: [ 30.029620] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 30.029916] flags: 0x200000000000000(node=0|zone=2) [ 30.030162] page_type: f5(slab) [ 30.030341] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.030863] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.031465] page dumped because: kasan: bad access detected [ 30.031904] [ 30.032042] Memory state around the buggy address: [ 30.032449] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.032992] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.033566] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.034104] ^ [ 30.034513] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.034943] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.035243] ================================================================== [ 30.036926] ================================================================== [ 30.038516] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f30/0x5450 [ 30.039128] Read of size 8 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 30.039760] [ 30.039971] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 30.040087] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.040119] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.040198] Call Trace: [ 30.040246] <TASK> [ 30.040293] dump_stack_lvl+0x73/0xb0 [ 30.040368] print_report+0xd1/0x650 [ 30.040425] ? __virt_addr_valid+0x1db/0x2d0 [ 30.040496] ? kasan_atomics_helper+0x4f30/0x5450 [ 30.040549] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.040610] ? kasan_atomics_helper+0x4f30/0x5450 [ 30.040664] kasan_report+0x141/0x180 [ 30.040717] ? kasan_atomics_helper+0x4f30/0x5450 [ 30.040782] __asan_report_load8_noabort+0x18/0x20 [ 30.040841] kasan_atomics_helper+0x4f30/0x5450 [ 30.040895] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.040949] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.041005] ? kasan_atomics+0x152/0x310 [ 30.041068] kasan_atomics+0x1dc/0x310 [ 30.041123] ? __pfx_kasan_atomics+0x10/0x10 [ 30.041207] ? __pfx_read_tsc+0x10/0x10 [ 30.041248] ? ktime_get_ts64+0x86/0x230 [ 30.041304] kunit_try_run_case+0x1a5/0x480 [ 30.041351] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.041391] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.041437] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.041500] ? __kthread_parkme+0x82/0x180 [ 30.041547] ? preempt_count_sub+0x50/0x80 [ 30.041601] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.041654] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.041709] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.041764] kthread+0x337/0x6f0 [ 30.041806] ? trace_preempt_on+0x20/0xc0 [ 30.041858] ? __pfx_kthread+0x10/0x10 [ 30.041908] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.041957] ? calculate_sigpending+0x7b/0xa0 [ 30.042008] ? __pfx_kthread+0x10/0x10 [ 30.042063] ret_from_fork+0x116/0x1d0 [ 30.042101] ? __pfx_kthread+0x10/0x10 [ 30.042174] ret_from_fork_asm+0x1a/0x30 [ 30.042251] </TASK> [ 30.042286] [ 30.054126] Allocated by task 294: [ 30.054499] kasan_save_stack+0x45/0x70 [ 30.054746] kasan_save_track+0x18/0x40 [ 30.055107] kasan_save_alloc_info+0x3b/0x50 [ 30.055333] __kasan_kmalloc+0xb7/0xc0 [ 30.055705] __kmalloc_cache_noprof+0x189/0x420 [ 30.055925] kasan_atomics+0x95/0x310 [ 30.056313] kunit_try_run_case+0x1a5/0x480 [ 30.056616] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.057034] kthread+0x337/0x6f0 [ 30.057413] ret_from_fork+0x116/0x1d0 [ 30.057827] ret_from_fork_asm+0x1a/0x30 [ 30.058267] [ 30.058516] The buggy address belongs to the object at ffff888102338080 [ 30.058516] which belongs to the cache kmalloc-64 of size 64 [ 30.059419] The buggy address is located 0 bytes to the right of [ 30.059419] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 30.060259] [ 30.060738] The buggy address belongs to the physical page: [ 30.060975] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 30.061876] flags: 0x200000000000000(node=0|zone=2) [ 30.062375] page_type: f5(slab) [ 30.062687] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.063103] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.063580] page dumped because: kasan: bad access detected [ 30.064074] [ 30.064183] Memory state around the buggy address: [ 30.064397] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.065108] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.065490] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.065977] ^ [ 30.066362] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.066838] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.067281] ================================================================== [ 30.307958] ================================================================== [ 30.308682] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x20c8/0x5450 [ 30.308952] Write of size 8 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 30.309486] [ 30.309710] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 30.309826] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.309858] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.309911] Call Trace: [ 30.309960] <TASK> [ 30.310005] dump_stack_lvl+0x73/0xb0 [ 30.310083] print_report+0xd1/0x650 [ 30.310132] ? __virt_addr_valid+0x1db/0x2d0 [ 30.310222] ? kasan_atomics_helper+0x20c8/0x5450 [ 30.310274] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.310334] ? kasan_atomics_helper+0x20c8/0x5450 [ 30.310388] kasan_report+0x141/0x180 [ 30.310448] ? kasan_atomics_helper+0x20c8/0x5450 [ 30.310512] kasan_check_range+0x10c/0x1c0 [ 30.310568] __kasan_check_write+0x18/0x20 [ 30.310624] kasan_atomics_helper+0x20c8/0x5450 [ 30.310676] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.310712] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.310741] ? kasan_atomics+0x152/0x310 [ 30.310772] kasan_atomics+0x1dc/0x310 [ 30.310797] ? __pfx_kasan_atomics+0x10/0x10 [ 30.310824] ? __pfx_read_tsc+0x10/0x10 [ 30.310848] ? ktime_get_ts64+0x86/0x230 [ 30.310879] kunit_try_run_case+0x1a5/0x480 [ 30.310908] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.310933] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.310959] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.310984] ? __kthread_parkme+0x82/0x180 [ 30.311008] ? preempt_count_sub+0x50/0x80 [ 30.311034] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.311060] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.311087] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.311113] kthread+0x337/0x6f0 [ 30.311134] ? trace_preempt_on+0x20/0xc0 [ 30.311193] ? __pfx_kthread+0x10/0x10 [ 30.311221] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.311245] ? calculate_sigpending+0x7b/0xa0 [ 30.311273] ? __pfx_kthread+0x10/0x10 [ 30.311297] ret_from_fork+0x116/0x1d0 [ 30.311319] ? __pfx_kthread+0x10/0x10 [ 30.311343] ret_from_fork_asm+0x1a/0x30 [ 30.311377] </TASK> [ 30.311392] [ 30.323306] Allocated by task 294: [ 30.323682] kasan_save_stack+0x45/0x70 [ 30.324078] kasan_save_track+0x18/0x40 [ 30.324460] kasan_save_alloc_info+0x3b/0x50 [ 30.324858] __kasan_kmalloc+0xb7/0xc0 [ 30.325209] __kmalloc_cache_noprof+0x189/0x420 [ 30.325615] kasan_atomics+0x95/0x310 [ 30.325955] kunit_try_run_case+0x1a5/0x480 [ 30.326364] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.326681] kthread+0x337/0x6f0 [ 30.326857] ret_from_fork+0x116/0x1d0 [ 30.327189] ret_from_fork_asm+0x1a/0x30 [ 30.327521] [ 30.327660] The buggy address belongs to the object at ffff888102338080 [ 30.327660] which belongs to the cache kmalloc-64 of size 64 [ 30.328207] The buggy address is located 0 bytes to the right of [ 30.328207] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 30.328942] [ 30.329059] The buggy address belongs to the physical page: [ 30.329475] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 30.329878] flags: 0x200000000000000(node=0|zone=2) [ 30.330312] page_type: f5(slab) [ 30.330617] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.330991] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.331324] page dumped because: kasan: bad access detected [ 30.331738] [ 30.331896] Memory state around the buggy address: [ 30.332199] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.332687] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.333027] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.333488] ^ [ 30.333699] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.334212] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.334709] ================================================================== [ 28.889912] ================================================================== [ 28.890683] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x7c7/0x5450 [ 28.891204] Write of size 4 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 28.891545] [ 28.891724] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 28.891840] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.891872] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.891919] Call Trace: [ 28.891965] <TASK> [ 28.892006] dump_stack_lvl+0x73/0xb0 [ 28.892063] print_report+0xd1/0x650 [ 28.892104] ? __virt_addr_valid+0x1db/0x2d0 [ 28.892151] ? kasan_atomics_helper+0x7c7/0x5450 [ 28.892199] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.892260] ? kasan_atomics_helper+0x7c7/0x5450 [ 28.892306] kasan_report+0x141/0x180 [ 28.892347] ? kasan_atomics_helper+0x7c7/0x5450 [ 28.892388] kasan_check_range+0x10c/0x1c0 [ 28.892423] __kasan_check_write+0x18/0x20 [ 28.892474] kasan_atomics_helper+0x7c7/0x5450 [ 28.892511] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.892548] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.892590] ? kasan_atomics+0x152/0x310 [ 28.892629] kasan_atomics+0x1dc/0x310 [ 28.892663] ? __pfx_kasan_atomics+0x10/0x10 [ 28.892702] ? __pfx_read_tsc+0x10/0x10 [ 28.892736] ? ktime_get_ts64+0x86/0x230 [ 28.892782] kunit_try_run_case+0x1a5/0x480 [ 28.892821] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.892856] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.892894] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.892932] ? __kthread_parkme+0x82/0x180 [ 28.892971] ? preempt_count_sub+0x50/0x80 [ 28.893011] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.893054] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.893104] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.893152] kthread+0x337/0x6f0 [ 28.893197] ? trace_preempt_on+0x20/0xc0 [ 28.893251] ? __pfx_kthread+0x10/0x10 [ 28.893301] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.893352] ? calculate_sigpending+0x7b/0xa0 [ 28.893407] ? __pfx_kthread+0x10/0x10 [ 28.893466] ret_from_fork+0x116/0x1d0 [ 28.893505] ? __pfx_kthread+0x10/0x10 [ 28.893544] ret_from_fork_asm+0x1a/0x30 [ 28.893605] </TASK> [ 28.893634] [ 28.902601] Allocated by task 294: [ 28.902952] kasan_save_stack+0x45/0x70 [ 28.903331] kasan_save_track+0x18/0x40 [ 28.903755] kasan_save_alloc_info+0x3b/0x50 [ 28.904097] __kasan_kmalloc+0xb7/0xc0 [ 28.904449] __kmalloc_cache_noprof+0x189/0x420 [ 28.904747] kasan_atomics+0x95/0x310 [ 28.904928] kunit_try_run_case+0x1a5/0x480 [ 28.905120] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.905535] kthread+0x337/0x6f0 [ 28.905818] ret_from_fork+0x116/0x1d0 [ 28.906133] ret_from_fork_asm+0x1a/0x30 [ 28.906431] [ 28.906549] The buggy address belongs to the object at ffff888102338080 [ 28.906549] which belongs to the cache kmalloc-64 of size 64 [ 28.907263] The buggy address is located 0 bytes to the right of [ 28.907263] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 28.907878] [ 28.908061] The buggy address belongs to the physical page: [ 28.908552] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 28.908838] flags: 0x200000000000000(node=0|zone=2) [ 28.909051] page_type: f5(slab) [ 28.909301] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.909876] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.910581] page dumped because: kasan: bad access detected [ 28.910915] [ 28.911018] Memory state around the buggy address: [ 28.911476] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.911826] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.912217] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.912577] ^ [ 28.912831] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.913316] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.913680] ================================================================== [ 29.920345] ================================================================== [ 29.920978] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x19e3/0x5450 [ 29.921317] Write of size 8 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 29.923288] [ 29.924219] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 29.924356] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.924384] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.924427] Call Trace: [ 29.924479] <TASK> [ 29.924519] dump_stack_lvl+0x73/0xb0 [ 29.924610] print_report+0xd1/0x650 [ 29.924649] ? __virt_addr_valid+0x1db/0x2d0 [ 29.924682] ? kasan_atomics_helper+0x19e3/0x5450 [ 29.924708] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.924738] ? kasan_atomics_helper+0x19e3/0x5450 [ 29.924763] kasan_report+0x141/0x180 [ 29.924787] ? kasan_atomics_helper+0x19e3/0x5450 [ 29.924816] kasan_check_range+0x10c/0x1c0 [ 29.924843] __kasan_check_write+0x18/0x20 [ 29.924868] kasan_atomics_helper+0x19e3/0x5450 [ 29.924894] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.924919] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.924947] ? kasan_atomics+0x152/0x310 [ 29.924976] kasan_atomics+0x1dc/0x310 [ 29.925002] ? __pfx_kasan_atomics+0x10/0x10 [ 29.925029] ? __pfx_read_tsc+0x10/0x10 [ 29.925053] ? ktime_get_ts64+0x86/0x230 [ 29.925084] kunit_try_run_case+0x1a5/0x480 [ 29.925113] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.925138] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.925164] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.925191] ? __kthread_parkme+0x82/0x180 [ 29.925215] ? preempt_count_sub+0x50/0x80 [ 29.925243] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.925269] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.925296] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.925322] kthread+0x337/0x6f0 [ 29.925345] ? trace_preempt_on+0x20/0xc0 [ 29.925372] ? __pfx_kthread+0x10/0x10 [ 29.925396] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.925420] ? calculate_sigpending+0x7b/0xa0 [ 29.925468] ? __pfx_kthread+0x10/0x10 [ 29.925495] ret_from_fork+0x116/0x1d0 [ 29.925518] ? __pfx_kthread+0x10/0x10 [ 29.925543] ret_from_fork_asm+0x1a/0x30 [ 29.925577] </TASK> [ 29.925593] [ 29.935865] Allocated by task 294: [ 29.936182] kasan_save_stack+0x45/0x70 [ 29.936476] kasan_save_track+0x18/0x40 [ 29.936674] kasan_save_alloc_info+0x3b/0x50 [ 29.936933] __kasan_kmalloc+0xb7/0xc0 [ 29.937281] __kmalloc_cache_noprof+0x189/0x420 [ 29.937682] kasan_atomics+0x95/0x310 [ 29.938000] kunit_try_run_case+0x1a5/0x480 [ 29.938385] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.938841] kthread+0x337/0x6f0 [ 29.939143] ret_from_fork+0x116/0x1d0 [ 29.939467] ret_from_fork_asm+0x1a/0x30 [ 29.939637] [ 29.939846] The buggy address belongs to the object at ffff888102338080 [ 29.939846] which belongs to the cache kmalloc-64 of size 64 [ 29.940614] The buggy address is located 0 bytes to the right of [ 29.940614] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 29.941452] [ 29.941651] The buggy address belongs to the physical page: [ 29.941972] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 29.942559] flags: 0x200000000000000(node=0|zone=2) [ 29.942803] page_type: f5(slab) [ 29.942989] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.943353] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.943920] page dumped because: kasan: bad access detected [ 29.944385] [ 29.944545] Memory state around the buggy address: [ 29.944942] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.945525] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.946062] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.946640] ^ [ 29.946994] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.947423] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.947862] ================================================================== [ 28.621991] ================================================================== [ 28.622652] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b6e/0x5450 [ 28.624301] Write of size 4 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 28.624663] [ 28.624818] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 28.624923] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.624948] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.624989] Call Trace: [ 28.625031] <TASK> [ 28.625071] dump_stack_lvl+0x73/0xb0 [ 28.625594] print_report+0xd1/0x650 [ 28.625674] ? __virt_addr_valid+0x1db/0x2d0 [ 28.625707] ? kasan_atomics_helper+0x4b6e/0x5450 [ 28.625731] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.625760] ? kasan_atomics_helper+0x4b6e/0x5450 [ 28.625784] kasan_report+0x141/0x180 [ 28.625808] ? kasan_atomics_helper+0x4b6e/0x5450 [ 28.625835] __asan_report_store4_noabort+0x1b/0x30 [ 28.625862] kasan_atomics_helper+0x4b6e/0x5450 [ 28.625886] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.625910] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.625937] ? kasan_atomics+0x152/0x310 [ 28.625964] kasan_atomics+0x1dc/0x310 [ 28.625989] ? __pfx_kasan_atomics+0x10/0x10 [ 28.626014] ? __pfx_read_tsc+0x10/0x10 [ 28.626050] ? ktime_get_ts64+0x86/0x230 [ 28.626081] kunit_try_run_case+0x1a5/0x480 [ 28.626110] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.626135] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.626190] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.626219] ? __kthread_parkme+0x82/0x180 [ 28.626244] ? preempt_count_sub+0x50/0x80 [ 28.626269] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.626296] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.626321] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.626347] kthread+0x337/0x6f0 [ 28.626369] ? trace_preempt_on+0x20/0xc0 [ 28.626395] ? __pfx_kthread+0x10/0x10 [ 28.626419] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.626461] ? calculate_sigpending+0x7b/0xa0 [ 28.626490] ? __pfx_kthread+0x10/0x10 [ 28.626515] ret_from_fork+0x116/0x1d0 [ 28.626535] ? __pfx_kthread+0x10/0x10 [ 28.626558] ret_from_fork_asm+0x1a/0x30 [ 28.626591] </TASK> [ 28.626604] [ 28.638420] Allocated by task 294: [ 28.639902] kasan_save_stack+0x45/0x70 [ 28.640565] kasan_save_track+0x18/0x40 [ 28.641037] kasan_save_alloc_info+0x3b/0x50 [ 28.641518] __kasan_kmalloc+0xb7/0xc0 [ 28.641723] __kmalloc_cache_noprof+0x189/0x420 [ 28.642099] kasan_atomics+0x95/0x310 [ 28.642319] kunit_try_run_case+0x1a5/0x480 [ 28.642553] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.642981] kthread+0x337/0x6f0 [ 28.643316] ret_from_fork+0x116/0x1d0 [ 28.644029] ret_from_fork_asm+0x1a/0x30 [ 28.644318] [ 28.644563] The buggy address belongs to the object at ffff888102338080 [ 28.644563] which belongs to the cache kmalloc-64 of size 64 [ 28.645248] The buggy address is located 0 bytes to the right of [ 28.645248] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 28.646270] [ 28.646504] The buggy address belongs to the physical page: [ 28.646827] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 28.647471] flags: 0x200000000000000(node=0|zone=2) [ 28.647814] page_type: f5(slab) [ 28.648125] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.648565] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.649177] page dumped because: kasan: bad access detected [ 28.649593] [ 28.649696] Memory state around the buggy address: [ 28.650093] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.650394] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.650874] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.651163] ^ [ 28.651629] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.652404] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.652655] ================================================================== [ 29.005275] ================================================================== [ 29.006095] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa2b/0x5450 [ 29.007382] Write of size 4 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 29.007947] [ 29.008191] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 29.008308] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.008342] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.008418] Call Trace: [ 29.008478] <TASK> [ 29.008526] dump_stack_lvl+0x73/0xb0 [ 29.008584] print_report+0xd1/0x650 [ 29.008614] ? __virt_addr_valid+0x1db/0x2d0 [ 29.008642] ? kasan_atomics_helper+0xa2b/0x5450 [ 29.008666] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.008704] ? kasan_atomics_helper+0xa2b/0x5450 [ 29.008744] kasan_report+0x141/0x180 [ 29.008789] ? kasan_atomics_helper+0xa2b/0x5450 [ 29.008845] kasan_check_range+0x10c/0x1c0 [ 29.008932] __kasan_check_write+0x18/0x20 [ 29.009003] kasan_atomics_helper+0xa2b/0x5450 [ 29.009053] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.009103] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.009156] ? kasan_atomics+0x152/0x310 [ 29.009205] kasan_atomics+0x1dc/0x310 [ 29.009260] ? __pfx_kasan_atomics+0x10/0x10 [ 29.009313] ? __pfx_read_tsc+0x10/0x10 [ 29.009380] ? ktime_get_ts64+0x86/0x230 [ 29.009426] kunit_try_run_case+0x1a5/0x480 [ 29.009481] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.009509] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.009537] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.009564] ? __kthread_parkme+0x82/0x180 [ 29.009591] ? preempt_count_sub+0x50/0x80 [ 29.009619] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.009646] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.009673] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.009700] kthread+0x337/0x6f0 [ 29.009724] ? trace_preempt_on+0x20/0xc0 [ 29.009752] ? __pfx_kthread+0x10/0x10 [ 29.009776] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.009801] ? calculate_sigpending+0x7b/0xa0 [ 29.009830] ? __pfx_kthread+0x10/0x10 [ 29.009856] ret_from_fork+0x116/0x1d0 [ 29.009877] ? __pfx_kthread+0x10/0x10 [ 29.009901] ret_from_fork_asm+0x1a/0x30 [ 29.009937] </TASK> [ 29.009954] [ 29.021737] Allocated by task 294: [ 29.022136] kasan_save_stack+0x45/0x70 [ 29.022390] kasan_save_track+0x18/0x40 [ 29.022790] kasan_save_alloc_info+0x3b/0x50 [ 29.023115] __kasan_kmalloc+0xb7/0xc0 [ 29.023332] __kmalloc_cache_noprof+0x189/0x420 [ 29.023551] kasan_atomics+0x95/0x310 [ 29.023737] kunit_try_run_case+0x1a5/0x480 [ 29.023932] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.024438] kthread+0x337/0x6f0 [ 29.024927] ret_from_fork+0x116/0x1d0 [ 29.025366] ret_from_fork_asm+0x1a/0x30 [ 29.025696] [ 29.025932] The buggy address belongs to the object at ffff888102338080 [ 29.025932] which belongs to the cache kmalloc-64 of size 64 [ 29.026923] The buggy address is located 0 bytes to the right of [ 29.026923] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 29.027929] [ 29.028062] The buggy address belongs to the physical page: [ 29.028322] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 29.028914] flags: 0x200000000000000(node=0|zone=2) [ 29.029528] page_type: f5(slab) [ 29.029879] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.030567] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.031069] page dumped because: kasan: bad access detected [ 29.031325] [ 29.031431] Memory state around the buggy address: [ 29.031972] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.032895] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.033600] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.034095] ^ [ 29.034586] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.035020] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.035638] ================================================================== [ 29.274374] ================================================================== [ 29.275079] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xfa9/0x5450 [ 29.275595] Write of size 4 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 29.276111] [ 29.276326] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 29.276430] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.276477] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.276517] Call Trace: [ 29.276570] <TASK> [ 29.276607] dump_stack_lvl+0x73/0xb0 [ 29.276676] print_report+0xd1/0x650 [ 29.276736] ? __virt_addr_valid+0x1db/0x2d0 [ 29.276805] ? kasan_atomics_helper+0xfa9/0x5450 [ 29.276861] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.276928] ? kasan_atomics_helper+0xfa9/0x5450 [ 29.276977] kasan_report+0x141/0x180 [ 29.277032] ? kasan_atomics_helper+0xfa9/0x5450 [ 29.277096] kasan_check_range+0x10c/0x1c0 [ 29.277186] __kasan_check_write+0x18/0x20 [ 29.277236] kasan_atomics_helper+0xfa9/0x5450 [ 29.277285] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.277334] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.277398] ? kasan_atomics+0x152/0x310 [ 29.277482] kasan_atomics+0x1dc/0x310 [ 29.277536] ? __pfx_kasan_atomics+0x10/0x10 [ 29.277582] ? __pfx_read_tsc+0x10/0x10 [ 29.277627] ? ktime_get_ts64+0x86/0x230 [ 29.277688] kunit_try_run_case+0x1a5/0x480 [ 29.277753] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.277823] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.277873] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.277926] ? __kthread_parkme+0x82/0x180 [ 29.277981] ? preempt_count_sub+0x50/0x80 [ 29.278060] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.278116] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.278199] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.278234] kthread+0x337/0x6f0 [ 29.278258] ? trace_preempt_on+0x20/0xc0 [ 29.278287] ? __pfx_kthread+0x10/0x10 [ 29.278311] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.278336] ? calculate_sigpending+0x7b/0xa0 [ 29.278365] ? __pfx_kthread+0x10/0x10 [ 29.278389] ret_from_fork+0x116/0x1d0 [ 29.278412] ? __pfx_kthread+0x10/0x10 [ 29.278437] ret_from_fork_asm+0x1a/0x30 [ 29.278495] </TASK> [ 29.278512] [ 29.288286] Allocated by task 294: [ 29.288536] kasan_save_stack+0x45/0x70 [ 29.288917] kasan_save_track+0x18/0x40 [ 29.289298] kasan_save_alloc_info+0x3b/0x50 [ 29.289700] __kasan_kmalloc+0xb7/0xc0 [ 29.290037] __kmalloc_cache_noprof+0x189/0x420 [ 29.290470] kasan_atomics+0x95/0x310 [ 29.290817] kunit_try_run_case+0x1a5/0x480 [ 29.291206] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.291495] kthread+0x337/0x6f0 [ 29.291669] ret_from_fork+0x116/0x1d0 [ 29.291985] ret_from_fork_asm+0x1a/0x30 [ 29.292377] [ 29.292565] The buggy address belongs to the object at ffff888102338080 [ 29.292565] which belongs to the cache kmalloc-64 of size 64 [ 29.293315] The buggy address is located 0 bytes to the right of [ 29.293315] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 29.293776] [ 29.293979] The buggy address belongs to the physical page: [ 29.294423] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 29.294919] flags: 0x200000000000000(node=0|zone=2) [ 29.295270] page_type: f5(slab) [ 29.295609] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.296056] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.296518] page dumped because: kasan: bad access detected [ 29.296791] [ 29.296897] Memory state around the buggy address: [ 29.297103] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.297400] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.297930] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.298530] ^ [ 29.298922] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.299454] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.299725] ================================================================== [ 29.357938] ================================================================== [ 29.358764] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a1c/0x5450 [ 29.359186] Read of size 4 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 29.359851] [ 29.360063] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 29.360178] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.360209] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.360261] Call Trace: [ 29.360309] <TASK> [ 29.360357] dump_stack_lvl+0x73/0xb0 [ 29.360428] print_report+0xd1/0x650 [ 29.360499] ? __virt_addr_valid+0x1db/0x2d0 [ 29.360561] ? kasan_atomics_helper+0x4a1c/0x5450 [ 29.360613] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.360675] ? kasan_atomics_helper+0x4a1c/0x5450 [ 29.360729] kasan_report+0x141/0x180 [ 29.360781] ? kasan_atomics_helper+0x4a1c/0x5450 [ 29.360845] __asan_report_load4_noabort+0x18/0x20 [ 29.360904] kasan_atomics_helper+0x4a1c/0x5450 [ 29.360956] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.361011] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.361072] ? kasan_atomics+0x152/0x310 [ 29.361136] kasan_atomics+0x1dc/0x310 [ 29.361178] ? __pfx_kasan_atomics+0x10/0x10 [ 29.361228] ? __pfx_read_tsc+0x10/0x10 [ 29.361268] ? ktime_get_ts64+0x86/0x230 [ 29.361316] kunit_try_run_case+0x1a5/0x480 [ 29.361365] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.361411] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.361503] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.361571] ? __kthread_parkme+0x82/0x180 [ 29.361635] ? preempt_count_sub+0x50/0x80 [ 29.361692] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.361760] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.361827] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.361891] kthread+0x337/0x6f0 [ 29.361950] ? trace_preempt_on+0x20/0xc0 [ 29.362006] ? __pfx_kthread+0x10/0x10 [ 29.362077] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.362140] ? calculate_sigpending+0x7b/0xa0 [ 29.362187] ? __pfx_kthread+0x10/0x10 [ 29.362230] ret_from_fork+0x116/0x1d0 [ 29.362272] ? __pfx_kthread+0x10/0x10 [ 29.362314] ret_from_fork_asm+0x1a/0x30 [ 29.362387] </TASK> [ 29.362417] [ 29.377130] Allocated by task 294: [ 29.378564] kasan_save_stack+0x45/0x70 [ 29.378963] kasan_save_track+0x18/0x40 [ 29.379484] kasan_save_alloc_info+0x3b/0x50 [ 29.379698] __kasan_kmalloc+0xb7/0xc0 [ 29.380066] __kmalloc_cache_noprof+0x189/0x420 [ 29.380597] kasan_atomics+0x95/0x310 [ 29.380777] kunit_try_run_case+0x1a5/0x480 [ 29.381288] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.381563] kthread+0x337/0x6f0 [ 29.382135] ret_from_fork+0x116/0x1d0 [ 29.382329] ret_from_fork_asm+0x1a/0x30 [ 29.382760] [ 29.382866] The buggy address belongs to the object at ffff888102338080 [ 29.382866] which belongs to the cache kmalloc-64 of size 64 [ 29.384047] The buggy address is located 0 bytes to the right of [ 29.384047] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 29.384926] [ 29.385042] The buggy address belongs to the physical page: [ 29.385245] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 29.385772] flags: 0x200000000000000(node=0|zone=2) [ 29.385963] page_type: f5(slab) [ 29.386077] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.386899] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.387530] page dumped because: kasan: bad access detected [ 29.387971] [ 29.388138] Memory state around the buggy address: [ 29.388554] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.389044] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.389691] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.390069] ^ [ 29.390550] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.390916] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.391422] ================================================================== [ 30.336097] ================================================================== [ 30.336789] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fb2/0x5450 [ 30.337281] Read of size 8 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 30.337701] [ 30.337891] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 30.337998] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.338038] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.338087] Call Trace: [ 30.338131] <TASK> [ 30.338213] dump_stack_lvl+0x73/0xb0 [ 30.338285] print_report+0xd1/0x650 [ 30.338333] ? __virt_addr_valid+0x1db/0x2d0 [ 30.338381] ? kasan_atomics_helper+0x4fb2/0x5450 [ 30.338423] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.338491] ? kasan_atomics_helper+0x4fb2/0x5450 [ 30.338543] kasan_report+0x141/0x180 [ 30.338589] ? kasan_atomics_helper+0x4fb2/0x5450 [ 30.338647] __asan_report_load8_noabort+0x18/0x20 [ 30.338696] kasan_atomics_helper+0x4fb2/0x5450 [ 30.338743] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.338790] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.338844] ? kasan_atomics+0x152/0x310 [ 30.338898] kasan_atomics+0x1dc/0x310 [ 30.338943] ? __pfx_kasan_atomics+0x10/0x10 [ 30.338997] ? __pfx_read_tsc+0x10/0x10 [ 30.339047] ? ktime_get_ts64+0x86/0x230 [ 30.339107] kunit_try_run_case+0x1a5/0x480 [ 30.339199] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.339250] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.339304] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.339349] ? __kthread_parkme+0x82/0x180 [ 30.339399] ? preempt_count_sub+0x50/0x80 [ 30.339466] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.339522] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.339582] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.339637] kthread+0x337/0x6f0 [ 30.339678] ? trace_preempt_on+0x20/0xc0 [ 30.339727] ? __pfx_kthread+0x10/0x10 [ 30.339774] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.339817] ? calculate_sigpending+0x7b/0xa0 [ 30.339861] ? __pfx_kthread+0x10/0x10 [ 30.339909] ret_from_fork+0x116/0x1d0 [ 30.339952] ? __pfx_kthread+0x10/0x10 [ 30.339996] ret_from_fork_asm+0x1a/0x30 [ 30.340058] </TASK> [ 30.340083] [ 30.349186] Allocated by task 294: [ 30.349540] kasan_save_stack+0x45/0x70 [ 30.349918] kasan_save_track+0x18/0x40 [ 30.350235] kasan_save_alloc_info+0x3b/0x50 [ 30.350516] __kasan_kmalloc+0xb7/0xc0 [ 30.350683] __kmalloc_cache_noprof+0x189/0x420 [ 30.350861] kasan_atomics+0x95/0x310 [ 30.351009] kunit_try_run_case+0x1a5/0x480 [ 30.352049] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.352348] kthread+0x337/0x6f0 [ 30.352542] ret_from_fork+0x116/0x1d0 [ 30.354176] ret_from_fork_asm+0x1a/0x30 [ 30.354463] [ 30.354581] The buggy address belongs to the object at ffff888102338080 [ 30.354581] which belongs to the cache kmalloc-64 of size 64 [ 30.355004] The buggy address is located 0 bytes to the right of [ 30.355004] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 30.355833] [ 30.356054] The buggy address belongs to the physical page: [ 30.356543] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 30.356932] flags: 0x200000000000000(node=0|zone=2) [ 30.357365] page_type: f5(slab) [ 30.357643] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.358197] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.358723] page dumped because: kasan: bad access detected [ 30.359011] [ 30.359173] Memory state around the buggy address: [ 30.359589] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.359919] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.360361] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.360936] ^ [ 30.361127] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.361392] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.361912] ================================================================== [ 29.538233] ================================================================== [ 29.538887] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49ce/0x5450 [ 29.539402] Read of size 4 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 29.539828] [ 29.540038] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 29.540190] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.540223] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.540275] Call Trace: [ 29.540322] <TASK> [ 29.540370] dump_stack_lvl+0x73/0xb0 [ 29.540452] print_report+0xd1/0x650 [ 29.540508] ? __virt_addr_valid+0x1db/0x2d0 [ 29.540586] ? kasan_atomics_helper+0x49ce/0x5450 [ 29.540633] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.540684] ? kasan_atomics_helper+0x49ce/0x5450 [ 29.540733] kasan_report+0x141/0x180 [ 29.540789] ? kasan_atomics_helper+0x49ce/0x5450 [ 29.540850] __asan_report_load4_noabort+0x18/0x20 [ 29.540909] kasan_atomics_helper+0x49ce/0x5450 [ 29.540965] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.541020] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.541078] ? kasan_atomics+0x152/0x310 [ 29.541176] kasan_atomics+0x1dc/0x310 [ 29.541235] ? __pfx_kasan_atomics+0x10/0x10 [ 29.541295] ? __pfx_read_tsc+0x10/0x10 [ 29.541339] ? ktime_get_ts64+0x86/0x230 [ 29.541390] kunit_try_run_case+0x1a5/0x480 [ 29.541438] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.541496] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.541545] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.541595] ? __kthread_parkme+0x82/0x180 [ 29.541647] ? preempt_count_sub+0x50/0x80 [ 29.541703] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.541757] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.541813] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.541866] kthread+0x337/0x6f0 [ 29.541912] ? trace_preempt_on+0x20/0xc0 [ 29.541968] ? __pfx_kthread+0x10/0x10 [ 29.542019] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.542075] ? calculate_sigpending+0x7b/0xa0 [ 29.542179] ? __pfx_kthread+0x10/0x10 [ 29.542230] ret_from_fork+0x116/0x1d0 [ 29.542271] ? __pfx_kthread+0x10/0x10 [ 29.542311] ret_from_fork_asm+0x1a/0x30 [ 29.542384] </TASK> [ 29.542415] [ 29.551854] Allocated by task 294: [ 29.552256] kasan_save_stack+0x45/0x70 [ 29.552652] kasan_save_track+0x18/0x40 [ 29.552988] kasan_save_alloc_info+0x3b/0x50 [ 29.553385] __kasan_kmalloc+0xb7/0xc0 [ 29.553678] __kmalloc_cache_noprof+0x189/0x420 [ 29.553889] kasan_atomics+0x95/0x310 [ 29.554077] kunit_try_run_case+0x1a5/0x480 [ 29.554462] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.554907] kthread+0x337/0x6f0 [ 29.555230] ret_from_fork+0x116/0x1d0 [ 29.555554] ret_from_fork_asm+0x1a/0x30 [ 29.555896] [ 29.556009] The buggy address belongs to the object at ffff888102338080 [ 29.556009] which belongs to the cache kmalloc-64 of size 64 [ 29.556479] The buggy address is located 0 bytes to the right of [ 29.556479] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 29.557426] [ 29.557586] The buggy address belongs to the physical page: [ 29.557933] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 29.558334] flags: 0x200000000000000(node=0|zone=2) [ 29.558570] page_type: f5(slab) [ 29.558747] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.559273] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.559865] page dumped because: kasan: bad access detected [ 29.560318] [ 29.560506] Memory state around the buggy address: [ 29.560828] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.561095] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.561380] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.561918] ^ [ 29.562361] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.562909] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.563417] ================================================================== [ 29.179789] ================================================================== [ 29.180227] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xde0/0x5450 [ 29.181489] Write of size 4 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 29.182063] [ 29.182222] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 29.182321] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.182340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.182368] Call Trace: [ 29.182395] <TASK> [ 29.182426] dump_stack_lvl+0x73/0xb0 [ 29.182506] print_report+0xd1/0x650 [ 29.182547] ? __virt_addr_valid+0x1db/0x2d0 [ 29.182594] ? kasan_atomics_helper+0xde0/0x5450 [ 29.182641] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.182698] ? kasan_atomics_helper+0xde0/0x5450 [ 29.182751] kasan_report+0x141/0x180 [ 29.182806] ? kasan_atomics_helper+0xde0/0x5450 [ 29.182870] kasan_check_range+0x10c/0x1c0 [ 29.182928] __kasan_check_write+0x18/0x20 [ 29.182984] kasan_atomics_helper+0xde0/0x5450 [ 29.183041] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.183097] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.183154] ? kasan_atomics+0x152/0x310 [ 29.183213] kasan_atomics+0x1dc/0x310 [ 29.183269] ? __pfx_kasan_atomics+0x10/0x10 [ 29.183326] ? __pfx_read_tsc+0x10/0x10 [ 29.183372] ? ktime_get_ts64+0x86/0x230 [ 29.183406] kunit_try_run_case+0x1a5/0x480 [ 29.183437] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.183538] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.183594] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.183651] ? __kthread_parkme+0x82/0x180 [ 29.183701] ? preempt_count_sub+0x50/0x80 [ 29.183760] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.183819] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.183864] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.183911] kthread+0x337/0x6f0 [ 29.183958] ? trace_preempt_on+0x20/0xc0 [ 29.184010] ? __pfx_kthread+0x10/0x10 [ 29.184060] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.184114] ? calculate_sigpending+0x7b/0xa0 [ 29.185112] ? __pfx_kthread+0x10/0x10 [ 29.185222] ret_from_fork+0x116/0x1d0 [ 29.185276] ? __pfx_kthread+0x10/0x10 [ 29.185331] ret_from_fork_asm+0x1a/0x30 [ 29.185409] </TASK> [ 29.185456] [ 29.197846] Allocated by task 294: [ 29.198266] kasan_save_stack+0x45/0x70 [ 29.198509] kasan_save_track+0x18/0x40 [ 29.198953] kasan_save_alloc_info+0x3b/0x50 [ 29.199468] __kasan_kmalloc+0xb7/0xc0 [ 29.199786] __kmalloc_cache_noprof+0x189/0x420 [ 29.199970] kasan_atomics+0x95/0x310 [ 29.200411] kunit_try_run_case+0x1a5/0x480 [ 29.200844] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.201277] kthread+0x337/0x6f0 [ 29.201547] ret_from_fork+0x116/0x1d0 [ 29.201924] ret_from_fork_asm+0x1a/0x30 [ 29.202268] [ 29.202480] The buggy address belongs to the object at ffff888102338080 [ 29.202480] which belongs to the cache kmalloc-64 of size 64 [ 29.203302] The buggy address is located 0 bytes to the right of [ 29.203302] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 29.203970] [ 29.204225] The buggy address belongs to the physical page: [ 29.204592] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 29.205092] flags: 0x200000000000000(node=0|zone=2) [ 29.205562] page_type: f5(slab) [ 29.205799] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.206327] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.206862] page dumped because: kasan: bad access detected [ 29.207350] [ 29.207523] Memory state around the buggy address: [ 29.207934] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.208345] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.208890] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.209367] ^ [ 29.209649] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.210094] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.210409] ================================================================== [ 29.620245] ================================================================== [ 29.620947] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1467/0x5450 [ 29.621640] Write of size 8 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 29.622288] [ 29.622552] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 29.622668] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.622738] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.622793] Call Trace: [ 29.622839] <TASK> [ 29.622885] dump_stack_lvl+0x73/0xb0 [ 29.622996] print_report+0xd1/0x650 [ 29.623052] ? __virt_addr_valid+0x1db/0x2d0 [ 29.623107] ? kasan_atomics_helper+0x1467/0x5450 [ 29.623220] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.623285] ? kasan_atomics_helper+0x1467/0x5450 [ 29.623337] kasan_report+0x141/0x180 [ 29.623381] ? kasan_atomics_helper+0x1467/0x5450 [ 29.623413] kasan_check_range+0x10c/0x1c0 [ 29.623462] __kasan_check_write+0x18/0x20 [ 29.623496] kasan_atomics_helper+0x1467/0x5450 [ 29.623538] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.623580] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.623634] ? kasan_atomics+0x152/0x310 [ 29.623730] kasan_atomics+0x1dc/0x310 [ 29.623782] ? __pfx_kasan_atomics+0x10/0x10 [ 29.623837] ? __pfx_read_tsc+0x10/0x10 [ 29.623888] ? ktime_get_ts64+0x86/0x230 [ 29.623982] kunit_try_run_case+0x1a5/0x480 [ 29.624043] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.624091] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.624136] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.624199] ? __kthread_parkme+0x82/0x180 [ 29.624227] ? preempt_count_sub+0x50/0x80 [ 29.624255] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.624284] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.624312] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.624340] kthread+0x337/0x6f0 [ 29.624362] ? trace_preempt_on+0x20/0xc0 [ 29.624390] ? __pfx_kthread+0x10/0x10 [ 29.624415] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.624449] ? calculate_sigpending+0x7b/0xa0 [ 29.624481] ? __pfx_kthread+0x10/0x10 [ 29.624508] ret_from_fork+0x116/0x1d0 [ 29.624530] ? __pfx_kthread+0x10/0x10 [ 29.624554] ret_from_fork_asm+0x1a/0x30 [ 29.624589] </TASK> [ 29.624604] [ 29.636867] Allocated by task 294: [ 29.637377] kasan_save_stack+0x45/0x70 [ 29.637824] kasan_save_track+0x18/0x40 [ 29.638269] kasan_save_alloc_info+0x3b/0x50 [ 29.638536] __kasan_kmalloc+0xb7/0xc0 [ 29.638841] __kmalloc_cache_noprof+0x189/0x420 [ 29.639207] kasan_atomics+0x95/0x310 [ 29.639528] kunit_try_run_case+0x1a5/0x480 [ 29.639794] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.640029] kthread+0x337/0x6f0 [ 29.640351] ret_from_fork+0x116/0x1d0 [ 29.640797] ret_from_fork_asm+0x1a/0x30 [ 29.641202] [ 29.641390] The buggy address belongs to the object at ffff888102338080 [ 29.641390] which belongs to the cache kmalloc-64 of size 64 [ 29.642065] The buggy address is located 0 bytes to the right of [ 29.642065] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 29.642953] [ 29.643270] The buggy address belongs to the physical page: [ 29.643621] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 29.643942] flags: 0x200000000000000(node=0|zone=2) [ 29.644415] page_type: f5(slab) [ 29.644809] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.645363] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.645831] page dumped because: kasan: bad access detected [ 29.646242] [ 29.646452] Memory state around the buggy address: [ 29.646792] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.647282] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.647607] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.648274] ^ [ 29.648720] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.649057] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.649489] ================================================================== [ 29.245351] ================================================================== [ 29.245791] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf10/0x5450 [ 29.246359] Write of size 4 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 29.246747] [ 29.247002] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 29.247198] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.247234] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.247285] Call Trace: [ 29.247329] <TASK> [ 29.247372] dump_stack_lvl+0x73/0xb0 [ 29.247491] print_report+0xd1/0x650 [ 29.247583] ? __virt_addr_valid+0x1db/0x2d0 [ 29.247653] ? kasan_atomics_helper+0xf10/0x5450 [ 29.247707] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.247766] ? kasan_atomics_helper+0xf10/0x5450 [ 29.247807] kasan_report+0x141/0x180 [ 29.247834] ? kasan_atomics_helper+0xf10/0x5450 [ 29.247863] kasan_check_range+0x10c/0x1c0 [ 29.247891] __kasan_check_write+0x18/0x20 [ 29.247918] kasan_atomics_helper+0xf10/0x5450 [ 29.247960] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.248002] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.248032] ? kasan_atomics+0x152/0x310 [ 29.248062] kasan_atomics+0x1dc/0x310 [ 29.248087] ? __pfx_kasan_atomics+0x10/0x10 [ 29.248114] ? __pfx_read_tsc+0x10/0x10 [ 29.248152] ? ktime_get_ts64+0x86/0x230 [ 29.248203] kunit_try_run_case+0x1a5/0x480 [ 29.248235] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.248261] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.248289] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.248315] ? __kthread_parkme+0x82/0x180 [ 29.248341] ? preempt_count_sub+0x50/0x80 [ 29.248369] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.248396] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.248423] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.248468] kthread+0x337/0x6f0 [ 29.248495] ? trace_preempt_on+0x20/0xc0 [ 29.248521] ? __pfx_kthread+0x10/0x10 [ 29.248546] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.248570] ? calculate_sigpending+0x7b/0xa0 [ 29.248599] ? __pfx_kthread+0x10/0x10 [ 29.248623] ret_from_fork+0x116/0x1d0 [ 29.248644] ? __pfx_kthread+0x10/0x10 [ 29.248668] ret_from_fork_asm+0x1a/0x30 [ 29.248704] </TASK> [ 29.248719] [ 29.259205] Allocated by task 294: [ 29.259619] kasan_save_stack+0x45/0x70 [ 29.260847] kasan_save_track+0x18/0x40 [ 29.261489] kasan_save_alloc_info+0x3b/0x50 [ 29.261721] __kasan_kmalloc+0xb7/0xc0 [ 29.261902] __kmalloc_cache_noprof+0x189/0x420 [ 29.262124] kasan_atomics+0x95/0x310 [ 29.262300] kunit_try_run_case+0x1a5/0x480 [ 29.262508] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.262736] kthread+0x337/0x6f0 [ 29.263035] ret_from_fork+0x116/0x1d0 [ 29.264210] ret_from_fork_asm+0x1a/0x30 [ 29.264637] [ 29.264752] The buggy address belongs to the object at ffff888102338080 [ 29.264752] which belongs to the cache kmalloc-64 of size 64 [ 29.265795] The buggy address is located 0 bytes to the right of [ 29.265795] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 29.266529] [ 29.266720] The buggy address belongs to the physical page: [ 29.267158] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 29.267893] flags: 0x200000000000000(node=0|zone=2) [ 29.268125] page_type: f5(slab) [ 29.268388] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.268908] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.269577] page dumped because: kasan: bad access detected [ 29.269787] [ 29.269971] Memory state around the buggy address: [ 29.270651] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.271131] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.271432] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.271900] ^ [ 29.272259] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.272756] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.273017] ================================================================== [ 28.595944] ================================================================== [ 28.596873] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b88/0x5450 [ 28.597213] Read of size 4 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 28.597456] [ 28.597562] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 28.597625] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.597640] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.597666] Call Trace: [ 28.597683] <TASK> [ 28.597707] dump_stack_lvl+0x73/0xb0 [ 28.597741] print_report+0xd1/0x650 [ 28.597765] ? __virt_addr_valid+0x1db/0x2d0 [ 28.597792] ? kasan_atomics_helper+0x4b88/0x5450 [ 28.597815] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.597844] ? kasan_atomics_helper+0x4b88/0x5450 [ 28.597867] kasan_report+0x141/0x180 [ 28.597891] ? kasan_atomics_helper+0x4b88/0x5450 [ 28.597919] __asan_report_load4_noabort+0x18/0x20 [ 28.597944] kasan_atomics_helper+0x4b88/0x5450 [ 28.597968] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.597992] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.598019] ? kasan_atomics+0x152/0x310 [ 28.598061] kasan_atomics+0x1dc/0x310 [ 28.598086] ? __pfx_kasan_atomics+0x10/0x10 [ 28.598112] ? __pfx_read_tsc+0x10/0x10 [ 28.598136] ? ktime_get_ts64+0x86/0x230 [ 28.598166] kunit_try_run_case+0x1a5/0x480 [ 28.598194] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.598219] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.598244] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.598269] ? __kthread_parkme+0x82/0x180 [ 28.598292] ? preempt_count_sub+0x50/0x80 [ 28.598318] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.598343] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.598369] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.598393] kthread+0x337/0x6f0 [ 28.598415] ? trace_preempt_on+0x20/0xc0 [ 28.598470] ? __pfx_kthread+0x10/0x10 [ 28.598518] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.598559] ? calculate_sigpending+0x7b/0xa0 [ 28.598611] ? __pfx_kthread+0x10/0x10 [ 28.598653] ret_from_fork+0x116/0x1d0 [ 28.598687] ? __pfx_kthread+0x10/0x10 [ 28.598724] ret_from_fork_asm+0x1a/0x30 [ 28.598786] </TASK> [ 28.598807] [ 28.609556] Allocated by task 294: [ 28.609923] kasan_save_stack+0x45/0x70 [ 28.610228] kasan_save_track+0x18/0x40 [ 28.610435] kasan_save_alloc_info+0x3b/0x50 [ 28.610646] __kasan_kmalloc+0xb7/0xc0 [ 28.610821] __kmalloc_cache_noprof+0x189/0x420 [ 28.611110] kasan_atomics+0x95/0x310 [ 28.611459] kunit_try_run_case+0x1a5/0x480 [ 28.611812] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.612222] kthread+0x337/0x6f0 [ 28.612522] ret_from_fork+0x116/0x1d0 [ 28.612842] ret_from_fork_asm+0x1a/0x30 [ 28.613128] [ 28.613263] The buggy address belongs to the object at ffff888102338080 [ 28.613263] which belongs to the cache kmalloc-64 of size 64 [ 28.614066] The buggy address is located 0 bytes to the right of [ 28.614066] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 28.614790] [ 28.614968] The buggy address belongs to the physical page: [ 28.615306] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 28.615733] flags: 0x200000000000000(node=0|zone=2) [ 28.616043] page_type: f5(slab) [ 28.616248] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.616658] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.617250] page dumped because: kasan: bad access detected [ 28.617489] [ 28.617590] Memory state around the buggy address: [ 28.617792] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.618207] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.618731] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.619264] ^ [ 28.619648] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.620115] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.620473] ================================================================== [ 30.068588] ================================================================== [ 30.069034] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1ce1/0x5450 [ 30.069928] Write of size 8 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 30.070389] [ 30.070617] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 30.070732] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.070764] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.070813] Call Trace: [ 30.070861] <TASK> [ 30.070907] dump_stack_lvl+0x73/0xb0 [ 30.070984] print_report+0xd1/0x650 [ 30.071041] ? __virt_addr_valid+0x1db/0x2d0 [ 30.071090] ? kasan_atomics_helper+0x1ce1/0x5450 [ 30.071128] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.071176] ? kasan_atomics_helper+0x1ce1/0x5450 [ 30.071218] kasan_report+0x141/0x180 [ 30.071260] ? kasan_atomics_helper+0x1ce1/0x5450 [ 30.071316] kasan_check_range+0x10c/0x1c0 [ 30.071370] __kasan_check_write+0x18/0x20 [ 30.071426] kasan_atomics_helper+0x1ce1/0x5450 [ 30.071494] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.071549] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.071610] ? kasan_atomics+0x152/0x310 [ 30.071673] kasan_atomics+0x1dc/0x310 [ 30.071719] ? __pfx_kasan_atomics+0x10/0x10 [ 30.071774] ? __pfx_read_tsc+0x10/0x10 [ 30.071811] ? ktime_get_ts64+0x86/0x230 [ 30.071845] kunit_try_run_case+0x1a5/0x480 [ 30.071876] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.071903] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.071930] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.071956] ? __kthread_parkme+0x82/0x180 [ 30.071981] ? preempt_count_sub+0x50/0x80 [ 30.072008] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.072034] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.072061] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.072087] kthread+0x337/0x6f0 [ 30.072110] ? trace_preempt_on+0x20/0xc0 [ 30.072137] ? __pfx_kthread+0x10/0x10 [ 30.072173] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.072206] ? calculate_sigpending+0x7b/0xa0 [ 30.072234] ? __pfx_kthread+0x10/0x10 [ 30.072258] ret_from_fork+0x116/0x1d0 [ 30.072281] ? __pfx_kthread+0x10/0x10 [ 30.072304] ret_from_fork_asm+0x1a/0x30 [ 30.072339] </TASK> [ 30.072355] [ 30.083478] Allocated by task 294: [ 30.083914] kasan_save_stack+0x45/0x70 [ 30.084862] kasan_save_track+0x18/0x40 [ 30.085149] kasan_save_alloc_info+0x3b/0x50 [ 30.085358] __kasan_kmalloc+0xb7/0xc0 [ 30.085556] __kmalloc_cache_noprof+0x189/0x420 [ 30.085793] kasan_atomics+0x95/0x310 [ 30.085999] kunit_try_run_case+0x1a5/0x480 [ 30.086259] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.087075] kthread+0x337/0x6f0 [ 30.087536] ret_from_fork+0x116/0x1d0 [ 30.087918] ret_from_fork_asm+0x1a/0x30 [ 30.088330] [ 30.088541] The buggy address belongs to the object at ffff888102338080 [ 30.088541] which belongs to the cache kmalloc-64 of size 64 [ 30.089136] The buggy address is located 0 bytes to the right of [ 30.089136] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 30.089848] [ 30.089981] The buggy address belongs to the physical page: [ 30.090573] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 30.091138] flags: 0x200000000000000(node=0|zone=2) [ 30.091423] page_type: f5(slab) [ 30.091606] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.092168] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.092738] page dumped because: kasan: bad access detected [ 30.093183] [ 30.093357] Memory state around the buggy address: [ 30.093659] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.094168] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.094608] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.094985] ^ [ 30.095271] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.095670] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.095939] ================================================================== [ 29.510944] ================================================================== [ 29.511873] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12e6/0x5450 [ 29.512351] Write of size 4 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 29.512786] [ 29.512953] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 29.513068] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.513102] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.513186] Call Trace: [ 29.513236] <TASK> [ 29.513282] dump_stack_lvl+0x73/0xb0 [ 29.513360] print_report+0xd1/0x650 [ 29.513415] ? __virt_addr_valid+0x1db/0x2d0 [ 29.513483] ? kasan_atomics_helper+0x12e6/0x5450 [ 29.513535] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.513598] ? kasan_atomics_helper+0x12e6/0x5450 [ 29.513649] kasan_report+0x141/0x180 [ 29.513702] ? kasan_atomics_helper+0x12e6/0x5450 [ 29.513767] kasan_check_range+0x10c/0x1c0 [ 29.513821] __kasan_check_write+0x18/0x20 [ 29.513874] kasan_atomics_helper+0x12e6/0x5450 [ 29.513930] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.513986] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.514055] ? kasan_atomics+0x152/0x310 [ 29.514120] kasan_atomics+0x1dc/0x310 [ 29.514203] ? __pfx_kasan_atomics+0x10/0x10 [ 29.514265] ? __pfx_read_tsc+0x10/0x10 [ 29.514319] ? ktime_get_ts64+0x86/0x230 [ 29.514377] kunit_try_run_case+0x1a5/0x480 [ 29.514425] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.514481] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.514531] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.514605] ? __kthread_parkme+0x82/0x180 [ 29.514657] ? preempt_count_sub+0x50/0x80 [ 29.514708] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.514774] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.514826] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.514873] kthread+0x337/0x6f0 [ 29.514913] ? trace_preempt_on+0x20/0xc0 [ 29.514965] ? __pfx_kthread+0x10/0x10 [ 29.515013] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.515064] ? calculate_sigpending+0x7b/0xa0 [ 29.515117] ? __pfx_kthread+0x10/0x10 [ 29.515201] ret_from_fork+0x116/0x1d0 [ 29.515251] ? __pfx_kthread+0x10/0x10 [ 29.515300] ret_from_fork_asm+0x1a/0x30 [ 29.515396] </TASK> [ 29.515431] [ 29.525040] Allocated by task 294: [ 29.525311] kasan_save_stack+0x45/0x70 [ 29.525700] kasan_save_track+0x18/0x40 [ 29.526057] kasan_save_alloc_info+0x3b/0x50 [ 29.526467] __kasan_kmalloc+0xb7/0xc0 [ 29.526790] __kmalloc_cache_noprof+0x189/0x420 [ 29.527196] kasan_atomics+0x95/0x310 [ 29.527512] kunit_try_run_case+0x1a5/0x480 [ 29.527873] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.528177] kthread+0x337/0x6f0 [ 29.528391] ret_from_fork+0x116/0x1d0 [ 29.528728] ret_from_fork_asm+0x1a/0x30 [ 29.529088] [ 29.529308] The buggy address belongs to the object at ffff888102338080 [ 29.529308] which belongs to the cache kmalloc-64 of size 64 [ 29.529732] The buggy address is located 0 bytes to the right of [ 29.529732] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 29.530202] [ 29.530320] The buggy address belongs to the physical page: [ 29.530655] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 29.531306] flags: 0x200000000000000(node=0|zone=2) [ 29.531733] page_type: f5(slab) [ 29.532028] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.532633] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.533252] page dumped because: kasan: bad access detected [ 29.533683] [ 29.533850] Memory state around the buggy address: [ 29.534242] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.534592] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.535110] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.535516] ^ [ 29.535705] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.535974] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.536549] ================================================================== [ 30.097424] ================================================================== [ 30.098403] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1d7a/0x5450 [ 30.099178] Write of size 8 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 30.099848] [ 30.100145] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 30.100281] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.100313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.100365] Call Trace: [ 30.100436] <TASK> [ 30.100499] dump_stack_lvl+0x73/0xb0 [ 30.100574] print_report+0xd1/0x650 [ 30.100608] ? __virt_addr_valid+0x1db/0x2d0 [ 30.100638] ? kasan_atomics_helper+0x1d7a/0x5450 [ 30.100663] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.100693] ? kasan_atomics_helper+0x1d7a/0x5450 [ 30.100726] kasan_report+0x141/0x180 [ 30.100768] ? kasan_atomics_helper+0x1d7a/0x5450 [ 30.100804] kasan_check_range+0x10c/0x1c0 [ 30.100831] __kasan_check_write+0x18/0x20 [ 30.100859] kasan_atomics_helper+0x1d7a/0x5450 [ 30.100884] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.100908] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.100937] ? kasan_atomics+0x152/0x310 [ 30.100967] kasan_atomics+0x1dc/0x310 [ 30.100992] ? __pfx_kasan_atomics+0x10/0x10 [ 30.101019] ? __pfx_read_tsc+0x10/0x10 [ 30.101045] ? ktime_get_ts64+0x86/0x230 [ 30.101076] kunit_try_run_case+0x1a5/0x480 [ 30.101105] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.101130] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.101167] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.101203] ? __kthread_parkme+0x82/0x180 [ 30.101228] ? preempt_count_sub+0x50/0x80 [ 30.101255] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.101282] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.101309] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.101336] kthread+0x337/0x6f0 [ 30.101358] ? trace_preempt_on+0x20/0xc0 [ 30.101385] ? __pfx_kthread+0x10/0x10 [ 30.101409] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.101432] ? calculate_sigpending+0x7b/0xa0 [ 30.101484] ? __pfx_kthread+0x10/0x10 [ 30.101509] ret_from_fork+0x116/0x1d0 [ 30.101532] ? __pfx_kthread+0x10/0x10 [ 30.101555] ret_from_fork_asm+0x1a/0x30 [ 30.101590] </TASK> [ 30.101604] [ 30.114343] Allocated by task 294: [ 30.114889] kasan_save_stack+0x45/0x70 [ 30.115407] kasan_save_track+0x18/0x40 [ 30.115689] kasan_save_alloc_info+0x3b/0x50 [ 30.116192] __kasan_kmalloc+0xb7/0xc0 [ 30.116639] __kmalloc_cache_noprof+0x189/0x420 [ 30.116928] kasan_atomics+0x95/0x310 [ 30.117087] kunit_try_run_case+0x1a5/0x480 [ 30.117497] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.118466] kthread+0x337/0x6f0 [ 30.118757] ret_from_fork+0x116/0x1d0 [ 30.118909] ret_from_fork_asm+0x1a/0x30 [ 30.119169] [ 30.119509] The buggy address belongs to the object at ffff888102338080 [ 30.119509] which belongs to the cache kmalloc-64 of size 64 [ 30.120530] The buggy address is located 0 bytes to the right of [ 30.120530] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 30.121334] [ 30.121906] The buggy address belongs to the physical page: [ 30.122206] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 30.122756] flags: 0x200000000000000(node=0|zone=2) [ 30.123323] page_type: f5(slab) [ 30.123665] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.124072] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.124794] page dumped because: kasan: bad access detected [ 30.125223] [ 30.125359] Memory state around the buggy address: [ 30.125758] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.126651] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.127337] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.127686] ^ [ 30.128123] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.128875] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.129184] ================================================================== [ 28.832885] ================================================================== [ 28.834341] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x697/0x5450 [ 28.835213] Write of size 4 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 28.835712] [ 28.835912] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 28.836025] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.836054] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.836102] Call Trace: [ 28.836144] <TASK> [ 28.836185] dump_stack_lvl+0x73/0xb0 [ 28.836253] print_report+0xd1/0x650 [ 28.836303] ? __virt_addr_valid+0x1db/0x2d0 [ 28.836355] ? kasan_atomics_helper+0x697/0x5450 [ 28.836402] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.836466] ? kasan_atomics_helper+0x697/0x5450 [ 28.836517] kasan_report+0x141/0x180 [ 28.836562] ? kasan_atomics_helper+0x697/0x5450 [ 28.836617] kasan_check_range+0x10c/0x1c0 [ 28.836671] __kasan_check_write+0x18/0x20 [ 28.836721] kasan_atomics_helper+0x697/0x5450 [ 28.836765] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.836792] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.836822] ? kasan_atomics+0x152/0x310 [ 28.836851] kasan_atomics+0x1dc/0x310 [ 28.836882] ? __pfx_kasan_atomics+0x10/0x10 [ 28.836925] ? __pfx_read_tsc+0x10/0x10 [ 28.836967] ? ktime_get_ts64+0x86/0x230 [ 28.837026] kunit_try_run_case+0x1a5/0x480 [ 28.837078] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.837127] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.837175] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.837218] ? __kthread_parkme+0x82/0x180 [ 28.837262] ? preempt_count_sub+0x50/0x80 [ 28.837310] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.837355] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.837401] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.837463] kthread+0x337/0x6f0 [ 28.837513] ? trace_preempt_on+0x20/0xc0 [ 28.837569] ? __pfx_kthread+0x10/0x10 [ 28.837611] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.837642] ? calculate_sigpending+0x7b/0xa0 [ 28.837671] ? __pfx_kthread+0x10/0x10 [ 28.837696] ret_from_fork+0x116/0x1d0 [ 28.837718] ? __pfx_kthread+0x10/0x10 [ 28.837742] ret_from_fork_asm+0x1a/0x30 [ 28.837777] </TASK> [ 28.837792] [ 28.848944] Allocated by task 294: [ 28.849346] kasan_save_stack+0x45/0x70 [ 28.849773] kasan_save_track+0x18/0x40 [ 28.850050] kasan_save_alloc_info+0x3b/0x50 [ 28.850293] __kasan_kmalloc+0xb7/0xc0 [ 28.850480] __kmalloc_cache_noprof+0x189/0x420 [ 28.850682] kasan_atomics+0x95/0x310 [ 28.851009] kunit_try_run_case+0x1a5/0x480 [ 28.851265] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.851484] kthread+0x337/0x6f0 [ 28.851664] ret_from_fork+0x116/0x1d0 [ 28.851826] ret_from_fork_asm+0x1a/0x30 [ 28.852129] [ 28.852295] The buggy address belongs to the object at ffff888102338080 [ 28.852295] which belongs to the cache kmalloc-64 of size 64 [ 28.852879] The buggy address is located 0 bytes to the right of [ 28.852879] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 28.853590] [ 28.853756] The buggy address belongs to the physical page: [ 28.854049] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 28.854371] flags: 0x200000000000000(node=0|zone=2) [ 28.854608] page_type: f5(slab) [ 28.854780] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.855351] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.855936] page dumped because: kasan: bad access detected [ 28.856412] [ 28.856542] Memory state around the buggy address: [ 28.856749] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.857129] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.857651] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.858016] ^ [ 28.858386] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.858832] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.859190] ================================================================== [ 29.829951] ================================================================== [ 29.830873] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1818/0x5450 [ 29.831196] Write of size 8 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 29.831819] [ 29.832047] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 29.832161] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.832194] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.832314] Call Trace: [ 29.832361] <TASK> [ 29.832408] dump_stack_lvl+0x73/0xb0 [ 29.832492] print_report+0xd1/0x650 [ 29.832544] ? __virt_addr_valid+0x1db/0x2d0 [ 29.832601] ? kasan_atomics_helper+0x1818/0x5450 [ 29.832648] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.832709] ? kasan_atomics_helper+0x1818/0x5450 [ 29.832762] kasan_report+0x141/0x180 [ 29.832815] ? kasan_atomics_helper+0x1818/0x5450 [ 29.832876] kasan_check_range+0x10c/0x1c0 [ 29.832934] __kasan_check_write+0x18/0x20 [ 29.832989] kasan_atomics_helper+0x1818/0x5450 [ 29.833040] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.833093] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.833153] ? kasan_atomics+0x152/0x310 [ 29.833206] kasan_atomics+0x1dc/0x310 [ 29.833253] ? __pfx_kasan_atomics+0x10/0x10 [ 29.833296] ? __pfx_read_tsc+0x10/0x10 [ 29.833337] ? ktime_get_ts64+0x86/0x230 [ 29.833393] kunit_try_run_case+0x1a5/0x480 [ 29.833527] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.833623] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.833717] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.833771] ? __kthread_parkme+0x82/0x180 [ 29.833873] ? preempt_count_sub+0x50/0x80 [ 29.833971] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.834050] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.834108] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.834160] kthread+0x337/0x6f0 [ 29.834207] ? trace_preempt_on+0x20/0xc0 [ 29.834263] ? __pfx_kthread+0x10/0x10 [ 29.834314] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.834366] ? calculate_sigpending+0x7b/0xa0 [ 29.834425] ? __pfx_kthread+0x10/0x10 [ 29.834491] ret_from_fork+0x116/0x1d0 [ 29.834540] ? __pfx_kthread+0x10/0x10 [ 29.834592] ret_from_fork_asm+0x1a/0x30 [ 29.834669] </TASK> [ 29.834701] [ 29.846089] Allocated by task 294: [ 29.846593] kasan_save_stack+0x45/0x70 [ 29.847076] kasan_save_track+0x18/0x40 [ 29.847475] kasan_save_alloc_info+0x3b/0x50 [ 29.847949] __kasan_kmalloc+0xb7/0xc0 [ 29.848497] __kmalloc_cache_noprof+0x189/0x420 [ 29.848885] kasan_atomics+0x95/0x310 [ 29.849309] kunit_try_run_case+0x1a5/0x480 [ 29.849529] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.849758] kthread+0x337/0x6f0 [ 29.849933] ret_from_fork+0x116/0x1d0 [ 29.850122] ret_from_fork_asm+0x1a/0x30 [ 29.850523] [ 29.850815] The buggy address belongs to the object at ffff888102338080 [ 29.850815] which belongs to the cache kmalloc-64 of size 64 [ 29.852099] The buggy address is located 0 bytes to the right of [ 29.852099] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 29.852666] [ 29.852791] The buggy address belongs to the physical page: [ 29.853009] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 29.853521] flags: 0x200000000000000(node=0|zone=2) [ 29.854249] page_type: f5(slab) [ 29.854693] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.855392] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.855968] page dumped because: kasan: bad access detected [ 29.856481] [ 29.856612] Memory state around the buggy address: [ 29.856840] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.857522] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.857891] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.858633] ^ [ 29.858993] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.859372] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.859970] ================================================================== [ 28.684458] ================================================================== [ 28.684748] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b54/0x5450 [ 28.686014] Read of size 4 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 28.686756] [ 28.687007] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 28.687144] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.687193] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.687241] Call Trace: [ 28.687287] <TASK> [ 28.687333] dump_stack_lvl+0x73/0xb0 [ 28.687416] print_report+0xd1/0x650 [ 28.687483] ? __virt_addr_valid+0x1db/0x2d0 [ 28.687520] ? kasan_atomics_helper+0x4b54/0x5450 [ 28.687546] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.687576] ? kasan_atomics_helper+0x4b54/0x5450 [ 28.687602] kasan_report+0x141/0x180 [ 28.687626] ? kasan_atomics_helper+0x4b54/0x5450 [ 28.687656] __asan_report_load4_noabort+0x18/0x20 [ 28.687683] kasan_atomics_helper+0x4b54/0x5450 [ 28.687708] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.687734] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.687763] ? kasan_atomics+0x152/0x310 [ 28.687792] kasan_atomics+0x1dc/0x310 [ 28.687817] ? __pfx_kasan_atomics+0x10/0x10 [ 28.687845] ? __pfx_read_tsc+0x10/0x10 [ 28.687870] ? ktime_get_ts64+0x86/0x230 [ 28.687901] kunit_try_run_case+0x1a5/0x480 [ 28.687930] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.687956] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.687982] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.688007] ? __kthread_parkme+0x82/0x180 [ 28.688032] ? preempt_count_sub+0x50/0x80 [ 28.688059] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.688088] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.688115] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.688143] kthread+0x337/0x6f0 [ 28.688177] ? trace_preempt_on+0x20/0xc0 [ 28.688210] ? __pfx_kthread+0x10/0x10 [ 28.688235] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.688259] ? calculate_sigpending+0x7b/0xa0 [ 28.688287] ? __pfx_kthread+0x10/0x10 [ 28.688312] ret_from_fork+0x116/0x1d0 [ 28.688334] ? __pfx_kthread+0x10/0x10 [ 28.688357] ret_from_fork_asm+0x1a/0x30 [ 28.688393] </TASK> [ 28.688409] [ 28.699647] Allocated by task 294: [ 28.700063] kasan_save_stack+0x45/0x70 [ 28.700522] kasan_save_track+0x18/0x40 [ 28.700848] kasan_save_alloc_info+0x3b/0x50 [ 28.701244] __kasan_kmalloc+0xb7/0xc0 [ 28.701593] __kmalloc_cache_noprof+0x189/0x420 [ 28.701949] kasan_atomics+0x95/0x310 [ 28.702363] kunit_try_run_case+0x1a5/0x480 [ 28.702655] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.703087] kthread+0x337/0x6f0 [ 28.703507] ret_from_fork+0x116/0x1d0 [ 28.703935] ret_from_fork_asm+0x1a/0x30 [ 28.704372] [ 28.704563] The buggy address belongs to the object at ffff888102338080 [ 28.704563] which belongs to the cache kmalloc-64 of size 64 [ 28.705340] The buggy address is located 0 bytes to the right of [ 28.705340] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 28.706351] [ 28.706564] The buggy address belongs to the physical page: [ 28.707032] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 28.707461] flags: 0x200000000000000(node=0|zone=2) [ 28.707867] page_type: f5(slab) [ 28.708185] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.708711] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.709299] page dumped because: kasan: bad access detected [ 28.709706] [ 28.709813] Memory state around the buggy address: [ 28.710204] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.710631] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.711190] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.711534] ^ [ 28.711932] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.712358] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.712833] ================================================================== [ 28.861560] ================================================================== [ 28.862548] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x72f/0x5450 [ 28.862928] Write of size 4 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 28.863504] [ 28.863712] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 28.863823] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.863852] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.863901] Call Trace: [ 28.863947] <TASK> [ 28.863991] dump_stack_lvl+0x73/0xb0 [ 28.864061] print_report+0xd1/0x650 [ 28.864115] ? __virt_addr_valid+0x1db/0x2d0 [ 28.864164] ? kasan_atomics_helper+0x72f/0x5450 [ 28.864205] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.864256] ? kasan_atomics_helper+0x72f/0x5450 [ 28.864301] kasan_report+0x141/0x180 [ 28.864344] ? kasan_atomics_helper+0x72f/0x5450 [ 28.864401] kasan_check_range+0x10c/0x1c0 [ 28.864465] __kasan_check_write+0x18/0x20 [ 28.864518] kasan_atomics_helper+0x72f/0x5450 [ 28.864567] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.864617] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.864677] ? kasan_atomics+0x152/0x310 [ 28.864739] kasan_atomics+0x1dc/0x310 [ 28.864785] ? __pfx_kasan_atomics+0x10/0x10 [ 28.864832] ? __pfx_read_tsc+0x10/0x10 [ 28.864877] ? ktime_get_ts64+0x86/0x230 [ 28.864932] kunit_try_run_case+0x1a5/0x480 [ 28.864990] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.865044] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.865099] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.865153] ? __kthread_parkme+0x82/0x180 [ 28.865204] ? preempt_count_sub+0x50/0x80 [ 28.865246] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.865286] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.865326] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.865364] kthread+0x337/0x6f0 [ 28.865398] ? trace_preempt_on+0x20/0xc0 [ 28.865437] ? __pfx_kthread+0x10/0x10 [ 28.865490] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.865515] ? calculate_sigpending+0x7b/0xa0 [ 28.865543] ? __pfx_kthread+0x10/0x10 [ 28.865567] ret_from_fork+0x116/0x1d0 [ 28.865590] ? __pfx_kthread+0x10/0x10 [ 28.865613] ret_from_fork_asm+0x1a/0x30 [ 28.865648] </TASK> [ 28.865664] [ 28.878008] Allocated by task 294: [ 28.878247] kasan_save_stack+0x45/0x70 [ 28.878491] kasan_save_track+0x18/0x40 [ 28.878793] kasan_save_alloc_info+0x3b/0x50 [ 28.879154] __kasan_kmalloc+0xb7/0xc0 [ 28.879429] __kmalloc_cache_noprof+0x189/0x420 [ 28.879645] kasan_atomics+0x95/0x310 [ 28.879936] kunit_try_run_case+0x1a5/0x480 [ 28.880333] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.880616] kthread+0x337/0x6f0 [ 28.880832] ret_from_fork+0x116/0x1d0 [ 28.881089] ret_from_fork_asm+0x1a/0x30 [ 28.881384] [ 28.881556] The buggy address belongs to the object at ffff888102338080 [ 28.881556] which belongs to the cache kmalloc-64 of size 64 [ 28.882160] The buggy address is located 0 bytes to the right of [ 28.882160] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 28.882700] [ 28.882827] The buggy address belongs to the physical page: [ 28.883198] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 28.883889] flags: 0x200000000000000(node=0|zone=2) [ 28.884226] page_type: f5(slab) [ 28.884517] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.884851] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.885495] page dumped because: kasan: bad access detected [ 28.885715] [ 28.885819] Memory state around the buggy address: [ 28.886019] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.886288] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.886868] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.887401] ^ [ 28.887854] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.888447] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.888697] ================================================================== [ 29.769104] ================================================================== [ 29.769753] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16e7/0x5450 [ 29.770127] Write of size 8 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 29.770635] [ 29.770861] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 29.771066] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.771149] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.771243] Call Trace: [ 29.771304] <TASK> [ 29.771353] dump_stack_lvl+0x73/0xb0 [ 29.771423] print_report+0xd1/0x650 [ 29.771489] ? __virt_addr_valid+0x1db/0x2d0 [ 29.771547] ? kasan_atomics_helper+0x16e7/0x5450 [ 29.771601] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.771664] ? kasan_atomics_helper+0x16e7/0x5450 [ 29.771716] kasan_report+0x141/0x180 [ 29.771772] ? kasan_atomics_helper+0x16e7/0x5450 [ 29.771833] kasan_check_range+0x10c/0x1c0 [ 29.771890] __kasan_check_write+0x18/0x20 [ 29.771945] kasan_atomics_helper+0x16e7/0x5450 [ 29.772002] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.772047] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.772101] ? kasan_atomics+0x152/0x310 [ 29.772156] kasan_atomics+0x1dc/0x310 [ 29.772206] ? __pfx_kasan_atomics+0x10/0x10 [ 29.772263] ? __pfx_read_tsc+0x10/0x10 [ 29.772316] ? ktime_get_ts64+0x86/0x230 [ 29.772379] kunit_try_run_case+0x1a5/0x480 [ 29.772448] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.772504] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.772552] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.772581] ? __kthread_parkme+0x82/0x180 [ 29.772607] ? preempt_count_sub+0x50/0x80 [ 29.772634] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.772661] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.772688] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.772715] kthread+0x337/0x6f0 [ 29.772738] ? trace_preempt_on+0x20/0xc0 [ 29.772765] ? __pfx_kthread+0x10/0x10 [ 29.772789] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.772814] ? calculate_sigpending+0x7b/0xa0 [ 29.772842] ? __pfx_kthread+0x10/0x10 [ 29.772866] ret_from_fork+0x116/0x1d0 [ 29.772890] ? __pfx_kthread+0x10/0x10 [ 29.772913] ret_from_fork_asm+0x1a/0x30 [ 29.772947] </TASK> [ 29.772963] [ 29.784264] Allocated by task 294: [ 29.784722] kasan_save_stack+0x45/0x70 [ 29.785184] kasan_save_track+0x18/0x40 [ 29.785492] kasan_save_alloc_info+0x3b/0x50 [ 29.785696] __kasan_kmalloc+0xb7/0xc0 [ 29.785875] __kmalloc_cache_noprof+0x189/0x420 [ 29.786088] kasan_atomics+0x95/0x310 [ 29.786571] kunit_try_run_case+0x1a5/0x480 [ 29.787062] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.787552] kthread+0x337/0x6f0 [ 29.787902] ret_from_fork+0x116/0x1d0 [ 29.788386] ret_from_fork_asm+0x1a/0x30 [ 29.788742] [ 29.788966] The buggy address belongs to the object at ffff888102338080 [ 29.788966] which belongs to the cache kmalloc-64 of size 64 [ 29.789540] The buggy address is located 0 bytes to the right of [ 29.789540] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 29.789965] [ 29.790092] The buggy address belongs to the physical page: [ 29.790668] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 29.791423] flags: 0x200000000000000(node=0|zone=2) [ 29.791955] page_type: f5(slab) [ 29.792387] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.793058] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.793746] page dumped because: kasan: bad access detected [ 29.794264] [ 29.794457] Memory state around the buggy address: [ 29.794982] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.795392] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.795664] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.795926] ^ [ 29.796125] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.796680] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.797196] ================================================================== [ 29.679618] ================================================================== [ 29.680049] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x151d/0x5450 [ 29.681541] Write of size 8 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 29.682372] [ 29.682841] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 29.682935] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.682953] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.682982] Call Trace: [ 29.683008] <TASK> [ 29.683036] dump_stack_lvl+0x73/0xb0 [ 29.683085] print_report+0xd1/0x650 [ 29.683112] ? __virt_addr_valid+0x1db/0x2d0 [ 29.683142] ? kasan_atomics_helper+0x151d/0x5450 [ 29.683183] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.683235] ? kasan_atomics_helper+0x151d/0x5450 [ 29.683284] kasan_report+0x141/0x180 [ 29.683336] ? kasan_atomics_helper+0x151d/0x5450 [ 29.683370] kasan_check_range+0x10c/0x1c0 [ 29.683398] __kasan_check_write+0x18/0x20 [ 29.683425] kasan_atomics_helper+0x151d/0x5450 [ 29.683472] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.683500] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.683531] ? kasan_atomics+0x152/0x310 [ 29.683561] kasan_atomics+0x1dc/0x310 [ 29.683587] ? __pfx_kasan_atomics+0x10/0x10 [ 29.683614] ? __pfx_read_tsc+0x10/0x10 [ 29.683640] ? ktime_get_ts64+0x86/0x230 [ 29.683670] kunit_try_run_case+0x1a5/0x480 [ 29.683700] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.683725] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.683751] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.683777] ? __kthread_parkme+0x82/0x180 [ 29.683801] ? preempt_count_sub+0x50/0x80 [ 29.683828] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.683854] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.683880] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.683907] kthread+0x337/0x6f0 [ 29.683929] ? trace_preempt_on+0x20/0xc0 [ 29.683955] ? __pfx_kthread+0x10/0x10 [ 29.683978] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.684002] ? calculate_sigpending+0x7b/0xa0 [ 29.684029] ? __pfx_kthread+0x10/0x10 [ 29.684054] ret_from_fork+0x116/0x1d0 [ 29.684076] ? __pfx_kthread+0x10/0x10 [ 29.684099] ret_from_fork_asm+0x1a/0x30 [ 29.684135] </TASK> [ 29.684158] [ 29.696155] Allocated by task 294: [ 29.696351] kasan_save_stack+0x45/0x70 [ 29.696595] kasan_save_track+0x18/0x40 [ 29.696818] kasan_save_alloc_info+0x3b/0x50 [ 29.697046] __kasan_kmalloc+0xb7/0xc0 [ 29.698224] __kmalloc_cache_noprof+0x189/0x420 [ 29.698506] kasan_atomics+0x95/0x310 [ 29.698684] kunit_try_run_case+0x1a5/0x480 [ 29.699034] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.699487] kthread+0x337/0x6f0 [ 29.700134] ret_from_fork+0x116/0x1d0 [ 29.700544] ret_from_fork_asm+0x1a/0x30 [ 29.700919] [ 29.701108] The buggy address belongs to the object at ffff888102338080 [ 29.701108] which belongs to the cache kmalloc-64 of size 64 [ 29.701919] The buggy address is located 0 bytes to the right of [ 29.701919] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 29.702778] [ 29.703008] The buggy address belongs to the physical page: [ 29.703640] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 29.704171] flags: 0x200000000000000(node=0|zone=2) [ 29.704621] page_type: f5(slab) [ 29.704833] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.705426] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.705869] page dumped because: kasan: bad access detected [ 29.706199] [ 29.706330] Memory state around the buggy address: [ 29.706543] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.707070] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.707498] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.708061] ^ [ 29.708314] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.708774] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.709352] ================================================================== [ 30.363208] ================================================================== [ 30.364271] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x218a/0x5450 [ 30.364656] Write of size 8 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 30.365183] [ 30.365399] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 30.365542] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.365574] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.365626] Call Trace: [ 30.365673] <TASK> [ 30.365720] dump_stack_lvl+0x73/0xb0 [ 30.365788] print_report+0xd1/0x650 [ 30.365862] ? __virt_addr_valid+0x1db/0x2d0 [ 30.365917] ? kasan_atomics_helper+0x218a/0x5450 [ 30.365966] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.366034] ? kasan_atomics_helper+0x218a/0x5450 [ 30.366085] kasan_report+0x141/0x180 [ 30.366156] ? kasan_atomics_helper+0x218a/0x5450 [ 30.366212] kasan_check_range+0x10c/0x1c0 [ 30.366270] __kasan_check_write+0x18/0x20 [ 30.366316] kasan_atomics_helper+0x218a/0x5450 [ 30.366367] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.366437] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.366504] ? kasan_atomics+0x152/0x310 [ 30.366563] kasan_atomics+0x1dc/0x310 [ 30.366610] ? __pfx_kasan_atomics+0x10/0x10 [ 30.366642] ? __pfx_read_tsc+0x10/0x10 [ 30.366676] ? ktime_get_ts64+0x86/0x230 [ 30.366726] kunit_try_run_case+0x1a5/0x480 [ 30.366779] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.366847] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.366901] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.366950] ? __kthread_parkme+0x82/0x180 [ 30.366998] ? preempt_count_sub+0x50/0x80 [ 30.367051] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.367122] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.367170] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.367220] kthread+0x337/0x6f0 [ 30.367261] ? trace_preempt_on+0x20/0xc0 [ 30.367306] ? __pfx_kthread+0x10/0x10 [ 30.367350] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.367392] ? calculate_sigpending+0x7b/0xa0 [ 30.367429] ? __pfx_kthread+0x10/0x10 [ 30.367475] ret_from_fork+0x116/0x1d0 [ 30.367500] ? __pfx_kthread+0x10/0x10 [ 30.367523] ret_from_fork_asm+0x1a/0x30 [ 30.367559] </TASK> [ 30.367574] [ 30.379042] Allocated by task 294: [ 30.379305] kasan_save_stack+0x45/0x70 [ 30.379546] kasan_save_track+0x18/0x40 [ 30.379866] kasan_save_alloc_info+0x3b/0x50 [ 30.380315] __kasan_kmalloc+0xb7/0xc0 [ 30.380684] __kmalloc_cache_noprof+0x189/0x420 [ 30.381075] kasan_atomics+0x95/0x310 [ 30.381523] kunit_try_run_case+0x1a5/0x480 [ 30.381906] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.382461] kthread+0x337/0x6f0 [ 30.382822] ret_from_fork+0x116/0x1d0 [ 30.383244] ret_from_fork_asm+0x1a/0x30 [ 30.383549] [ 30.383702] The buggy address belongs to the object at ffff888102338080 [ 30.383702] which belongs to the cache kmalloc-64 of size 64 [ 30.384704] The buggy address is located 0 bytes to the right of [ 30.384704] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 30.385464] [ 30.385662] The buggy address belongs to the physical page: [ 30.385945] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 30.386448] flags: 0x200000000000000(node=0|zone=2) [ 30.386769] page_type: f5(slab) [ 30.386928] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.387534] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.387887] page dumped because: kasan: bad access detected [ 30.388283] [ 30.388463] Memory state around the buggy address: [ 30.388773] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.389214] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.389611] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.390166] ^ [ 30.390461] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.390914] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.391430] ================================================================== [ 29.453131] ================================================================== [ 29.454592] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1217/0x5450 [ 29.455062] Write of size 4 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 29.455720] [ 29.455908] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 29.456013] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.456045] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.456096] Call Trace: [ 29.456143] <TASK> [ 29.456190] dump_stack_lvl+0x73/0xb0 [ 29.456266] print_report+0xd1/0x650 [ 29.456314] ? __virt_addr_valid+0x1db/0x2d0 [ 29.456366] ? kasan_atomics_helper+0x1217/0x5450 [ 29.456411] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.456522] ? kasan_atomics_helper+0x1217/0x5450 [ 29.456570] kasan_report+0x141/0x180 [ 29.456619] ? kasan_atomics_helper+0x1217/0x5450 [ 29.456674] kasan_check_range+0x10c/0x1c0 [ 29.456721] __kasan_check_write+0x18/0x20 [ 29.456773] kasan_atomics_helper+0x1217/0x5450 [ 29.456866] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.456917] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.456972] ? kasan_atomics+0x152/0x310 [ 29.457032] kasan_atomics+0x1dc/0x310 [ 29.457120] ? __pfx_kasan_atomics+0x10/0x10 [ 29.457170] ? __pfx_read_tsc+0x10/0x10 [ 29.457218] ? ktime_get_ts64+0x86/0x230 [ 29.457272] kunit_try_run_case+0x1a5/0x480 [ 29.457315] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.457341] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.457368] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.457394] ? __kthread_parkme+0x82/0x180 [ 29.457420] ? preempt_count_sub+0x50/0x80 [ 29.457470] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.457500] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.457529] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.457557] kthread+0x337/0x6f0 [ 29.457580] ? trace_preempt_on+0x20/0xc0 [ 29.457608] ? __pfx_kthread+0x10/0x10 [ 29.457631] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.457656] ? calculate_sigpending+0x7b/0xa0 [ 29.457684] ? __pfx_kthread+0x10/0x10 [ 29.457709] ret_from_fork+0x116/0x1d0 [ 29.457730] ? __pfx_kthread+0x10/0x10 [ 29.457754] ret_from_fork_asm+0x1a/0x30 [ 29.457789] </TASK> [ 29.457806] [ 29.469784] Allocated by task 294: [ 29.470130] kasan_save_stack+0x45/0x70 [ 29.470571] kasan_save_track+0x18/0x40 [ 29.470793] kasan_save_alloc_info+0x3b/0x50 [ 29.471140] __kasan_kmalloc+0xb7/0xc0 [ 29.471494] __kmalloc_cache_noprof+0x189/0x420 [ 29.471902] kasan_atomics+0x95/0x310 [ 29.472083] kunit_try_run_case+0x1a5/0x480 [ 29.472275] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.472649] kthread+0x337/0x6f0 [ 29.472992] ret_from_fork+0x116/0x1d0 [ 29.473425] ret_from_fork_asm+0x1a/0x30 [ 29.473788] [ 29.473985] The buggy address belongs to the object at ffff888102338080 [ 29.473985] which belongs to the cache kmalloc-64 of size 64 [ 29.474972] The buggy address is located 0 bytes to the right of [ 29.474972] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 29.475915] [ 29.476113] The buggy address belongs to the physical page: [ 29.476370] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 29.476686] flags: 0x200000000000000(node=0|zone=2) [ 29.476908] page_type: f5(slab) [ 29.477138] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.477764] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.478339] page dumped because: kasan: bad access detected [ 29.478777] [ 29.478944] Memory state around the buggy address: [ 29.479285] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.480396] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.480691] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.480958] ^ [ 29.481160] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.481426] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.481788] ================================================================== [ 29.651019] ================================================================== [ 29.651613] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x50d4/0x5450 [ 29.652007] Write of size 8 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 29.652546] [ 29.652766] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 29.652920] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.652971] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.653024] Call Trace: [ 29.653074] <TASK> [ 29.653119] dump_stack_lvl+0x73/0xb0 [ 29.653268] print_report+0xd1/0x650 [ 29.653350] ? __virt_addr_valid+0x1db/0x2d0 [ 29.653421] ? kasan_atomics_helper+0x50d4/0x5450 [ 29.653482] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.653538] ? kasan_atomics_helper+0x50d4/0x5450 [ 29.653588] kasan_report+0x141/0x180 [ 29.653690] ? kasan_atomics_helper+0x50d4/0x5450 [ 29.653757] __asan_report_store8_noabort+0x1b/0x30 [ 29.653818] kasan_atomics_helper+0x50d4/0x5450 [ 29.653871] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.653923] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.654021] ? kasan_atomics+0x152/0x310 [ 29.654097] kasan_atomics+0x1dc/0x310 [ 29.654157] ? __pfx_kasan_atomics+0x10/0x10 [ 29.654206] ? __pfx_read_tsc+0x10/0x10 [ 29.654235] ? ktime_get_ts64+0x86/0x230 [ 29.654267] kunit_try_run_case+0x1a5/0x480 [ 29.654298] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.654325] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.654352] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.654378] ? __kthread_parkme+0x82/0x180 [ 29.654403] ? preempt_count_sub+0x50/0x80 [ 29.654430] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.654483] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.654511] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.654538] kthread+0x337/0x6f0 [ 29.654560] ? trace_preempt_on+0x20/0xc0 [ 29.654588] ? __pfx_kthread+0x10/0x10 [ 29.654612] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.654636] ? calculate_sigpending+0x7b/0xa0 [ 29.654664] ? __pfx_kthread+0x10/0x10 [ 29.654688] ret_from_fork+0x116/0x1d0 [ 29.654711] ? __pfx_kthread+0x10/0x10 [ 29.654734] ret_from_fork_asm+0x1a/0x30 [ 29.654770] </TASK> [ 29.654786] [ 29.666339] Allocated by task 294: [ 29.666795] kasan_save_stack+0x45/0x70 [ 29.667180] kasan_save_track+0x18/0x40 [ 29.667521] kasan_save_alloc_info+0x3b/0x50 [ 29.667837] __kasan_kmalloc+0xb7/0xc0 [ 29.668108] __kmalloc_cache_noprof+0x189/0x420 [ 29.668527] kasan_atomics+0x95/0x310 [ 29.668734] kunit_try_run_case+0x1a5/0x480 [ 29.669138] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.669405] kthread+0x337/0x6f0 [ 29.669673] ret_from_fork+0x116/0x1d0 [ 29.669935] ret_from_fork_asm+0x1a/0x30 [ 29.670375] [ 29.670582] The buggy address belongs to the object at ffff888102338080 [ 29.670582] which belongs to the cache kmalloc-64 of size 64 [ 29.671575] The buggy address is located 0 bytes to the right of [ 29.671575] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 29.672295] [ 29.672411] The buggy address belongs to the physical page: [ 29.672639] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 29.672944] flags: 0x200000000000000(node=0|zone=2) [ 29.673141] page_type: f5(slab) [ 29.673426] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.673918] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.674406] page dumped because: kasan: bad access detected [ 29.674692] [ 29.674840] Memory state around the buggy address: [ 29.675108] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.675605] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.676012] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.676415] ^ [ 29.676777] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.677191] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.677625] ================================================================== [ 30.246846] ================================================================== [ 30.247889] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x2006/0x5450 [ 30.248660] Write of size 8 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 30.249284] [ 30.249542] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 30.249676] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.249710] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.249762] Call Trace: [ 30.249811] <TASK> [ 30.249855] dump_stack_lvl+0x73/0xb0 [ 30.249929] print_report+0xd1/0x650 [ 30.249985] ? __virt_addr_valid+0x1db/0x2d0 [ 30.250053] ? kasan_atomics_helper+0x2006/0x5450 [ 30.250106] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.250163] ? kasan_atomics_helper+0x2006/0x5450 [ 30.250211] kasan_report+0x141/0x180 [ 30.250257] ? kasan_atomics_helper+0x2006/0x5450 [ 30.250315] kasan_check_range+0x10c/0x1c0 [ 30.250371] __kasan_check_write+0x18/0x20 [ 30.250426] kasan_atomics_helper+0x2006/0x5450 [ 30.250493] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.250547] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.250602] ? kasan_atomics+0x152/0x310 [ 30.250698] kasan_atomics+0x1dc/0x310 [ 30.250768] ? __pfx_kasan_atomics+0x10/0x10 [ 30.250827] ? __pfx_read_tsc+0x10/0x10 [ 30.250880] ? ktime_get_ts64+0x86/0x230 [ 30.250947] kunit_try_run_case+0x1a5/0x480 [ 30.251010] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.251064] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.251121] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.251169] ? __kthread_parkme+0x82/0x180 [ 30.251214] ? preempt_count_sub+0x50/0x80 [ 30.251258] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.251300] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.251349] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.251399] kthread+0x337/0x6f0 [ 30.251488] ? trace_preempt_on+0x20/0xc0 [ 30.251564] ? __pfx_kthread+0x10/0x10 [ 30.251618] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.251672] ? calculate_sigpending+0x7b/0xa0 [ 30.251729] ? __pfx_kthread+0x10/0x10 [ 30.251785] ret_from_fork+0x116/0x1d0 [ 30.251831] ? __pfx_kthread+0x10/0x10 [ 30.251883] ret_from_fork_asm+0x1a/0x30 [ 30.251955] </TASK> [ 30.251987] [ 30.265437] Allocated by task 294: [ 30.265803] kasan_save_stack+0x45/0x70 [ 30.266106] kasan_save_track+0x18/0x40 [ 30.266331] kasan_save_alloc_info+0x3b/0x50 [ 30.266540] __kasan_kmalloc+0xb7/0xc0 [ 30.266819] __kmalloc_cache_noprof+0x189/0x420 [ 30.267261] kasan_atomics+0x95/0x310 [ 30.267623] kunit_try_run_case+0x1a5/0x480 [ 30.267994] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.268349] kthread+0x337/0x6f0 [ 30.268574] ret_from_fork+0x116/0x1d0 [ 30.268922] ret_from_fork_asm+0x1a/0x30 [ 30.269279] [ 30.269469] The buggy address belongs to the object at ffff888102338080 [ 30.269469] which belongs to the cache kmalloc-64 of size 64 [ 30.270294] The buggy address is located 0 bytes to the right of [ 30.270294] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 30.271570] [ 30.271947] The buggy address belongs to the physical page: [ 30.272225] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 30.272842] flags: 0x200000000000000(node=0|zone=2) [ 30.273072] page_type: f5(slab) [ 30.273288] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.273742] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.274372] page dumped because: kasan: bad access detected [ 30.274815] [ 30.274978] Memory state around the buggy address: [ 30.275322] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.275681] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.275952] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.276477] ^ [ 30.276871] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.277455] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.277819] ================================================================== [ 29.153107] ================================================================== [ 29.153934] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd47/0x5450 [ 29.154359] Write of size 4 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 29.154700] [ 29.154918] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 29.155057] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.155081] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.155121] Call Trace: [ 29.155160] <TASK> [ 29.155197] dump_stack_lvl+0x73/0xb0 [ 29.155248] print_report+0xd1/0x650 [ 29.155287] ? __virt_addr_valid+0x1db/0x2d0 [ 29.155332] ? kasan_atomics_helper+0xd47/0x5450 [ 29.155372] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.155425] ? kasan_atomics_helper+0xd47/0x5450 [ 29.155486] kasan_report+0x141/0x180 [ 29.155561] ? kasan_atomics_helper+0xd47/0x5450 [ 29.155631] kasan_check_range+0x10c/0x1c0 [ 29.155681] __kasan_check_write+0x18/0x20 [ 29.155722] kasan_atomics_helper+0xd47/0x5450 [ 29.155770] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.155818] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.155874] ? kasan_atomics+0x152/0x310 [ 29.155939] kasan_atomics+0x1dc/0x310 [ 29.155988] ? __pfx_kasan_atomics+0x10/0x10 [ 29.156044] ? __pfx_read_tsc+0x10/0x10 [ 29.156098] ? ktime_get_ts64+0x86/0x230 [ 29.156161] kunit_try_run_case+0x1a5/0x480 [ 29.156222] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.156275] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.156331] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.156388] ? __kthread_parkme+0x82/0x180 [ 29.156451] ? preempt_count_sub+0x50/0x80 [ 29.156514] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.156571] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.156629] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.156686] kthread+0x337/0x6f0 [ 29.156768] ? trace_preempt_on+0x20/0xc0 [ 29.156802] ? __pfx_kthread+0x10/0x10 [ 29.156827] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.156851] ? calculate_sigpending+0x7b/0xa0 [ 29.156880] ? __pfx_kthread+0x10/0x10 [ 29.156905] ret_from_fork+0x116/0x1d0 [ 29.156927] ? __pfx_kthread+0x10/0x10 [ 29.156950] ret_from_fork_asm+0x1a/0x30 [ 29.156985] </TASK> [ 29.157001] [ 29.166787] Allocated by task 294: [ 29.167071] kasan_save_stack+0x45/0x70 [ 29.167401] kasan_save_track+0x18/0x40 [ 29.167644] kasan_save_alloc_info+0x3b/0x50 [ 29.167874] __kasan_kmalloc+0xb7/0xc0 [ 29.168083] __kmalloc_cache_noprof+0x189/0x420 [ 29.168438] kasan_atomics+0x95/0x310 [ 29.168753] kunit_try_run_case+0x1a5/0x480 [ 29.169059] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.169452] kthread+0x337/0x6f0 [ 29.169849] ret_from_fork+0x116/0x1d0 [ 29.170175] ret_from_fork_asm+0x1a/0x30 [ 29.170516] [ 29.170671] The buggy address belongs to the object at ffff888102338080 [ 29.170671] which belongs to the cache kmalloc-64 of size 64 [ 29.171097] The buggy address is located 0 bytes to the right of [ 29.171097] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 29.172085] [ 29.172314] The buggy address belongs to the physical page: [ 29.172726] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 29.173185] flags: 0x200000000000000(node=0|zone=2) [ 29.173489] page_type: f5(slab) [ 29.173769] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.174121] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.174880] page dumped because: kasan: bad access detected [ 29.175334] [ 29.175488] Memory state around the buggy address: [ 29.175698] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.175968] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.176233] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.176535] ^ [ 29.177027] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.177625] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.178167] ================================================================== [ 28.525519] ================================================================== [ 28.526710] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4bbc/0x5450 [ 28.527383] Read of size 4 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 28.528147] [ 28.528335] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 28.528462] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.528490] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.528550] Call Trace: [ 28.528596] <TASK> [ 28.528639] dump_stack_lvl+0x73/0xb0 [ 28.528849] print_report+0xd1/0x650 [ 28.528916] ? __virt_addr_valid+0x1db/0x2d0 [ 28.528975] ? kasan_atomics_helper+0x4bbc/0x5450 [ 28.529017] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.529067] ? kasan_atomics_helper+0x4bbc/0x5450 [ 28.529112] kasan_report+0x141/0x180 [ 28.529156] ? kasan_atomics_helper+0x4bbc/0x5450 [ 28.529215] __asan_report_load4_noabort+0x18/0x20 [ 28.529283] kasan_atomics_helper+0x4bbc/0x5450 [ 28.529336] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.529382] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.529451] ? kasan_atomics+0x152/0x310 [ 28.529524] kasan_atomics+0x1dc/0x310 [ 28.529576] ? __pfx_kasan_atomics+0x10/0x10 [ 28.529725] ? __pfx_read_tsc+0x10/0x10 [ 28.529754] ? ktime_get_ts64+0x86/0x230 [ 28.529786] kunit_try_run_case+0x1a5/0x480 [ 28.529816] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.529840] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.529867] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.529893] ? __kthread_parkme+0x82/0x180 [ 28.529917] ? preempt_count_sub+0x50/0x80 [ 28.529944] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.529969] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.529994] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.530021] kthread+0x337/0x6f0 [ 28.530057] ? trace_preempt_on+0x20/0xc0 [ 28.530085] ? __pfx_kthread+0x10/0x10 [ 28.530109] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.530133] ? calculate_sigpending+0x7b/0xa0 [ 28.530170] ? __pfx_kthread+0x10/0x10 [ 28.530203] ret_from_fork+0x116/0x1d0 [ 28.530225] ? __pfx_kthread+0x10/0x10 [ 28.530248] ret_from_fork_asm+0x1a/0x30 [ 28.530282] </TASK> [ 28.530297] [ 28.544710] Allocated by task 294: [ 28.545020] kasan_save_stack+0x45/0x70 [ 28.545365] kasan_save_track+0x18/0x40 [ 28.545551] kasan_save_alloc_info+0x3b/0x50 [ 28.545754] __kasan_kmalloc+0xb7/0xc0 [ 28.546057] __kmalloc_cache_noprof+0x189/0x420 [ 28.547207] kasan_atomics+0x95/0x310 [ 28.547635] kunit_try_run_case+0x1a5/0x480 [ 28.547975] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.548429] kthread+0x337/0x6f0 [ 28.548743] ret_from_fork+0x116/0x1d0 [ 28.548906] ret_from_fork_asm+0x1a/0x30 [ 28.549162] [ 28.549317] The buggy address belongs to the object at ffff888102338080 [ 28.549317] which belongs to the cache kmalloc-64 of size 64 [ 28.550785] The buggy address is located 0 bytes to the right of [ 28.550785] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 28.551960] [ 28.552097] The buggy address belongs to the physical page: [ 28.552626] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 28.553227] flags: 0x200000000000000(node=0|zone=2) [ 28.553861] page_type: f5(slab) [ 28.554052] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.554506] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.555201] page dumped because: kasan: bad access detected [ 28.555700] [ 28.555882] Memory state around the buggy address: [ 28.556142] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.556626] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.557234] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.557762] ^ [ 28.558339] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.558610] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.559149] ================================================================== [ 28.974454] ================================================================== [ 28.974958] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x992/0x5450 [ 28.975172] Write of size 4 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 28.975462] [ 28.975708] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 28.975851] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.975884] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.975931] Call Trace: [ 28.975976] <TASK> [ 28.976018] dump_stack_lvl+0x73/0xb0 [ 28.976089] print_report+0xd1/0x650 [ 28.976154] ? __virt_addr_valid+0x1db/0x2d0 [ 28.976226] ? kasan_atomics_helper+0x992/0x5450 [ 28.976280] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.976339] ? kasan_atomics_helper+0x992/0x5450 [ 28.976381] kasan_report+0x141/0x180 [ 28.976429] ? kasan_atomics_helper+0x992/0x5450 [ 28.976527] kasan_check_range+0x10c/0x1c0 [ 28.976577] __kasan_check_write+0x18/0x20 [ 28.976670] kasan_atomics_helper+0x992/0x5450 [ 28.976723] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.976793] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.976856] ? kasan_atomics+0x152/0x310 [ 28.976915] kasan_atomics+0x1dc/0x310 [ 28.976959] ? __pfx_kasan_atomics+0x10/0x10 [ 28.976992] ? __pfx_read_tsc+0x10/0x10 [ 28.977019] ? ktime_get_ts64+0x86/0x230 [ 28.977053] kunit_try_run_case+0x1a5/0x480 [ 28.977083] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.977108] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.977137] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.977178] ? __kthread_parkme+0x82/0x180 [ 28.977211] ? preempt_count_sub+0x50/0x80 [ 28.977239] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.977266] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.977294] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.977320] kthread+0x337/0x6f0 [ 28.977343] ? trace_preempt_on+0x20/0xc0 [ 28.977370] ? __pfx_kthread+0x10/0x10 [ 28.977394] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.977419] ? calculate_sigpending+0x7b/0xa0 [ 28.977469] ? __pfx_kthread+0x10/0x10 [ 28.977497] ret_from_fork+0x116/0x1d0 [ 28.977519] ? __pfx_kthread+0x10/0x10 [ 28.977543] ret_from_fork_asm+0x1a/0x30 [ 28.977579] </TASK> [ 28.977594] [ 28.991246] Allocated by task 294: [ 28.991691] kasan_save_stack+0x45/0x70 [ 28.992096] kasan_save_track+0x18/0x40 [ 28.992534] kasan_save_alloc_info+0x3b/0x50 [ 28.993147] __kasan_kmalloc+0xb7/0xc0 [ 28.993496] __kmalloc_cache_noprof+0x189/0x420 [ 28.994067] kasan_atomics+0x95/0x310 [ 28.994374] kunit_try_run_case+0x1a5/0x480 [ 28.994625] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.994959] kthread+0x337/0x6f0 [ 28.995301] ret_from_fork+0x116/0x1d0 [ 28.995732] ret_from_fork_asm+0x1a/0x30 [ 28.995987] [ 28.996105] The buggy address belongs to the object at ffff888102338080 [ 28.996105] which belongs to the cache kmalloc-64 of size 64 [ 28.996755] The buggy address is located 0 bytes to the right of [ 28.996755] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 28.997404] [ 28.997627] The buggy address belongs to the physical page: [ 28.998249] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 28.998887] flags: 0x200000000000000(node=0|zone=2) [ 28.999252] page_type: f5(slab) [ 28.999525] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.000103] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.000769] page dumped because: kasan: bad access detected [ 29.001292] [ 29.001493] Memory state around the buggy address: [ 29.001693] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.002015] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.002462] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.002864] ^ [ 29.003091] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.003753] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.004121] ================================================================== [ 29.214565] ================================================================== [ 29.215541] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe78/0x5450 [ 29.216246] Write of size 4 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 29.216503] [ 29.216770] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 29.216886] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.216917] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.216998] Call Trace: [ 29.217059] <TASK> [ 29.217108] dump_stack_lvl+0x73/0xb0 [ 29.217231] print_report+0xd1/0x650 [ 29.217288] ? __virt_addr_valid+0x1db/0x2d0 [ 29.217344] ? kasan_atomics_helper+0xe78/0x5450 [ 29.217396] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.217456] ? kasan_atomics_helper+0xe78/0x5450 [ 29.217505] kasan_report+0x141/0x180 [ 29.217584] ? kasan_atomics_helper+0xe78/0x5450 [ 29.217683] kasan_check_range+0x10c/0x1c0 [ 29.217753] __kasan_check_write+0x18/0x20 [ 29.217808] kasan_atomics_helper+0xe78/0x5450 [ 29.217862] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.217917] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.217966] ? kasan_atomics+0x152/0x310 [ 29.218006] kasan_atomics+0x1dc/0x310 [ 29.218043] ? __pfx_kasan_atomics+0x10/0x10 [ 29.218074] ? __pfx_read_tsc+0x10/0x10 [ 29.218100] ? ktime_get_ts64+0x86/0x230 [ 29.218133] kunit_try_run_case+0x1a5/0x480 [ 29.218176] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.218215] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.218247] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.218274] ? __kthread_parkme+0x82/0x180 [ 29.218298] ? preempt_count_sub+0x50/0x80 [ 29.218326] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.218353] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.218380] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.218407] kthread+0x337/0x6f0 [ 29.218430] ? trace_preempt_on+0x20/0xc0 [ 29.218479] ? __pfx_kthread+0x10/0x10 [ 29.218505] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.218530] ? calculate_sigpending+0x7b/0xa0 [ 29.218559] ? __pfx_kthread+0x10/0x10 [ 29.218584] ret_from_fork+0x116/0x1d0 [ 29.218606] ? __pfx_kthread+0x10/0x10 [ 29.218629] ret_from_fork_asm+0x1a/0x30 [ 29.218664] </TASK> [ 29.218680] [ 29.230678] Allocated by task 294: [ 29.231006] kasan_save_stack+0x45/0x70 [ 29.231331] kasan_save_track+0x18/0x40 [ 29.231640] kasan_save_alloc_info+0x3b/0x50 [ 29.232016] __kasan_kmalloc+0xb7/0xc0 [ 29.232365] __kmalloc_cache_noprof+0x189/0x420 [ 29.232588] kasan_atomics+0x95/0x310 [ 29.232964] kunit_try_run_case+0x1a5/0x480 [ 29.233393] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.233655] kthread+0x337/0x6f0 [ 29.233831] ret_from_fork+0x116/0x1d0 [ 29.233989] ret_from_fork_asm+0x1a/0x30 [ 29.234187] [ 29.234305] The buggy address belongs to the object at ffff888102338080 [ 29.234305] which belongs to the cache kmalloc-64 of size 64 [ 29.235141] The buggy address is located 0 bytes to the right of [ 29.235141] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 29.236294] [ 29.236571] The buggy address belongs to the physical page: [ 29.236863] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 29.237552] flags: 0x200000000000000(node=0|zone=2) [ 29.237937] page_type: f5(slab) [ 29.238343] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.238694] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.238958] page dumped because: kasan: bad access detected [ 29.239168] [ 29.239269] Memory state around the buggy address: [ 29.239484] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.239754] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.240075] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.241572] ^ [ 29.241871] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.242944] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.243405] ================================================================== [ 30.449253] ================================================================== [ 30.449871] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5115/0x5450 [ 30.451554] Read of size 8 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 30.452207] [ 30.452404] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 30.452964] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.453023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.453120] Call Trace: [ 30.453164] <TASK> [ 30.453202] dump_stack_lvl+0x73/0xb0 [ 30.453253] print_report+0xd1/0x650 [ 30.453281] ? __virt_addr_valid+0x1db/0x2d0 [ 30.453310] ? kasan_atomics_helper+0x5115/0x5450 [ 30.453336] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.453367] ? kasan_atomics_helper+0x5115/0x5450 [ 30.453391] kasan_report+0x141/0x180 [ 30.453417] ? kasan_atomics_helper+0x5115/0x5450 [ 30.453466] __asan_report_load8_noabort+0x18/0x20 [ 30.453499] kasan_atomics_helper+0x5115/0x5450 [ 30.453526] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.453551] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.453580] ? kasan_atomics+0x152/0x310 [ 30.453609] kasan_atomics+0x1dc/0x310 [ 30.453635] ? __pfx_kasan_atomics+0x10/0x10 [ 30.453662] ? __pfx_read_tsc+0x10/0x10 [ 30.453689] ? ktime_get_ts64+0x86/0x230 [ 30.453720] kunit_try_run_case+0x1a5/0x480 [ 30.453749] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.453775] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.453802] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.453828] ? __kthread_parkme+0x82/0x180 [ 30.453853] ? preempt_count_sub+0x50/0x80 [ 30.453880] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.453907] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.453933] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.453960] kthread+0x337/0x6f0 [ 30.453983] ? trace_preempt_on+0x20/0xc0 [ 30.454010] ? __pfx_kthread+0x10/0x10 [ 30.454046] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.454072] ? calculate_sigpending+0x7b/0xa0 [ 30.454101] ? __pfx_kthread+0x10/0x10 [ 30.454127] ret_from_fork+0x116/0x1d0 [ 30.454156] ? __pfx_kthread+0x10/0x10 [ 30.454190] ret_from_fork_asm+0x1a/0x30 [ 30.454224] </TASK> [ 30.454239] [ 30.465401] Allocated by task 294: [ 30.465705] kasan_save_stack+0x45/0x70 [ 30.466083] kasan_save_track+0x18/0x40 [ 30.466418] kasan_save_alloc_info+0x3b/0x50 [ 30.466842] __kasan_kmalloc+0xb7/0xc0 [ 30.467198] __kmalloc_cache_noprof+0x189/0x420 [ 30.467564] kasan_atomics+0x95/0x310 [ 30.467931] kunit_try_run_case+0x1a5/0x480 [ 30.468319] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.468714] kthread+0x337/0x6f0 [ 30.469018] ret_from_fork+0x116/0x1d0 [ 30.469331] ret_from_fork_asm+0x1a/0x30 [ 30.469574] [ 30.469768] The buggy address belongs to the object at ffff888102338080 [ 30.469768] which belongs to the cache kmalloc-64 of size 64 [ 30.470619] The buggy address is located 0 bytes to the right of [ 30.470619] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 30.471465] [ 30.471630] The buggy address belongs to the physical page: [ 30.472023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 30.472594] flags: 0x200000000000000(node=0|zone=2) [ 30.472941] page_type: f5(slab) [ 30.473315] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.473753] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.474317] page dumped because: kasan: bad access detected [ 30.474644] [ 30.474834] Memory state around the buggy address: [ 30.475255] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.475686] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.476136] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.476638] ^ [ 30.476943] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.477298] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.477751] ================================================================== [ 28.714252] ================================================================== [ 28.714798] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a0/0x5450 [ 28.715329] Write of size 4 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 28.715657] [ 28.715900] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 28.715991] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.716014] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.716053] Call Trace: [ 28.716090] <TASK> [ 28.716126] dump_stack_lvl+0x73/0xb0 [ 28.716207] print_report+0xd1/0x650 [ 28.716247] ? __virt_addr_valid+0x1db/0x2d0 [ 28.716286] ? kasan_atomics_helper+0x4a0/0x5450 [ 28.716320] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.716360] ? kasan_atomics_helper+0x4a0/0x5450 [ 28.716393] kasan_report+0x141/0x180 [ 28.716431] ? kasan_atomics_helper+0x4a0/0x5450 [ 28.716490] kasan_check_range+0x10c/0x1c0 [ 28.716534] __kasan_check_write+0x18/0x20 [ 28.716610] kasan_atomics_helper+0x4a0/0x5450 [ 28.716701] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.716782] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.716855] ? kasan_atomics+0x152/0x310 [ 28.716919] kasan_atomics+0x1dc/0x310 [ 28.716985] ? __pfx_kasan_atomics+0x10/0x10 [ 28.717034] ? __pfx_read_tsc+0x10/0x10 [ 28.717080] ? ktime_get_ts64+0x86/0x230 [ 28.717201] kunit_try_run_case+0x1a5/0x480 [ 28.717281] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.717339] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.717395] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.717464] ? __kthread_parkme+0x82/0x180 [ 28.717518] ? preempt_count_sub+0x50/0x80 [ 28.717574] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.717626] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.717710] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.717776] kthread+0x337/0x6f0 [ 28.717827] ? trace_preempt_on+0x20/0xc0 [ 28.717874] ? __pfx_kthread+0x10/0x10 [ 28.717901] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.717926] ? calculate_sigpending+0x7b/0xa0 [ 28.717955] ? __pfx_kthread+0x10/0x10 [ 28.717980] ret_from_fork+0x116/0x1d0 [ 28.718003] ? __pfx_kthread+0x10/0x10 [ 28.718037] ret_from_fork_asm+0x1a/0x30 [ 28.718080] </TASK> [ 28.718096] [ 28.729792] Allocated by task 294: [ 28.730020] kasan_save_stack+0x45/0x70 [ 28.730273] kasan_save_track+0x18/0x40 [ 28.730530] kasan_save_alloc_info+0x3b/0x50 [ 28.730887] __kasan_kmalloc+0xb7/0xc0 [ 28.731235] __kmalloc_cache_noprof+0x189/0x420 [ 28.731617] kasan_atomics+0x95/0x310 [ 28.731962] kunit_try_run_case+0x1a5/0x480 [ 28.732365] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.732854] kthread+0x337/0x6f0 [ 28.733195] ret_from_fork+0x116/0x1d0 [ 28.733523] ret_from_fork_asm+0x1a/0x30 [ 28.733764] [ 28.733868] The buggy address belongs to the object at ffff888102338080 [ 28.733868] which belongs to the cache kmalloc-64 of size 64 [ 28.734558] The buggy address is located 0 bytes to the right of [ 28.734558] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 28.735539] [ 28.735745] The buggy address belongs to the physical page: [ 28.736289] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 28.737016] flags: 0x200000000000000(node=0|zone=2) [ 28.737633] page_type: f5(slab) [ 28.737845] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.738662] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.738945] page dumped because: kasan: bad access detected [ 28.739374] [ 28.739510] Memory state around the buggy address: [ 28.739816] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.740319] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.740986] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.741700] ^ [ 28.742096] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.742627] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.743036] ================================================================== [ 29.710506] ================================================================== [ 29.711116] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b6/0x5450 [ 29.711584] Write of size 8 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 29.711976] [ 29.712129] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 29.712276] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.712308] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.712357] Call Trace: [ 29.712404] <TASK> [ 29.712470] dump_stack_lvl+0x73/0xb0 [ 29.712545] print_report+0xd1/0x650 [ 29.712599] ? __virt_addr_valid+0x1db/0x2d0 [ 29.712656] ? kasan_atomics_helper+0x15b6/0x5450 [ 29.712699] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.712750] ? kasan_atomics_helper+0x15b6/0x5450 [ 29.712802] kasan_report+0x141/0x180 [ 29.712853] ? kasan_atomics_helper+0x15b6/0x5450 [ 29.712908] kasan_check_range+0x10c/0x1c0 [ 29.712956] __kasan_check_write+0x18/0x20 [ 29.713006] kasan_atomics_helper+0x15b6/0x5450 [ 29.713052] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.713115] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.713220] ? kasan_atomics+0x152/0x310 [ 29.713282] kasan_atomics+0x1dc/0x310 [ 29.713342] ? __pfx_kasan_atomics+0x10/0x10 [ 29.713413] ? __pfx_read_tsc+0x10/0x10 [ 29.713477] ? ktime_get_ts64+0x86/0x230 [ 29.713526] kunit_try_run_case+0x1a5/0x480 [ 29.713559] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.713585] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.713613] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.713645] ? __kthread_parkme+0x82/0x180 [ 29.713683] ? preempt_count_sub+0x50/0x80 [ 29.713731] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.713782] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.713842] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.713910] kthread+0x337/0x6f0 [ 29.713959] ? trace_preempt_on+0x20/0xc0 [ 29.714008] ? __pfx_kthread+0x10/0x10 [ 29.714065] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.714117] ? calculate_sigpending+0x7b/0xa0 [ 29.714215] ? __pfx_kthread+0x10/0x10 [ 29.714260] ret_from_fork+0x116/0x1d0 [ 29.714302] ? __pfx_kthread+0x10/0x10 [ 29.714332] ret_from_fork_asm+0x1a/0x30 [ 29.714370] </TASK> [ 29.714388] [ 29.724669] Allocated by task 294: [ 29.724904] kasan_save_stack+0x45/0x70 [ 29.725089] kasan_save_track+0x18/0x40 [ 29.725240] kasan_save_alloc_info+0x3b/0x50 [ 29.725398] __kasan_kmalloc+0xb7/0xc0 [ 29.727368] __kmalloc_cache_noprof+0x189/0x420 [ 29.728401] kasan_atomics+0x95/0x310 [ 29.728709] kunit_try_run_case+0x1a5/0x480 [ 29.728966] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.729797] kthread+0x337/0x6f0 [ 29.730011] ret_from_fork+0x116/0x1d0 [ 29.730242] ret_from_fork_asm+0x1a/0x30 [ 29.730815] [ 29.730930] The buggy address belongs to the object at ffff888102338080 [ 29.730930] which belongs to the cache kmalloc-64 of size 64 [ 29.731877] The buggy address is located 0 bytes to the right of [ 29.731877] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 29.732755] [ 29.733182] The buggy address belongs to the physical page: [ 29.733803] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 29.734541] flags: 0x200000000000000(node=0|zone=2) [ 29.734749] page_type: f5(slab) [ 29.735014] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.735686] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.736171] page dumped because: kasan: bad access detected [ 29.736588] [ 29.736697] Memory state around the buggy address: [ 29.737045] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.737654] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.738098] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.738557] ^ [ 29.738800] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.739468] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.739757] ================================================================== [ 28.561129] ================================================================== [ 28.561924] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4ba2/0x5450 [ 28.563187] Write of size 4 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 28.563461] [ 28.563594] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 28.564363] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.564397] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.564427] Call Trace: [ 28.564457] <TASK> [ 28.564484] dump_stack_lvl+0x73/0xb0 [ 28.564529] print_report+0xd1/0x650 [ 28.564565] ? __virt_addr_valid+0x1db/0x2d0 [ 28.564605] ? kasan_atomics_helper+0x4ba2/0x5450 [ 28.564692] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.564748] ? kasan_atomics_helper+0x4ba2/0x5450 [ 28.564776] kasan_report+0x141/0x180 [ 28.564801] ? kasan_atomics_helper+0x4ba2/0x5450 [ 28.564828] __asan_report_store4_noabort+0x1b/0x30 [ 28.564855] kasan_atomics_helper+0x4ba2/0x5450 [ 28.564879] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.564902] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.564930] ? kasan_atomics+0x152/0x310 [ 28.564957] kasan_atomics+0x1dc/0x310 [ 28.564982] ? __pfx_kasan_atomics+0x10/0x10 [ 28.565007] ? __pfx_read_tsc+0x10/0x10 [ 28.565031] ? ktime_get_ts64+0x86/0x230 [ 28.565060] kunit_try_run_case+0x1a5/0x480 [ 28.565088] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.565113] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.565138] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.565162] ? __kthread_parkme+0x82/0x180 [ 28.565186] ? preempt_count_sub+0x50/0x80 [ 28.565212] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.565237] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.565292] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.565318] kthread+0x337/0x6f0 [ 28.565339] ? trace_preempt_on+0x20/0xc0 [ 28.565366] ? __pfx_kthread+0x10/0x10 [ 28.565389] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.565411] ? calculate_sigpending+0x7b/0xa0 [ 28.565438] ? __pfx_kthread+0x10/0x10 [ 28.565483] ret_from_fork+0x116/0x1d0 [ 28.565505] ? __pfx_kthread+0x10/0x10 [ 28.565530] ret_from_fork_asm+0x1a/0x30 [ 28.565582] </TASK> [ 28.565603] [ 28.578265] Allocated by task 294: [ 28.578576] kasan_save_stack+0x45/0x70 [ 28.578810] kasan_save_track+0x18/0x40 [ 28.578988] kasan_save_alloc_info+0x3b/0x50 [ 28.579346] __kasan_kmalloc+0xb7/0xc0 [ 28.580538] __kmalloc_cache_noprof+0x189/0x420 [ 28.581013] kasan_atomics+0x95/0x310 [ 28.581411] kunit_try_run_case+0x1a5/0x480 [ 28.581936] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.582225] kthread+0x337/0x6f0 [ 28.582554] ret_from_fork+0x116/0x1d0 [ 28.582894] ret_from_fork_asm+0x1a/0x30 [ 28.583220] [ 28.583326] The buggy address belongs to the object at ffff888102338080 [ 28.583326] which belongs to the cache kmalloc-64 of size 64 [ 28.584134] The buggy address is located 0 bytes to the right of [ 28.584134] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 28.585200] [ 28.585464] The buggy address belongs to the physical page: [ 28.585983] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 28.586371] flags: 0x200000000000000(node=0|zone=2) [ 28.586597] page_type: f5(slab) [ 28.586769] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.587958] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.589123] page dumped because: kasan: bad access detected [ 28.589406] [ 28.589573] Memory state around the buggy address: [ 28.589916] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.590531] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.591297] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.592236] ^ [ 28.592788] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.593294] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.594517] ================================================================== [ 30.220996] ================================================================== [ 30.221536] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f71/0x5450 [ 30.222053] Read of size 8 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 30.222457] [ 30.222691] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 30.222818] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.222851] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.222900] Call Trace: [ 30.222957] <TASK> [ 30.223015] dump_stack_lvl+0x73/0xb0 [ 30.223086] print_report+0xd1/0x650 [ 30.223131] ? __virt_addr_valid+0x1db/0x2d0 [ 30.223219] ? kasan_atomics_helper+0x4f71/0x5450 [ 30.223275] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.223348] ? kasan_atomics_helper+0x4f71/0x5450 [ 30.223400] kasan_report+0x141/0x180 [ 30.223459] ? kasan_atomics_helper+0x4f71/0x5450 [ 30.223518] __asan_report_load8_noabort+0x18/0x20 [ 30.223580] kasan_atomics_helper+0x4f71/0x5450 [ 30.223640] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.223691] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.223747] ? kasan_atomics+0x152/0x310 [ 30.223783] kasan_atomics+0x1dc/0x310 [ 30.223812] ? __pfx_kasan_atomics+0x10/0x10 [ 30.223840] ? __pfx_read_tsc+0x10/0x10 [ 30.223866] ? ktime_get_ts64+0x86/0x230 [ 30.223897] kunit_try_run_case+0x1a5/0x480 [ 30.223925] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.223951] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.223977] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.224004] ? __kthread_parkme+0x82/0x180 [ 30.224028] ? preempt_count_sub+0x50/0x80 [ 30.224055] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.224082] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.224108] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.224134] kthread+0x337/0x6f0 [ 30.224187] ? trace_preempt_on+0x20/0xc0 [ 30.224217] ? __pfx_kthread+0x10/0x10 [ 30.224242] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.224266] ? calculate_sigpending+0x7b/0xa0 [ 30.224294] ? __pfx_kthread+0x10/0x10 [ 30.224319] ret_from_fork+0x116/0x1d0 [ 30.224340] ? __pfx_kthread+0x10/0x10 [ 30.224364] ret_from_fork_asm+0x1a/0x30 [ 30.224398] </TASK> [ 30.224413] [ 30.233798] Allocated by task 294: [ 30.234189] kasan_save_stack+0x45/0x70 [ 30.234618] kasan_save_track+0x18/0x40 [ 30.234902] kasan_save_alloc_info+0x3b/0x50 [ 30.235234] __kasan_kmalloc+0xb7/0xc0 [ 30.235584] __kmalloc_cache_noprof+0x189/0x420 [ 30.235855] kasan_atomics+0x95/0x310 [ 30.236179] kunit_try_run_case+0x1a5/0x480 [ 30.236400] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.236798] kthread+0x337/0x6f0 [ 30.237013] ret_from_fork+0x116/0x1d0 [ 30.237355] ret_from_fork_asm+0x1a/0x30 [ 30.237588] [ 30.237770] The buggy address belongs to the object at ffff888102338080 [ 30.237770] which belongs to the cache kmalloc-64 of size 64 [ 30.238403] The buggy address is located 0 bytes to the right of [ 30.238403] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 30.238960] [ 30.239149] The buggy address belongs to the physical page: [ 30.239582] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 30.240422] flags: 0x200000000000000(node=0|zone=2) [ 30.240638] page_type: f5(slab) [ 30.240859] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.241546] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.241934] page dumped because: kasan: bad access detected [ 30.242278] [ 30.242479] Memory state around the buggy address: [ 30.242915] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.243362] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.243962] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.244361] ^ [ 30.244666] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.245127] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.245595] ================================================================== [ 29.392922] ================================================================== [ 29.393508] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1148/0x5450 [ 29.394098] Write of size 4 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 29.394808] [ 29.395076] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 29.395229] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.395265] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.395319] Call Trace: [ 29.395364] <TASK> [ 29.395411] dump_stack_lvl+0x73/0xb0 [ 29.395588] print_report+0xd1/0x650 [ 29.395642] ? __virt_addr_valid+0x1db/0x2d0 [ 29.395699] ? kasan_atomics_helper+0x1148/0x5450 [ 29.395742] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.395801] ? kasan_atomics_helper+0x1148/0x5450 [ 29.395852] kasan_report+0x141/0x180 [ 29.395888] ? kasan_atomics_helper+0x1148/0x5450 [ 29.395918] kasan_check_range+0x10c/0x1c0 [ 29.395945] __kasan_check_write+0x18/0x20 [ 29.395972] kasan_atomics_helper+0x1148/0x5450 [ 29.395997] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.396023] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.396052] ? kasan_atomics+0x152/0x310 [ 29.396081] kasan_atomics+0x1dc/0x310 [ 29.396107] ? __pfx_kasan_atomics+0x10/0x10 [ 29.396134] ? __pfx_read_tsc+0x10/0x10 [ 29.396188] ? ktime_get_ts64+0x86/0x230 [ 29.396229] kunit_try_run_case+0x1a5/0x480 [ 29.396260] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.396285] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.396312] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.396339] ? __kthread_parkme+0x82/0x180 [ 29.396364] ? preempt_count_sub+0x50/0x80 [ 29.396391] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.396419] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.396464] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.396494] kthread+0x337/0x6f0 [ 29.396518] ? trace_preempt_on+0x20/0xc0 [ 29.396546] ? __pfx_kthread+0x10/0x10 [ 29.396570] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.396596] ? calculate_sigpending+0x7b/0xa0 [ 29.396626] ? __pfx_kthread+0x10/0x10 [ 29.396651] ret_from_fork+0x116/0x1d0 [ 29.396673] ? __pfx_kthread+0x10/0x10 [ 29.396697] ret_from_fork_asm+0x1a/0x30 [ 29.396734] </TASK> [ 29.396750] [ 29.408234] Allocated by task 294: [ 29.408499] kasan_save_stack+0x45/0x70 [ 29.408881] kasan_save_track+0x18/0x40 [ 29.409208] kasan_save_alloc_info+0x3b/0x50 [ 29.409632] __kasan_kmalloc+0xb7/0xc0 [ 29.409975] __kmalloc_cache_noprof+0x189/0x420 [ 29.410408] kasan_atomics+0x95/0x310 [ 29.410680] kunit_try_run_case+0x1a5/0x480 [ 29.411074] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.411619] kthread+0x337/0x6f0 [ 29.411989] ret_from_fork+0x116/0x1d0 [ 29.412401] ret_from_fork_asm+0x1a/0x30 [ 29.412738] [ 29.412858] The buggy address belongs to the object at ffff888102338080 [ 29.412858] which belongs to the cache kmalloc-64 of size 64 [ 29.413903] The buggy address is located 0 bytes to the right of [ 29.413903] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 29.414813] [ 29.414949] The buggy address belongs to the physical page: [ 29.415316] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 29.415741] flags: 0x200000000000000(node=0|zone=2) [ 29.416224] page_type: f5(slab) [ 29.416429] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.416961] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.417386] page dumped because: kasan: bad access detected [ 29.417892] [ 29.418062] Memory state around the buggy address: [ 29.418324] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.418867] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.419221] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.419772] ^ [ 29.420053] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.420493] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.420777] ================================================================== [ 29.484025] ================================================================== [ 29.484503] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49e8/0x5450 [ 29.485055] Read of size 4 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 29.485721] [ 29.486302] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 29.486501] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.486523] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.486554] Call Trace: [ 29.486580] <TASK> [ 29.486608] dump_stack_lvl+0x73/0xb0 [ 29.486653] print_report+0xd1/0x650 [ 29.486680] ? __virt_addr_valid+0x1db/0x2d0 [ 29.486708] ? kasan_atomics_helper+0x49e8/0x5450 [ 29.486733] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.486762] ? kasan_atomics_helper+0x49e8/0x5450 [ 29.486787] kasan_report+0x141/0x180 [ 29.486811] ? kasan_atomics_helper+0x49e8/0x5450 [ 29.486839] __asan_report_load4_noabort+0x18/0x20 [ 29.486866] kasan_atomics_helper+0x49e8/0x5450 [ 29.486891] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.486916] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.486944] ? kasan_atomics+0x152/0x310 [ 29.486973] kasan_atomics+0x1dc/0x310 [ 29.486998] ? __pfx_kasan_atomics+0x10/0x10 [ 29.487025] ? __pfx_read_tsc+0x10/0x10 [ 29.487049] ? ktime_get_ts64+0x86/0x230 [ 29.487081] kunit_try_run_case+0x1a5/0x480 [ 29.487109] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.487134] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.487173] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.487210] ? __kthread_parkme+0x82/0x180 [ 29.487235] ? preempt_count_sub+0x50/0x80 [ 29.487262] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.487290] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.487316] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.487343] kthread+0x337/0x6f0 [ 29.487365] ? trace_preempt_on+0x20/0xc0 [ 29.487392] ? __pfx_kthread+0x10/0x10 [ 29.487417] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.487461] ? calculate_sigpending+0x7b/0xa0 [ 29.487494] ? __pfx_kthread+0x10/0x10 [ 29.487520] ret_from_fork+0x116/0x1d0 [ 29.487544] ? __pfx_kthread+0x10/0x10 [ 29.487568] ret_from_fork_asm+0x1a/0x30 [ 29.487605] </TASK> [ 29.487620] [ 29.498638] Allocated by task 294: [ 29.499039] kasan_save_stack+0x45/0x70 [ 29.499379] kasan_save_track+0x18/0x40 [ 29.499700] kasan_save_alloc_info+0x3b/0x50 [ 29.499999] __kasan_kmalloc+0xb7/0xc0 [ 29.500326] __kmalloc_cache_noprof+0x189/0x420 [ 29.500702] kasan_atomics+0x95/0x310 [ 29.501040] kunit_try_run_case+0x1a5/0x480 [ 29.501350] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.501755] kthread+0x337/0x6f0 [ 29.502117] ret_from_fork+0x116/0x1d0 [ 29.502402] ret_from_fork_asm+0x1a/0x30 [ 29.502676] [ 29.502789] The buggy address belongs to the object at ffff888102338080 [ 29.502789] which belongs to the cache kmalloc-64 of size 64 [ 29.503261] The buggy address is located 0 bytes to the right of [ 29.503261] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 29.503704] [ 29.503826] The buggy address belongs to the physical page: [ 29.504083] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 29.504712] flags: 0x200000000000000(node=0|zone=2) [ 29.505123] page_type: f5(slab) [ 29.505460] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.505987] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.506311] page dumped because: kasan: bad access detected [ 29.506543] [ 29.506644] Memory state around the buggy address: [ 29.506852] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.507324] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.507871] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.508433] ^ [ 29.508832] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.509386] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.509855] ================================================================== [ 29.798953] ================================================================== [ 29.799785] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x177f/0x5450 [ 29.800369] Write of size 8 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 29.800661] [ 29.800810] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 29.800924] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.800958] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.801009] Call Trace: [ 29.801056] <TASK> [ 29.801105] dump_stack_lvl+0x73/0xb0 [ 29.801170] print_report+0xd1/0x650 [ 29.801228] ? __virt_addr_valid+0x1db/0x2d0 [ 29.801281] ? kasan_atomics_helper+0x177f/0x5450 [ 29.801333] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.801397] ? kasan_atomics_helper+0x177f/0x5450 [ 29.801459] kasan_report+0x141/0x180 [ 29.801499] ? kasan_atomics_helper+0x177f/0x5450 [ 29.801541] kasan_check_range+0x10c/0x1c0 [ 29.801579] __kasan_check_write+0x18/0x20 [ 29.801615] kasan_atomics_helper+0x177f/0x5450 [ 29.801650] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.801685] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.801724] ? kasan_atomics+0x152/0x310 [ 29.801763] kasan_atomics+0x1dc/0x310 [ 29.801798] ? __pfx_kasan_atomics+0x10/0x10 [ 29.801836] ? __pfx_read_tsc+0x10/0x10 [ 29.801870] ? ktime_get_ts64+0x86/0x230 [ 29.801913] kunit_try_run_case+0x1a5/0x480 [ 29.801954] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.801990] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.802041] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.802085] ? __kthread_parkme+0x82/0x180 [ 29.802127] ? preempt_count_sub+0x50/0x80 [ 29.802176] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.802224] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.802428] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.802572] kthread+0x337/0x6f0 [ 29.802616] ? trace_preempt_on+0x20/0xc0 [ 29.802658] ? __pfx_kthread+0x10/0x10 [ 29.802697] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.802739] ? calculate_sigpending+0x7b/0xa0 [ 29.802792] ? __pfx_kthread+0x10/0x10 [ 29.802838] ret_from_fork+0x116/0x1d0 [ 29.802884] ? __pfx_kthread+0x10/0x10 [ 29.802933] ret_from_fork_asm+0x1a/0x30 [ 29.802995] </TASK> [ 29.803022] [ 29.815060] Allocated by task 294: [ 29.815527] kasan_save_stack+0x45/0x70 [ 29.815988] kasan_save_track+0x18/0x40 [ 29.816496] kasan_save_alloc_info+0x3b/0x50 [ 29.816706] __kasan_kmalloc+0xb7/0xc0 [ 29.816888] __kmalloc_cache_noprof+0x189/0x420 [ 29.817096] kasan_atomics+0x95/0x310 [ 29.817468] kunit_try_run_case+0x1a5/0x480 [ 29.817902] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.818414] kthread+0x337/0x6f0 [ 29.818724] ret_from_fork+0x116/0x1d0 [ 29.819011] ret_from_fork_asm+0x1a/0x30 [ 29.819574] [ 29.819760] The buggy address belongs to the object at ffff888102338080 [ 29.819760] which belongs to the cache kmalloc-64 of size 64 [ 29.820660] The buggy address is located 0 bytes to the right of [ 29.820660] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 29.821169] [ 29.821288] The buggy address belongs to the physical page: [ 29.821573] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 29.822181] flags: 0x200000000000000(node=0|zone=2) [ 29.822667] page_type: f5(slab) [ 29.823058] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.823815] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.824485] page dumped because: kasan: bad access detected [ 29.824905] [ 29.825075] Memory state around the buggy address: [ 29.825603] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.826045] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.826573] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.826977] ^ [ 29.827380] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.828077] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.828666] ================================================================== [ 30.422156] ================================================================== [ 30.422564] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x224c/0x5450 [ 30.422989] Write of size 8 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 30.423362] [ 30.423602] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 30.423710] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.423741] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.423794] Call Trace: [ 30.423842] <TASK> [ 30.423887] dump_stack_lvl+0x73/0xb0 [ 30.423961] print_report+0xd1/0x650 [ 30.424010] ? __virt_addr_valid+0x1db/0x2d0 [ 30.424053] ? kasan_atomics_helper+0x224c/0x5450 [ 30.424100] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.424193] ? kasan_atomics_helper+0x224c/0x5450 [ 30.424251] kasan_report+0x141/0x180 [ 30.424306] ? kasan_atomics_helper+0x224c/0x5450 [ 30.424370] kasan_check_range+0x10c/0x1c0 [ 30.424428] __kasan_check_write+0x18/0x20 [ 30.424496] kasan_atomics_helper+0x224c/0x5450 [ 30.424553] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.424607] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.424661] ? kasan_atomics+0x152/0x310 [ 30.424711] kasan_atomics+0x1dc/0x310 [ 30.424759] ? __pfx_kasan_atomics+0x10/0x10 [ 30.424807] ? __pfx_read_tsc+0x10/0x10 [ 30.424849] ? ktime_get_ts64+0x86/0x230 [ 30.424905] kunit_try_run_case+0x1a5/0x480 [ 30.424961] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.425007] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.425055] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.425098] ? __kthread_parkme+0x82/0x180 [ 30.425179] ? preempt_count_sub+0x50/0x80 [ 30.425237] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.425297] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.425350] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.425384] kthread+0x337/0x6f0 [ 30.425410] ? trace_preempt_on+0x20/0xc0 [ 30.425454] ? __pfx_kthread+0x10/0x10 [ 30.425490] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.425515] ? calculate_sigpending+0x7b/0xa0 [ 30.425545] ? __pfx_kthread+0x10/0x10 [ 30.425570] ret_from_fork+0x116/0x1d0 [ 30.425594] ? __pfx_kthread+0x10/0x10 [ 30.425618] ret_from_fork_asm+0x1a/0x30 [ 30.425653] </TASK> [ 30.425668] [ 30.434331] Allocated by task 294: [ 30.434677] kasan_save_stack+0x45/0x70 [ 30.435025] kasan_save_track+0x18/0x40 [ 30.435398] kasan_save_alloc_info+0x3b/0x50 [ 30.435758] __kasan_kmalloc+0xb7/0xc0 [ 30.436078] __kmalloc_cache_noprof+0x189/0x420 [ 30.436480] kasan_atomics+0x95/0x310 [ 30.436780] kunit_try_run_case+0x1a5/0x480 [ 30.437133] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.437475] kthread+0x337/0x6f0 [ 30.437651] ret_from_fork+0x116/0x1d0 [ 30.437830] ret_from_fork_asm+0x1a/0x30 [ 30.438021] [ 30.438222] The buggy address belongs to the object at ffff888102338080 [ 30.438222] which belongs to the cache kmalloc-64 of size 64 [ 30.439098] The buggy address is located 0 bytes to the right of [ 30.439098] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 30.439946] [ 30.440120] The buggy address belongs to the physical page: [ 30.440437] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 30.440950] flags: 0x200000000000000(node=0|zone=2) [ 30.441271] page_type: f5(slab) [ 30.441625] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.441896] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.442487] page dumped because: kasan: bad access detected [ 30.442803] [ 30.442902] Memory state around the buggy address: [ 30.443247] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.443911] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.444286] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.444825] ^ [ 30.446743] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.447212] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.447524] ================================================================== [ 28.773955] ================================================================== [ 28.774316] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x565/0x5450 [ 28.775346] Write of size 4 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 28.775706] [ 28.775835] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 28.775936] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.775968] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.776020] Call Trace: [ 28.776067] <TASK> [ 28.776114] dump_stack_lvl+0x73/0xb0 [ 28.776188] print_report+0xd1/0x650 [ 28.776247] ? __virt_addr_valid+0x1db/0x2d0 [ 28.776303] ? kasan_atomics_helper+0x565/0x5450 [ 28.776353] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.776414] ? kasan_atomics_helper+0x565/0x5450 [ 28.776486] kasan_report+0x141/0x180 [ 28.776529] ? kasan_atomics_helper+0x565/0x5450 [ 28.776584] kasan_check_range+0x10c/0x1c0 [ 28.776636] __kasan_check_write+0x18/0x20 [ 28.776682] kasan_atomics_helper+0x565/0x5450 [ 28.776726] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.776774] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.776834] ? kasan_atomics+0x152/0x310 [ 28.776884] kasan_atomics+0x1dc/0x310 [ 28.776931] ? __pfx_kasan_atomics+0x10/0x10 [ 28.776983] ? __pfx_read_tsc+0x10/0x10 [ 28.777030] ? ktime_get_ts64+0x86/0x230 [ 28.777087] kunit_try_run_case+0x1a5/0x480 [ 28.777137] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.777184] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.777235] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.777288] ? __kthread_parkme+0x82/0x180 [ 28.777341] ? preempt_count_sub+0x50/0x80 [ 28.777393] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.777487] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.777540] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.777593] kthread+0x337/0x6f0 [ 28.777641] ? trace_preempt_on+0x20/0xc0 [ 28.777698] ? __pfx_kthread+0x10/0x10 [ 28.777740] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.777781] ? calculate_sigpending+0x7b/0xa0 [ 28.777812] ? __pfx_kthread+0x10/0x10 [ 28.777838] ret_from_fork+0x116/0x1d0 [ 28.777860] ? __pfx_kthread+0x10/0x10 [ 28.777885] ret_from_fork_asm+0x1a/0x30 [ 28.777920] </TASK> [ 28.777937] [ 28.786936] Allocated by task 294: [ 28.787148] kasan_save_stack+0x45/0x70 [ 28.787377] kasan_save_track+0x18/0x40 [ 28.787620] kasan_save_alloc_info+0x3b/0x50 [ 28.787970] __kasan_kmalloc+0xb7/0xc0 [ 28.788298] __kmalloc_cache_noprof+0x189/0x420 [ 28.788696] kasan_atomics+0x95/0x310 [ 28.789135] kunit_try_run_case+0x1a5/0x480 [ 28.789508] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.789828] kthread+0x337/0x6f0 [ 28.790005] ret_from_fork+0x116/0x1d0 [ 28.790266] ret_from_fork_asm+0x1a/0x30 [ 28.790601] [ 28.790766] The buggy address belongs to the object at ffff888102338080 [ 28.790766] which belongs to the cache kmalloc-64 of size 64 [ 28.791627] The buggy address is located 0 bytes to the right of [ 28.791627] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 28.792268] [ 28.792393] The buggy address belongs to the physical page: [ 28.792622] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 28.792914] flags: 0x200000000000000(node=0|zone=2) [ 28.793285] page_type: f5(slab) [ 28.793597] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.794152] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.794702] page dumped because: kasan: bad access detected [ 28.795080] [ 28.795260] Memory state around the buggy address: [ 28.795567] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.795904] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.796171] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.796708] ^ [ 28.797233] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.797614] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.797941] ================================================================== [ 29.422419] ================================================================== [ 29.423617] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a02/0x5450 [ 29.424008] Read of size 4 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 29.424652] [ 29.424898] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 29.425007] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.425036] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.425083] Call Trace: [ 29.425127] <TASK> [ 29.425213] dump_stack_lvl+0x73/0xb0 [ 29.425296] print_report+0xd1/0x650 [ 29.425350] ? __virt_addr_valid+0x1db/0x2d0 [ 29.425404] ? kasan_atomics_helper+0x4a02/0x5450 [ 29.425459] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.425499] ? kasan_atomics_helper+0x4a02/0x5450 [ 29.425525] kasan_report+0x141/0x180 [ 29.425550] ? kasan_atomics_helper+0x4a02/0x5450 [ 29.425579] __asan_report_load4_noabort+0x18/0x20 [ 29.425607] kasan_atomics_helper+0x4a02/0x5450 [ 29.425632] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.425657] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.425686] ? kasan_atomics+0x152/0x310 [ 29.425714] kasan_atomics+0x1dc/0x310 [ 29.425741] ? __pfx_kasan_atomics+0x10/0x10 [ 29.425767] ? __pfx_read_tsc+0x10/0x10 [ 29.425793] ? ktime_get_ts64+0x86/0x230 [ 29.425823] kunit_try_run_case+0x1a5/0x480 [ 29.425852] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.425878] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.425903] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.425929] ? __kthread_parkme+0x82/0x180 [ 29.425954] ? preempt_count_sub+0x50/0x80 [ 29.425980] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.426006] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.426049] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.426078] kthread+0x337/0x6f0 [ 29.426102] ? trace_preempt_on+0x20/0xc0 [ 29.426130] ? __pfx_kthread+0x10/0x10 [ 29.426180] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.426213] ? calculate_sigpending+0x7b/0xa0 [ 29.426242] ? __pfx_kthread+0x10/0x10 [ 29.426268] ret_from_fork+0x116/0x1d0 [ 29.426290] ? __pfx_kthread+0x10/0x10 [ 29.426315] ret_from_fork_asm+0x1a/0x30 [ 29.426351] </TASK> [ 29.426367] [ 29.435479] Allocated by task 294: [ 29.435834] kasan_save_stack+0x45/0x70 [ 29.436926] kasan_save_track+0x18/0x40 [ 29.437382] kasan_save_alloc_info+0x3b/0x50 [ 29.437778] __kasan_kmalloc+0xb7/0xc0 [ 29.438052] __kmalloc_cache_noprof+0x189/0x420 [ 29.440131] kasan_atomics+0x95/0x310 [ 29.440613] kunit_try_run_case+0x1a5/0x480 [ 29.441044] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.441493] kthread+0x337/0x6f0 [ 29.441813] ret_from_fork+0x116/0x1d0 [ 29.442209] ret_from_fork_asm+0x1a/0x30 [ 29.442559] [ 29.442739] The buggy address belongs to the object at ffff888102338080 [ 29.442739] which belongs to the cache kmalloc-64 of size 64 [ 29.443587] The buggy address is located 0 bytes to the right of [ 29.443587] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 29.444333] [ 29.444553] The buggy address belongs to the physical page: [ 29.445000] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 29.445652] flags: 0x200000000000000(node=0|zone=2) [ 29.446112] page_type: f5(slab) [ 29.446370] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.447028] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.447628] page dumped because: kasan: bad access detected [ 29.447954] [ 29.448200] Memory state around the buggy address: [ 29.448657] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.449131] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.449715] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.450327] ^ [ 29.450657] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.451065] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.451647] ================================================================== [ 28.654287] ================================================================== [ 28.654878] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df/0x5450 [ 28.655678] Read of size 4 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 28.655961] [ 28.656083] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 28.656189] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.656215] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.656264] Call Trace: [ 28.656307] <TASK> [ 28.656347] dump_stack_lvl+0x73/0xb0 [ 28.656417] print_report+0xd1/0x650 [ 28.656479] ? __virt_addr_valid+0x1db/0x2d0 [ 28.656529] ? kasan_atomics_helper+0x3df/0x5450 [ 28.656571] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.656602] ? kasan_atomics_helper+0x3df/0x5450 [ 28.656626] kasan_report+0x141/0x180 [ 28.656649] ? kasan_atomics_helper+0x3df/0x5450 [ 28.656676] kasan_check_range+0x10c/0x1c0 [ 28.656701] __kasan_check_read+0x15/0x20 [ 28.656726] kasan_atomics_helper+0x3df/0x5450 [ 28.656750] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.656774] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.656801] ? kasan_atomics+0x152/0x310 [ 28.656829] kasan_atomics+0x1dc/0x310 [ 28.656853] ? __pfx_kasan_atomics+0x10/0x10 [ 28.656881] ? __pfx_read_tsc+0x10/0x10 [ 28.656908] ? ktime_get_ts64+0x86/0x230 [ 28.656940] kunit_try_run_case+0x1a5/0x480 [ 28.656970] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.656995] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.657022] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.657048] ? __kthread_parkme+0x82/0x180 [ 28.657072] ? preempt_count_sub+0x50/0x80 [ 28.657100] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.657126] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.657153] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.657181] kthread+0x337/0x6f0 [ 28.657203] ? trace_preempt_on+0x20/0xc0 [ 28.657230] ? __pfx_kthread+0x10/0x10 [ 28.657255] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.657279] ? calculate_sigpending+0x7b/0xa0 [ 28.657307] ? __pfx_kthread+0x10/0x10 [ 28.657332] ret_from_fork+0x116/0x1d0 [ 28.657353] ? __pfx_kthread+0x10/0x10 [ 28.657376] ret_from_fork_asm+0x1a/0x30 [ 28.657411] </TASK> [ 28.657426] [ 28.670250] Allocated by task 294: [ 28.670648] kasan_save_stack+0x45/0x70 [ 28.671206] kasan_save_track+0x18/0x40 [ 28.671498] kasan_save_alloc_info+0x3b/0x50 [ 28.671716] __kasan_kmalloc+0xb7/0xc0 [ 28.672114] __kmalloc_cache_noprof+0x189/0x420 [ 28.672535] kasan_atomics+0x95/0x310 [ 28.672864] kunit_try_run_case+0x1a5/0x480 [ 28.673274] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.673733] kthread+0x337/0x6f0 [ 28.674117] ret_from_fork+0x116/0x1d0 [ 28.674500] ret_from_fork_asm+0x1a/0x30 [ 28.674745] [ 28.674992] The buggy address belongs to the object at ffff888102338080 [ 28.674992] which belongs to the cache kmalloc-64 of size 64 [ 28.675824] The buggy address is located 0 bytes to the right of [ 28.675824] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 28.676740] [ 28.676921] The buggy address belongs to the physical page: [ 28.677397] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 28.678001] flags: 0x200000000000000(node=0|zone=2) [ 28.678486] page_type: f5(slab) [ 28.678766] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.679311] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.679826] page dumped because: kasan: bad access detected [ 28.680244] [ 28.680365] Memory state around the buggy address: [ 28.680687] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.681091] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.681665] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.681976] ^ [ 28.682190] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.682754] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.683066] ================================================================== [ 29.741332] ================================================================== [ 29.741810] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x164f/0x5450 [ 29.742391] Write of size 8 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 29.742891] [ 29.743189] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 29.743308] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.743339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.743413] Call Trace: [ 29.743482] <TASK> [ 29.743529] dump_stack_lvl+0x73/0xb0 [ 29.743602] print_report+0xd1/0x650 [ 29.743655] ? __virt_addr_valid+0x1db/0x2d0 [ 29.743704] ? kasan_atomics_helper+0x164f/0x5450 [ 29.743751] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.743805] ? kasan_atomics_helper+0x164f/0x5450 [ 29.743856] kasan_report+0x141/0x180 [ 29.743903] ? kasan_atomics_helper+0x164f/0x5450 [ 29.743964] kasan_check_range+0x10c/0x1c0 [ 29.744016] __kasan_check_write+0x18/0x20 [ 29.744058] kasan_atomics_helper+0x164f/0x5450 [ 29.744112] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.744185] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.744287] ? kasan_atomics+0x152/0x310 [ 29.744369] kasan_atomics+0x1dc/0x310 [ 29.744452] ? __pfx_kasan_atomics+0x10/0x10 [ 29.744513] ? __pfx_read_tsc+0x10/0x10 [ 29.744555] ? ktime_get_ts64+0x86/0x230 [ 29.744588] kunit_try_run_case+0x1a5/0x480 [ 29.744620] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.744646] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.744674] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.744701] ? __kthread_parkme+0x82/0x180 [ 29.744726] ? preempt_count_sub+0x50/0x80 [ 29.744754] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.744782] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.744809] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.744836] kthread+0x337/0x6f0 [ 29.744858] ? trace_preempt_on+0x20/0xc0 [ 29.744886] ? __pfx_kthread+0x10/0x10 [ 29.744909] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.744934] ? calculate_sigpending+0x7b/0xa0 [ 29.744963] ? __pfx_kthread+0x10/0x10 [ 29.744988] ret_from_fork+0x116/0x1d0 [ 29.745011] ? __pfx_kthread+0x10/0x10 [ 29.745035] ret_from_fork_asm+0x1a/0x30 [ 29.745071] </TASK> [ 29.745086] [ 29.754271] Allocated by task 294: [ 29.754517] kasan_save_stack+0x45/0x70 [ 29.754754] kasan_save_track+0x18/0x40 [ 29.754935] kasan_save_alloc_info+0x3b/0x50 [ 29.755136] __kasan_kmalloc+0xb7/0xc0 [ 29.756333] __kmalloc_cache_noprof+0x189/0x420 [ 29.756547] kasan_atomics+0x95/0x310 [ 29.756702] kunit_try_run_case+0x1a5/0x480 [ 29.756864] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.757055] kthread+0x337/0x6f0 [ 29.757513] ret_from_fork+0x116/0x1d0 [ 29.757714] ret_from_fork_asm+0x1a/0x30 [ 29.757904] [ 29.758012] The buggy address belongs to the object at ffff888102338080 [ 29.758012] which belongs to the cache kmalloc-64 of size 64 [ 29.759392] The buggy address is located 0 bytes to the right of [ 29.759392] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 29.760400] [ 29.760598] The buggy address belongs to the physical page: [ 29.761041] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 29.761912] flags: 0x200000000000000(node=0|zone=2) [ 29.762621] page_type: f5(slab) [ 29.762874] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.763138] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.763710] page dumped because: kasan: bad access detected [ 29.764033] [ 29.764657] Memory state around the buggy address: [ 29.764881] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.765249] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.765792] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.766629] ^ [ 29.766843] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.767426] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.767937] ================================================================== [ 29.300842] ================================================================== [ 29.301867] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a36/0x5450 [ 29.302523] Read of size 4 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 29.302846] [ 29.302999] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 29.303116] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.303148] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.303200] Call Trace: [ 29.303248] <TASK> [ 29.303294] dump_stack_lvl+0x73/0xb0 [ 29.303375] print_report+0xd1/0x650 [ 29.303449] ? __virt_addr_valid+0x1db/0x2d0 [ 29.303497] ? kasan_atomics_helper+0x4a36/0x5450 [ 29.303546] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.303605] ? kasan_atomics_helper+0x4a36/0x5450 [ 29.303659] kasan_report+0x141/0x180 [ 29.303714] ? kasan_atomics_helper+0x4a36/0x5450 [ 29.303779] __asan_report_load4_noabort+0x18/0x20 [ 29.303840] kasan_atomics_helper+0x4a36/0x5450 [ 29.303897] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.303952] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.304013] ? kasan_atomics+0x152/0x310 [ 29.304078] kasan_atomics+0x1dc/0x310 [ 29.304132] ? __pfx_kasan_atomics+0x10/0x10 [ 29.304188] ? __pfx_read_tsc+0x10/0x10 [ 29.304239] ? ktime_get_ts64+0x86/0x230 [ 29.304303] kunit_try_run_case+0x1a5/0x480 [ 29.304364] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.304412] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.304464] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.304516] ? __kthread_parkme+0x82/0x180 [ 29.304552] ? preempt_count_sub+0x50/0x80 [ 29.304597] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.304642] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.304694] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.304741] kthread+0x337/0x6f0 [ 29.304797] ? trace_preempt_on+0x20/0xc0 [ 29.304872] ? __pfx_kthread+0x10/0x10 [ 29.304924] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.304975] ? calculate_sigpending+0x7b/0xa0 [ 29.305033] ? __pfx_kthread+0x10/0x10 [ 29.305086] ret_from_fork+0x116/0x1d0 [ 29.305132] ? __pfx_kthread+0x10/0x10 [ 29.305177] ret_from_fork_asm+0x1a/0x30 [ 29.305252] </TASK> [ 29.305297] [ 29.315321] Allocated by task 294: [ 29.315718] kasan_save_stack+0x45/0x70 [ 29.316048] kasan_save_track+0x18/0x40 [ 29.316372] kasan_save_alloc_info+0x3b/0x50 [ 29.316734] __kasan_kmalloc+0xb7/0xc0 [ 29.316989] __kmalloc_cache_noprof+0x189/0x420 [ 29.317491] kasan_atomics+0x95/0x310 [ 29.317777] kunit_try_run_case+0x1a5/0x480 [ 29.317993] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.318299] kthread+0x337/0x6f0 [ 29.318636] ret_from_fork+0x116/0x1d0 [ 29.318871] ret_from_fork_asm+0x1a/0x30 [ 29.319181] [ 29.319329] The buggy address belongs to the object at ffff888102338080 [ 29.319329] which belongs to the cache kmalloc-64 of size 64 [ 29.320031] The buggy address is located 0 bytes to the right of [ 29.320031] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 29.320899] [ 29.321022] The buggy address belongs to the physical page: [ 29.321238] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 29.321709] flags: 0x200000000000000(node=0|zone=2) [ 29.322139] page_type: f5(slab) [ 29.322433] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.323018] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.323808] page dumped because: kasan: bad access detected [ 29.324054] [ 29.324209] Memory state around the buggy address: [ 29.324476] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.324805] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.325301] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.325769] ^ [ 29.326012] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.326687] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.327016] ================================================================== [ 29.123432] ================================================================== [ 29.124552] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a84/0x5450 [ 29.125312] Read of size 4 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 29.125905] [ 29.126108] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 29.126289] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.126322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.126377] Call Trace: [ 29.126422] <TASK> [ 29.126475] dump_stack_lvl+0x73/0xb0 [ 29.126538] print_report+0xd1/0x650 [ 29.126566] ? __virt_addr_valid+0x1db/0x2d0 [ 29.126595] ? kasan_atomics_helper+0x4a84/0x5450 [ 29.126619] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.126649] ? kasan_atomics_helper+0x4a84/0x5450 [ 29.126674] kasan_report+0x141/0x180 [ 29.126698] ? kasan_atomics_helper+0x4a84/0x5450 [ 29.126727] __asan_report_load4_noabort+0x18/0x20 [ 29.126754] kasan_atomics_helper+0x4a84/0x5450 [ 29.126780] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.126804] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.126833] ? kasan_atomics+0x152/0x310 [ 29.126861] kasan_atomics+0x1dc/0x310 [ 29.126887] ? __pfx_kasan_atomics+0x10/0x10 [ 29.126914] ? __pfx_read_tsc+0x10/0x10 [ 29.126938] ? ktime_get_ts64+0x86/0x230 [ 29.126968] kunit_try_run_case+0x1a5/0x480 [ 29.126997] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.127021] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.127047] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.127073] ? __kthread_parkme+0x82/0x180 [ 29.127098] ? preempt_count_sub+0x50/0x80 [ 29.127124] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.127174] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.127214] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.127240] kthread+0x337/0x6f0 [ 29.127263] ? trace_preempt_on+0x20/0xc0 [ 29.127291] ? __pfx_kthread+0x10/0x10 [ 29.127316] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.127339] ? calculate_sigpending+0x7b/0xa0 [ 29.127368] ? __pfx_kthread+0x10/0x10 [ 29.127393] ret_from_fork+0x116/0x1d0 [ 29.127414] ? __pfx_kthread+0x10/0x10 [ 29.127438] ret_from_fork_asm+0x1a/0x30 [ 29.127494] </TASK> [ 29.127510] [ 29.140307] Allocated by task 294: [ 29.141010] kasan_save_stack+0x45/0x70 [ 29.141466] kasan_save_track+0x18/0x40 [ 29.141751] kasan_save_alloc_info+0x3b/0x50 [ 29.141969] __kasan_kmalloc+0xb7/0xc0 [ 29.142358] __kmalloc_cache_noprof+0x189/0x420 [ 29.142676] kasan_atomics+0x95/0x310 [ 29.142970] kunit_try_run_case+0x1a5/0x480 [ 29.143215] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.143506] kthread+0x337/0x6f0 [ 29.143695] ret_from_fork+0x116/0x1d0 [ 29.143986] ret_from_fork_asm+0x1a/0x30 [ 29.144348] [ 29.144510] The buggy address belongs to the object at ffff888102338080 [ 29.144510] which belongs to the cache kmalloc-64 of size 64 [ 29.145170] The buggy address is located 0 bytes to the right of [ 29.145170] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 29.145818] [ 29.145983] The buggy address belongs to the physical page: [ 29.146294] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 29.146886] flags: 0x200000000000000(node=0|zone=2) [ 29.147186] page_type: f5(slab) [ 29.147367] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.147913] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.148347] page dumped because: kasan: bad access detected [ 29.148679] [ 29.148847] Memory state around the buggy address: [ 29.149078] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.149382] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.149985] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.150561] ^ [ 29.150906] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.151210] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.151761] ================================================================== [ 28.799923] ================================================================== [ 28.800706] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5fe/0x5450 [ 28.801342] Write of size 4 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 28.801694] [ 28.801886] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 28.801980] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.802007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.802061] Call Trace: [ 28.802102] <TASK> [ 28.802138] dump_stack_lvl+0x73/0xb0 [ 28.802194] print_report+0xd1/0x650 [ 28.802232] ? __virt_addr_valid+0x1db/0x2d0 [ 28.802270] ? kasan_atomics_helper+0x5fe/0x5450 [ 28.802305] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.802346] ? kasan_atomics_helper+0x5fe/0x5450 [ 28.802386] kasan_report+0x141/0x180 [ 28.802428] ? kasan_atomics_helper+0x5fe/0x5450 [ 28.802496] kasan_check_range+0x10c/0x1c0 [ 28.802554] __kasan_check_write+0x18/0x20 [ 28.802609] kasan_atomics_helper+0x5fe/0x5450 [ 28.802662] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.802715] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.802776] ? kasan_atomics+0x152/0x310 [ 28.802843] kasan_atomics+0x1dc/0x310 [ 28.802896] ? __pfx_kasan_atomics+0x10/0x10 [ 28.802954] ? __pfx_read_tsc+0x10/0x10 [ 28.803004] ? ktime_get_ts64+0x86/0x230 [ 28.803066] kunit_try_run_case+0x1a5/0x480 [ 28.803125] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.803179] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.803228] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.803269] ? __kthread_parkme+0x82/0x180 [ 28.803312] ? preempt_count_sub+0x50/0x80 [ 28.803363] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.803408] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.803469] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.803523] kthread+0x337/0x6f0 [ 28.803567] ? trace_preempt_on+0x20/0xc0 [ 28.803622] ? __pfx_kthread+0x10/0x10 [ 28.803670] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.803722] ? calculate_sigpending+0x7b/0xa0 [ 28.803779] ? __pfx_kthread+0x10/0x10 [ 28.803831] ret_from_fork+0x116/0x1d0 [ 28.803879] ? __pfx_kthread+0x10/0x10 [ 28.803929] ret_from_fork_asm+0x1a/0x30 [ 28.804003] </TASK> [ 28.804033] [ 28.820021] Allocated by task 294: [ 28.820611] kasan_save_stack+0x45/0x70 [ 28.820849] kasan_save_track+0x18/0x40 [ 28.821194] kasan_save_alloc_info+0x3b/0x50 [ 28.821419] __kasan_kmalloc+0xb7/0xc0 [ 28.821662] __kmalloc_cache_noprof+0x189/0x420 [ 28.822036] kasan_atomics+0x95/0x310 [ 28.822386] kunit_try_run_case+0x1a5/0x480 [ 28.822659] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.822914] kthread+0x337/0x6f0 [ 28.823180] ret_from_fork+0x116/0x1d0 [ 28.823379] ret_from_fork_asm+0x1a/0x30 [ 28.823663] [ 28.823839] The buggy address belongs to the object at ffff888102338080 [ 28.823839] which belongs to the cache kmalloc-64 of size 64 [ 28.824511] The buggy address is located 0 bytes to the right of [ 28.824511] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 28.825169] [ 28.825289] The buggy address belongs to the physical page: [ 28.825591] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 28.826115] flags: 0x200000000000000(node=0|zone=2) [ 28.826372] page_type: f5(slab) [ 28.826680] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.826968] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.827337] page dumped because: kasan: bad access detected [ 28.827752] [ 28.827958] Memory state around the buggy address: [ 28.828240] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.828519] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.829030] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.829537] ^ [ 28.829818] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.830182] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.830601] ================================================================== [ 29.093958] ================================================================== [ 29.095456] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xc70/0x5450 [ 29.096046] Write of size 4 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 29.096609] [ 29.096818] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 29.096909] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.096933] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.096971] Call Trace: [ 29.097011] <TASK> [ 29.097049] dump_stack_lvl+0x73/0xb0 [ 29.097106] print_report+0xd1/0x650 [ 29.097145] ? __virt_addr_valid+0x1db/0x2d0 [ 29.097184] ? kasan_atomics_helper+0xc70/0x5450 [ 29.097222] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.097277] ? kasan_atomics_helper+0xc70/0x5450 [ 29.097325] kasan_report+0x141/0x180 [ 29.097379] ? kasan_atomics_helper+0xc70/0x5450 [ 29.097627] kasan_check_range+0x10c/0x1c0 [ 29.097697] __kasan_check_write+0x18/0x20 [ 29.097749] kasan_atomics_helper+0xc70/0x5450 [ 29.098058] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.098120] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.098170] ? kasan_atomics+0x152/0x310 [ 29.098230] kasan_atomics+0x1dc/0x310 [ 29.098282] ? __pfx_kasan_atomics+0x10/0x10 [ 29.098340] ? __pfx_read_tsc+0x10/0x10 [ 29.098392] ? ktime_get_ts64+0x86/0x230 [ 29.098473] kunit_try_run_case+0x1a5/0x480 [ 29.098531] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.098578] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.098629] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.098682] ? __kthread_parkme+0x82/0x180 [ 29.098734] ? preempt_count_sub+0x50/0x80 [ 29.098792] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.098847] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.098897] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.098950] kthread+0x337/0x6f0 [ 29.098999] ? trace_preempt_on+0x20/0xc0 [ 29.099051] ? __pfx_kthread+0x10/0x10 [ 29.099093] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.099189] ? calculate_sigpending+0x7b/0xa0 [ 29.099250] ? __pfx_kthread+0x10/0x10 [ 29.099296] ret_from_fork+0x116/0x1d0 [ 29.099336] ? __pfx_kthread+0x10/0x10 [ 29.099389] ret_from_fork_asm+0x1a/0x30 [ 29.099476] </TASK> [ 29.099509] [ 29.108734] Allocated by task 294: [ 29.108989] kasan_save_stack+0x45/0x70 [ 29.109300] kasan_save_track+0x18/0x40 [ 29.110434] kasan_save_alloc_info+0x3b/0x50 [ 29.110751] __kasan_kmalloc+0xb7/0xc0 [ 29.110938] __kmalloc_cache_noprof+0x189/0x420 [ 29.111135] kasan_atomics+0x95/0x310 [ 29.111472] kunit_try_run_case+0x1a5/0x480 [ 29.111835] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.112299] kthread+0x337/0x6f0 [ 29.112638] ret_from_fork+0x116/0x1d0 [ 29.113465] ret_from_fork_asm+0x1a/0x30 [ 29.113806] [ 29.113913] The buggy address belongs to the object at ffff888102338080 [ 29.113913] which belongs to the cache kmalloc-64 of size 64 [ 29.114943] The buggy address is located 0 bytes to the right of [ 29.114943] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 29.115706] [ 29.115906] The buggy address belongs to the physical page: [ 29.116395] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 29.116802] flags: 0x200000000000000(node=0|zone=2) [ 29.117456] page_type: f5(slab) [ 29.117709] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.118120] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.118865] page dumped because: kasan: bad access detected [ 29.119247] [ 29.119405] Memory state around the buggy address: [ 29.119710] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.120653] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.121156] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.121567] ^ [ 29.121868] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.122287] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.122569] ================================================================== [ 29.065816] ================================================================== [ 29.066232] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xb6a/0x5450 [ 29.066598] Write of size 4 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 29.067241] [ 29.067404] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 29.067527] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.067558] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.067611] Call Trace: [ 29.067660] <TASK> [ 29.067707] dump_stack_lvl+0x73/0xb0 [ 29.067772] print_report+0xd1/0x650 [ 29.067821] ? __virt_addr_valid+0x1db/0x2d0 [ 29.067871] ? kasan_atomics_helper+0xb6a/0x5450 [ 29.067910] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.067961] ? kasan_atomics_helper+0xb6a/0x5450 [ 29.068007] kasan_report+0x141/0x180 [ 29.068057] ? kasan_atomics_helper+0xb6a/0x5450 [ 29.068113] kasan_check_range+0x10c/0x1c0 [ 29.068203] __kasan_check_write+0x18/0x20 [ 29.068259] kasan_atomics_helper+0xb6a/0x5450 [ 29.068312] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.068367] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.068418] ? kasan_atomics+0x152/0x310 [ 29.068484] kasan_atomics+0x1dc/0x310 [ 29.068537] ? __pfx_kasan_atomics+0x10/0x10 [ 29.068593] ? __pfx_read_tsc+0x10/0x10 [ 29.068632] ? ktime_get_ts64+0x86/0x230 [ 29.068688] kunit_try_run_case+0x1a5/0x480 [ 29.068737] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.068779] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.068827] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.068874] ? __kthread_parkme+0x82/0x180 [ 29.068915] ? preempt_count_sub+0x50/0x80 [ 29.068962] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.069012] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.069066] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.069112] kthread+0x337/0x6f0 [ 29.069194] ? trace_preempt_on+0x20/0xc0 [ 29.069243] ? __pfx_kthread+0x10/0x10 [ 29.069289] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.069330] ? calculate_sigpending+0x7b/0xa0 [ 29.069382] ? __pfx_kthread+0x10/0x10 [ 29.069429] ret_from_fork+0x116/0x1d0 [ 29.069486] ? __pfx_kthread+0x10/0x10 [ 29.069534] ret_from_fork_asm+0x1a/0x30 [ 29.069602] </TASK> [ 29.069633] [ 29.079630] Allocated by task 294: [ 29.079923] kasan_save_stack+0x45/0x70 [ 29.080315] kasan_save_track+0x18/0x40 [ 29.080639] kasan_save_alloc_info+0x3b/0x50 [ 29.080931] __kasan_kmalloc+0xb7/0xc0 [ 29.081202] __kmalloc_cache_noprof+0x189/0x420 [ 29.081570] kasan_atomics+0x95/0x310 [ 29.081776] kunit_try_run_case+0x1a5/0x480 [ 29.082078] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.083259] kthread+0x337/0x6f0 [ 29.083635] ret_from_fork+0x116/0x1d0 [ 29.083943] ret_from_fork_asm+0x1a/0x30 [ 29.084113] [ 29.084294] The buggy address belongs to the object at ffff888102338080 [ 29.084294] which belongs to the cache kmalloc-64 of size 64 [ 29.085032] The buggy address is located 0 bytes to the right of [ 29.085032] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 29.085712] [ 29.085844] The buggy address belongs to the physical page: [ 29.086101] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 29.086435] flags: 0x200000000000000(node=0|zone=2) [ 29.086858] page_type: f5(slab) [ 29.087172] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.087711] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.088171] page dumped because: kasan: bad access detected [ 29.088487] [ 29.088597] Memory state around the buggy address: [ 29.088907] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.089196] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.089472] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.090005] ^ [ 29.090447] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.090968] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.091320] ================================================================== [ 30.161975] ================================================================== [ 30.162371] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1eaa/0x5450 [ 30.163258] Write of size 8 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 30.163808] [ 30.163953] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 30.164065] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.164096] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.164148] Call Trace: [ 30.164196] <TASK> [ 30.164240] dump_stack_lvl+0x73/0xb0 [ 30.164315] print_report+0xd1/0x650 [ 30.164436] ? __virt_addr_valid+0x1db/0x2d0 [ 30.164501] ? kasan_atomics_helper+0x1eaa/0x5450 [ 30.164548] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.164610] ? kasan_atomics_helper+0x1eaa/0x5450 [ 30.164663] kasan_report+0x141/0x180 [ 30.164717] ? kasan_atomics_helper+0x1eaa/0x5450 [ 30.164783] kasan_check_range+0x10c/0x1c0 [ 30.164839] __kasan_check_write+0x18/0x20 [ 30.164884] kasan_atomics_helper+0x1eaa/0x5450 [ 30.164927] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.164970] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.165024] ? kasan_atomics+0x152/0x310 [ 30.165129] kasan_atomics+0x1dc/0x310 [ 30.165234] ? __pfx_kasan_atomics+0x10/0x10 [ 30.165284] ? __pfx_read_tsc+0x10/0x10 [ 30.165333] ? ktime_get_ts64+0x86/0x230 [ 30.165401] kunit_try_run_case+0x1a5/0x480 [ 30.165473] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.165515] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.165543] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.165569] ? __kthread_parkme+0x82/0x180 [ 30.165595] ? preempt_count_sub+0x50/0x80 [ 30.165623] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.165650] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.165678] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.165705] kthread+0x337/0x6f0 [ 30.165728] ? trace_preempt_on+0x20/0xc0 [ 30.165755] ? __pfx_kthread+0x10/0x10 [ 30.165778] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.165803] ? calculate_sigpending+0x7b/0xa0 [ 30.165831] ? __pfx_kthread+0x10/0x10 [ 30.165856] ret_from_fork+0x116/0x1d0 [ 30.165878] ? __pfx_kthread+0x10/0x10 [ 30.165901] ret_from_fork_asm+0x1a/0x30 [ 30.165937] </TASK> [ 30.165952] [ 30.177164] Allocated by task 294: [ 30.177530] kasan_save_stack+0x45/0x70 [ 30.177980] kasan_save_track+0x18/0x40 [ 30.178389] kasan_save_alloc_info+0x3b/0x50 [ 30.178813] __kasan_kmalloc+0xb7/0xc0 [ 30.179199] __kmalloc_cache_noprof+0x189/0x420 [ 30.179631] kasan_atomics+0x95/0x310 [ 30.179824] kunit_try_run_case+0x1a5/0x480 [ 30.180019] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.180629] kthread+0x337/0x6f0 [ 30.180919] ret_from_fork+0x116/0x1d0 [ 30.181241] ret_from_fork_asm+0x1a/0x30 [ 30.181481] [ 30.181589] The buggy address belongs to the object at ffff888102338080 [ 30.181589] which belongs to the cache kmalloc-64 of size 64 [ 30.182672] The buggy address is located 0 bytes to the right of [ 30.182672] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 30.183063] [ 30.183589] The buggy address belongs to the physical page: [ 30.184107] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 30.184751] flags: 0x200000000000000(node=0|zone=2) [ 30.185164] page_type: f5(slab) [ 30.185356] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.185683] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.185962] page dumped because: kasan: bad access detected [ 30.186266] [ 30.186438] Memory state around the buggy address: [ 30.186902] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.187840] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.188723] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.189308] ^ [ 30.189695] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.190092] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.190594] ================================================================== [ 30.278989] ================================================================== [ 30.279666] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f98/0x5450 [ 30.280290] Read of size 8 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 30.280810] [ 30.280968] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 30.281058] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.281083] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.281121] Call Trace: [ 30.281182] <TASK> [ 30.281221] dump_stack_lvl+0x73/0xb0 [ 30.281278] print_report+0xd1/0x650 [ 30.281317] ? __virt_addr_valid+0x1db/0x2d0 [ 30.281358] ? kasan_atomics_helper+0x4f98/0x5450 [ 30.281393] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.281433] ? kasan_atomics_helper+0x4f98/0x5450 [ 30.281483] kasan_report+0x141/0x180 [ 30.281521] ? kasan_atomics_helper+0x4f98/0x5450 [ 30.281597] __asan_report_load8_noabort+0x18/0x20 [ 30.281651] kasan_atomics_helper+0x4f98/0x5450 [ 30.281703] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.281745] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.281798] ? kasan_atomics+0x152/0x310 [ 30.281853] kasan_atomics+0x1dc/0x310 [ 30.281933] ? __pfx_kasan_atomics+0x10/0x10 [ 30.281985] ? __pfx_read_tsc+0x10/0x10 [ 30.282042] ? ktime_get_ts64+0x86/0x230 [ 30.282107] kunit_try_run_case+0x1a5/0x480 [ 30.282218] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.282272] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.282325] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.282381] ? __kthread_parkme+0x82/0x180 [ 30.282431] ? preempt_count_sub+0x50/0x80 [ 30.282516] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.282572] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.282625] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.282673] kthread+0x337/0x6f0 [ 30.282714] ? trace_preempt_on+0x20/0xc0 [ 30.282768] ? __pfx_kthread+0x10/0x10 [ 30.282837] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.282887] ? calculate_sigpending+0x7b/0xa0 [ 30.282940] ? __pfx_kthread+0x10/0x10 [ 30.282991] ret_from_fork+0x116/0x1d0 [ 30.283041] ? __pfx_kthread+0x10/0x10 [ 30.283111] ret_from_fork_asm+0x1a/0x30 [ 30.283219] </TASK> [ 30.283251] [ 30.293618] Allocated by task 294: [ 30.293989] kasan_save_stack+0x45/0x70 [ 30.294344] kasan_save_track+0x18/0x40 [ 30.294604] kasan_save_alloc_info+0x3b/0x50 [ 30.294956] __kasan_kmalloc+0xb7/0xc0 [ 30.295257] __kmalloc_cache_noprof+0x189/0x420 [ 30.295524] kasan_atomics+0x95/0x310 [ 30.295724] kunit_try_run_case+0x1a5/0x480 [ 30.295911] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.296131] kthread+0x337/0x6f0 [ 30.296342] ret_from_fork+0x116/0x1d0 [ 30.296528] ret_from_fork_asm+0x1a/0x30 [ 30.296721] [ 30.296830] The buggy address belongs to the object at ffff888102338080 [ 30.296830] which belongs to the cache kmalloc-64 of size 64 [ 30.297408] The buggy address is located 0 bytes to the right of [ 30.297408] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 30.298358] [ 30.298553] The buggy address belongs to the physical page: [ 30.298988] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 30.299600] flags: 0x200000000000000(node=0|zone=2) [ 30.299978] page_type: f5(slab) [ 30.300174] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.300473] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.301013] page dumped because: kasan: bad access detected [ 30.301438] [ 30.301614] Memory state around the buggy address: [ 30.301983] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.304564] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.305017] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.305371] ^ [ 30.305612] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.306390] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.306926] ================================================================== [ 29.950543] ================================================================== [ 29.951580] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1a7f/0x5450 [ 29.952084] Write of size 8 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 29.952432] [ 29.952659] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 29.952765] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.952797] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.952860] Call Trace: [ 29.952921] <TASK> [ 29.952968] dump_stack_lvl+0x73/0xb0 [ 29.953065] print_report+0xd1/0x650 [ 29.953113] ? __virt_addr_valid+0x1db/0x2d0 [ 29.953195] ? kasan_atomics_helper+0x1a7f/0x5450 [ 29.953242] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.953301] ? kasan_atomics_helper+0x1a7f/0x5450 [ 29.953355] kasan_report+0x141/0x180 [ 29.953410] ? kasan_atomics_helper+0x1a7f/0x5450 [ 29.953498] kasan_check_range+0x10c/0x1c0 [ 29.953557] __kasan_check_write+0x18/0x20 [ 29.953613] kasan_atomics_helper+0x1a7f/0x5450 [ 29.953669] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.953721] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.953780] ? kasan_atomics+0x152/0x310 [ 29.953838] kasan_atomics+0x1dc/0x310 [ 29.953873] ? __pfx_kasan_atomics+0x10/0x10 [ 29.953902] ? __pfx_read_tsc+0x10/0x10 [ 29.953928] ? ktime_get_ts64+0x86/0x230 [ 29.953961] kunit_try_run_case+0x1a5/0x480 [ 29.953991] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.954017] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.954063] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.954090] ? __kthread_parkme+0x82/0x180 [ 29.954114] ? preempt_count_sub+0x50/0x80 [ 29.954160] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.954207] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.954251] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.954296] kthread+0x337/0x6f0 [ 29.954340] ? trace_preempt_on+0x20/0xc0 [ 29.954417] ? __pfx_kthread+0x10/0x10 [ 29.954468] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.954518] ? calculate_sigpending+0x7b/0xa0 [ 29.954573] ? __pfx_kthread+0x10/0x10 [ 29.954619] ret_from_fork+0x116/0x1d0 [ 29.954665] ? __pfx_kthread+0x10/0x10 [ 29.954731] ret_from_fork_asm+0x1a/0x30 [ 29.954801] </TASK> [ 29.954832] [ 29.965733] Allocated by task 294: [ 29.966129] kasan_save_stack+0x45/0x70 [ 29.966451] kasan_save_track+0x18/0x40 [ 29.966635] kasan_save_alloc_info+0x3b/0x50 [ 29.966898] __kasan_kmalloc+0xb7/0xc0 [ 29.967223] __kmalloc_cache_noprof+0x189/0x420 [ 29.967799] kasan_atomics+0x95/0x310 [ 29.968578] kunit_try_run_case+0x1a5/0x480 [ 29.969291] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.969997] kthread+0x337/0x6f0 [ 29.970413] ret_from_fork+0x116/0x1d0 [ 29.970739] ret_from_fork_asm+0x1a/0x30 [ 29.970984] [ 29.971153] The buggy address belongs to the object at ffff888102338080 [ 29.971153] which belongs to the cache kmalloc-64 of size 64 [ 29.971833] The buggy address is located 0 bytes to the right of [ 29.971833] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 29.973101] [ 29.973264] The buggy address belongs to the physical page: [ 29.973593] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 29.974180] flags: 0x200000000000000(node=0|zone=2) [ 29.974465] page_type: f5(slab) [ 29.974699] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.975076] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.976094] page dumped because: kasan: bad access detected [ 29.976504] [ 29.976674] Memory state around the buggy address: [ 29.977003] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.977735] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.978398] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.978785] ^ [ 29.979308] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.979788] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.980258] ================================================================== [ 29.981564] ================================================================== [ 29.982168] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1b22/0x5450 [ 29.982732] Write of size 8 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 29.983048] [ 29.983389] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 29.983545] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.983576] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.983627] Call Trace: [ 29.983673] <TASK> [ 29.983747] dump_stack_lvl+0x73/0xb0 [ 29.983841] print_report+0xd1/0x650 [ 29.983896] ? __virt_addr_valid+0x1db/0x2d0 [ 29.983955] ? kasan_atomics_helper+0x1b22/0x5450 [ 29.984009] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.984064] ? kasan_atomics_helper+0x1b22/0x5450 [ 29.984112] kasan_report+0x141/0x180 [ 29.984223] ? kasan_atomics_helper+0x1b22/0x5450 [ 29.984299] kasan_check_range+0x10c/0x1c0 [ 29.984357] __kasan_check_write+0x18/0x20 [ 29.984395] kasan_atomics_helper+0x1b22/0x5450 [ 29.984421] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.984470] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.984504] ? kasan_atomics+0x152/0x310 [ 29.984535] kasan_atomics+0x1dc/0x310 [ 29.984561] ? __pfx_kasan_atomics+0x10/0x10 [ 29.984588] ? __pfx_read_tsc+0x10/0x10 [ 29.984614] ? ktime_get_ts64+0x86/0x230 [ 29.984646] kunit_try_run_case+0x1a5/0x480 [ 29.984677] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.984703] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.984730] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.984756] ? __kthread_parkme+0x82/0x180 [ 29.984780] ? preempt_count_sub+0x50/0x80 [ 29.984808] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.984834] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.984861] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.984888] kthread+0x337/0x6f0 [ 29.984911] ? trace_preempt_on+0x20/0xc0 [ 29.984937] ? __pfx_kthread+0x10/0x10 [ 29.984961] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.984986] ? calculate_sigpending+0x7b/0xa0 [ 29.985013] ? __pfx_kthread+0x10/0x10 [ 29.985037] ret_from_fork+0x116/0x1d0 [ 29.985059] ? __pfx_kthread+0x10/0x10 [ 29.985083] ret_from_fork_asm+0x1a/0x30 [ 29.985118] </TASK> [ 29.985135] [ 29.995810] Allocated by task 294: [ 29.996190] kasan_save_stack+0x45/0x70 [ 29.996677] kasan_save_track+0x18/0x40 [ 29.997060] kasan_save_alloc_info+0x3b/0x50 [ 29.997467] __kasan_kmalloc+0xb7/0xc0 [ 29.997663] __kmalloc_cache_noprof+0x189/0x420 [ 29.997872] kasan_atomics+0x95/0x310 [ 29.998063] kunit_try_run_case+0x1a5/0x480 [ 29.998551] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.999056] kthread+0x337/0x6f0 [ 29.999402] ret_from_fork+0x116/0x1d0 [ 29.999824] ret_from_fork_asm+0x1a/0x30 [ 30.000269] [ 30.000514] The buggy address belongs to the object at ffff888102338080 [ 30.000514] which belongs to the cache kmalloc-64 of size 64 [ 30.001614] The buggy address is located 0 bytes to the right of [ 30.001614] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 30.002402] [ 30.002613] The buggy address belongs to the physical page: [ 30.003168] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 30.003569] flags: 0x200000000000000(node=0|zone=2) [ 30.003798] page_type: f5(slab) [ 30.004103] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.004758] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.005028] page dumped because: kasan: bad access detected [ 30.005640] [ 30.005822] Memory state around the buggy address: [ 30.006414] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.006794] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.007715] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.008088] ^ [ 30.008451] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.009105] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.009532] ================================================================== [ 29.329188] ================================================================== [ 29.330658] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1079/0x5450 [ 29.331079] Write of size 4 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 29.331696] [ 29.331880] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 29.332017] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.332052] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.332105] Call Trace: [ 29.332152] <TASK> [ 29.332195] dump_stack_lvl+0x73/0xb0 [ 29.332267] print_report+0xd1/0x650 [ 29.332313] ? __virt_addr_valid+0x1db/0x2d0 [ 29.332365] ? kasan_atomics_helper+0x1079/0x5450 [ 29.332414] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.333114] ? kasan_atomics_helper+0x1079/0x5450 [ 29.333173] kasan_report+0x141/0x180 [ 29.333229] ? kasan_atomics_helper+0x1079/0x5450 [ 29.333294] kasan_check_range+0x10c/0x1c0 [ 29.333352] __kasan_check_write+0x18/0x20 [ 29.333408] kasan_atomics_helper+0x1079/0x5450 [ 29.333499] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.333552] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.333606] ? kasan_atomics+0x152/0x310 [ 29.333668] kasan_atomics+0x1dc/0x310 [ 29.333724] ? __pfx_kasan_atomics+0x10/0x10 [ 29.333781] ? __pfx_read_tsc+0x10/0x10 [ 29.333833] ? ktime_get_ts64+0x86/0x230 [ 29.333898] kunit_try_run_case+0x1a5/0x480 [ 29.333959] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.334014] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.334078] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.334134] ? __kthread_parkme+0x82/0x180 [ 29.334181] ? preempt_count_sub+0x50/0x80 [ 29.334237] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.334293] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.334351] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.334403] kthread+0x337/0x6f0 [ 29.334450] ? trace_preempt_on+0x20/0xc0 [ 29.334505] ? __pfx_kthread+0x10/0x10 [ 29.334550] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.334602] ? calculate_sigpending+0x7b/0xa0 [ 29.334659] ? __pfx_kthread+0x10/0x10 [ 29.334713] ret_from_fork+0x116/0x1d0 [ 29.334759] ? __pfx_kthread+0x10/0x10 [ 29.334811] ret_from_fork_asm+0x1a/0x30 [ 29.334888] </TASK> [ 29.334918] [ 29.344422] Allocated by task 294: [ 29.344827] kasan_save_stack+0x45/0x70 [ 29.345239] kasan_save_track+0x18/0x40 [ 29.345624] kasan_save_alloc_info+0x3b/0x50 [ 29.346002] __kasan_kmalloc+0xb7/0xc0 [ 29.346337] __kmalloc_cache_noprof+0x189/0x420 [ 29.346590] kasan_atomics+0x95/0x310 [ 29.346793] kunit_try_run_case+0x1a5/0x480 [ 29.347020] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.347524] kthread+0x337/0x6f0 [ 29.347827] ret_from_fork+0x116/0x1d0 [ 29.348155] ret_from_fork_asm+0x1a/0x30 [ 29.348510] [ 29.348669] The buggy address belongs to the object at ffff888102338080 [ 29.348669] which belongs to the cache kmalloc-64 of size 64 [ 29.349583] The buggy address is located 0 bytes to the right of [ 29.349583] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 29.350351] [ 29.350513] The buggy address belongs to the physical page: [ 29.350762] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 29.351105] flags: 0x200000000000000(node=0|zone=2) [ 29.351554] page_type: f5(slab) [ 29.351860] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.352477] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.353054] page dumped because: kasan: bad access detected [ 29.353613] [ 29.353776] Memory state around the buggy address: [ 29.354039] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.354614] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.355038] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.355641] ^ [ 29.355940] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.356299] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.356833] ================================================================== [ 30.393070] ================================================================== [ 30.393617] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fa5/0x5450 [ 30.394007] Read of size 8 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 30.394300] [ 30.394455] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 30.394543] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.394565] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.394604] Call Trace: [ 30.394644] <TASK> [ 30.394678] dump_stack_lvl+0x73/0xb0 [ 30.394731] print_report+0xd1/0x650 [ 30.394767] ? __virt_addr_valid+0x1db/0x2d0 [ 30.394807] ? kasan_atomics_helper+0x4fa5/0x5450 [ 30.394842] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.394882] ? kasan_atomics_helper+0x4fa5/0x5450 [ 30.394918] kasan_report+0x141/0x180 [ 30.394954] ? kasan_atomics_helper+0x4fa5/0x5450 [ 30.394996] __asan_report_load8_noabort+0x18/0x20 [ 30.395036] kasan_atomics_helper+0x4fa5/0x5450 [ 30.395072] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.395108] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.395150] ? kasan_atomics+0x152/0x310 [ 30.395198] kasan_atomics+0x1dc/0x310 [ 30.395244] ? __pfx_kasan_atomics+0x10/0x10 [ 30.395292] ? __pfx_read_tsc+0x10/0x10 [ 30.395340] ? ktime_get_ts64+0x86/0x230 [ 30.395399] kunit_try_run_case+0x1a5/0x480 [ 30.395545] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.395611] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.395662] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.395703] ? __kthread_parkme+0x82/0x180 [ 30.395746] ? preempt_count_sub+0x50/0x80 [ 30.395791] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.395833] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.395874] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.395921] kthread+0x337/0x6f0 [ 30.395965] ? trace_preempt_on+0x20/0xc0 [ 30.396019] ? __pfx_kthread+0x10/0x10 [ 30.396071] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.396123] ? calculate_sigpending+0x7b/0xa0 [ 30.396223] ? __pfx_kthread+0x10/0x10 [ 30.396279] ret_from_fork+0x116/0x1d0 [ 30.396328] ? __pfx_kthread+0x10/0x10 [ 30.396380] ret_from_fork_asm+0x1a/0x30 [ 30.396463] </TASK> [ 30.396490] [ 30.406105] Allocated by task 294: [ 30.406515] kasan_save_stack+0x45/0x70 [ 30.406862] kasan_save_track+0x18/0x40 [ 30.407069] kasan_save_alloc_info+0x3b/0x50 [ 30.407326] __kasan_kmalloc+0xb7/0xc0 [ 30.407652] __kmalloc_cache_noprof+0x189/0x420 [ 30.408030] kasan_atomics+0x95/0x310 [ 30.408384] kunit_try_run_case+0x1a5/0x480 [ 30.408758] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.409221] kthread+0x337/0x6f0 [ 30.409549] ret_from_fork+0x116/0x1d0 [ 30.409741] ret_from_fork_asm+0x1a/0x30 [ 30.410079] [ 30.410284] The buggy address belongs to the object at ffff888102338080 [ 30.410284] which belongs to the cache kmalloc-64 of size 64 [ 30.410890] The buggy address is located 0 bytes to the right of [ 30.410890] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 30.411684] [ 30.411895] The buggy address belongs to the physical page: [ 30.412306] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 30.414844] flags: 0x200000000000000(node=0|zone=2) [ 30.415716] page_type: f5(slab) [ 30.415896] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.416376] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.416845] page dumped because: kasan: bad access detected [ 30.417221] [ 30.417384] Memory state around the buggy address: [ 30.417762] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.418199] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.418637] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.419564] ^ [ 30.419843] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.420416] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.420982] ================================================================== [ 30.191972] ================================================================== [ 30.192523] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1f43/0x5450 [ 30.192966] Write of size 8 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 30.193839] [ 30.194131] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 30.194277] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.194310] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.194377] Call Trace: [ 30.194425] <TASK> [ 30.194485] dump_stack_lvl+0x73/0xb0 [ 30.194597] print_report+0xd1/0x650 [ 30.194668] ? __virt_addr_valid+0x1db/0x2d0 [ 30.194722] ? kasan_atomics_helper+0x1f43/0x5450 [ 30.194771] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.194859] ? kasan_atomics_helper+0x1f43/0x5450 [ 30.194928] kasan_report+0x141/0x180 [ 30.194969] ? kasan_atomics_helper+0x1f43/0x5450 [ 30.194999] kasan_check_range+0x10c/0x1c0 [ 30.195026] __kasan_check_write+0x18/0x20 [ 30.195053] kasan_atomics_helper+0x1f43/0x5450 [ 30.195084] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.195127] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.195173] ? kasan_atomics+0x152/0x310 [ 30.195228] kasan_atomics+0x1dc/0x310 [ 30.195308] ? __pfx_kasan_atomics+0x10/0x10 [ 30.195360] ? __pfx_read_tsc+0x10/0x10 [ 30.195427] ? ktime_get_ts64+0x86/0x230 [ 30.195501] kunit_try_run_case+0x1a5/0x480 [ 30.195587] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.195653] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.195709] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.195758] ? __kthread_parkme+0x82/0x180 [ 30.195786] ? preempt_count_sub+0x50/0x80 [ 30.195814] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.195841] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.195870] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.195898] kthread+0x337/0x6f0 [ 30.195922] ? trace_preempt_on+0x20/0xc0 [ 30.195949] ? __pfx_kthread+0x10/0x10 [ 30.195973] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.195996] ? calculate_sigpending+0x7b/0xa0 [ 30.196024] ? __pfx_kthread+0x10/0x10 [ 30.196049] ret_from_fork+0x116/0x1d0 [ 30.196071] ? __pfx_kthread+0x10/0x10 [ 30.196095] ret_from_fork_asm+0x1a/0x30 [ 30.196129] </TASK> [ 30.196146] [ 30.207088] Allocated by task 294: [ 30.207288] kasan_save_stack+0x45/0x70 [ 30.207489] kasan_save_track+0x18/0x40 [ 30.207703] kasan_save_alloc_info+0x3b/0x50 [ 30.207936] __kasan_kmalloc+0xb7/0xc0 [ 30.208136] __kmalloc_cache_noprof+0x189/0x420 [ 30.208309] kasan_atomics+0x95/0x310 [ 30.208664] kunit_try_run_case+0x1a5/0x480 [ 30.209008] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.209485] kthread+0x337/0x6f0 [ 30.209710] ret_from_fork+0x116/0x1d0 [ 30.209880] ret_from_fork_asm+0x1a/0x30 [ 30.210073] [ 30.210198] The buggy address belongs to the object at ffff888102338080 [ 30.210198] which belongs to the cache kmalloc-64 of size 64 [ 30.210973] The buggy address is located 0 bytes to the right of [ 30.210973] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 30.212049] [ 30.212247] The buggy address belongs to the physical page: [ 30.212484] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 30.212856] flags: 0x200000000000000(node=0|zone=2) [ 30.213125] page_type: f5(slab) [ 30.213532] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.214174] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.214892] page dumped because: kasan: bad access detected [ 30.215489] [ 30.215677] Memory state around the buggy address: [ 30.216297] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.216779] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.217381] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.217749] ^ [ 30.218410] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.218875] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.219507] ================================================================== [ 29.592005] ================================================================== [ 29.592714] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4eae/0x5450 [ 29.593387] Read of size 8 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 29.593959] [ 29.594221] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 29.594341] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.594373] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.594426] Call Trace: [ 29.594482] <TASK> [ 29.594528] dump_stack_lvl+0x73/0xb0 [ 29.594604] print_report+0xd1/0x650 [ 29.594661] ? __virt_addr_valid+0x1db/0x2d0 [ 29.594719] ? kasan_atomics_helper+0x4eae/0x5450 [ 29.594772] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.594834] ? kasan_atomics_helper+0x4eae/0x5450 [ 29.594888] kasan_report+0x141/0x180 [ 29.594943] ? kasan_atomics_helper+0x4eae/0x5450 [ 29.595008] __asan_report_load8_noabort+0x18/0x20 [ 29.595067] kasan_atomics_helper+0x4eae/0x5450 [ 29.595109] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.595189] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.595241] ? kasan_atomics+0x152/0x310 [ 29.595296] kasan_atomics+0x1dc/0x310 [ 29.595343] ? __pfx_kasan_atomics+0x10/0x10 [ 29.595399] ? __pfx_read_tsc+0x10/0x10 [ 29.595457] ? ktime_get_ts64+0x86/0x230 [ 29.595546] kunit_try_run_case+0x1a5/0x480 [ 29.595600] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.595647] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.595691] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.595738] ? __kthread_parkme+0x82/0x180 [ 29.595784] ? preempt_count_sub+0x50/0x80 [ 29.595837] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.595891] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.595944] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.596000] kthread+0x337/0x6f0 [ 29.596048] ? trace_preempt_on+0x20/0xc0 [ 29.596096] ? __pfx_kthread+0x10/0x10 [ 29.596181] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.596234] ? calculate_sigpending+0x7b/0xa0 [ 29.596290] ? __pfx_kthread+0x10/0x10 [ 29.596356] ret_from_fork+0x116/0x1d0 [ 29.596402] ? __pfx_kthread+0x10/0x10 [ 29.596457] ret_from_fork_asm+0x1a/0x30 [ 29.596533] </TASK> [ 29.596567] [ 29.606220] Allocated by task 294: [ 29.606593] kasan_save_stack+0x45/0x70 [ 29.606992] kasan_save_track+0x18/0x40 [ 29.607333] kasan_save_alloc_info+0x3b/0x50 [ 29.608411] __kasan_kmalloc+0xb7/0xc0 [ 29.608793] __kmalloc_cache_noprof+0x189/0x420 [ 29.609008] kasan_atomics+0x95/0x310 [ 29.609181] kunit_try_run_case+0x1a5/0x480 [ 29.609350] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.609571] kthread+0x337/0x6f0 [ 29.609714] ret_from_fork+0x116/0x1d0 [ 29.609865] ret_from_fork_asm+0x1a/0x30 [ 29.610035] [ 29.610127] The buggy address belongs to the object at ffff888102338080 [ 29.610127] which belongs to the cache kmalloc-64 of size 64 [ 29.610712] The buggy address is located 0 bytes to the right of [ 29.610712] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 29.612902] [ 29.613136] The buggy address belongs to the physical page: [ 29.613387] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 29.614253] flags: 0x200000000000000(node=0|zone=2) [ 29.614556] page_type: f5(slab) [ 29.614740] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.615025] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.615344] page dumped because: kasan: bad access detected [ 29.615806] [ 29.615975] Memory state around the buggy address: [ 29.616294] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.616569] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.617101] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.617588] ^ [ 29.617816] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.618376] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.618785] ================================================================== [ 28.914955] ================================================================== [ 28.915421] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x860/0x5450 [ 28.915774] Write of size 4 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 28.916054] [ 28.916201] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 28.916310] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.916338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.916384] Call Trace: [ 28.916425] <TASK> [ 28.916480] dump_stack_lvl+0x73/0xb0 [ 28.916548] print_report+0xd1/0x650 [ 28.916603] ? __virt_addr_valid+0x1db/0x2d0 [ 28.916662] ? kasan_atomics_helper+0x860/0x5450 [ 28.916714] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.916776] ? kasan_atomics_helper+0x860/0x5450 [ 28.916830] kasan_report+0x141/0x180 [ 28.916884] ? kasan_atomics_helper+0x860/0x5450 [ 28.916947] kasan_check_range+0x10c/0x1c0 [ 28.917005] __kasan_check_write+0x18/0x20 [ 28.917063] kasan_atomics_helper+0x860/0x5450 [ 28.917119] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.917168] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.917212] ? kasan_atomics+0x152/0x310 [ 28.917255] kasan_atomics+0x1dc/0x310 [ 28.917292] ? __pfx_kasan_atomics+0x10/0x10 [ 28.917328] ? __pfx_read_tsc+0x10/0x10 [ 28.917360] ? ktime_get_ts64+0x86/0x230 [ 28.917402] kunit_try_run_case+0x1a5/0x480 [ 28.917451] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.917487] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.917525] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.917561] ? __kthread_parkme+0x82/0x180 [ 28.917595] ? preempt_count_sub+0x50/0x80 [ 28.917637] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.917682] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.917727] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.917773] kthread+0x337/0x6f0 [ 28.917815] ? trace_preempt_on+0x20/0xc0 [ 28.917865] ? __pfx_kthread+0x10/0x10 [ 28.917911] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.917956] ? calculate_sigpending+0x7b/0xa0 [ 28.918001] ? __pfx_kthread+0x10/0x10 [ 28.918060] ret_from_fork+0x116/0x1d0 [ 28.918106] ? __pfx_kthread+0x10/0x10 [ 28.918153] ret_from_fork_asm+0x1a/0x30 [ 28.918220] </TASK> [ 28.918247] [ 28.927967] Allocated by task 294: [ 28.928234] kasan_save_stack+0x45/0x70 [ 28.928619] kasan_save_track+0x18/0x40 [ 28.928940] kasan_save_alloc_info+0x3b/0x50 [ 28.929337] __kasan_kmalloc+0xb7/0xc0 [ 28.929657] __kmalloc_cache_noprof+0x189/0x420 [ 28.929959] kasan_atomics+0x95/0x310 [ 28.930214] kunit_try_run_case+0x1a5/0x480 [ 28.930416] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.930788] kthread+0x337/0x6f0 [ 28.930967] ret_from_fork+0x116/0x1d0 [ 28.931145] ret_from_fork_asm+0x1a/0x30 [ 28.931483] [ 28.931660] The buggy address belongs to the object at ffff888102338080 [ 28.931660] which belongs to the cache kmalloc-64 of size 64 [ 28.932473] The buggy address is located 0 bytes to the right of [ 28.932473] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 28.932917] [ 28.933034] The buggy address belongs to the physical page: [ 28.933368] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 28.934189] flags: 0x200000000000000(node=0|zone=2) [ 28.934580] page_type: f5(slab) [ 28.934877] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.935186] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.935731] page dumped because: kasan: bad access detected [ 28.936018] [ 28.936179] Memory state around the buggy address: [ 28.936386] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.936670] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.936931] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.937190] ^ [ 28.937464] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.938085] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.938616] ================================================================== [ 30.130716] ================================================================== [ 30.131008] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1e12/0x5450 [ 30.131808] Write of size 8 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 30.132076] [ 30.132288] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 30.132390] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.132408] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.132437] Call Trace: [ 30.132484] <TASK> [ 30.132525] dump_stack_lvl+0x73/0xb0 [ 30.132590] print_report+0xd1/0x650 [ 30.132641] ? __virt_addr_valid+0x1db/0x2d0 [ 30.132699] ? kasan_atomics_helper+0x1e12/0x5450 [ 30.132746] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.132786] ? kasan_atomics_helper+0x1e12/0x5450 [ 30.132811] kasan_report+0x141/0x180 [ 30.132836] ? kasan_atomics_helper+0x1e12/0x5450 [ 30.132864] kasan_check_range+0x10c/0x1c0 [ 30.132892] __kasan_check_write+0x18/0x20 [ 30.132918] kasan_atomics_helper+0x1e12/0x5450 [ 30.132944] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.132969] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.132998] ? kasan_atomics+0x152/0x310 [ 30.133027] kasan_atomics+0x1dc/0x310 [ 30.133052] ? __pfx_kasan_atomics+0x10/0x10 [ 30.133079] ? __pfx_read_tsc+0x10/0x10 [ 30.133103] ? ktime_get_ts64+0x86/0x230 [ 30.133134] kunit_try_run_case+0x1a5/0x480 [ 30.133177] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.133261] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.133309] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.133355] ? __kthread_parkme+0x82/0x180 [ 30.133403] ? preempt_count_sub+0x50/0x80 [ 30.133471] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.133528] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.133588] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.133645] kthread+0x337/0x6f0 [ 30.133695] ? trace_preempt_on+0x20/0xc0 [ 30.133749] ? __pfx_kthread+0x10/0x10 [ 30.133801] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.133853] ? calculate_sigpending+0x7b/0xa0 [ 30.133910] ? __pfx_kthread+0x10/0x10 [ 30.133962] ret_from_fork+0x116/0x1d0 [ 30.134010] ? __pfx_kthread+0x10/0x10 [ 30.134070] ret_from_fork_asm+0x1a/0x30 [ 30.134146] </TASK> [ 30.134177] [ 30.144525] Allocated by task 294: [ 30.144909] kasan_save_stack+0x45/0x70 [ 30.145335] kasan_save_track+0x18/0x40 [ 30.145658] kasan_save_alloc_info+0x3b/0x50 [ 30.145861] __kasan_kmalloc+0xb7/0xc0 [ 30.146209] __kmalloc_cache_noprof+0x189/0x420 [ 30.146626] kasan_atomics+0x95/0x310 [ 30.146927] kunit_try_run_case+0x1a5/0x480 [ 30.147375] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.147648] kthread+0x337/0x6f0 [ 30.147956] ret_from_fork+0x116/0x1d0 [ 30.148270] ret_from_fork_asm+0x1a/0x30 [ 30.148625] [ 30.148789] The buggy address belongs to the object at ffff888102338080 [ 30.148789] which belongs to the cache kmalloc-64 of size 64 [ 30.150627] The buggy address is located 0 bytes to the right of [ 30.150627] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 30.151778] [ 30.152118] The buggy address belongs to the physical page: [ 30.152948] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 30.153662] flags: 0x200000000000000(node=0|zone=2) [ 30.154078] page_type: f5(slab) [ 30.154346] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.154940] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.155484] page dumped because: kasan: bad access detected [ 30.155961] [ 30.156063] Memory state around the buggy address: [ 30.156900] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.157313] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.157947] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.158637] ^ [ 30.158864] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.159668] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.160079] ================================================================== [ 28.939939] ================================================================== [ 28.940407] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x8f9/0x5450 [ 28.940751] Write of size 4 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 28.941180] [ 28.941386] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 28.941514] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.941544] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.941590] Call Trace: [ 28.941655] <TASK> [ 28.941695] dump_stack_lvl+0x73/0xb0 [ 28.941761] print_report+0xd1/0x650 [ 28.941830] ? __virt_addr_valid+0x1db/0x2d0 [ 28.941884] ? kasan_atomics_helper+0x8f9/0x5450 [ 28.941930] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.941991] ? kasan_atomics_helper+0x8f9/0x5450 [ 28.942052] kasan_report+0x141/0x180 [ 28.942110] ? kasan_atomics_helper+0x8f9/0x5450 [ 28.942173] kasan_check_range+0x10c/0x1c0 [ 28.942232] __kasan_check_write+0x18/0x20 [ 28.942289] kasan_atomics_helper+0x8f9/0x5450 [ 28.942345] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.942399] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.942471] ? kasan_atomics+0x152/0x310 [ 28.942538] kasan_atomics+0x1dc/0x310 [ 28.942595] ? __pfx_kasan_atomics+0x10/0x10 [ 28.942654] ? __pfx_read_tsc+0x10/0x10 [ 28.942707] ? ktime_get_ts64+0x86/0x230 [ 28.942773] kunit_try_run_case+0x1a5/0x480 [ 28.942835] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.942890] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.942944] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.943001] ? __kthread_parkme+0x82/0x180 [ 28.943053] ? preempt_count_sub+0x50/0x80 [ 28.943109] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.943169] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.943226] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.943278] kthread+0x337/0x6f0 [ 28.943326] ? trace_preempt_on+0x20/0xc0 [ 28.943382] ? __pfx_kthread+0x10/0x10 [ 28.943435] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.943487] ? calculate_sigpending+0x7b/0xa0 [ 28.943536] ? __pfx_kthread+0x10/0x10 [ 28.943582] ret_from_fork+0x116/0x1d0 [ 28.943623] ? __pfx_kthread+0x10/0x10 [ 28.943703] ret_from_fork_asm+0x1a/0x30 [ 28.943773] </TASK> [ 28.943805] [ 28.959256] Allocated by task 294: [ 28.959668] kasan_save_stack+0x45/0x70 [ 28.960112] kasan_save_track+0x18/0x40 [ 28.960482] kasan_save_alloc_info+0x3b/0x50 [ 28.960837] __kasan_kmalloc+0xb7/0xc0 [ 28.961123] __kmalloc_cache_noprof+0x189/0x420 [ 28.961490] kasan_atomics+0x95/0x310 [ 28.961773] kunit_try_run_case+0x1a5/0x480 [ 28.962115] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.962516] kthread+0x337/0x6f0 [ 28.962725] ret_from_fork+0x116/0x1d0 [ 28.963137] ret_from_fork_asm+0x1a/0x30 [ 28.963484] [ 28.963668] The buggy address belongs to the object at ffff888102338080 [ 28.963668] which belongs to the cache kmalloc-64 of size 64 [ 28.964536] The buggy address is located 0 bytes to the right of [ 28.964536] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 28.965162] [ 28.965382] The buggy address belongs to the physical page: [ 28.965967] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 28.966719] flags: 0x200000000000000(node=0|zone=2) [ 28.967035] page_type: f5(slab) [ 28.967419] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.967862] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.968513] page dumped because: kasan: bad access detected [ 28.968823] [ 28.968973] Memory state around the buggy address: [ 28.969456] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.969868] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.970329] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.970838] ^ [ 28.971304] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.971585] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.972125] ================================================================== [ 29.564729] ================================================================== [ 29.565367] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x13b5/0x5450 [ 29.565727] Read of size 8 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 29.566253] [ 29.566434] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 29.567934] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.567972] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.568020] Call Trace: [ 29.568069] <TASK> [ 29.568113] dump_stack_lvl+0x73/0xb0 [ 29.568228] print_report+0xd1/0x650 [ 29.568282] ? __virt_addr_valid+0x1db/0x2d0 [ 29.568339] ? kasan_atomics_helper+0x13b5/0x5450 [ 29.568391] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.568464] ? kasan_atomics_helper+0x13b5/0x5450 [ 29.568519] kasan_report+0x141/0x180 [ 29.568574] ? kasan_atomics_helper+0x13b5/0x5450 [ 29.568638] kasan_check_range+0x10c/0x1c0 [ 29.568694] __kasan_check_read+0x15/0x20 [ 29.568750] kasan_atomics_helper+0x13b5/0x5450 [ 29.568802] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.568854] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.568913] ? kasan_atomics+0x152/0x310 [ 29.568974] kasan_atomics+0x1dc/0x310 [ 29.569031] ? __pfx_kasan_atomics+0x10/0x10 [ 29.569088] ? __pfx_read_tsc+0x10/0x10 [ 29.569138] ? ktime_get_ts64+0x86/0x230 [ 29.569235] kunit_try_run_case+0x1a5/0x480 [ 29.569298] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.569351] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.569408] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.569501] ? __kthread_parkme+0x82/0x180 [ 29.569555] ? preempt_count_sub+0x50/0x80 [ 29.569612] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.569671] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.569726] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.569767] kthread+0x337/0x6f0 [ 29.569792] ? trace_preempt_on+0x20/0xc0 [ 29.569820] ? __pfx_kthread+0x10/0x10 [ 29.569844] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.569869] ? calculate_sigpending+0x7b/0xa0 [ 29.569897] ? __pfx_kthread+0x10/0x10 [ 29.569921] ret_from_fork+0x116/0x1d0 [ 29.569944] ? __pfx_kthread+0x10/0x10 [ 29.569968] ret_from_fork_asm+0x1a/0x30 [ 29.570004] </TASK> [ 29.570019] [ 29.579456] Allocated by task 294: [ 29.579698] kasan_save_stack+0x45/0x70 [ 29.580125] kasan_save_track+0x18/0x40 [ 29.580500] kasan_save_alloc_info+0x3b/0x50 [ 29.580866] __kasan_kmalloc+0xb7/0xc0 [ 29.581218] __kmalloc_cache_noprof+0x189/0x420 [ 29.581596] kasan_atomics+0x95/0x310 [ 29.581917] kunit_try_run_case+0x1a5/0x480 [ 29.582171] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.582404] kthread+0x337/0x6f0 [ 29.582708] ret_from_fork+0x116/0x1d0 [ 29.583052] ret_from_fork_asm+0x1a/0x30 [ 29.583451] [ 29.583629] The buggy address belongs to the object at ffff888102338080 [ 29.583629] which belongs to the cache kmalloc-64 of size 64 [ 29.584107] The buggy address is located 0 bytes to the right of [ 29.584107] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 29.584572] [ 29.584688] The buggy address belongs to the physical page: [ 29.585000] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 29.585661] flags: 0x200000000000000(node=0|zone=2) [ 29.586066] page_type: f5(slab) [ 29.586407] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.587005] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.587588] page dumped because: kasan: bad access detected [ 29.587882] [ 29.587988] Memory state around the buggy address: [ 29.588229] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.588559] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.589088] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.589653] ^ [ 29.590059] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.590430] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.590699] ================================================================== [ 29.891305] ================================================================== [ 29.892173] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x194a/0x5450 [ 29.893349] Write of size 8 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 29.894213] [ 29.894462] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 29.894770] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.894793] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.894823] Call Trace: [ 29.894849] <TASK> [ 29.894876] dump_stack_lvl+0x73/0xb0 [ 29.894922] print_report+0xd1/0x650 [ 29.894950] ? __virt_addr_valid+0x1db/0x2d0 [ 29.894978] ? kasan_atomics_helper+0x194a/0x5450 [ 29.895002] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.895033] ? kasan_atomics_helper+0x194a/0x5450 [ 29.895057] kasan_report+0x141/0x180 [ 29.895081] ? kasan_atomics_helper+0x194a/0x5450 [ 29.895110] kasan_check_range+0x10c/0x1c0 [ 29.895136] __kasan_check_write+0x18/0x20 [ 29.895195] kasan_atomics_helper+0x194a/0x5450 [ 29.895222] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.895248] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.895276] ? kasan_atomics+0x152/0x310 [ 29.895304] kasan_atomics+0x1dc/0x310 [ 29.895330] ? __pfx_kasan_atomics+0x10/0x10 [ 29.895357] ? __pfx_read_tsc+0x10/0x10 [ 29.895381] ? ktime_get_ts64+0x86/0x230 [ 29.895412] kunit_try_run_case+0x1a5/0x480 [ 29.895460] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.895489] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.895517] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.895544] ? __kthread_parkme+0x82/0x180 [ 29.895568] ? preempt_count_sub+0x50/0x80 [ 29.895596] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.895622] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.895650] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.895676] kthread+0x337/0x6f0 [ 29.895699] ? trace_preempt_on+0x20/0xc0 [ 29.895726] ? __pfx_kthread+0x10/0x10 [ 29.895749] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.895774] ? calculate_sigpending+0x7b/0xa0 [ 29.895803] ? __pfx_kthread+0x10/0x10 [ 29.895828] ret_from_fork+0x116/0x1d0 [ 29.895850] ? __pfx_kthread+0x10/0x10 [ 29.895873] ret_from_fork_asm+0x1a/0x30 [ 29.895908] </TASK> [ 29.895924] [ 29.906411] Allocated by task 294: [ 29.906799] kasan_save_stack+0x45/0x70 [ 29.907331] kasan_save_track+0x18/0x40 [ 29.907717] kasan_save_alloc_info+0x3b/0x50 [ 29.908131] __kasan_kmalloc+0xb7/0xc0 [ 29.908535] __kmalloc_cache_noprof+0x189/0x420 [ 29.908888] kasan_atomics+0x95/0x310 [ 29.909243] kunit_try_run_case+0x1a5/0x480 [ 29.909499] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.909952] kthread+0x337/0x6f0 [ 29.910286] ret_from_fork+0x116/0x1d0 [ 29.910626] ret_from_fork_asm+0x1a/0x30 [ 29.910944] [ 29.911127] The buggy address belongs to the object at ffff888102338080 [ 29.911127] which belongs to the cache kmalloc-64 of size 64 [ 29.911928] The buggy address is located 0 bytes to the right of [ 29.911928] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 29.912758] [ 29.912954] The buggy address belongs to the physical page: [ 29.913402] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 29.913890] flags: 0x200000000000000(node=0|zone=2) [ 29.914135] page_type: f5(slab) [ 29.914348] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.914881] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.915488] page dumped because: kasan: bad access detected [ 29.915983] [ 29.916195] Memory state around the buggy address: [ 29.916476] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.916745] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.917006] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.917295] ^ [ 29.917506] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.918094] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.918666] ================================================================== [ 29.861199] ================================================================== [ 29.861698] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x18b1/0x5450 [ 29.862327] Write of size 8 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 29.862714] [ 29.863010] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 29.863199] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.863230] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.863281] Call Trace: [ 29.863322] <TASK> [ 29.863362] dump_stack_lvl+0x73/0xb0 [ 29.863434] print_report+0xd1/0x650 [ 29.863547] ? __virt_addr_valid+0x1db/0x2d0 [ 29.863654] ? kasan_atomics_helper+0x18b1/0x5450 [ 29.863781] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.863854] ? kasan_atomics_helper+0x18b1/0x5450 [ 29.863943] kasan_report+0x141/0x180 [ 29.864041] ? kasan_atomics_helper+0x18b1/0x5450 [ 29.864112] kasan_check_range+0x10c/0x1c0 [ 29.864196] __kasan_check_write+0x18/0x20 [ 29.864240] kasan_atomics_helper+0x18b1/0x5450 [ 29.864292] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.864343] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.864403] ? kasan_atomics+0x152/0x310 [ 29.864475] kasan_atomics+0x1dc/0x310 [ 29.864532] ? __pfx_kasan_atomics+0x10/0x10 [ 29.864592] ? __pfx_read_tsc+0x10/0x10 [ 29.864644] ? ktime_get_ts64+0x86/0x230 [ 29.864710] kunit_try_run_case+0x1a5/0x480 [ 29.864774] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.864828] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.864882] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.864938] ? __kthread_parkme+0x82/0x180 [ 29.864990] ? preempt_count_sub+0x50/0x80 [ 29.865048] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.865105] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.865191] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.865252] kthread+0x337/0x6f0 [ 29.865302] ? trace_preempt_on+0x20/0xc0 [ 29.865358] ? __pfx_kthread+0x10/0x10 [ 29.865403] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.865431] ? calculate_sigpending+0x7b/0xa0 [ 29.865485] ? __pfx_kthread+0x10/0x10 [ 29.865511] ret_from_fork+0x116/0x1d0 [ 29.865534] ? __pfx_kthread+0x10/0x10 [ 29.865558] ret_from_fork_asm+0x1a/0x30 [ 29.865593] </TASK> [ 29.865609] [ 29.877244] Allocated by task 294: [ 29.877736] kasan_save_stack+0x45/0x70 [ 29.878172] kasan_save_track+0x18/0x40 [ 29.878517] kasan_save_alloc_info+0x3b/0x50 [ 29.878957] __kasan_kmalloc+0xb7/0xc0 [ 29.879331] __kmalloc_cache_noprof+0x189/0x420 [ 29.879563] kasan_atomics+0x95/0x310 [ 29.879746] kunit_try_run_case+0x1a5/0x480 [ 29.879927] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.880390] kthread+0x337/0x6f0 [ 29.880937] ret_from_fork+0x116/0x1d0 [ 29.881406] ret_from_fork_asm+0x1a/0x30 [ 29.881792] [ 29.881969] The buggy address belongs to the object at ffff888102338080 [ 29.881969] which belongs to the cache kmalloc-64 of size 64 [ 29.882956] The buggy address is located 0 bytes to the right of [ 29.882956] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 29.883662] [ 29.883792] The buggy address belongs to the physical page: [ 29.884014] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 29.884342] flags: 0x200000000000000(node=0|zone=2) [ 29.884739] page_type: f5(slab) [ 29.885221] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.885913] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.886560] page dumped because: kasan: bad access detected [ 29.886990] [ 29.887309] Memory state around the buggy address: [ 29.887711] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.888127] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.888601] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.888862] ^ [ 29.889246] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.889789] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.890264] ================================================================== [ 29.036859] ================================================================== [ 29.037262] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xac7/0x5450 [ 29.038152] Write of size 4 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 29.038715] [ 29.038949] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 29.039129] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.039181] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.039232] Call Trace: [ 29.039276] <TASK> [ 29.039322] dump_stack_lvl+0x73/0xb0 [ 29.039403] print_report+0xd1/0x650 [ 29.039472] ? __virt_addr_valid+0x1db/0x2d0 [ 29.039529] ? kasan_atomics_helper+0xac7/0x5450 [ 29.039579] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.039639] ? kasan_atomics_helper+0xac7/0x5450 [ 29.039694] kasan_report+0x141/0x180 [ 29.039741] ? kasan_atomics_helper+0xac7/0x5450 [ 29.039793] kasan_check_range+0x10c/0x1c0 [ 29.039821] __kasan_check_write+0x18/0x20 [ 29.039849] kasan_atomics_helper+0xac7/0x5450 [ 29.039875] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.039900] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.039929] ? kasan_atomics+0x152/0x310 [ 29.039959] kasan_atomics+0x1dc/0x310 [ 29.039985] ? __pfx_kasan_atomics+0x10/0x10 [ 29.040013] ? __pfx_read_tsc+0x10/0x10 [ 29.040037] ? ktime_get_ts64+0x86/0x230 [ 29.040068] kunit_try_run_case+0x1a5/0x480 [ 29.040098] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.040124] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.040157] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.040199] ? __kthread_parkme+0x82/0x180 [ 29.040226] ? preempt_count_sub+0x50/0x80 [ 29.040255] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.040282] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.040309] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.040336] kthread+0x337/0x6f0 [ 29.040359] ? trace_preempt_on+0x20/0xc0 [ 29.040386] ? __pfx_kthread+0x10/0x10 [ 29.040410] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.040434] ? calculate_sigpending+0x7b/0xa0 [ 29.040486] ? __pfx_kthread+0x10/0x10 [ 29.040512] ret_from_fork+0x116/0x1d0 [ 29.040535] ? __pfx_kthread+0x10/0x10 [ 29.040559] ret_from_fork_asm+0x1a/0x30 [ 29.040594] </TASK> [ 29.040610] [ 29.052602] Allocated by task 294: [ 29.052912] kasan_save_stack+0x45/0x70 [ 29.053191] kasan_save_track+0x18/0x40 [ 29.053398] kasan_save_alloc_info+0x3b/0x50 [ 29.054411] __kasan_kmalloc+0xb7/0xc0 [ 29.054619] __kmalloc_cache_noprof+0x189/0x420 [ 29.055191] kasan_atomics+0x95/0x310 [ 29.055396] kunit_try_run_case+0x1a5/0x480 [ 29.055884] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.056295] kthread+0x337/0x6f0 [ 29.056606] ret_from_fork+0x116/0x1d0 [ 29.056915] ret_from_fork_asm+0x1a/0x30 [ 29.057335] [ 29.057521] The buggy address belongs to the object at ffff888102338080 [ 29.057521] which belongs to the cache kmalloc-64 of size 64 [ 29.058199] The buggy address is located 0 bytes to the right of [ 29.058199] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 29.058816] [ 29.058986] The buggy address belongs to the physical page: [ 29.059324] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 29.060024] flags: 0x200000000000000(node=0|zone=2) [ 29.060295] page_type: f5(slab) [ 29.060597] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.061145] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.061641] page dumped because: kasan: bad access detected [ 29.061941] [ 29.062088] Memory state around the buggy address: [ 29.062467] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.062742] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.063295] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.063816] ^ [ 29.064026] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.064396] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.064676] ================================================================== [ 28.744322] ================================================================== [ 28.745803] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b3a/0x5450 [ 28.746320] Write of size 4 at addr ffff8881023380b0 by task kunit_try_catch/294 [ 28.746820] [ 28.747064] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 28.747208] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.747244] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.747294] Call Trace: [ 28.747378] <TASK> [ 28.747449] dump_stack_lvl+0x73/0xb0 [ 28.747530] print_report+0xd1/0x650 [ 28.747587] ? __virt_addr_valid+0x1db/0x2d0 [ 28.747843] ? kasan_atomics_helper+0x4b3a/0x5450 [ 28.747892] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.747938] ? kasan_atomics_helper+0x4b3a/0x5450 [ 28.747975] kasan_report+0x141/0x180 [ 28.748013] ? kasan_atomics_helper+0x4b3a/0x5450 [ 28.748055] __asan_report_store4_noabort+0x1b/0x30 [ 28.748096] kasan_atomics_helper+0x4b3a/0x5450 [ 28.748132] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.748172] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.748213] ? kasan_atomics+0x152/0x310 [ 28.748260] kasan_atomics+0x1dc/0x310 [ 28.748296] ? __pfx_kasan_atomics+0x10/0x10 [ 28.748333] ? __pfx_read_tsc+0x10/0x10 [ 28.748367] ? ktime_get_ts64+0x86/0x230 [ 28.748414] kunit_try_run_case+0x1a5/0x480 [ 28.748469] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.748512] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.748556] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.748599] ? __kthread_parkme+0x82/0x180 [ 28.748641] ? preempt_count_sub+0x50/0x80 [ 28.748687] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.748716] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.748744] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.748771] kthread+0x337/0x6f0 [ 28.748794] ? trace_preempt_on+0x20/0xc0 [ 28.748821] ? __pfx_kthread+0x10/0x10 [ 28.748845] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.748869] ? calculate_sigpending+0x7b/0xa0 [ 28.748897] ? __pfx_kthread+0x10/0x10 [ 28.748921] ret_from_fork+0x116/0x1d0 [ 28.748943] ? __pfx_kthread+0x10/0x10 [ 28.748966] ret_from_fork_asm+0x1a/0x30 [ 28.749001] </TASK> [ 28.749016] [ 28.759634] Allocated by task 294: [ 28.760084] kasan_save_stack+0x45/0x70 [ 28.760515] kasan_save_track+0x18/0x40 [ 28.760809] kasan_save_alloc_info+0x3b/0x50 [ 28.761024] __kasan_kmalloc+0xb7/0xc0 [ 28.761529] __kmalloc_cache_noprof+0x189/0x420 [ 28.761973] kasan_atomics+0x95/0x310 [ 28.762348] kunit_try_run_case+0x1a5/0x480 [ 28.762660] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.763125] kthread+0x337/0x6f0 [ 28.763469] ret_from_fork+0x116/0x1d0 [ 28.763665] ret_from_fork_asm+0x1a/0x30 [ 28.763998] [ 28.764292] The buggy address belongs to the object at ffff888102338080 [ 28.764292] which belongs to the cache kmalloc-64 of size 64 [ 28.765079] The buggy address is located 0 bytes to the right of [ 28.765079] allocated 48-byte region [ffff888102338080, ffff8881023380b0) [ 28.765972] [ 28.766127] The buggy address belongs to the physical page: [ 28.766640] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102338 [ 28.767215] flags: 0x200000000000000(node=0|zone=2) [ 28.767509] page_type: f5(slab) [ 28.767830] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.768430] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.768989] page dumped because: kasan: bad access detected [ 28.769463] [ 28.769634] Memory state around the buggy address: [ 28.770072] ffff888102337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.770618] ffff888102338000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.771110] >ffff888102338080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.771739] ^ [ 28.772099] ffff888102338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.772436] ffff888102338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.772711] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 28.488213] ================================================================== [ 28.488655] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 28.489291] Read of size 8 at addr ffff8881022cf748 by task kunit_try_catch/290 [ 28.490044] [ 28.490276] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 28.490377] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.490404] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.490457] Call Trace: [ 28.490496] <TASK> [ 28.490533] dump_stack_lvl+0x73/0xb0 [ 28.490590] print_report+0xd1/0x650 [ 28.490626] ? __virt_addr_valid+0x1db/0x2d0 [ 28.490663] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 28.490707] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.490754] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 28.490808] kasan_report+0x141/0x180 [ 28.490850] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 28.490918] __asan_report_load8_noabort+0x18/0x20 [ 28.490973] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 28.491027] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 28.491079] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.491124] ? trace_hardirqs_on+0x37/0xe0 [ 28.491207] ? kasan_bitops_generic+0x92/0x1c0 [ 28.491265] kasan_bitops_generic+0x121/0x1c0 [ 28.491317] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 28.491368] ? __pfx_read_tsc+0x10/0x10 [ 28.491410] ? ktime_get_ts64+0x86/0x230 [ 28.491476] kunit_try_run_case+0x1a5/0x480 [ 28.491529] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.491570] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.491622] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.491674] ? __kthread_parkme+0x82/0x180 [ 28.491724] ? preempt_count_sub+0x50/0x80 [ 28.491780] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.491835] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.491890] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.491943] kthread+0x337/0x6f0 [ 28.491988] ? trace_preempt_on+0x20/0xc0 [ 28.492036] ? __pfx_kthread+0x10/0x10 [ 28.492083] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.492133] ? calculate_sigpending+0x7b/0xa0 [ 28.492221] ? __pfx_kthread+0x10/0x10 [ 28.492268] ret_from_fork+0x116/0x1d0 [ 28.492314] ? __pfx_kthread+0x10/0x10 [ 28.492361] ret_from_fork_asm+0x1a/0x30 [ 28.492434] </TASK> [ 28.492474] [ 28.502403] Allocated by task 290: [ 28.502770] kasan_save_stack+0x45/0x70 [ 28.503187] kasan_save_track+0x18/0x40 [ 28.503512] kasan_save_alloc_info+0x3b/0x50 [ 28.503858] __kasan_kmalloc+0xb7/0xc0 [ 28.504171] __kmalloc_cache_noprof+0x189/0x420 [ 28.504559] kasan_bitops_generic+0x92/0x1c0 [ 28.504812] kunit_try_run_case+0x1a5/0x480 [ 28.505171] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.505410] kthread+0x337/0x6f0 [ 28.505713] ret_from_fork+0x116/0x1d0 [ 28.505887] ret_from_fork_asm+0x1a/0x30 [ 28.506084] [ 28.506223] The buggy address belongs to the object at ffff8881022cf740 [ 28.506223] which belongs to the cache kmalloc-16 of size 16 [ 28.506898] The buggy address is located 8 bytes inside of [ 28.506898] allocated 9-byte region [ffff8881022cf740, ffff8881022cf749) [ 28.507704] [ 28.507817] The buggy address belongs to the physical page: [ 28.508250] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022cf [ 28.508597] flags: 0x200000000000000(node=0|zone=2) [ 28.508987] page_type: f5(slab) [ 28.509202] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 28.509653] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.510048] page dumped because: kasan: bad access detected [ 28.510318] [ 28.510424] Memory state around the buggy address: [ 28.510715] ffff8881022cf600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.511247] ffff8881022cf680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.511637] >ffff8881022cf700: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 28.511895] ^ [ 28.512115] ffff8881022cf780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.512410] ffff8881022cf800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.512932] ================================================================== [ 28.459846] ================================================================== [ 28.460153] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 28.461392] Read of size 8 at addr ffff8881022cf748 by task kunit_try_catch/290 [ 28.462003] [ 28.462323] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 28.462439] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.462479] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.462559] Call Trace: [ 28.462617] <TASK> [ 28.462663] dump_stack_lvl+0x73/0xb0 [ 28.462736] print_report+0xd1/0x650 [ 28.462763] ? __virt_addr_valid+0x1db/0x2d0 [ 28.462791] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 28.462822] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.462850] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 28.462882] kasan_report+0x141/0x180 [ 28.462906] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 28.462941] kasan_check_range+0x10c/0x1c0 [ 28.462967] __kasan_check_read+0x15/0x20 [ 28.462991] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 28.463021] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 28.463052] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.463079] ? trace_hardirqs_on+0x37/0xe0 [ 28.463103] ? kasan_bitops_generic+0x92/0x1c0 [ 28.463132] kasan_bitops_generic+0x121/0x1c0 [ 28.463185] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 28.463219] ? __pfx_read_tsc+0x10/0x10 [ 28.463244] ? ktime_get_ts64+0x86/0x230 [ 28.463275] kunit_try_run_case+0x1a5/0x480 [ 28.463304] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.463329] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.463355] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.463381] ? __kthread_parkme+0x82/0x180 [ 28.463405] ? preempt_count_sub+0x50/0x80 [ 28.463431] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.463478] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.463504] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.463529] kthread+0x337/0x6f0 [ 28.463552] ? trace_preempt_on+0x20/0xc0 [ 28.463576] ? __pfx_kthread+0x10/0x10 [ 28.463599] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.463622] ? calculate_sigpending+0x7b/0xa0 [ 28.463649] ? __pfx_kthread+0x10/0x10 [ 28.463673] ret_from_fork+0x116/0x1d0 [ 28.463694] ? __pfx_kthread+0x10/0x10 [ 28.463717] ret_from_fork_asm+0x1a/0x30 [ 28.463752] </TASK> [ 28.463767] [ 28.475979] Allocated by task 290: [ 28.476411] kasan_save_stack+0x45/0x70 [ 28.476837] kasan_save_track+0x18/0x40 [ 28.477226] kasan_save_alloc_info+0x3b/0x50 [ 28.477559] __kasan_kmalloc+0xb7/0xc0 [ 28.477801] __kmalloc_cache_noprof+0x189/0x420 [ 28.478022] kasan_bitops_generic+0x92/0x1c0 [ 28.478361] kunit_try_run_case+0x1a5/0x480 [ 28.478682] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.478948] kthread+0x337/0x6f0 [ 28.479259] ret_from_fork+0x116/0x1d0 [ 28.479571] ret_from_fork_asm+0x1a/0x30 [ 28.479812] [ 28.479929] The buggy address belongs to the object at ffff8881022cf740 [ 28.479929] which belongs to the cache kmalloc-16 of size 16 [ 28.480625] The buggy address is located 8 bytes inside of [ 28.480625] allocated 9-byte region [ffff8881022cf740, ffff8881022cf749) [ 28.481316] [ 28.481502] The buggy address belongs to the physical page: [ 28.481776] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022cf [ 28.482076] flags: 0x200000000000000(node=0|zone=2) [ 28.482468] page_type: f5(slab) [ 28.482738] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 28.483293] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.483760] page dumped because: kasan: bad access detected [ 28.484071] [ 28.484257] Memory state around the buggy address: [ 28.484577] ffff8881022cf600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.484993] ffff8881022cf680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.485474] >ffff8881022cf700: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 28.485761] ^ [ 28.486172] ffff8881022cf780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.486494] ffff8881022cf800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.486940] ================================================================== [ 28.428458] ================================================================== [ 28.429098] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 28.429764] Write of size 8 at addr ffff8881022cf748 by task kunit_try_catch/290 [ 28.430221] [ 28.430382] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 28.430499] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.430526] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.430573] Call Trace: [ 28.430870] <TASK> [ 28.430914] dump_stack_lvl+0x73/0xb0 [ 28.430991] print_report+0xd1/0x650 [ 28.431042] ? __virt_addr_valid+0x1db/0x2d0 [ 28.431096] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 28.431152] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.431208] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 28.431268] kasan_report+0x141/0x180 [ 28.431319] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 28.431375] kasan_check_range+0x10c/0x1c0 [ 28.431402] __kasan_check_write+0x18/0x20 [ 28.431429] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 28.431490] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 28.431542] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.431583] ? trace_hardirqs_on+0x37/0xe0 [ 28.431628] ? kasan_bitops_generic+0x92/0x1c0 [ 28.431687] kasan_bitops_generic+0x121/0x1c0 [ 28.431741] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 28.431796] ? __pfx_read_tsc+0x10/0x10 [ 28.431838] ? ktime_get_ts64+0x86/0x230 [ 28.431897] kunit_try_run_case+0x1a5/0x480 [ 28.431955] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.432005] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.432058] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.432112] ? __kthread_parkme+0x82/0x180 [ 28.432159] ? preempt_count_sub+0x50/0x80 [ 28.432211] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.432268] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.432322] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.432365] kthread+0x337/0x6f0 [ 28.432389] ? trace_preempt_on+0x20/0xc0 [ 28.432415] ? __pfx_kthread+0x10/0x10 [ 28.432438] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.432479] ? calculate_sigpending+0x7b/0xa0 [ 28.432507] ? __pfx_kthread+0x10/0x10 [ 28.432532] ret_from_fork+0x116/0x1d0 [ 28.432554] ? __pfx_kthread+0x10/0x10 [ 28.432576] ret_from_fork_asm+0x1a/0x30 [ 28.432613] </TASK> [ 28.432627] [ 28.445578] Allocated by task 290: [ 28.446022] kasan_save_stack+0x45/0x70 [ 28.446541] kasan_save_track+0x18/0x40 [ 28.446902] kasan_save_alloc_info+0x3b/0x50 [ 28.447126] __kasan_kmalloc+0xb7/0xc0 [ 28.447479] __kmalloc_cache_noprof+0x189/0x420 [ 28.447757] kasan_bitops_generic+0x92/0x1c0 [ 28.448148] kunit_try_run_case+0x1a5/0x480 [ 28.448571] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.449047] kthread+0x337/0x6f0 [ 28.449394] ret_from_fork+0x116/0x1d0 [ 28.449775] ret_from_fork_asm+0x1a/0x30 [ 28.450059] [ 28.450169] The buggy address belongs to the object at ffff8881022cf740 [ 28.450169] which belongs to the cache kmalloc-16 of size 16 [ 28.450604] The buggy address is located 8 bytes inside of [ 28.450604] allocated 9-byte region [ffff8881022cf740, ffff8881022cf749) [ 28.451113] [ 28.451888] The buggy address belongs to the physical page: [ 28.452684] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022cf [ 28.453222] flags: 0x200000000000000(node=0|zone=2) [ 28.453580] page_type: f5(slab) [ 28.453811] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 28.454592] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.454861] page dumped because: kasan: bad access detected [ 28.455228] [ 28.455557] Memory state around the buggy address: [ 28.455869] ffff8881022cf600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.456319] ffff8881022cf680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.456723] >ffff8881022cf700: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 28.457095] ^ [ 28.457943] ffff8881022cf780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.458480] ffff8881022cf800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.458829] ================================================================== [ 28.363546] ================================================================== [ 28.364790] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 28.366921] Write of size 8 at addr ffff8881022cf748 by task kunit_try_catch/290 [ 28.367501] [ 28.367685] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 28.367787] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.367811] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.367851] Call Trace: [ 28.367891] <TASK> [ 28.367929] dump_stack_lvl+0x73/0xb0 [ 28.367997] print_report+0xd1/0x650 [ 28.368038] ? __virt_addr_valid+0x1db/0x2d0 [ 28.368080] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 28.368128] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.368202] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 28.368253] kasan_report+0x141/0x180 [ 28.368295] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 28.368357] kasan_check_range+0x10c/0x1c0 [ 28.368400] __kasan_check_write+0x18/0x20 [ 28.368453] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 28.368503] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 28.368550] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.368588] ? trace_hardirqs_on+0x37/0xe0 [ 28.368626] ? kasan_bitops_generic+0x92/0x1c0 [ 28.368671] kasan_bitops_generic+0x121/0x1c0 [ 28.368714] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 28.368761] ? __pfx_read_tsc+0x10/0x10 [ 28.368803] ? ktime_get_ts64+0x86/0x230 [ 28.368844] kunit_try_run_case+0x1a5/0x480 [ 28.368883] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.368952] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.369005] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.369054] ? __kthread_parkme+0x82/0x180 [ 28.369096] ? preempt_count_sub+0x50/0x80 [ 28.369145] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.369187] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.369240] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.369292] kthread+0x337/0x6f0 [ 28.369334] ? trace_preempt_on+0x20/0xc0 [ 28.369374] ? __pfx_kthread+0x10/0x10 [ 28.369409] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.369466] ? calculate_sigpending+0x7b/0xa0 [ 28.369518] ? __pfx_kthread+0x10/0x10 [ 28.369563] ret_from_fork+0x116/0x1d0 [ 28.369608] ? __pfx_kthread+0x10/0x10 [ 28.369649] ret_from_fork_asm+0x1a/0x30 [ 28.369713] </TASK> [ 28.369743] [ 28.382434] Allocated by task 290: [ 28.382830] kasan_save_stack+0x45/0x70 [ 28.383151] kasan_save_track+0x18/0x40 [ 28.383360] kasan_save_alloc_info+0x3b/0x50 [ 28.383594] __kasan_kmalloc+0xb7/0xc0 [ 28.383789] __kmalloc_cache_noprof+0x189/0x420 [ 28.384019] kasan_bitops_generic+0x92/0x1c0 [ 28.384380] kunit_try_run_case+0x1a5/0x480 [ 28.384790] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.385204] kthread+0x337/0x6f0 [ 28.385597] ret_from_fork+0x116/0x1d0 [ 28.385925] ret_from_fork_asm+0x1a/0x30 [ 28.386276] [ 28.386614] The buggy address belongs to the object at ffff8881022cf740 [ 28.386614] which belongs to the cache kmalloc-16 of size 16 [ 28.387990] The buggy address is located 8 bytes inside of [ 28.387990] allocated 9-byte region [ffff8881022cf740, ffff8881022cf749) [ 28.388589] [ 28.388706] The buggy address belongs to the physical page: [ 28.388923] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022cf [ 28.390050] flags: 0x200000000000000(node=0|zone=2) [ 28.390613] page_type: f5(slab) [ 28.391140] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 28.391743] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.392402] page dumped because: kasan: bad access detected [ 28.392806] [ 28.392914] Memory state around the buggy address: [ 28.393627] ffff8881022cf600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.393888] ffff8881022cf680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.394539] >ffff8881022cf700: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 28.394981] ^ [ 28.395477] ffff8881022cf780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.396071] ffff8881022cf800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.396602] ================================================================== [ 28.316238] ================================================================== [ 28.317050] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 28.318626] Write of size 8 at addr ffff8881022cf748 by task kunit_try_catch/290 [ 28.319841] [ 28.320128] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 28.320413] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.320500] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.320564] Call Trace: [ 28.320608] <TASK> [ 28.320655] dump_stack_lvl+0x73/0xb0 [ 28.320728] print_report+0xd1/0x650 [ 28.320773] ? __virt_addr_valid+0x1db/0x2d0 [ 28.320819] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 28.320869] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.320920] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 28.320989] kasan_report+0x141/0x180 [ 28.321045] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 28.321117] kasan_check_range+0x10c/0x1c0 [ 28.321199] __kasan_check_write+0x18/0x20 [ 28.321243] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 28.321296] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 28.321366] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.321426] ? trace_hardirqs_on+0x37/0xe0 [ 28.321490] ? kasan_bitops_generic+0x92/0x1c0 [ 28.321549] kasan_bitops_generic+0x121/0x1c0 [ 28.321594] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 28.321640] ? __pfx_read_tsc+0x10/0x10 [ 28.321683] ? ktime_get_ts64+0x86/0x230 [ 28.321746] kunit_try_run_case+0x1a5/0x480 [ 28.321811] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.321867] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.321914] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.321961] ? __kthread_parkme+0x82/0x180 [ 28.322001] ? preempt_count_sub+0x50/0x80 [ 28.322058] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.322104] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.322190] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.322254] kthread+0x337/0x6f0 [ 28.322301] ? trace_preempt_on+0x20/0xc0 [ 28.322352] ? __pfx_kthread+0x10/0x10 [ 28.322392] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.322433] ? calculate_sigpending+0x7b/0xa0 [ 28.322486] ? __pfx_kthread+0x10/0x10 [ 28.322525] ret_from_fork+0x116/0x1d0 [ 28.322557] ? __pfx_kthread+0x10/0x10 [ 28.322593] ret_from_fork_asm+0x1a/0x30 [ 28.322653] </TASK> [ 28.322681] [ 28.338138] Allocated by task 290: [ 28.338410] kasan_save_stack+0x45/0x70 [ 28.338650] kasan_save_track+0x18/0x40 [ 28.338829] kasan_save_alloc_info+0x3b/0x50 [ 28.339000] __kasan_kmalloc+0xb7/0xc0 [ 28.339211] __kmalloc_cache_noprof+0x189/0x420 [ 28.339399] kasan_bitops_generic+0x92/0x1c0 [ 28.339712] kunit_try_run_case+0x1a5/0x480 [ 28.340043] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.341372] kthread+0x337/0x6f0 [ 28.341766] ret_from_fork+0x116/0x1d0 [ 28.342122] ret_from_fork_asm+0x1a/0x30 [ 28.343498] [ 28.343690] The buggy address belongs to the object at ffff8881022cf740 [ 28.343690] which belongs to the cache kmalloc-16 of size 16 [ 28.346632] The buggy address is located 8 bytes inside of [ 28.346632] allocated 9-byte region [ffff8881022cf740, ffff8881022cf749) [ 28.347094] [ 28.350079] The buggy address belongs to the physical page: [ 28.350591] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022cf [ 28.351208] flags: 0x200000000000000(node=0|zone=2) [ 28.352292] page_type: f5(slab) [ 28.353530] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 28.354019] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.354963] page dumped because: kasan: bad access detected [ 28.355258] [ 28.355369] Memory state around the buggy address: [ 28.357097] ffff8881022cf600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.358417] ffff8881022cf680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.359746] >ffff8881022cf700: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 28.360018] ^ [ 28.360395] ffff8881022cf780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.360675] ffff8881022cf800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.360917] ================================================================== [ 28.268191] ================================================================== [ 28.268514] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 28.269458] Write of size 8 at addr ffff8881022cf748 by task kunit_try_catch/290 [ 28.269999] [ 28.270603] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 28.270706] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.270728] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.270766] Call Trace: [ 28.270804] <TASK> [ 28.270838] dump_stack_lvl+0x73/0xb0 [ 28.270895] print_report+0xd1/0x650 [ 28.270929] ? __virt_addr_valid+0x1db/0x2d0 [ 28.270966] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 28.271007] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.271049] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 28.271127] kasan_report+0x141/0x180 [ 28.271219] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 28.271276] kasan_check_range+0x10c/0x1c0 [ 28.271318] __kasan_check_write+0x18/0x20 [ 28.271635] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 28.271697] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 28.271757] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.271810] ? trace_hardirqs_on+0x37/0xe0 [ 28.271850] ? kasan_bitops_generic+0x92/0x1c0 [ 28.271901] kasan_bitops_generic+0x121/0x1c0 [ 28.271952] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 28.272008] ? __pfx_read_tsc+0x10/0x10 [ 28.272057] ? ktime_get_ts64+0x86/0x230 [ 28.272122] kunit_try_run_case+0x1a5/0x480 [ 28.272668] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.272707] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.272746] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.272781] ? __kthread_parkme+0x82/0x180 [ 28.272814] ? preempt_count_sub+0x50/0x80 [ 28.272852] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.272889] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.272928] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.272973] kthread+0x337/0x6f0 [ 28.273010] ? trace_preempt_on+0x20/0xc0 [ 28.273049] ? __pfx_kthread+0x10/0x10 [ 28.273087] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.273128] ? calculate_sigpending+0x7b/0xa0 [ 28.273212] ? __pfx_kthread+0x10/0x10 [ 28.273293] ret_from_fork+0x116/0x1d0 [ 28.273329] ? __pfx_kthread+0x10/0x10 [ 28.273370] ret_from_fork_asm+0x1a/0x30 [ 28.273448] </TASK> [ 28.273480] [ 28.303844] Allocated by task 290: [ 28.304193] kasan_save_stack+0x45/0x70 [ 28.304632] kasan_save_track+0x18/0x40 [ 28.304818] kasan_save_alloc_info+0x3b/0x50 [ 28.304996] __kasan_kmalloc+0xb7/0xc0 [ 28.305195] __kmalloc_cache_noprof+0x189/0x420 [ 28.305397] kasan_bitops_generic+0x92/0x1c0 [ 28.305585] kunit_try_run_case+0x1a5/0x480 [ 28.305778] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.305972] kthread+0x337/0x6f0 [ 28.306191] ret_from_fork+0x116/0x1d0 [ 28.306351] ret_from_fork_asm+0x1a/0x30 [ 28.306530] [ 28.306618] The buggy address belongs to the object at ffff8881022cf740 [ 28.306618] which belongs to the cache kmalloc-16 of size 16 [ 28.306991] The buggy address is located 8 bytes inside of [ 28.306991] allocated 9-byte region [ffff8881022cf740, ffff8881022cf749) [ 28.307423] [ 28.307548] The buggy address belongs to the physical page: [ 28.307763] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022cf [ 28.308058] flags: 0x200000000000000(node=0|zone=2) [ 28.308313] page_type: f5(slab) [ 28.308494] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 28.309036] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.309628] page dumped because: kasan: bad access detected [ 28.310060] [ 28.310257] Memory state around the buggy address: [ 28.310646] ffff8881022cf600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.311195] ffff8881022cf680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.311748] >ffff8881022cf700: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 28.313402] ^ [ 28.313694] ffff8881022cf780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.313966] ffff8881022cf800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.314255] ================================================================== [ 28.399005] ================================================================== [ 28.399490] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 28.400489] Write of size 8 at addr ffff8881022cf748 by task kunit_try_catch/290 [ 28.400817] [ 28.400974] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 28.401039] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.401055] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.401081] Call Trace: [ 28.401108] <TASK> [ 28.401132] dump_stack_lvl+0x73/0xb0 [ 28.401186] print_report+0xd1/0x650 [ 28.401225] ? __virt_addr_valid+0x1db/0x2d0 [ 28.401271] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 28.401326] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.401377] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 28.401434] kasan_report+0x141/0x180 [ 28.401494] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 28.401561] kasan_check_range+0x10c/0x1c0 [ 28.401612] __kasan_check_write+0x18/0x20 [ 28.401663] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 28.401716] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 28.401766] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.401812] ? trace_hardirqs_on+0x37/0xe0 [ 28.401857] ? kasan_bitops_generic+0x92/0x1c0 [ 28.401918] kasan_bitops_generic+0x121/0x1c0 [ 28.401972] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 28.402040] ? __pfx_read_tsc+0x10/0x10 [ 28.402091] ? ktime_get_ts64+0x86/0x230 [ 28.402153] kunit_try_run_case+0x1a5/0x480 [ 28.402210] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.402252] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.402296] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.402325] ? __kthread_parkme+0x82/0x180 [ 28.402349] ? preempt_count_sub+0x50/0x80 [ 28.402376] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.402401] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.402428] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.402476] kthread+0x337/0x6f0 [ 28.402510] ? trace_preempt_on+0x20/0xc0 [ 28.402542] ? __pfx_kthread+0x10/0x10 [ 28.402564] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.402588] ? calculate_sigpending+0x7b/0xa0 [ 28.402616] ? __pfx_kthread+0x10/0x10 [ 28.402640] ret_from_fork+0x116/0x1d0 [ 28.402661] ? __pfx_kthread+0x10/0x10 [ 28.402684] ret_from_fork_asm+0x1a/0x30 [ 28.402719] </TASK> [ 28.402734] [ 28.414757] Allocated by task 290: [ 28.415036] kasan_save_stack+0x45/0x70 [ 28.415510] kasan_save_track+0x18/0x40 [ 28.415827] kasan_save_alloc_info+0x3b/0x50 [ 28.416128] __kasan_kmalloc+0xb7/0xc0 [ 28.416479] __kmalloc_cache_noprof+0x189/0x420 [ 28.416825] kasan_bitops_generic+0x92/0x1c0 [ 28.417257] kunit_try_run_case+0x1a5/0x480 [ 28.417463] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.417970] kthread+0x337/0x6f0 [ 28.418345] ret_from_fork+0x116/0x1d0 [ 28.418636] ret_from_fork_asm+0x1a/0x30 [ 28.418866] [ 28.418994] The buggy address belongs to the object at ffff8881022cf740 [ 28.418994] which belongs to the cache kmalloc-16 of size 16 [ 28.419962] The buggy address is located 8 bytes inside of [ 28.419962] allocated 9-byte region [ffff8881022cf740, ffff8881022cf749) [ 28.420701] [ 28.420825] The buggy address belongs to the physical page: [ 28.421038] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022cf [ 28.421751] flags: 0x200000000000000(node=0|zone=2) [ 28.422203] page_type: f5(slab) [ 28.422518] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 28.422882] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.423226] page dumped because: kasan: bad access detected [ 28.423453] [ 28.423552] Memory state around the buggy address: [ 28.423783] ffff8881022cf600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.424322] ffff8881022cf680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.424876] >ffff8881022cf700: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 28.425431] ^ [ 28.425752] ffff8881022cf780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.426000] ffff8881022cf800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.426487] ================================================================== [ 28.237794] ================================================================== [ 28.238374] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 28.239121] Write of size 8 at addr ffff8881022cf748 by task kunit_try_catch/290 [ 28.239716] [ 28.239918] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 28.240026] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.240053] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.240102] Call Trace: [ 28.240136] <TASK> [ 28.240212] dump_stack_lvl+0x73/0xb0 [ 28.240285] print_report+0xd1/0x650 [ 28.240337] ? __virt_addr_valid+0x1db/0x2d0 [ 28.240395] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 28.240467] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.240528] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 28.240587] kasan_report+0x141/0x180 [ 28.240640] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 28.240713] kasan_check_range+0x10c/0x1c0 [ 28.240770] __kasan_check_write+0x18/0x20 [ 28.240824] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 28.240887] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 28.240944] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.240991] ? trace_hardirqs_on+0x37/0xe0 [ 28.241036] ? kasan_bitops_generic+0x92/0x1c0 [ 28.241085] kasan_bitops_generic+0x121/0x1c0 [ 28.241129] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 28.241218] ? __pfx_read_tsc+0x10/0x10 [ 28.241266] ? ktime_get_ts64+0x86/0x230 [ 28.241326] kunit_try_run_case+0x1a5/0x480 [ 28.241387] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.241438] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.241502] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.241559] ? __kthread_parkme+0x82/0x180 [ 28.241609] ? preempt_count_sub+0x50/0x80 [ 28.241665] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.241719] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.241766] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.241808] kthread+0x337/0x6f0 [ 28.241849] ? trace_preempt_on+0x20/0xc0 [ 28.241893] ? __pfx_kthread+0x10/0x10 [ 28.241933] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.241971] ? calculate_sigpending+0x7b/0xa0 [ 28.242016] ? __pfx_kthread+0x10/0x10 [ 28.242073] ret_from_fork+0x116/0x1d0 [ 28.242113] ? __pfx_kthread+0x10/0x10 [ 28.242187] ret_from_fork_asm+0x1a/0x30 [ 28.242254] </TASK> [ 28.242283] [ 28.255449] Allocated by task 290: [ 28.256355] kasan_save_stack+0x45/0x70 [ 28.256682] kasan_save_track+0x18/0x40 [ 28.256995] kasan_save_alloc_info+0x3b/0x50 [ 28.257263] __kasan_kmalloc+0xb7/0xc0 [ 28.257562] __kmalloc_cache_noprof+0x189/0x420 [ 28.257805] kasan_bitops_generic+0x92/0x1c0 [ 28.258047] kunit_try_run_case+0x1a5/0x480 [ 28.258298] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.258724] kthread+0x337/0x6f0 [ 28.258914] ret_from_fork+0x116/0x1d0 [ 28.259092] ret_from_fork_asm+0x1a/0x30 [ 28.259310] [ 28.259421] The buggy address belongs to the object at ffff8881022cf740 [ 28.259421] which belongs to the cache kmalloc-16 of size 16 [ 28.260327] The buggy address is located 8 bytes inside of [ 28.260327] allocated 9-byte region [ffff8881022cf740, ffff8881022cf749) [ 28.261310] [ 28.261485] The buggy address belongs to the physical page: [ 28.261798] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022cf [ 28.262263] flags: 0x200000000000000(node=0|zone=2) [ 28.262627] page_type: f5(slab) [ 28.262909] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 28.263323] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.263819] page dumped because: kasan: bad access detected [ 28.264256] [ 28.264428] Memory state around the buggy address: [ 28.264662] ffff8881022cf600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.265056] ffff8881022cf680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.265614] >ffff8881022cf700: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 28.266087] ^ [ 28.266477] ffff8881022cf780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.266752] ffff8881022cf800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.267006] ================================================================== [ 28.212034] ================================================================== [ 28.212890] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 28.213407] Write of size 8 at addr ffff8881022cf748 by task kunit_try_catch/290 [ 28.213772] [ 28.213972] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 28.214094] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.214122] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.214172] Call Trace: [ 28.214214] <TASK> [ 28.214254] dump_stack_lvl+0x73/0xb0 [ 28.214351] print_report+0xd1/0x650 [ 28.214402] ? __virt_addr_valid+0x1db/0x2d0 [ 28.214461] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 28.214536] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.214587] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 28.214639] kasan_report+0x141/0x180 [ 28.214685] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 28.214755] kasan_check_range+0x10c/0x1c0 [ 28.214809] __kasan_check_write+0x18/0x20 [ 28.214853] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 28.214908] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 28.214989] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.215040] ? trace_hardirqs_on+0x37/0xe0 [ 28.215083] ? kasan_bitops_generic+0x92/0x1c0 [ 28.215143] kasan_bitops_generic+0x121/0x1c0 [ 28.215187] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 28.215260] ? __pfx_read_tsc+0x10/0x10 [ 28.215304] ? ktime_get_ts64+0x86/0x230 [ 28.215358] kunit_try_run_case+0x1a5/0x480 [ 28.215412] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.215475] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.215526] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.215565] ? __kthread_parkme+0x82/0x180 [ 28.215594] ? preempt_count_sub+0x50/0x80 [ 28.215619] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.215647] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.215674] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.215700] kthread+0x337/0x6f0 [ 28.215722] ? trace_preempt_on+0x20/0xc0 [ 28.215747] ? __pfx_kthread+0x10/0x10 [ 28.215769] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.215793] ? calculate_sigpending+0x7b/0xa0 [ 28.215820] ? __pfx_kthread+0x10/0x10 [ 28.215844] ret_from_fork+0x116/0x1d0 [ 28.215865] ? __pfx_kthread+0x10/0x10 [ 28.215888] ret_from_fork_asm+0x1a/0x30 [ 28.215922] </TASK> [ 28.215936] [ 28.226381] Allocated by task 290: [ 28.226645] kasan_save_stack+0x45/0x70 [ 28.226906] kasan_save_track+0x18/0x40 [ 28.227090] kasan_save_alloc_info+0x3b/0x50 [ 28.227469] __kasan_kmalloc+0xb7/0xc0 [ 28.227776] __kmalloc_cache_noprof+0x189/0x420 [ 28.228040] kasan_bitops_generic+0x92/0x1c0 [ 28.228365] kunit_try_run_case+0x1a5/0x480 [ 28.228535] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.228935] kthread+0x337/0x6f0 [ 28.229236] ret_from_fork+0x116/0x1d0 [ 28.229407] ret_from_fork_asm+0x1a/0x30 [ 28.229607] [ 28.229765] The buggy address belongs to the object at ffff8881022cf740 [ 28.229765] which belongs to the cache kmalloc-16 of size 16 [ 28.230570] The buggy address is located 8 bytes inside of [ 28.230570] allocated 9-byte region [ffff8881022cf740, ffff8881022cf749) [ 28.230964] [ 28.231078] The buggy address belongs to the physical page: [ 28.231334] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022cf [ 28.231806] flags: 0x200000000000000(node=0|zone=2) [ 28.232257] page_type: f5(slab) [ 28.232538] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 28.233122] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.233404] page dumped because: kasan: bad access detected [ 28.233819] [ 28.233980] Memory state around the buggy address: [ 28.234195] ffff8881022cf600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.234496] ffff8881022cf680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.234998] >ffff8881022cf700: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 28.235556] ^ [ 28.235780] ffff8881022cf780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.236041] ffff8881022cf800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.236318] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 28.143278] ================================================================== [ 28.144829] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 28.145274] Write of size 8 at addr ffff8881022cf748 by task kunit_try_catch/290 [ 28.145799] [ 28.146010] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 28.146125] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.146153] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.146198] Call Trace: [ 28.146241] <TASK> [ 28.146285] dump_stack_lvl+0x73/0xb0 [ 28.146355] print_report+0xd1/0x650 [ 28.146409] ? __virt_addr_valid+0x1db/0x2d0 [ 28.146476] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 28.146535] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.146594] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 28.146651] kasan_report+0x141/0x180 [ 28.146701] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 28.146771] kasan_check_range+0x10c/0x1c0 [ 28.146824] __kasan_check_write+0x18/0x20 [ 28.146878] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 28.146935] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 28.146996] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.147051] ? trace_hardirqs_on+0x37/0xe0 [ 28.147098] ? kasan_bitops_generic+0x92/0x1c0 [ 28.147161] kasan_bitops_generic+0x116/0x1c0 [ 28.147213] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 28.147271] ? __pfx_read_tsc+0x10/0x10 [ 28.147320] ? ktime_get_ts64+0x86/0x230 [ 28.147379] kunit_try_run_case+0x1a5/0x480 [ 28.147447] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.147491] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.147535] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.147583] ? __kthread_parkme+0x82/0x180 [ 28.147629] ? preempt_count_sub+0x50/0x80 [ 28.147681] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.147734] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.147785] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.147836] kthread+0x337/0x6f0 [ 28.147878] ? trace_preempt_on+0x20/0xc0 [ 28.147927] ? __pfx_kthread+0x10/0x10 [ 28.147972] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.148019] ? calculate_sigpending+0x7b/0xa0 [ 28.148073] ? __pfx_kthread+0x10/0x10 [ 28.148120] ret_from_fork+0x116/0x1d0 [ 28.148162] ? __pfx_kthread+0x10/0x10 [ 28.148207] ret_from_fork_asm+0x1a/0x30 [ 28.148276] </TASK> [ 28.148303] [ 28.161907] Allocated by task 290: [ 28.162142] kasan_save_stack+0x45/0x70 [ 28.162515] kasan_save_track+0x18/0x40 [ 28.162827] kasan_save_alloc_info+0x3b/0x50 [ 28.163185] __kasan_kmalloc+0xb7/0xc0 [ 28.163379] __kmalloc_cache_noprof+0x189/0x420 [ 28.163581] kasan_bitops_generic+0x92/0x1c0 [ 28.163768] kunit_try_run_case+0x1a5/0x480 [ 28.163953] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.164182] kthread+0x337/0x6f0 [ 28.164488] ret_from_fork+0x116/0x1d0 [ 28.164916] ret_from_fork_asm+0x1a/0x30 [ 28.165244] [ 28.165470] The buggy address belongs to the object at ffff8881022cf740 [ 28.165470] which belongs to the cache kmalloc-16 of size 16 [ 28.166387] The buggy address is located 8 bytes inside of [ 28.166387] allocated 9-byte region [ffff8881022cf740, ffff8881022cf749) [ 28.167061] [ 28.167202] The buggy address belongs to the physical page: [ 28.167571] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022cf [ 28.167950] flags: 0x200000000000000(node=0|zone=2) [ 28.168187] page_type: f5(slab) [ 28.168487] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 28.169040] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.169598] page dumped because: kasan: bad access detected [ 28.169810] [ 28.169910] Memory state around the buggy address: [ 28.170121] ffff8881022cf600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.170382] ffff8881022cf680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.170653] >ffff8881022cf700: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 28.170909] ^ [ 28.171125] ffff8881022cf780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.171384] ffff8881022cf800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.171937] ================================================================== [ 28.062410] ================================================================== [ 28.063208] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 28.063935] Write of size 8 at addr ffff8881022cf748 by task kunit_try_catch/290 [ 28.064526] [ 28.064757] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 28.064871] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.064901] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.064954] Call Trace: [ 28.064998] <TASK> [ 28.065042] dump_stack_lvl+0x73/0xb0 [ 28.065109] print_report+0xd1/0x650 [ 28.065163] ? __virt_addr_valid+0x1db/0x2d0 [ 28.065207] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 28.065263] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.065323] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 28.065381] kasan_report+0x141/0x180 [ 28.065433] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 28.065587] kasan_check_range+0x10c/0x1c0 [ 28.065643] __kasan_check_write+0x18/0x20 [ 28.065697] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 28.065754] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 28.065811] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.065868] ? trace_hardirqs_on+0x37/0xe0 [ 28.065919] ? kasan_bitops_generic+0x92/0x1c0 [ 28.065981] kasan_bitops_generic+0x116/0x1c0 [ 28.066047] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 28.066103] ? __pfx_read_tsc+0x10/0x10 [ 28.066154] ? ktime_get_ts64+0x86/0x230 [ 28.066217] kunit_try_run_case+0x1a5/0x480 [ 28.066277] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.066328] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.066380] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.066433] ? __kthread_parkme+0x82/0x180 [ 28.066485] ? preempt_count_sub+0x50/0x80 [ 28.066526] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.066567] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.066609] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.066649] kthread+0x337/0x6f0 [ 28.066680] ? trace_preempt_on+0x20/0xc0 [ 28.066718] ? __pfx_kthread+0x10/0x10 [ 28.066751] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.066787] ? calculate_sigpending+0x7b/0xa0 [ 28.066833] ? __pfx_kthread+0x10/0x10 [ 28.066873] ret_from_fork+0x116/0x1d0 [ 28.066910] ? __pfx_kthread+0x10/0x10 [ 28.066949] ret_from_fork_asm+0x1a/0x30 [ 28.067017] </TASK> [ 28.067044] [ 28.077469] Allocated by task 290: [ 28.077799] kasan_save_stack+0x45/0x70 [ 28.078090] kasan_save_track+0x18/0x40 [ 28.078428] kasan_save_alloc_info+0x3b/0x50 [ 28.078645] __kasan_kmalloc+0xb7/0xc0 [ 28.078817] __kmalloc_cache_noprof+0x189/0x420 [ 28.079024] kasan_bitops_generic+0x92/0x1c0 [ 28.079331] kunit_try_run_case+0x1a5/0x480 [ 28.079681] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.080109] kthread+0x337/0x6f0 [ 28.080310] ret_from_fork+0x116/0x1d0 [ 28.080533] ret_from_fork_asm+0x1a/0x30 [ 28.080718] [ 28.080821] The buggy address belongs to the object at ffff8881022cf740 [ 28.080821] which belongs to the cache kmalloc-16 of size 16 [ 28.081392] The buggy address is located 8 bytes inside of [ 28.081392] allocated 9-byte region [ffff8881022cf740, ffff8881022cf749) [ 28.082279] [ 28.082465] The buggy address belongs to the physical page: [ 28.082768] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022cf [ 28.083066] flags: 0x200000000000000(node=0|zone=2) [ 28.083594] page_type: f5(slab) [ 28.083876] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 28.084253] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.084514] page dumped because: kasan: bad access detected [ 28.084724] [ 28.084818] Memory state around the buggy address: [ 28.085016] ffff8881022cf600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.085508] ffff8881022cf680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.086276] >ffff8881022cf700: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 28.086817] ^ [ 28.087225] ffff8881022cf780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.087729] ffff8881022cf800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.088095] ================================================================== [ 28.036449] ================================================================== [ 28.037050] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 28.037510] Write of size 8 at addr ffff8881022cf748 by task kunit_try_catch/290 [ 28.038086] [ 28.038411] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 28.038533] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.038580] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.038626] Call Trace: [ 28.038667] <TASK> [ 28.038702] dump_stack_lvl+0x73/0xb0 [ 28.038757] print_report+0xd1/0x650 [ 28.038792] ? __virt_addr_valid+0x1db/0x2d0 [ 28.038831] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 28.038867] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.038912] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 28.038954] kasan_report+0x141/0x180 [ 28.038988] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 28.039032] kasan_check_range+0x10c/0x1c0 [ 28.039067] __kasan_check_write+0x18/0x20 [ 28.039102] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 28.039141] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 28.039228] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.039277] ? trace_hardirqs_on+0x37/0xe0 [ 28.039326] ? kasan_bitops_generic+0x92/0x1c0 [ 28.039389] kasan_bitops_generic+0x116/0x1c0 [ 28.039436] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 28.039497] ? __pfx_read_tsc+0x10/0x10 [ 28.039540] ? ktime_get_ts64+0x86/0x230 [ 28.039626] kunit_try_run_case+0x1a5/0x480 [ 28.039695] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.039747] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.039811] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.039873] ? __kthread_parkme+0x82/0x180 [ 28.039931] ? preempt_count_sub+0x50/0x80 [ 28.039982] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.040046] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.040098] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.040210] kthread+0x337/0x6f0 [ 28.040269] ? trace_preempt_on+0x20/0xc0 [ 28.040312] ? __pfx_kthread+0x10/0x10 [ 28.040351] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.040390] ? calculate_sigpending+0x7b/0xa0 [ 28.040449] ? __pfx_kthread+0x10/0x10 [ 28.040500] ret_from_fork+0x116/0x1d0 [ 28.040546] ? __pfx_kthread+0x10/0x10 [ 28.040595] ret_from_fork_asm+0x1a/0x30 [ 28.040664] </TASK> [ 28.040692] [ 28.050878] Allocated by task 290: [ 28.051229] kasan_save_stack+0x45/0x70 [ 28.051673] kasan_save_track+0x18/0x40 [ 28.051984] kasan_save_alloc_info+0x3b/0x50 [ 28.052255] __kasan_kmalloc+0xb7/0xc0 [ 28.052467] __kmalloc_cache_noprof+0x189/0x420 [ 28.052710] kasan_bitops_generic+0x92/0x1c0 [ 28.052932] kunit_try_run_case+0x1a5/0x480 [ 28.053178] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.053450] kthread+0x337/0x6f0 [ 28.053721] ret_from_fork+0x116/0x1d0 [ 28.054044] ret_from_fork_asm+0x1a/0x30 [ 28.054420] [ 28.054634] The buggy address belongs to the object at ffff8881022cf740 [ 28.054634] which belongs to the cache kmalloc-16 of size 16 [ 28.055482] The buggy address is located 8 bytes inside of [ 28.055482] allocated 9-byte region [ffff8881022cf740, ffff8881022cf749) [ 28.056379] [ 28.056498] The buggy address belongs to the physical page: [ 28.056716] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022cf [ 28.056993] flags: 0x200000000000000(node=0|zone=2) [ 28.057238] page_type: f5(slab) [ 28.057599] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 28.058340] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.059010] page dumped because: kasan: bad access detected [ 28.059426] [ 28.059577] Memory state around the buggy address: [ 28.059892] ffff8881022cf600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.060271] ffff8881022cf680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.060586] >ffff8881022cf700: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 28.060841] ^ [ 28.061054] ffff8881022cf780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.061311] ffff8881022cf800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.061571] ================================================================== [ 28.007816] ================================================================== [ 28.008325] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 28.008666] Write of size 8 at addr ffff8881022cf748 by task kunit_try_catch/290 [ 28.009900] [ 28.010132] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 28.010399] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.010452] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.010563] Call Trace: [ 28.010595] <TASK> [ 28.010621] dump_stack_lvl+0x73/0xb0 [ 28.010669] print_report+0xd1/0x650 [ 28.010695] ? __virt_addr_valid+0x1db/0x2d0 [ 28.010723] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 28.010752] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.010781] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 28.010809] kasan_report+0x141/0x180 [ 28.010832] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 28.010864] kasan_check_range+0x10c/0x1c0 [ 28.010891] __kasan_check_write+0x18/0x20 [ 28.010915] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 28.010943] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 28.010973] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.010999] ? trace_hardirqs_on+0x37/0xe0 [ 28.011024] ? kasan_bitops_generic+0x92/0x1c0 [ 28.011054] kasan_bitops_generic+0x116/0x1c0 [ 28.011079] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 28.011106] ? __pfx_read_tsc+0x10/0x10 [ 28.011129] ? ktime_get_ts64+0x86/0x230 [ 28.011189] kunit_try_run_case+0x1a5/0x480 [ 28.011223] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.011247] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.011273] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.011298] ? __kthread_parkme+0x82/0x180 [ 28.011321] ? preempt_count_sub+0x50/0x80 [ 28.011347] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.011373] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.011397] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.011422] kthread+0x337/0x6f0 [ 28.011462] ? trace_preempt_on+0x20/0xc0 [ 28.011490] ? __pfx_kthread+0x10/0x10 [ 28.011512] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.011534] ? calculate_sigpending+0x7b/0xa0 [ 28.011561] ? __pfx_kthread+0x10/0x10 [ 28.011584] ret_from_fork+0x116/0x1d0 [ 28.011604] ? __pfx_kthread+0x10/0x10 [ 28.011626] ret_from_fork_asm+0x1a/0x30 [ 28.011658] </TASK> [ 28.011672] [ 28.022592] Allocated by task 290: [ 28.022790] kasan_save_stack+0x45/0x70 [ 28.023220] kasan_save_track+0x18/0x40 [ 28.023593] kasan_save_alloc_info+0x3b/0x50 [ 28.023987] __kasan_kmalloc+0xb7/0xc0 [ 28.024344] __kmalloc_cache_noprof+0x189/0x420 [ 28.024744] kasan_bitops_generic+0x92/0x1c0 [ 28.025116] kunit_try_run_case+0x1a5/0x480 [ 28.025533] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.025786] kthread+0x337/0x6f0 [ 28.025963] ret_from_fork+0x116/0x1d0 [ 28.026182] ret_from_fork_asm+0x1a/0x30 [ 28.026373] [ 28.026556] The buggy address belongs to the object at ffff8881022cf740 [ 28.026556] which belongs to the cache kmalloc-16 of size 16 [ 28.027465] The buggy address is located 8 bytes inside of [ 28.027465] allocated 9-byte region [ffff8881022cf740, ffff8881022cf749) [ 28.028367] [ 28.028571] The buggy address belongs to the physical page: [ 28.028869] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022cf [ 28.029203] flags: 0x200000000000000(node=0|zone=2) [ 28.029589] page_type: f5(slab) [ 28.029894] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 28.030539] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.031133] page dumped because: kasan: bad access detected [ 28.031495] [ 28.031597] Memory state around the buggy address: [ 28.031924] ffff8881022cf600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.032508] ffff8881022cf680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.032815] >ffff8881022cf700: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 28.033106] ^ [ 28.033545] ffff8881022cf780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.034031] ffff8881022cf800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.034574] ================================================================== [ 28.174293] ================================================================== [ 28.175083] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 28.175746] Write of size 8 at addr ffff8881022cf748 by task kunit_try_catch/290 [ 28.176310] [ 28.176535] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 28.176643] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.176674] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.176723] Call Trace: [ 28.176764] <TASK> [ 28.176808] dump_stack_lvl+0x73/0xb0 [ 28.176872] print_report+0xd1/0x650 [ 28.176920] ? __virt_addr_valid+0x1db/0x2d0 [ 28.176976] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 28.177033] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.177088] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 28.177145] kasan_report+0x141/0x180 [ 28.177189] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 28.177248] kasan_check_range+0x10c/0x1c0 [ 28.177302] __kasan_check_write+0x18/0x20 [ 28.177357] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 28.177416] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 28.177487] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.177534] ? trace_hardirqs_on+0x37/0xe0 [ 28.177584] ? kasan_bitops_generic+0x92/0x1c0 [ 28.177644] kasan_bitops_generic+0x116/0x1c0 [ 28.177699] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 28.177756] ? __pfx_read_tsc+0x10/0x10 [ 28.177805] ? ktime_get_ts64+0x86/0x230 [ 28.177867] kunit_try_run_case+0x1a5/0x480 [ 28.177923] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.177976] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.178040] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.178093] ? __kthread_parkme+0x82/0x180 [ 28.178146] ? preempt_count_sub+0x50/0x80 [ 28.178191] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.178240] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.178290] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.178340] kthread+0x337/0x6f0 [ 28.178384] ? trace_preempt_on+0x20/0xc0 [ 28.178436] ? __pfx_kthread+0x10/0x10 [ 28.178496] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.178544] ? calculate_sigpending+0x7b/0xa0 [ 28.178599] ? __pfx_kthread+0x10/0x10 [ 28.178652] ret_from_fork+0x116/0x1d0 [ 28.178697] ? __pfx_kthread+0x10/0x10 [ 28.178746] ret_from_fork_asm+0x1a/0x30 [ 28.178819] </TASK> [ 28.178846] [ 28.192421] Allocated by task 290: [ 28.192817] kasan_save_stack+0x45/0x70 [ 28.193216] kasan_save_track+0x18/0x40 [ 28.193519] kasan_save_alloc_info+0x3b/0x50 [ 28.193889] __kasan_kmalloc+0xb7/0xc0 [ 28.194092] __kmalloc_cache_noprof+0x189/0x420 [ 28.196859] kasan_bitops_generic+0x92/0x1c0 [ 28.197388] kunit_try_run_case+0x1a5/0x480 [ 28.197603] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.197822] kthread+0x337/0x6f0 [ 28.197990] ret_from_fork+0x116/0x1d0 [ 28.199027] ret_from_fork_asm+0x1a/0x30 [ 28.199753] [ 28.200210] The buggy address belongs to the object at ffff8881022cf740 [ 28.200210] which belongs to the cache kmalloc-16 of size 16 [ 28.201397] The buggy address is located 8 bytes inside of [ 28.201397] allocated 9-byte region [ffff8881022cf740, ffff8881022cf749) [ 28.202359] [ 28.203249] The buggy address belongs to the physical page: [ 28.203802] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022cf [ 28.204251] flags: 0x200000000000000(node=0|zone=2) [ 28.204561] page_type: f5(slab) [ 28.204842] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 28.205283] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.205728] page dumped because: kasan: bad access detected [ 28.206035] [ 28.206212] Memory state around the buggy address: [ 28.206589] ffff8881022cf600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.206914] ffff8881022cf680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.207549] >ffff8881022cf700: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 28.207898] ^ [ 28.208155] ffff8881022cf780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.208696] ffff8881022cf800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.209139] ================================================================== [ 28.115111] ================================================================== [ 28.115770] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 28.116477] Write of size 8 at addr ffff8881022cf748 by task kunit_try_catch/290 [ 28.116945] [ 28.117094] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 28.117194] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.117217] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.117260] Call Trace: [ 28.117300] <TASK> [ 28.117339] dump_stack_lvl+0x73/0xb0 [ 28.117407] print_report+0xd1/0x650 [ 28.117462] ? __virt_addr_valid+0x1db/0x2d0 [ 28.117513] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 28.117570] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.117629] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 28.117686] kasan_report+0x141/0x180 [ 28.117735] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 28.117803] kasan_check_range+0x10c/0x1c0 [ 28.117858] __kasan_check_write+0x18/0x20 [ 28.117911] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 28.117972] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 28.118042] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.118101] ? trace_hardirqs_on+0x37/0xe0 [ 28.118154] ? kasan_bitops_generic+0x92/0x1c0 [ 28.118215] kasan_bitops_generic+0x116/0x1c0 [ 28.118268] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 28.118325] ? __pfx_read_tsc+0x10/0x10 [ 28.118373] ? ktime_get_ts64+0x86/0x230 [ 28.118430] kunit_try_run_case+0x1a5/0x480 [ 28.118486] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.118519] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.118554] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.118587] ? __kthread_parkme+0x82/0x180 [ 28.118617] ? preempt_count_sub+0x50/0x80 [ 28.118652] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.118687] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.118724] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.118764] kthread+0x337/0x6f0 [ 28.118797] ? trace_preempt_on+0x20/0xc0 [ 28.118842] ? __pfx_kthread+0x10/0x10 [ 28.118885] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.118929] ? calculate_sigpending+0x7b/0xa0 [ 28.118982] ? __pfx_kthread+0x10/0x10 [ 28.119029] ret_from_fork+0x116/0x1d0 [ 28.119073] ? __pfx_kthread+0x10/0x10 [ 28.119121] ret_from_fork_asm+0x1a/0x30 [ 28.119194] </TASK> [ 28.119222] [ 28.131053] Allocated by task 290: [ 28.131418] kasan_save_stack+0x45/0x70 [ 28.131799] kasan_save_track+0x18/0x40 [ 28.132106] kasan_save_alloc_info+0x3b/0x50 [ 28.132462] __kasan_kmalloc+0xb7/0xc0 [ 28.132644] __kmalloc_cache_noprof+0x189/0x420 [ 28.132849] kasan_bitops_generic+0x92/0x1c0 [ 28.133043] kunit_try_run_case+0x1a5/0x480 [ 28.133234] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.133464] kthread+0x337/0x6f0 [ 28.133634] ret_from_fork+0x116/0x1d0 [ 28.133811] ret_from_fork_asm+0x1a/0x30 [ 28.133987] [ 28.134105] The buggy address belongs to the object at ffff8881022cf740 [ 28.134105] which belongs to the cache kmalloc-16 of size 16 [ 28.134611] The buggy address is located 8 bytes inside of [ 28.134611] allocated 9-byte region [ffff8881022cf740, ffff8881022cf749) [ 28.135453] [ 28.135677] The buggy address belongs to the physical page: [ 28.136099] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022cf [ 28.136663] flags: 0x200000000000000(node=0|zone=2) [ 28.137020] page_type: f5(slab) [ 28.137305] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 28.137834] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.138500] page dumped because: kasan: bad access detected [ 28.138893] [ 28.139059] Memory state around the buggy address: [ 28.139521] ffff8881022cf600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.139837] ffff8881022cf680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.140124] >ffff8881022cf700: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 28.140591] ^ [ 28.140861] ffff8881022cf780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.141119] ffff8881022cf800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.141646] ================================================================== [ 28.089596] ================================================================== [ 28.089915] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 28.090597] Write of size 8 at addr ffff8881022cf748 by task kunit_try_catch/290 [ 28.090980] [ 28.091129] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 28.091227] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.091256] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.091306] Call Trace: [ 28.091350] <TASK> [ 28.091392] dump_stack_lvl+0x73/0xb0 [ 28.091466] print_report+0xd1/0x650 [ 28.091510] ? __virt_addr_valid+0x1db/0x2d0 [ 28.091558] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 28.091605] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.091650] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 28.091689] kasan_report+0x141/0x180 [ 28.091725] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 28.091776] kasan_check_range+0x10c/0x1c0 [ 28.091820] __kasan_check_write+0x18/0x20 [ 28.091866] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 28.091913] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 28.091966] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.092017] ? trace_hardirqs_on+0x37/0xe0 [ 28.092064] ? kasan_bitops_generic+0x92/0x1c0 [ 28.092126] kasan_bitops_generic+0x116/0x1c0 [ 28.092170] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 28.092217] ? __pfx_read_tsc+0x10/0x10 [ 28.092264] ? ktime_get_ts64+0x86/0x230 [ 28.092315] kunit_try_run_case+0x1a5/0x480 [ 28.092360] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.092404] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.092467] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.092513] ? __kthread_parkme+0x82/0x180 [ 28.092558] ? preempt_count_sub+0x50/0x80 [ 28.092606] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.092656] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.092712] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.092764] kthread+0x337/0x6f0 [ 28.092812] ? trace_preempt_on+0x20/0xc0 [ 28.092863] ? __pfx_kthread+0x10/0x10 [ 28.092913] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.092961] ? calculate_sigpending+0x7b/0xa0 [ 28.093016] ? __pfx_kthread+0x10/0x10 [ 28.093066] ret_from_fork+0x116/0x1d0 [ 28.093112] ? __pfx_kthread+0x10/0x10 [ 28.093157] ret_from_fork_asm+0x1a/0x30 [ 28.093231] </TASK> [ 28.093259] [ 28.102940] Allocated by task 290: [ 28.103147] kasan_save_stack+0x45/0x70 [ 28.103515] kasan_save_track+0x18/0x40 [ 28.103948] kasan_save_alloc_info+0x3b/0x50 [ 28.104354] __kasan_kmalloc+0xb7/0xc0 [ 28.104671] __kmalloc_cache_noprof+0x189/0x420 [ 28.105033] kasan_bitops_generic+0x92/0x1c0 [ 28.105504] kunit_try_run_case+0x1a5/0x480 [ 28.105743] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.106068] kthread+0x337/0x6f0 [ 28.106423] ret_from_fork+0x116/0x1d0 [ 28.106650] ret_from_fork_asm+0x1a/0x30 [ 28.106903] [ 28.107009] The buggy address belongs to the object at ffff8881022cf740 [ 28.107009] which belongs to the cache kmalloc-16 of size 16 [ 28.107881] The buggy address is located 8 bytes inside of [ 28.107881] allocated 9-byte region [ffff8881022cf740, ffff8881022cf749) [ 28.108575] [ 28.108753] The buggy address belongs to the physical page: [ 28.109021] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022cf [ 28.109673] flags: 0x200000000000000(node=0|zone=2) [ 28.109924] page_type: f5(slab) [ 28.110142] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 28.110547] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.111050] page dumped because: kasan: bad access detected [ 28.111242] [ 28.111336] Memory state around the buggy address: [ 28.111537] ffff8881022cf600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.111787] ffff8881022cf680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.112048] >ffff8881022cf700: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 28.112302] ^ [ 28.112607] ffff8881022cf780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.113146] ffff8881022cf800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.113740] ================================================================== [ 27.971414] ================================================================== [ 27.972002] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.972375] Write of size 8 at addr ffff8881022cf748 by task kunit_try_catch/290 [ 27.972951] [ 27.973167] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 27.973280] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.973338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.973381] Call Trace: [ 27.973409] <TASK> [ 27.973455] dump_stack_lvl+0x73/0xb0 [ 27.973534] print_report+0xd1/0x650 [ 27.973602] ? __virt_addr_valid+0x1db/0x2d0 [ 27.973647] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.973698] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.973747] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.973798] kasan_report+0x141/0x180 [ 27.973846] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.973904] kasan_check_range+0x10c/0x1c0 [ 27.973946] __kasan_check_write+0x18/0x20 [ 27.973989] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.974048] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.974106] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.974193] ? trace_hardirqs_on+0x37/0xe0 [ 27.974247] ? kasan_bitops_generic+0x92/0x1c0 [ 27.974294] kasan_bitops_generic+0x116/0x1c0 [ 27.974341] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.974398] ? __pfx_read_tsc+0x10/0x10 [ 27.974457] ? ktime_get_ts64+0x86/0x230 [ 27.974519] kunit_try_run_case+0x1a5/0x480 [ 27.974575] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.974613] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.974654] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.974691] ? __kthread_parkme+0x82/0x180 [ 27.974725] ? preempt_count_sub+0x50/0x80 [ 27.974764] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.974805] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.974842] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.974883] kthread+0x337/0x6f0 [ 27.974916] ? trace_preempt_on+0x20/0xc0 [ 27.974956] ? __pfx_kthread+0x10/0x10 [ 27.975001] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.975043] ? calculate_sigpending+0x7b/0xa0 [ 27.975084] ? __pfx_kthread+0x10/0x10 [ 27.975125] ret_from_fork+0x116/0x1d0 [ 27.975203] ? __pfx_kthread+0x10/0x10 [ 27.975253] ret_from_fork_asm+0x1a/0x30 [ 27.975317] </TASK> [ 27.975338] [ 27.990220] Allocated by task 290: [ 27.990611] kasan_save_stack+0x45/0x70 [ 27.990990] kasan_save_track+0x18/0x40 [ 27.991498] kasan_save_alloc_info+0x3b/0x50 [ 27.992016] __kasan_kmalloc+0xb7/0xc0 [ 27.992394] __kmalloc_cache_noprof+0x189/0x420 [ 27.992864] kasan_bitops_generic+0x92/0x1c0 [ 27.993079] kunit_try_run_case+0x1a5/0x480 [ 27.993466] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.994438] kthread+0x337/0x6f0 [ 27.994900] ret_from_fork+0x116/0x1d0 [ 27.995138] ret_from_fork_asm+0x1a/0x30 [ 27.995469] [ 27.995771] The buggy address belongs to the object at ffff8881022cf740 [ 27.995771] which belongs to the cache kmalloc-16 of size 16 [ 27.996587] The buggy address is located 8 bytes inside of [ 27.996587] allocated 9-byte region [ffff8881022cf740, ffff8881022cf749) [ 27.997086] [ 27.997205] The buggy address belongs to the physical page: [ 27.998222] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022cf [ 27.999029] flags: 0x200000000000000(node=0|zone=2) [ 27.999496] page_type: f5(slab) [ 27.999846] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 28.000456] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.000869] page dumped because: kasan: bad access detected [ 28.001450] [ 28.001561] Memory state around the buggy address: [ 28.002098] ffff8881022cf600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.003168] ffff8881022cf680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.003532] >ffff8881022cf700: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 28.003749] ^ [ 28.004179] ffff8881022cf780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.005089] ffff8881022cf800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.005706] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 27.935042] ================================================================== [ 27.935898] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80 [ 27.936838] Read of size 1 at addr ffff888102336390 by task kunit_try_catch/288 [ 27.937756] [ 27.937942] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 27.938060] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.938090] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.938137] Call Trace: [ 27.938165] <TASK> [ 27.938201] dump_stack_lvl+0x73/0xb0 [ 27.938272] print_report+0xd1/0x650 [ 27.938326] ? __virt_addr_valid+0x1db/0x2d0 [ 27.938379] ? strnlen+0x73/0x80 [ 27.938407] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.938435] ? strnlen+0x73/0x80 [ 27.938481] kasan_report+0x141/0x180 [ 27.938506] ? strnlen+0x73/0x80 [ 27.938530] __asan_report_load1_noabort+0x18/0x20 [ 27.938556] strnlen+0x73/0x80 [ 27.938576] kasan_strings+0x615/0xe80 [ 27.938599] ? trace_hardirqs_on+0x37/0xe0 [ 27.938625] ? __pfx_kasan_strings+0x10/0x10 [ 27.938646] ? finish_task_switch.isra.0+0x153/0x700 [ 27.938673] ? __switch_to+0x47/0xf50 [ 27.938703] ? __schedule+0x10cc/0x2b60 [ 27.938728] ? __pfx_read_tsc+0x10/0x10 [ 27.938751] ? ktime_get_ts64+0x86/0x230 [ 27.938779] kunit_try_run_case+0x1a5/0x480 [ 27.938806] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.938830] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.938853] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.938878] ? __kthread_parkme+0x82/0x180 [ 27.938900] ? preempt_count_sub+0x50/0x80 [ 27.938923] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.938948] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.938972] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.938997] kthread+0x337/0x6f0 [ 27.939017] ? trace_preempt_on+0x20/0xc0 [ 27.939040] ? __pfx_kthread+0x10/0x10 [ 27.939061] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.939084] ? calculate_sigpending+0x7b/0xa0 [ 27.939108] ? __pfx_kthread+0x10/0x10 [ 27.939132] ret_from_fork+0x116/0x1d0 [ 27.939161] ? __pfx_kthread+0x10/0x10 [ 27.939191] ret_from_fork_asm+0x1a/0x30 [ 27.939224] </TASK> [ 27.939237] [ 27.947158] Allocated by task 288: [ 27.947494] kasan_save_stack+0x45/0x70 [ 27.947875] kasan_save_track+0x18/0x40 [ 27.948212] kasan_save_alloc_info+0x3b/0x50 [ 27.948585] __kasan_kmalloc+0xb7/0xc0 [ 27.948910] __kmalloc_cache_noprof+0x189/0x420 [ 27.949323] kasan_strings+0xc0/0xe80 [ 27.949647] kunit_try_run_case+0x1a5/0x480 [ 27.949993] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.950488] kthread+0x337/0x6f0 [ 27.950673] ret_from_fork+0x116/0x1d0 [ 27.950846] ret_from_fork_asm+0x1a/0x30 [ 27.951128] [ 27.951289] Freed by task 288: [ 27.951567] kasan_save_stack+0x45/0x70 [ 27.951864] kasan_save_track+0x18/0x40 [ 27.952040] kasan_save_free_info+0x3f/0x60 [ 27.952393] __kasan_slab_free+0x56/0x70 [ 27.952717] kfree+0x222/0x3f0 [ 27.952966] kasan_strings+0x2aa/0xe80 [ 27.953321] kunit_try_run_case+0x1a5/0x480 [ 27.953579] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.953802] kthread+0x337/0x6f0 [ 27.953963] ret_from_fork+0x116/0x1d0 [ 27.954145] ret_from_fork_asm+0x1a/0x30 [ 27.954328] [ 27.954432] The buggy address belongs to the object at ffff888102336380 [ 27.954432] which belongs to the cache kmalloc-32 of size 32 [ 27.955506] The buggy address is located 16 bytes inside of [ 27.955506] freed 32-byte region [ffff888102336380, ffff8881023363a0) [ 27.956409] [ 27.956554] The buggy address belongs to the physical page: [ 27.956772] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102336 [ 27.957074] flags: 0x200000000000000(node=0|zone=2) [ 27.957613] page_type: f5(slab) [ 27.957895] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.958566] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 27.958977] page dumped because: kasan: bad access detected [ 27.959264] [ 27.959362] Memory state around the buggy address: [ 27.959574] ffff888102336280: 00 00 00 04 fc fc fc fc fa fb fb fb fc fc fc fc [ 27.959840] ffff888102336300: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.960394] >ffff888102336380: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.960904] ^ [ 27.961202] ffff888102336400: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.961650] ffff888102336480: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.961910] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strlen
[ 27.900946] ================================================================== [ 27.901492] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 27.902721] Read of size 1 at addr ffff888102336390 by task kunit_try_catch/288 [ 27.903328] [ 27.903484] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 27.903579] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.903603] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.903641] Call Trace: [ 27.903676] <TASK> [ 27.903709] dump_stack_lvl+0x73/0xb0 [ 27.903768] print_report+0xd1/0x650 [ 27.903809] ? __virt_addr_valid+0x1db/0x2d0 [ 27.903851] ? strlen+0x8f/0xb0 [ 27.903884] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.903937] ? strlen+0x8f/0xb0 [ 27.903974] kasan_report+0x141/0x180 [ 27.904021] ? strlen+0x8f/0xb0 [ 27.904072] __asan_report_load1_noabort+0x18/0x20 [ 27.904113] strlen+0x8f/0xb0 [ 27.904145] kasan_strings+0x57b/0xe80 [ 27.904180] ? trace_hardirqs_on+0x37/0xe0 [ 27.904219] ? __pfx_kasan_strings+0x10/0x10 [ 27.904253] ? finish_task_switch.isra.0+0x153/0x700 [ 27.904295] ? __switch_to+0x47/0xf50 [ 27.904341] ? __schedule+0x10cc/0x2b60 [ 27.904377] ? __pfx_read_tsc+0x10/0x10 [ 27.904412] ? ktime_get_ts64+0x86/0x230 [ 27.904524] kunit_try_run_case+0x1a5/0x480 [ 27.904586] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.904629] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.904675] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.904727] ? __kthread_parkme+0x82/0x180 [ 27.904773] ? preempt_count_sub+0x50/0x80 [ 27.904827] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.904864] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.904900] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.904939] kthread+0x337/0x6f0 [ 27.904973] ? trace_preempt_on+0x20/0xc0 [ 27.905011] ? __pfx_kthread+0x10/0x10 [ 27.905044] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.905068] ? calculate_sigpending+0x7b/0xa0 [ 27.905096] ? __pfx_kthread+0x10/0x10 [ 27.905119] ret_from_fork+0x116/0x1d0 [ 27.905144] ? __pfx_kthread+0x10/0x10 [ 27.905181] ret_from_fork_asm+0x1a/0x30 [ 27.905222] </TASK> [ 27.905237] [ 27.915356] Allocated by task 288: [ 27.915708] kasan_save_stack+0x45/0x70 [ 27.915948] kasan_save_track+0x18/0x40 [ 27.916130] kasan_save_alloc_info+0x3b/0x50 [ 27.916482] __kasan_kmalloc+0xb7/0xc0 [ 27.916918] __kmalloc_cache_noprof+0x189/0x420 [ 27.917355] kasan_strings+0xc0/0xe80 [ 27.917691] kunit_try_run_case+0x1a5/0x480 [ 27.918056] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.918659] kthread+0x337/0x6f0 [ 27.918922] ret_from_fork+0x116/0x1d0 [ 27.919330] ret_from_fork_asm+0x1a/0x30 [ 27.919691] [ 27.919856] Freed by task 288: [ 27.920187] kasan_save_stack+0x45/0x70 [ 27.920472] kasan_save_track+0x18/0x40 [ 27.920792] kasan_save_free_info+0x3f/0x60 [ 27.921021] __kasan_slab_free+0x56/0x70 [ 27.921348] kfree+0x222/0x3f0 [ 27.921720] kasan_strings+0x2aa/0xe80 [ 27.922059] kunit_try_run_case+0x1a5/0x480 [ 27.922553] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.923054] kthread+0x337/0x6f0 [ 27.923363] ret_from_fork+0x116/0x1d0 [ 27.923728] ret_from_fork_asm+0x1a/0x30 [ 27.924093] [ 27.924300] The buggy address belongs to the object at ffff888102336380 [ 27.924300] which belongs to the cache kmalloc-32 of size 32 [ 27.925186] The buggy address is located 16 bytes inside of [ 27.925186] freed 32-byte region [ffff888102336380, ffff8881023363a0) [ 27.925600] [ 27.925716] The buggy address belongs to the physical page: [ 27.925935] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102336 [ 27.926244] flags: 0x200000000000000(node=0|zone=2) [ 27.926474] page_type: f5(slab) [ 27.926981] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.927904] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 27.928690] page dumped because: kasan: bad access detected [ 27.929178] [ 27.929350] Memory state around the buggy address: [ 27.929787] ffff888102336280: 00 00 00 04 fc fc fc fc fa fb fb fb fc fc fc fc [ 27.930068] ffff888102336300: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.930676] >ffff888102336380: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.931018] ^ [ 27.931270] ffff888102336400: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.931875] ffff888102336480: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.932510] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 27.864082] ================================================================== [ 27.864938] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80 [ 27.865804] Read of size 1 at addr ffff888102336390 by task kunit_try_catch/288 [ 27.866286] [ 27.866586] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 27.866880] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.867162] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.867211] Call Trace: [ 27.867253] <TASK> [ 27.867281] dump_stack_lvl+0x73/0xb0 [ 27.867331] print_report+0xd1/0x650 [ 27.867358] ? __virt_addr_valid+0x1db/0x2d0 [ 27.867385] ? kasan_strings+0xcbc/0xe80 [ 27.867408] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.867437] ? kasan_strings+0xcbc/0xe80 [ 27.867489] kasan_report+0x141/0x180 [ 27.867514] ? kasan_strings+0xcbc/0xe80 [ 27.867541] __asan_report_load1_noabort+0x18/0x20 [ 27.867582] kasan_strings+0xcbc/0xe80 [ 27.867616] ? trace_hardirqs_on+0x37/0xe0 [ 27.867655] ? __pfx_kasan_strings+0x10/0x10 [ 27.867689] ? finish_task_switch.isra.0+0x153/0x700 [ 27.867718] ? __switch_to+0x47/0xf50 [ 27.867748] ? __schedule+0x10cc/0x2b60 [ 27.867774] ? __pfx_read_tsc+0x10/0x10 [ 27.867798] ? ktime_get_ts64+0x86/0x230 [ 27.867827] kunit_try_run_case+0x1a5/0x480 [ 27.867856] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.867882] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.867906] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.867932] ? __kthread_parkme+0x82/0x180 [ 27.867954] ? preempt_count_sub+0x50/0x80 [ 27.867978] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.868004] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.868029] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.868055] kthread+0x337/0x6f0 [ 27.868076] ? trace_preempt_on+0x20/0xc0 [ 27.868101] ? __pfx_kthread+0x10/0x10 [ 27.868124] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.868153] ? calculate_sigpending+0x7b/0xa0 [ 27.868188] ? __pfx_kthread+0x10/0x10 [ 27.868212] ret_from_fork+0x116/0x1d0 [ 27.868233] ? __pfx_kthread+0x10/0x10 [ 27.868255] ret_from_fork_asm+0x1a/0x30 [ 27.868290] </TASK> [ 27.868305] [ 27.879907] Allocated by task 288: [ 27.880138] kasan_save_stack+0x45/0x70 [ 27.880333] kasan_save_track+0x18/0x40 [ 27.881136] kasan_save_alloc_info+0x3b/0x50 [ 27.881969] __kasan_kmalloc+0xb7/0xc0 [ 27.882194] __kmalloc_cache_noprof+0x189/0x420 [ 27.882358] kasan_strings+0xc0/0xe80 [ 27.882641] kunit_try_run_case+0x1a5/0x480 [ 27.883955] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.884936] kthread+0x337/0x6f0 [ 27.885112] ret_from_fork+0x116/0x1d0 [ 27.885327] ret_from_fork_asm+0x1a/0x30 [ 27.885675] [ 27.885839] Freed by task 288: [ 27.886580] kasan_save_stack+0x45/0x70 [ 27.886978] kasan_save_track+0x18/0x40 [ 27.887411] kasan_save_free_info+0x3f/0x60 [ 27.887655] __kasan_slab_free+0x56/0x70 [ 27.887827] kfree+0x222/0x3f0 [ 27.888071] kasan_strings+0x2aa/0xe80 [ 27.888418] kunit_try_run_case+0x1a5/0x480 [ 27.888782] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.889112] kthread+0x337/0x6f0 [ 27.889379] ret_from_fork+0x116/0x1d0 [ 27.889629] ret_from_fork_asm+0x1a/0x30 [ 27.889923] [ 27.890108] The buggy address belongs to the object at ffff888102336380 [ 27.890108] which belongs to the cache kmalloc-32 of size 32 [ 27.891116] The buggy address is located 16 bytes inside of [ 27.891116] freed 32-byte region [ffff888102336380, ffff8881023363a0) [ 27.891593] [ 27.892313] The buggy address belongs to the physical page: [ 27.893230] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102336 [ 27.893522] flags: 0x200000000000000(node=0|zone=2) [ 27.893911] page_type: f5(slab) [ 27.894211] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.894674] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 27.895168] page dumped because: kasan: bad access detected [ 27.895921] [ 27.896077] Memory state around the buggy address: [ 27.896352] ffff888102336280: 00 00 00 04 fc fc fc fc fa fb fb fb fc fc fc fc [ 27.896679] ffff888102336300: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.897013] >ffff888102336380: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.898345] ^ [ 27.898718] ffff888102336400: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.899193] ffff888102336480: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.899604] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 27.826118] ================================================================== [ 27.827764] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0 [ 27.828131] Read of size 1 at addr ffff888102336390 by task kunit_try_catch/288 [ 27.828373] [ 27.828496] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 27.828562] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.828578] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.828605] Call Trace: [ 27.828624] <TASK> [ 27.828649] dump_stack_lvl+0x73/0xb0 [ 27.828683] print_report+0xd1/0x650 [ 27.828714] ? __virt_addr_valid+0x1db/0x2d0 [ 27.828743] ? strcmp+0xb0/0xc0 [ 27.828766] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.828796] ? strcmp+0xb0/0xc0 [ 27.828819] kasan_report+0x141/0x180 [ 27.828843] ? strcmp+0xb0/0xc0 [ 27.828871] __asan_report_load1_noabort+0x18/0x20 [ 27.828898] strcmp+0xb0/0xc0 [ 27.828923] kasan_strings+0x431/0xe80 [ 27.828946] ? trace_hardirqs_on+0x37/0xe0 [ 27.828972] ? __pfx_kasan_strings+0x10/0x10 [ 27.828995] ? finish_task_switch.isra.0+0x153/0x700 [ 27.829021] ? __switch_to+0x47/0xf50 [ 27.829050] ? __schedule+0x10cc/0x2b60 [ 27.829075] ? __pfx_read_tsc+0x10/0x10 [ 27.829100] ? ktime_get_ts64+0x86/0x230 [ 27.829130] kunit_try_run_case+0x1a5/0x480 [ 27.829747] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.829842] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.829902] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.829957] ? __kthread_parkme+0x82/0x180 [ 27.830008] ? preempt_count_sub+0x50/0x80 [ 27.830075] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.830129] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.830183] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.830228] kthread+0x337/0x6f0 [ 27.830263] ? trace_preempt_on+0x20/0xc0 [ 27.830305] ? __pfx_kthread+0x10/0x10 [ 27.830347] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.830390] ? calculate_sigpending+0x7b/0xa0 [ 27.830435] ? __pfx_kthread+0x10/0x10 [ 27.830489] ret_from_fork+0x116/0x1d0 [ 27.830531] ? __pfx_kthread+0x10/0x10 [ 27.830572] ret_from_fork_asm+0x1a/0x30 [ 27.830637] </TASK> [ 27.830663] [ 27.841384] Allocated by task 288: [ 27.842404] kasan_save_stack+0x45/0x70 [ 27.843021] kasan_save_track+0x18/0x40 [ 27.843277] kasan_save_alloc_info+0x3b/0x50 [ 27.843705] __kasan_kmalloc+0xb7/0xc0 [ 27.844381] __kmalloc_cache_noprof+0x189/0x420 [ 27.844932] kasan_strings+0xc0/0xe80 [ 27.845160] kunit_try_run_case+0x1a5/0x480 [ 27.845332] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.845546] kthread+0x337/0x6f0 [ 27.846392] ret_from_fork+0x116/0x1d0 [ 27.846755] ret_from_fork_asm+0x1a/0x30 [ 27.847122] [ 27.847293] Freed by task 288: [ 27.847588] kasan_save_stack+0x45/0x70 [ 27.847929] kasan_save_track+0x18/0x40 [ 27.848286] kasan_save_free_info+0x3f/0x60 [ 27.848679] __kasan_slab_free+0x56/0x70 [ 27.849036] kfree+0x222/0x3f0 [ 27.849337] kasan_strings+0x2aa/0xe80 [ 27.850526] kunit_try_run_case+0x1a5/0x480 [ 27.851263] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.851493] kthread+0x337/0x6f0 [ 27.851829] ret_from_fork+0x116/0x1d0 [ 27.852738] ret_from_fork_asm+0x1a/0x30 [ 27.852992] [ 27.853092] The buggy address belongs to the object at ffff888102336380 [ 27.853092] which belongs to the cache kmalloc-32 of size 32 [ 27.853764] The buggy address is located 16 bytes inside of [ 27.853764] freed 32-byte region [ffff888102336380, ffff8881023363a0) [ 27.855262] [ 27.855462] The buggy address belongs to the physical page: [ 27.856267] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102336 [ 27.856685] flags: 0x200000000000000(node=0|zone=2) [ 27.857203] page_type: f5(slab) [ 27.857392] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.857736] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 27.858907] page dumped because: kasan: bad access detected [ 27.859252] [ 27.859419] Memory state around the buggy address: [ 27.859638] ffff888102336280: 00 00 00 04 fc fc fc fc fa fb fb fb fc fc fc fc [ 27.860204] ffff888102336300: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.860545] >ffff888102336380: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.861009] ^ [ 27.861692] ffff888102336400: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.862110] ffff888102336480: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.862763] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 27.786290] ================================================================== [ 27.786769] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 27.787042] Read of size 1 at addr ffff888100a31058 by task kunit_try_catch/286 [ 27.787289] [ 27.787894] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 27.788022] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.788051] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.788096] Call Trace: [ 27.788121] <TASK> [ 27.788155] dump_stack_lvl+0x73/0xb0 [ 27.788212] print_report+0xd1/0x650 [ 27.788249] ? __virt_addr_valid+0x1db/0x2d0 [ 27.788290] ? memcmp+0x1b4/0x1d0 [ 27.788368] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.788417] ? memcmp+0x1b4/0x1d0 [ 27.788466] kasan_report+0x141/0x180 [ 27.788528] ? memcmp+0x1b4/0x1d0 [ 27.788571] __asan_report_load1_noabort+0x18/0x20 [ 27.788613] memcmp+0x1b4/0x1d0 [ 27.788651] kasan_memcmp+0x18f/0x390 [ 27.788691] ? trace_hardirqs_on+0x37/0xe0 [ 27.788743] ? __pfx_kasan_memcmp+0x10/0x10 [ 27.788788] ? finish_task_switch.isra.0+0x153/0x700 [ 27.788840] ? __switch_to+0x47/0xf50 [ 27.788907] ? __pfx_read_tsc+0x10/0x10 [ 27.788958] ? ktime_get_ts64+0x86/0x230 [ 27.789019] kunit_try_run_case+0x1a5/0x480 [ 27.789075] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.789123] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.789165] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.789205] ? __kthread_parkme+0x82/0x180 [ 27.789235] ? preempt_count_sub+0x50/0x80 [ 27.789258] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.789283] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.789308] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.789333] kthread+0x337/0x6f0 [ 27.789354] ? trace_preempt_on+0x20/0xc0 [ 27.789377] ? __pfx_kthread+0x10/0x10 [ 27.789400] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.789422] ? calculate_sigpending+0x7b/0xa0 [ 27.789474] ? __pfx_kthread+0x10/0x10 [ 27.789500] ret_from_fork+0x116/0x1d0 [ 27.789521] ? __pfx_kthread+0x10/0x10 [ 27.789543] ret_from_fork_asm+0x1a/0x30 [ 27.789578] </TASK> [ 27.789592] [ 27.800324] Allocated by task 286: [ 27.800725] kasan_save_stack+0x45/0x70 [ 27.801095] kasan_save_track+0x18/0x40 [ 27.801359] kasan_save_alloc_info+0x3b/0x50 [ 27.801706] __kasan_kmalloc+0xb7/0xc0 [ 27.801903] __kmalloc_cache_noprof+0x189/0x420 [ 27.802127] kasan_memcmp+0xb7/0x390 [ 27.802993] kunit_try_run_case+0x1a5/0x480 [ 27.803453] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.803912] kthread+0x337/0x6f0 [ 27.804108] ret_from_fork+0x116/0x1d0 [ 27.804822] ret_from_fork_asm+0x1a/0x30 [ 27.805417] [ 27.805544] The buggy address belongs to the object at ffff888100a31040 [ 27.805544] which belongs to the cache kmalloc-32 of size 32 [ 27.806220] The buggy address is located 0 bytes to the right of [ 27.806220] allocated 24-byte region [ffff888100a31040, ffff888100a31058) [ 27.807204] [ 27.807427] The buggy address belongs to the physical page: [ 27.807685] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a31 [ 27.808168] flags: 0x200000000000000(node=0|zone=2) [ 27.808432] page_type: f5(slab) [ 27.808762] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.809165] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 27.809719] page dumped because: kasan: bad access detected [ 27.809980] [ 27.810171] Memory state around the buggy address: [ 27.810727] ffff888100a30f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.811124] ffff888100a30f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.811635] >ffff888100a31000: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.812063] ^ [ 27.812510] ffff888100a31080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.812770] ffff888100a31100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.813356] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 25.496875] ================================================================== [ 25.497483] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x53c/0x5e0 [ 25.497845] Read of size 1 at addr ffff888100a1be00 by task kunit_try_catch/193 [ 25.498817] [ 25.499006] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 25.499098] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.499120] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.499156] Call Trace: [ 25.499194] <TASK> [ 25.499231] dump_stack_lvl+0x73/0xb0 [ 25.499298] print_report+0xd1/0x650 [ 25.499342] ? __virt_addr_valid+0x1db/0x2d0 [ 25.499388] ? krealloc_uaf+0x53c/0x5e0 [ 25.499432] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.499496] ? krealloc_uaf+0x53c/0x5e0 [ 25.499538] kasan_report+0x141/0x180 [ 25.499580] ? krealloc_uaf+0x53c/0x5e0 [ 25.499631] __asan_report_load1_noabort+0x18/0x20 [ 25.499677] krealloc_uaf+0x53c/0x5e0 [ 25.499720] ? __pfx_krealloc_uaf+0x10/0x10 [ 25.499760] ? finish_task_switch.isra.0+0x153/0x700 [ 25.499818] ? __switch_to+0x47/0xf50 [ 25.499891] ? __schedule+0x10cc/0x2b60 [ 25.499936] ? __pfx_read_tsc+0x10/0x10 [ 25.499974] ? ktime_get_ts64+0x86/0x230 [ 25.500017] kunit_try_run_case+0x1a5/0x480 [ 25.500057] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.500091] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.500129] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.500168] ? __kthread_parkme+0x82/0x180 [ 25.500199] ? preempt_count_sub+0x50/0x80 [ 25.500233] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.500268] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.500305] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.500337] kthread+0x337/0x6f0 [ 25.500367] ? trace_preempt_on+0x20/0xc0 [ 25.500402] ? __pfx_kthread+0x10/0x10 [ 25.500434] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.500481] ? calculate_sigpending+0x7b/0xa0 [ 25.500519] ? __pfx_kthread+0x10/0x10 [ 25.500555] ret_from_fork+0x116/0x1d0 [ 25.500588] ? __pfx_kthread+0x10/0x10 [ 25.500623] ret_from_fork_asm+0x1a/0x30 [ 25.500677] </TASK> [ 25.500697] [ 25.513371] Allocated by task 193: [ 25.513614] kasan_save_stack+0x45/0x70 [ 25.514020] kasan_save_track+0x18/0x40 [ 25.514878] kasan_save_alloc_info+0x3b/0x50 [ 25.515304] __kasan_kmalloc+0xb7/0xc0 [ 25.515499] __kmalloc_cache_noprof+0x189/0x420 [ 25.515701] krealloc_uaf+0xbb/0x5e0 [ 25.515997] kunit_try_run_case+0x1a5/0x480 [ 25.516602] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.517207] kthread+0x337/0x6f0 [ 25.517538] ret_from_fork+0x116/0x1d0 [ 25.518191] ret_from_fork_asm+0x1a/0x30 [ 25.518526] [ 25.518834] Freed by task 193: [ 25.519124] kasan_save_stack+0x45/0x70 [ 25.519319] kasan_save_track+0x18/0x40 [ 25.519904] kasan_save_free_info+0x3f/0x60 [ 25.520116] __kasan_slab_free+0x56/0x70 [ 25.520593] kfree+0x222/0x3f0 [ 25.521005] krealloc_uaf+0x13d/0x5e0 [ 25.521460] kunit_try_run_case+0x1a5/0x480 [ 25.521653] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.522089] kthread+0x337/0x6f0 [ 25.522950] ret_from_fork+0x116/0x1d0 [ 25.523326] ret_from_fork_asm+0x1a/0x30 [ 25.524111] [ 25.524307] The buggy address belongs to the object at ffff888100a1be00 [ 25.524307] which belongs to the cache kmalloc-256 of size 256 [ 25.525173] The buggy address is located 0 bytes inside of [ 25.525173] freed 256-byte region [ffff888100a1be00, ffff888100a1bf00) [ 25.525887] [ 25.526080] The buggy address belongs to the physical page: [ 25.527199] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a1a [ 25.528299] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.528708] flags: 0x200000000000040(head|node=0|zone=2) [ 25.528935] page_type: f5(slab) [ 25.529175] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 25.529691] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.530112] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 25.530618] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.530831] head: 0200000000000001 ffffea0004028681 00000000ffffffff 00000000ffffffff [ 25.531036] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.531472] page dumped because: kasan: bad access detected [ 25.531899] [ 25.532060] Memory state around the buggy address: [ 25.532430] ffff888100a1bd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.532941] ffff888100a1bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.533197] >ffff888100a1be00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.533506] ^ [ 25.533915] ffff888100a1be80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.534509] ffff888100a1bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.535136] ================================================================== [ 25.456286] ================================================================== [ 25.457312] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x1b8/0x5e0 [ 25.458124] Read of size 1 at addr ffff888100a1be00 by task kunit_try_catch/193 [ 25.458694] [ 25.459132] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 25.459257] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.459285] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.459328] Call Trace: [ 25.459356] <TASK> [ 25.459397] dump_stack_lvl+0x73/0xb0 [ 25.459486] print_report+0xd1/0x650 [ 25.459535] ? __virt_addr_valid+0x1db/0x2d0 [ 25.459593] ? krealloc_uaf+0x1b8/0x5e0 [ 25.459631] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.459706] ? krealloc_uaf+0x1b8/0x5e0 [ 25.459850] kasan_report+0x141/0x180 [ 25.459903] ? krealloc_uaf+0x1b8/0x5e0 [ 25.459957] ? krealloc_uaf+0x1b8/0x5e0 [ 25.460005] __kasan_check_byte+0x3d/0x50 [ 25.460052] krealloc_noprof+0x3f/0x340 [ 25.460093] krealloc_uaf+0x1b8/0x5e0 [ 25.460129] ? __pfx_krealloc_uaf+0x10/0x10 [ 25.460196] ? finish_task_switch.isra.0+0x153/0x700 [ 25.460241] ? __switch_to+0x47/0xf50 [ 25.460279] ? __schedule+0x10cc/0x2b60 [ 25.460305] ? __pfx_read_tsc+0x10/0x10 [ 25.460328] ? ktime_get_ts64+0x86/0x230 [ 25.460357] kunit_try_run_case+0x1a5/0x480 [ 25.460385] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.460408] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.460431] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.460481] ? __kthread_parkme+0x82/0x180 [ 25.460505] ? preempt_count_sub+0x50/0x80 [ 25.460529] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.460553] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.460590] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.460628] kthread+0x337/0x6f0 [ 25.460666] ? trace_preempt_on+0x20/0xc0 [ 25.460695] ? __pfx_kthread+0x10/0x10 [ 25.460717] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.460739] ? calculate_sigpending+0x7b/0xa0 [ 25.460765] ? __pfx_kthread+0x10/0x10 [ 25.460788] ret_from_fork+0x116/0x1d0 [ 25.460808] ? __pfx_kthread+0x10/0x10 [ 25.460829] ret_from_fork_asm+0x1a/0x30 [ 25.460861] </TASK> [ 25.460876] [ 25.472766] Allocated by task 193: [ 25.473012] kasan_save_stack+0x45/0x70 [ 25.473380] kasan_save_track+0x18/0x40 [ 25.473795] kasan_save_alloc_info+0x3b/0x50 [ 25.474240] __kasan_kmalloc+0xb7/0xc0 [ 25.474690] __kmalloc_cache_noprof+0x189/0x420 [ 25.475258] krealloc_uaf+0xbb/0x5e0 [ 25.475746] kunit_try_run_case+0x1a5/0x480 [ 25.476087] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.476509] kthread+0x337/0x6f0 [ 25.476900] ret_from_fork+0x116/0x1d0 [ 25.477282] ret_from_fork_asm+0x1a/0x30 [ 25.477485] [ 25.477572] Freed by task 193: [ 25.477723] kasan_save_stack+0x45/0x70 [ 25.477904] kasan_save_track+0x18/0x40 [ 25.478089] kasan_save_free_info+0x3f/0x60 [ 25.478363] __kasan_slab_free+0x56/0x70 [ 25.478787] kfree+0x222/0x3f0 [ 25.479429] krealloc_uaf+0x13d/0x5e0 [ 25.479735] kunit_try_run_case+0x1a5/0x480 [ 25.479966] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.480317] kthread+0x337/0x6f0 [ 25.480830] ret_from_fork+0x116/0x1d0 [ 25.481012] ret_from_fork_asm+0x1a/0x30 [ 25.481299] [ 25.481494] The buggy address belongs to the object at ffff888100a1be00 [ 25.481494] which belongs to the cache kmalloc-256 of size 256 [ 25.482616] The buggy address is located 0 bytes inside of [ 25.482616] freed 256-byte region [ffff888100a1be00, ffff888100a1bf00) [ 25.483903] [ 25.484085] The buggy address belongs to the physical page: [ 25.484699] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a1a [ 25.485322] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.485820] flags: 0x200000000000040(head|node=0|zone=2) [ 25.486358] page_type: f5(slab) [ 25.486719] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 25.487621] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.488221] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 25.488739] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.489035] head: 0200000000000001 ffffea0004028681 00000000ffffffff 00000000ffffffff [ 25.489851] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.490616] page dumped because: kasan: bad access detected [ 25.491485] [ 25.491746] Memory state around the buggy address: [ 25.492125] ffff888100a1bd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.492661] ffff888100a1bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.493172] >ffff888100a1be00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.494350] ^ [ 25.494572] ffff888100a1be80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.495111] ffff888100a1bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.495967] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 25.372347] ================================================================== [ 25.372836] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 25.373210] Write of size 1 at addr ffff8881038e60da by task kunit_try_catch/191 [ 25.374348] [ 25.374907] CPU: 1 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 25.375031] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.375060] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.375101] Call Trace: [ 25.375236] <TASK> [ 25.375283] dump_stack_lvl+0x73/0xb0 [ 25.375359] print_report+0xd1/0x650 [ 25.375399] ? __virt_addr_valid+0x1db/0x2d0 [ 25.375436] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 25.375488] ? kasan_addr_to_slab+0x11/0xa0 [ 25.375518] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 25.375815] kasan_report+0x141/0x180 [ 25.375870] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 25.375918] __asan_report_store1_noabort+0x1b/0x30 [ 25.375954] krealloc_less_oob_helper+0xec6/0x11d0 [ 25.375980] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.376004] ? finish_task_switch.isra.0+0x153/0x700 [ 25.376029] ? __switch_to+0x47/0xf50 [ 25.376057] ? __schedule+0x10cc/0x2b60 [ 25.376081] ? __pfx_read_tsc+0x10/0x10 [ 25.376107] krealloc_large_less_oob+0x1c/0x30 [ 25.376130] kunit_try_run_case+0x1a5/0x480 [ 25.376180] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.376213] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.376237] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.376261] ? __kthread_parkme+0x82/0x180 [ 25.376283] ? preempt_count_sub+0x50/0x80 [ 25.376306] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.376330] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.376354] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.376377] kthread+0x337/0x6f0 [ 25.376398] ? trace_preempt_on+0x20/0xc0 [ 25.376422] ? __pfx_kthread+0x10/0x10 [ 25.376460] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.376485] ? calculate_sigpending+0x7b/0xa0 [ 25.376510] ? __pfx_kthread+0x10/0x10 [ 25.376532] ret_from_fork+0x116/0x1d0 [ 25.376551] ? __pfx_kthread+0x10/0x10 [ 25.376572] ret_from_fork_asm+0x1a/0x30 [ 25.376603] </TASK> [ 25.376617] [ 25.389275] The buggy address belongs to the physical page: [ 25.390188] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038e4 [ 25.391292] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.391572] flags: 0x200000000000040(head|node=0|zone=2) [ 25.392099] page_type: f8(unknown) [ 25.392308] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.392641] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.393174] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.393680] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.394147] head: 0200000000000002 ffffea00040e3901 00000000ffffffff 00000000ffffffff [ 25.394489] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.394768] page dumped because: kasan: bad access detected [ 25.394960] [ 25.395117] Memory state around the buggy address: [ 25.395504] ffff8881038e5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.396073] ffff8881038e6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.396569] >ffff8881038e6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.396999] ^ [ 25.397517] ffff8881038e6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.397893] ffff8881038e6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.398159] ================================================================== [ 25.133078] ================================================================== [ 25.134328] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 25.134812] Write of size 1 at addr ffff8881003956da by task kunit_try_catch/187 [ 25.135270] [ 25.135494] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 25.135602] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.135629] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.135676] Call Trace: [ 25.135719] <TASK> [ 25.135761] dump_stack_lvl+0x73/0xb0 [ 25.135824] print_report+0xd1/0x650 [ 25.135872] ? __virt_addr_valid+0x1db/0x2d0 [ 25.135922] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 25.135975] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.136024] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 25.136076] kasan_report+0x141/0x180 [ 25.136124] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 25.136176] __asan_report_store1_noabort+0x1b/0x30 [ 25.136222] krealloc_less_oob_helper+0xec6/0x11d0 [ 25.136274] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.136322] ? finish_task_switch.isra.0+0x153/0x700 [ 25.136370] ? __switch_to+0x47/0xf50 [ 25.136419] ? irqentry_exit+0x2a/0x60 [ 25.136485] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 25.136783] ? trace_hardirqs_on+0x37/0xe0 [ 25.136850] ? __pfx_read_tsc+0x10/0x10 [ 25.136893] krealloc_less_oob+0x1c/0x30 [ 25.136932] kunit_try_run_case+0x1a5/0x480 [ 25.136971] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.137005] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.137042] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.137079] ? __kthread_parkme+0x82/0x180 [ 25.137112] ? preempt_count_sub+0x50/0x80 [ 25.137162] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.137203] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.137230] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.137254] kthread+0x337/0x6f0 [ 25.137275] ? trace_preempt_on+0x20/0xc0 [ 25.137299] ? __pfx_kthread+0x10/0x10 [ 25.137321] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.137343] ? calculate_sigpending+0x7b/0xa0 [ 25.137369] ? __pfx_kthread+0x10/0x10 [ 25.137391] ret_from_fork+0x116/0x1d0 [ 25.137412] ? __pfx_kthread+0x10/0x10 [ 25.137434] ret_from_fork_asm+0x1a/0x30 [ 25.137490] </TASK> [ 25.137504] [ 25.153852] Allocated by task 187: [ 25.154133] kasan_save_stack+0x45/0x70 [ 25.154341] kasan_save_track+0x18/0x40 [ 25.154489] kasan_save_alloc_info+0x3b/0x50 [ 25.155346] __kasan_krealloc+0x190/0x1f0 [ 25.155859] krealloc_noprof+0xf3/0x340 [ 25.156043] krealloc_less_oob_helper+0x1aa/0x11d0 [ 25.156330] krealloc_less_oob+0x1c/0x30 [ 25.156677] kunit_try_run_case+0x1a5/0x480 [ 25.157027] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.157672] kthread+0x337/0x6f0 [ 25.158297] ret_from_fork+0x116/0x1d0 [ 25.158527] ret_from_fork_asm+0x1a/0x30 [ 25.159083] [ 25.159332] The buggy address belongs to the object at ffff888100395600 [ 25.159332] which belongs to the cache kmalloc-256 of size 256 [ 25.159989] The buggy address is located 17 bytes to the right of [ 25.159989] allocated 201-byte region [ffff888100395600, ffff8881003956c9) [ 25.161320] [ 25.161598] The buggy address belongs to the physical page: [ 25.162361] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100394 [ 25.163090] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.163876] flags: 0x200000000000040(head|node=0|zone=2) [ 25.164220] page_type: f5(slab) [ 25.164515] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.164994] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.165772] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.166931] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.167325] head: 0200000000000001 ffffea000400e501 00000000ffffffff 00000000ffffffff [ 25.167799] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.168326] page dumped because: kasan: bad access detected [ 25.168546] [ 25.168749] Memory state around the buggy address: [ 25.169144] ffff888100395580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.169524] ffff888100395600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.169799] >ffff888100395680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 25.170344] ^ [ 25.170639] ffff888100395700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.171026] ffff888100395780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.171367] ================================================================== [ 25.093356] ================================================================== [ 25.094593] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 25.095279] Write of size 1 at addr ffff8881003956d0 by task kunit_try_catch/187 [ 25.095830] [ 25.096141] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 25.096269] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.096297] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.096338] Call Trace: [ 25.096378] <TASK> [ 25.096416] dump_stack_lvl+0x73/0xb0 [ 25.096502] print_report+0xd1/0x650 [ 25.096550] ? __virt_addr_valid+0x1db/0x2d0 [ 25.096600] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 25.096645] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.096697] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 25.096748] kasan_report+0x141/0x180 [ 25.096789] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 25.096835] __asan_report_store1_noabort+0x1b/0x30 [ 25.096875] krealloc_less_oob_helper+0xe23/0x11d0 [ 25.096915] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.096949] ? finish_task_switch.isra.0+0x153/0x700 [ 25.096982] ? __switch_to+0x47/0xf50 [ 25.097020] ? irqentry_exit+0x2a/0x60 [ 25.097053] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 25.097089] ? trace_hardirqs_on+0x37/0xe0 [ 25.097122] ? __pfx_read_tsc+0x10/0x10 [ 25.097161] krealloc_less_oob+0x1c/0x30 [ 25.097193] kunit_try_run_case+0x1a5/0x480 [ 25.097228] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.097259] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.097294] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.097327] ? __kthread_parkme+0x82/0x180 [ 25.097357] ? preempt_count_sub+0x50/0x80 [ 25.097391] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.097426] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.097479] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.097517] kthread+0x337/0x6f0 [ 25.097554] ? trace_preempt_on+0x20/0xc0 [ 25.097608] ? __pfx_kthread+0x10/0x10 [ 25.097655] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.097698] ? calculate_sigpending+0x7b/0xa0 [ 25.097745] ? __pfx_kthread+0x10/0x10 [ 25.097792] ret_from_fork+0x116/0x1d0 [ 25.097840] ? __pfx_kthread+0x10/0x10 [ 25.097887] ret_from_fork_asm+0x1a/0x30 [ 25.097956] </TASK> [ 25.097985] [ 25.112285] Allocated by task 187: [ 25.112860] kasan_save_stack+0x45/0x70 [ 25.113121] kasan_save_track+0x18/0x40 [ 25.113435] kasan_save_alloc_info+0x3b/0x50 [ 25.113983] __kasan_krealloc+0x190/0x1f0 [ 25.114433] krealloc_noprof+0xf3/0x340 [ 25.114699] krealloc_less_oob_helper+0x1aa/0x11d0 [ 25.114913] krealloc_less_oob+0x1c/0x30 [ 25.115095] kunit_try_run_case+0x1a5/0x480 [ 25.115436] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.115993] kthread+0x337/0x6f0 [ 25.116466] ret_from_fork+0x116/0x1d0 [ 25.116894] ret_from_fork_asm+0x1a/0x30 [ 25.117897] [ 25.118390] The buggy address belongs to the object at ffff888100395600 [ 25.118390] which belongs to the cache kmalloc-256 of size 256 [ 25.119355] The buggy address is located 7 bytes to the right of [ 25.119355] allocated 201-byte region [ffff888100395600, ffff8881003956c9) [ 25.119955] [ 25.120077] The buggy address belongs to the physical page: [ 25.120277] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100394 [ 25.120742] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.121548] flags: 0x200000000000040(head|node=0|zone=2) [ 25.121975] page_type: f5(slab) [ 25.123257] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.123520] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.124080] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.124525] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.124864] head: 0200000000000001 ffffea000400e501 00000000ffffffff 00000000ffffffff [ 25.125399] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.126500] page dumped because: kasan: bad access detected [ 25.127032] [ 25.127494] Memory state around the buggy address: [ 25.128090] ffff888100395580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.128531] ffff888100395600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.129074] >ffff888100395680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 25.130180] ^ [ 25.130712] ffff888100395700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.130963] ffff888100395780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.131944] ================================================================== [ 25.212938] ================================================================== [ 25.213263] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 25.214691] Write of size 1 at addr ffff8881003956eb by task kunit_try_catch/187 [ 25.215048] [ 25.215195] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 25.215299] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.215321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.215360] Call Trace: [ 25.215382] <TASK> [ 25.215417] dump_stack_lvl+0x73/0xb0 [ 25.215501] print_report+0xd1/0x650 [ 25.215546] ? __virt_addr_valid+0x1db/0x2d0 [ 25.215596] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.215645] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.215693] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.215743] kasan_report+0x141/0x180 [ 25.215789] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.215850] __asan_report_store1_noabort+0x1b/0x30 [ 25.215893] krealloc_less_oob_helper+0xd47/0x11d0 [ 25.215934] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.215972] ? finish_task_switch.isra.0+0x153/0x700 [ 25.216009] ? __switch_to+0x47/0xf50 [ 25.216049] ? irqentry_exit+0x2a/0x60 [ 25.216086] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 25.216127] ? trace_hardirqs_on+0x37/0xe0 [ 25.216166] ? __pfx_read_tsc+0x10/0x10 [ 25.216258] krealloc_less_oob+0x1c/0x30 [ 25.216322] kunit_try_run_case+0x1a5/0x480 [ 25.216378] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.216426] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.216490] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.216540] ? __kthread_parkme+0x82/0x180 [ 25.216599] ? preempt_count_sub+0x50/0x80 [ 25.216647] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.216697] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.216732] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.216757] kthread+0x337/0x6f0 [ 25.216778] ? trace_preempt_on+0x20/0xc0 [ 25.216802] ? __pfx_kthread+0x10/0x10 [ 25.216824] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.216846] ? calculate_sigpending+0x7b/0xa0 [ 25.216873] ? __pfx_kthread+0x10/0x10 [ 25.216895] ret_from_fork+0x116/0x1d0 [ 25.216916] ? __pfx_kthread+0x10/0x10 [ 25.216937] ret_from_fork_asm+0x1a/0x30 [ 25.216970] </TASK> [ 25.216985] [ 25.230831] Allocated by task 187: [ 25.231259] kasan_save_stack+0x45/0x70 [ 25.231543] kasan_save_track+0x18/0x40 [ 25.231874] kasan_save_alloc_info+0x3b/0x50 [ 25.232066] __kasan_krealloc+0x190/0x1f0 [ 25.232248] krealloc_noprof+0xf3/0x340 [ 25.232424] krealloc_less_oob_helper+0x1aa/0x11d0 [ 25.232681] krealloc_less_oob+0x1c/0x30 [ 25.233646] kunit_try_run_case+0x1a5/0x480 [ 25.234059] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.234845] kthread+0x337/0x6f0 [ 25.235202] ret_from_fork+0x116/0x1d0 [ 25.235544] ret_from_fork_asm+0x1a/0x30 [ 25.236559] [ 25.237250] The buggy address belongs to the object at ffff888100395600 [ 25.237250] which belongs to the cache kmalloc-256 of size 256 [ 25.237772] The buggy address is located 34 bytes to the right of [ 25.237772] allocated 201-byte region [ffff888100395600, ffff8881003956c9) [ 25.238952] [ 25.239153] The buggy address belongs to the physical page: [ 25.239593] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100394 [ 25.240013] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.240618] flags: 0x200000000000040(head|node=0|zone=2) [ 25.240876] page_type: f5(slab) [ 25.241038] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.242536] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.243337] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.243982] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.244396] head: 0200000000000001 ffffea000400e501 00000000ffffffff 00000000ffffffff [ 25.244795] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.245957] page dumped because: kasan: bad access detected [ 25.246394] [ 25.246528] Memory state around the buggy address: [ 25.247067] ffff888100395580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.247746] ffff888100395600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.248341] >ffff888100395680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 25.248743] ^ [ 25.249330] ffff888100395700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.249759] ffff888100395780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.250728] ================================================================== [ 25.400149] ================================================================== [ 25.400810] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 25.401310] Write of size 1 at addr ffff8881038e60ea by task kunit_try_catch/191 [ 25.401602] [ 25.401752] CPU: 1 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 25.401859] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.401888] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.401932] Call Trace: [ 25.401993] <TASK> [ 25.402042] dump_stack_lvl+0x73/0xb0 [ 25.402124] print_report+0xd1/0x650 [ 25.402172] ? __virt_addr_valid+0x1db/0x2d0 [ 25.402226] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.402279] ? kasan_addr_to_slab+0x11/0xa0 [ 25.402323] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.402375] kasan_report+0x141/0x180 [ 25.402424] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.402498] __asan_report_store1_noabort+0x1b/0x30 [ 25.402550] krealloc_less_oob_helper+0xe90/0x11d0 [ 25.402595] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.402636] ? finish_task_switch.isra.0+0x153/0x700 [ 25.402667] ? __switch_to+0x47/0xf50 [ 25.402695] ? __schedule+0x10cc/0x2b60 [ 25.402719] ? __pfx_read_tsc+0x10/0x10 [ 25.402745] krealloc_large_less_oob+0x1c/0x30 [ 25.402769] kunit_try_run_case+0x1a5/0x480 [ 25.402795] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.402818] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.402841] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.402865] ? __kthread_parkme+0x82/0x180 [ 25.402886] ? preempt_count_sub+0x50/0x80 [ 25.402910] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.402934] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.402957] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.402981] kthread+0x337/0x6f0 [ 25.403002] ? trace_preempt_on+0x20/0xc0 [ 25.403027] ? __pfx_kthread+0x10/0x10 [ 25.403048] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.403070] ? calculate_sigpending+0x7b/0xa0 [ 25.403094] ? __pfx_kthread+0x10/0x10 [ 25.403116] ret_from_fork+0x116/0x1d0 [ 25.403136] ? __pfx_kthread+0x10/0x10 [ 25.403171] ret_from_fork_asm+0x1a/0x30 [ 25.403209] </TASK> [ 25.403222] [ 25.414850] The buggy address belongs to the physical page: [ 25.415346] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038e4 [ 25.415688] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.416424] flags: 0x200000000000040(head|node=0|zone=2) [ 25.416829] page_type: f8(unknown) [ 25.417085] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.417468] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.417957] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.418450] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.418932] head: 0200000000000002 ffffea00040e3901 00000000ffffffff 00000000ffffffff [ 25.419438] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.419973] page dumped because: kasan: bad access detected [ 25.420302] [ 25.420493] Memory state around the buggy address: [ 25.420790] ffff8881038e5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.421423] ffff8881038e6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.421745] >ffff8881038e6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.422340] ^ [ 25.422672] ffff8881038e6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.423130] ffff8881038e6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.423562] ================================================================== [ 25.425103] ================================================================== [ 25.425894] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 25.426617] Write of size 1 at addr ffff8881038e60eb by task kunit_try_catch/191 [ 25.427559] [ 25.427799] CPU: 1 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 25.427915] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.427960] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.428003] Call Trace: [ 25.428047] <TASK> [ 25.428090] dump_stack_lvl+0x73/0xb0 [ 25.428160] print_report+0xd1/0x650 [ 25.428201] ? __virt_addr_valid+0x1db/0x2d0 [ 25.428236] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.428262] ? kasan_addr_to_slab+0x11/0xa0 [ 25.428283] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.428310] kasan_report+0x141/0x180 [ 25.428332] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.428360] __asan_report_store1_noabort+0x1b/0x30 [ 25.428385] krealloc_less_oob_helper+0xd47/0x11d0 [ 25.428411] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.428435] ? finish_task_switch.isra.0+0x153/0x700 [ 25.428488] ? __switch_to+0x47/0xf50 [ 25.428518] ? __schedule+0x10cc/0x2b60 [ 25.428542] ? __pfx_read_tsc+0x10/0x10 [ 25.428568] krealloc_large_less_oob+0x1c/0x30 [ 25.428591] kunit_try_run_case+0x1a5/0x480 [ 25.428618] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.428641] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.428665] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.428688] ? __kthread_parkme+0x82/0x180 [ 25.428710] ? preempt_count_sub+0x50/0x80 [ 25.428734] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.428758] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.428782] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.428805] kthread+0x337/0x6f0 [ 25.428825] ? trace_preempt_on+0x20/0xc0 [ 25.428849] ? __pfx_kthread+0x10/0x10 [ 25.428870] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.428891] ? calculate_sigpending+0x7b/0xa0 [ 25.428916] ? __pfx_kthread+0x10/0x10 [ 25.428938] ret_from_fork+0x116/0x1d0 [ 25.428957] ? __pfx_kthread+0x10/0x10 [ 25.428978] ret_from_fork_asm+0x1a/0x30 [ 25.429009] </TASK> [ 25.429022] [ 25.438552] The buggy address belongs to the physical page: [ 25.438987] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038e4 [ 25.439571] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.440003] flags: 0x200000000000040(head|node=0|zone=2) [ 25.440515] page_type: f8(unknown) [ 25.440721] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.441199] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.441594] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.442007] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.442530] head: 0200000000000002 ffffea00040e3901 00000000ffffffff 00000000ffffffff [ 25.442936] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.443581] page dumped because: kasan: bad access detected [ 25.443895] [ 25.444055] Memory state around the buggy address: [ 25.444326] ffff8881038e5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.444716] ffff8881038e6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.444953] >ffff8881038e6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.445204] ^ [ 25.445459] ffff8881038e6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.445716] ffff8881038e6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.445967] ================================================================== [ 25.053111] ================================================================== [ 25.053634] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 25.054252] Write of size 1 at addr ffff8881003956c9 by task kunit_try_catch/187 [ 25.055610] [ 25.055799] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 25.055905] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.055931] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.055969] Call Trace: [ 25.055997] <TASK> [ 25.056031] dump_stack_lvl+0x73/0xb0 [ 25.056108] print_report+0xd1/0x650 [ 25.056157] ? __virt_addr_valid+0x1db/0x2d0 [ 25.056209] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 25.056261] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.056309] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 25.056349] kasan_report+0x141/0x180 [ 25.056389] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 25.056437] __asan_report_store1_noabort+0x1b/0x30 [ 25.056502] krealloc_less_oob_helper+0xd70/0x11d0 [ 25.056546] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.056589] ? finish_task_switch.isra.0+0x153/0x700 [ 25.056630] ? __switch_to+0x47/0xf50 [ 25.056671] ? irqentry_exit+0x2a/0x60 [ 25.056710] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 25.056751] ? trace_hardirqs_on+0x37/0xe0 [ 25.056792] ? __pfx_read_tsc+0x10/0x10 [ 25.056842] krealloc_less_oob+0x1c/0x30 [ 25.056885] kunit_try_run_case+0x1a5/0x480 [ 25.056932] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.056979] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.057020] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.057046] ? __kthread_parkme+0x82/0x180 [ 25.057069] ? preempt_count_sub+0x50/0x80 [ 25.057094] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.057119] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.057148] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.057188] kthread+0x337/0x6f0 [ 25.057223] ? trace_preempt_on+0x20/0xc0 [ 25.057302] ? __pfx_kthread+0x10/0x10 [ 25.057338] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.057379] ? calculate_sigpending+0x7b/0xa0 [ 25.057426] ? __pfx_kthread+0x10/0x10 [ 25.057486] ret_from_fork+0x116/0x1d0 [ 25.057531] ? __pfx_kthread+0x10/0x10 [ 25.057569] ret_from_fork_asm+0x1a/0x30 [ 25.057629] </TASK> [ 25.057656] [ 25.071150] Allocated by task 187: [ 25.071796] kasan_save_stack+0x45/0x70 [ 25.072081] kasan_save_track+0x18/0x40 [ 25.072679] kasan_save_alloc_info+0x3b/0x50 [ 25.073079] __kasan_krealloc+0x190/0x1f0 [ 25.073458] krealloc_noprof+0xf3/0x340 [ 25.074202] krealloc_less_oob_helper+0x1aa/0x11d0 [ 25.074576] krealloc_less_oob+0x1c/0x30 [ 25.074972] kunit_try_run_case+0x1a5/0x480 [ 25.075165] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.075659] kthread+0x337/0x6f0 [ 25.076270] ret_from_fork+0x116/0x1d0 [ 25.076489] ret_from_fork_asm+0x1a/0x30 [ 25.076678] [ 25.076778] The buggy address belongs to the object at ffff888100395600 [ 25.076778] which belongs to the cache kmalloc-256 of size 256 [ 25.078315] The buggy address is located 0 bytes to the right of [ 25.078315] allocated 201-byte region [ffff888100395600, ffff8881003956c9) [ 25.080388] [ 25.080817] The buggy address belongs to the physical page: [ 25.081268] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100394 [ 25.081811] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.082332] flags: 0x200000000000040(head|node=0|zone=2) [ 25.083167] page_type: f5(slab) [ 25.083413] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.083695] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.084913] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.085831] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.086337] head: 0200000000000001 ffffea000400e501 00000000ffffffff 00000000ffffffff [ 25.086626] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.087206] page dumped because: kasan: bad access detected [ 25.087571] [ 25.087675] Memory state around the buggy address: [ 25.088009] ffff888100395580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.088316] ffff888100395600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.089556] >ffff888100395680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 25.089990] ^ [ 25.090673] ffff888100395700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.091718] ffff888100395780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.091956] ================================================================== [ 25.316322] ================================================================== [ 25.317421] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 25.318078] Write of size 1 at addr ffff8881038e60c9 by task kunit_try_catch/191 [ 25.318421] [ 25.318878] CPU: 1 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 25.319005] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.319035] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.319100] Call Trace: [ 25.319141] <TASK> [ 25.319181] dump_stack_lvl+0x73/0xb0 [ 25.319271] print_report+0xd1/0x650 [ 25.319318] ? __virt_addr_valid+0x1db/0x2d0 [ 25.319376] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 25.319428] ? kasan_addr_to_slab+0x11/0xa0 [ 25.319479] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 25.319523] kasan_report+0x141/0x180 [ 25.319700] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 25.319795] __asan_report_store1_noabort+0x1b/0x30 [ 25.319842] krealloc_less_oob_helper+0xd70/0x11d0 [ 25.319893] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.319940] ? finish_task_switch.isra.0+0x153/0x700 [ 25.320001] ? __switch_to+0x47/0xf50 [ 25.320078] ? __schedule+0x10cc/0x2b60 [ 25.320126] ? __pfx_read_tsc+0x10/0x10 [ 25.320171] krealloc_large_less_oob+0x1c/0x30 [ 25.320209] kunit_try_run_case+0x1a5/0x480 [ 25.320241] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.320263] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.320288] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.320311] ? __kthread_parkme+0x82/0x180 [ 25.320333] ? preempt_count_sub+0x50/0x80 [ 25.320357] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.320380] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.320404] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.320427] kthread+0x337/0x6f0 [ 25.320472] ? trace_preempt_on+0x20/0xc0 [ 25.320500] ? __pfx_kthread+0x10/0x10 [ 25.320521] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.320543] ? calculate_sigpending+0x7b/0xa0 [ 25.320586] ? __pfx_kthread+0x10/0x10 [ 25.320620] ret_from_fork+0x116/0x1d0 [ 25.320650] ? __pfx_kthread+0x10/0x10 [ 25.320681] ret_from_fork_asm+0x1a/0x30 [ 25.320731] </TASK> [ 25.320752] [ 25.335347] The buggy address belongs to the physical page: [ 25.335622] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038e4 [ 25.336249] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.336919] flags: 0x200000000000040(head|node=0|zone=2) [ 25.337483] page_type: f8(unknown) [ 25.338077] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.338952] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.339579] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.339874] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.340640] head: 0200000000000002 ffffea00040e3901 00000000ffffffff 00000000ffffffff [ 25.340936] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.341268] page dumped because: kasan: bad access detected [ 25.341715] [ 25.341896] Memory state around the buggy address: [ 25.342257] ffff8881038e5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.342782] ffff8881038e6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.343423] >ffff8881038e6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.343710] ^ [ 25.344053] ffff8881038e6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.344730] ffff8881038e6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.345503] ================================================================== [ 25.172406] ================================================================== [ 25.173174] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 25.174079] Write of size 1 at addr ffff8881003956ea by task kunit_try_catch/187 [ 25.174522] [ 25.174676] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 25.174784] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.174812] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.174848] Call Trace: [ 25.174886] <TASK> [ 25.174920] dump_stack_lvl+0x73/0xb0 [ 25.174976] print_report+0xd1/0x650 [ 25.175009] ? __virt_addr_valid+0x1db/0x2d0 [ 25.175042] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.175075] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.175113] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.175150] kasan_report+0x141/0x180 [ 25.175183] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.175223] __asan_report_store1_noabort+0x1b/0x30 [ 25.175258] krealloc_less_oob_helper+0xe90/0x11d0 [ 25.175294] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.175332] ? finish_task_switch.isra.0+0x153/0x700 [ 25.175370] ? __switch_to+0x47/0xf50 [ 25.175410] ? irqentry_exit+0x2a/0x60 [ 25.175534] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 25.175737] ? trace_hardirqs_on+0x37/0xe0 [ 25.175804] ? __pfx_read_tsc+0x10/0x10 [ 25.175862] krealloc_less_oob+0x1c/0x30 [ 25.175906] kunit_try_run_case+0x1a5/0x480 [ 25.175952] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.175995] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.176038] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.176086] ? __kthread_parkme+0x82/0x180 [ 25.176128] ? preempt_count_sub+0x50/0x80 [ 25.176231] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.176276] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.176327] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.176378] kthread+0x337/0x6f0 [ 25.176422] ? trace_preempt_on+0x20/0xc0 [ 25.176476] ? __pfx_kthread+0x10/0x10 [ 25.176514] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.176735] ? calculate_sigpending+0x7b/0xa0 [ 25.176798] ? __pfx_kthread+0x10/0x10 [ 25.176838] ret_from_fork+0x116/0x1d0 [ 25.176876] ? __pfx_kthread+0x10/0x10 [ 25.176920] ret_from_fork_asm+0x1a/0x30 [ 25.177002] </TASK> [ 25.177034] [ 25.192001] Allocated by task 187: [ 25.192937] kasan_save_stack+0x45/0x70 [ 25.193239] kasan_save_track+0x18/0x40 [ 25.193663] kasan_save_alloc_info+0x3b/0x50 [ 25.193942] __kasan_krealloc+0x190/0x1f0 [ 25.194380] krealloc_noprof+0xf3/0x340 [ 25.194976] krealloc_less_oob_helper+0x1aa/0x11d0 [ 25.195420] krealloc_less_oob+0x1c/0x30 [ 25.195764] kunit_try_run_case+0x1a5/0x480 [ 25.195965] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.196351] kthread+0x337/0x6f0 [ 25.197263] ret_from_fork+0x116/0x1d0 [ 25.197572] ret_from_fork_asm+0x1a/0x30 [ 25.198114] [ 25.198361] The buggy address belongs to the object at ffff888100395600 [ 25.198361] which belongs to the cache kmalloc-256 of size 256 [ 25.198859] The buggy address is located 33 bytes to the right of [ 25.198859] allocated 201-byte region [ffff888100395600, ffff8881003956c9) [ 25.199659] [ 25.200151] The buggy address belongs to the physical page: [ 25.200636] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100394 [ 25.201010] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.202120] flags: 0x200000000000040(head|node=0|zone=2) [ 25.202719] page_type: f5(slab) [ 25.203099] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.203966] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.204237] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.204923] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.205731] head: 0200000000000001 ffffea000400e501 00000000ffffffff 00000000ffffffff [ 25.206504] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.206977] page dumped because: kasan: bad access detected [ 25.207459] [ 25.207645] Memory state around the buggy address: [ 25.208101] ffff888100395580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.208910] ffff888100395600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.209162] >ffff888100395680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 25.210012] ^ [ 25.210892] ffff888100395700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.211139] ffff888100395780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.211386] ================================================================== [ 25.347871] ================================================================== [ 25.348412] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 25.348719] Write of size 1 at addr ffff8881038e60d0 by task kunit_try_catch/191 [ 25.349688] [ 25.349907] CPU: 1 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 25.350015] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.350050] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.350089] Call Trace: [ 25.350115] <TASK> [ 25.350150] dump_stack_lvl+0x73/0xb0 [ 25.350212] print_report+0xd1/0x650 [ 25.350256] ? __virt_addr_valid+0x1db/0x2d0 [ 25.350300] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 25.350349] ? kasan_addr_to_slab+0x11/0xa0 [ 25.350394] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 25.350456] kasan_report+0x141/0x180 [ 25.350508] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 25.350571] __asan_report_store1_noabort+0x1b/0x30 [ 25.350625] krealloc_less_oob_helper+0xe23/0x11d0 [ 25.350682] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.350733] ? finish_task_switch.isra.0+0x153/0x700 [ 25.350767] ? __switch_to+0x47/0xf50 [ 25.350796] ? __schedule+0x10cc/0x2b60 [ 25.350820] ? __pfx_read_tsc+0x10/0x10 [ 25.350846] krealloc_large_less_oob+0x1c/0x30 [ 25.350869] kunit_try_run_case+0x1a5/0x480 [ 25.350895] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.350918] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.350942] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.350965] ? __kthread_parkme+0x82/0x180 [ 25.350987] ? preempt_count_sub+0x50/0x80 [ 25.351010] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.351034] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.351058] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.351081] kthread+0x337/0x6f0 [ 25.351101] ? trace_preempt_on+0x20/0xc0 [ 25.351126] ? __pfx_kthread+0x10/0x10 [ 25.351152] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.351189] ? calculate_sigpending+0x7b/0xa0 [ 25.351216] ? __pfx_kthread+0x10/0x10 [ 25.351237] ret_from_fork+0x116/0x1d0 [ 25.351257] ? __pfx_kthread+0x10/0x10 [ 25.351278] ret_from_fork_asm+0x1a/0x30 [ 25.351309] </TASK> [ 25.351321] [ 25.361137] The buggy address belongs to the physical page: [ 25.361465] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038e4 [ 25.361880] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.362392] flags: 0x200000000000040(head|node=0|zone=2) [ 25.362731] page_type: f8(unknown) [ 25.362991] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.363269] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.363550] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.364006] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.364799] head: 0200000000000002 ffffea00040e3901 00000000ffffffff 00000000ffffffff [ 25.365748] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.366799] page dumped because: kasan: bad access detected [ 25.367713] [ 25.367890] Memory state around the buggy address: [ 25.368377] ffff8881038e5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.368980] ffff8881038e6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.369448] >ffff8881038e6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.369809] ^ [ 25.370207] ffff8881038e6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.370751] ffff8881038e6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.371301] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 24.970393] ================================================================== [ 24.971493] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 24.971899] Write of size 1 at addr ffff888100a1bceb by task kunit_try_catch/185 [ 24.972667] [ 24.973346] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 24.973482] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.973511] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.973555] Call Trace: [ 24.973582] <TASK> [ 24.973617] dump_stack_lvl+0x73/0xb0 [ 24.973687] print_report+0xd1/0x650 [ 24.973730] ? __virt_addr_valid+0x1db/0x2d0 [ 24.973771] ? krealloc_more_oob_helper+0x821/0x930 [ 24.973809] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.973855] ? krealloc_more_oob_helper+0x821/0x930 [ 24.973895] kasan_report+0x141/0x180 [ 24.973931] ? krealloc_more_oob_helper+0x821/0x930 [ 24.973974] __asan_report_store1_noabort+0x1b/0x30 [ 24.974013] krealloc_more_oob_helper+0x821/0x930 [ 24.974065] ? __schedule+0x10cc/0x2b60 [ 24.974112] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 24.974156] ? finish_task_switch.isra.0+0x153/0x700 [ 24.974195] ? __switch_to+0x47/0xf50 [ 24.974225] ? __schedule+0x10cc/0x2b60 [ 24.974248] ? __pfx_read_tsc+0x10/0x10 [ 24.974275] krealloc_more_oob+0x1c/0x30 [ 24.974297] kunit_try_run_case+0x1a5/0x480 [ 24.974323] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.974346] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.974369] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.974392] ? __kthread_parkme+0x82/0x180 [ 24.974414] ? preempt_count_sub+0x50/0x80 [ 24.974438] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.974489] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.974514] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.974537] kthread+0x337/0x6f0 [ 24.974570] ? trace_preempt_on+0x20/0xc0 [ 24.974609] ? __pfx_kthread+0x10/0x10 [ 24.974644] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.974673] ? calculate_sigpending+0x7b/0xa0 [ 24.974698] ? __pfx_kthread+0x10/0x10 [ 24.974720] ret_from_fork+0x116/0x1d0 [ 24.974740] ? __pfx_kthread+0x10/0x10 [ 24.974762] ret_from_fork_asm+0x1a/0x30 [ 24.974794] </TASK> [ 24.974807] [ 24.987751] Allocated by task 185: [ 24.988187] kasan_save_stack+0x45/0x70 [ 24.988682] kasan_save_track+0x18/0x40 [ 24.988951] kasan_save_alloc_info+0x3b/0x50 [ 24.989276] __kasan_krealloc+0x190/0x1f0 [ 24.989606] krealloc_noprof+0xf3/0x340 [ 24.989965] krealloc_more_oob_helper+0x1a9/0x930 [ 24.990617] krealloc_more_oob+0x1c/0x30 [ 24.991361] kunit_try_run_case+0x1a5/0x480 [ 24.991604] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.992392] kthread+0x337/0x6f0 [ 24.992764] ret_from_fork+0x116/0x1d0 [ 24.992988] ret_from_fork_asm+0x1a/0x30 [ 24.993282] [ 24.993463] The buggy address belongs to the object at ffff888100a1bc00 [ 24.993463] which belongs to the cache kmalloc-256 of size 256 [ 24.994127] The buggy address is located 0 bytes to the right of [ 24.994127] allocated 235-byte region [ffff888100a1bc00, ffff888100a1bceb) [ 24.995487] [ 24.995660] The buggy address belongs to the physical page: [ 24.995910] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a1a [ 24.996946] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.997329] flags: 0x200000000000040(head|node=0|zone=2) [ 24.997868] page_type: f5(slab) [ 24.998288] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 24.998984] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.999718] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 25.000361] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.001065] head: 0200000000000001 ffffea0004028681 00000000ffffffff 00000000ffffffff [ 25.001778] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.002377] page dumped because: kasan: bad access detected [ 25.002882] [ 25.003000] Memory state around the buggy address: [ 25.003656] ffff888100a1bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.004335] ffff888100a1bc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.004585] >ffff888100a1bc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 25.005062] ^ [ 25.005571] ffff888100a1bd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.006183] ffff888100a1bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.006573] ================================================================== [ 25.284183] ================================================================== [ 25.284522] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 25.284846] Write of size 1 at addr ffff888102af60f0 by task kunit_try_catch/189 [ 25.286174] [ 25.286426] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 25.286571] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.286603] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.286644] Call Trace: [ 25.286680] <TASK> [ 25.286720] dump_stack_lvl+0x73/0xb0 [ 25.286805] print_report+0xd1/0x650 [ 25.286873] ? __virt_addr_valid+0x1db/0x2d0 [ 25.286920] ? krealloc_more_oob_helper+0x7eb/0x930 [ 25.286966] ? kasan_addr_to_slab+0x11/0xa0 [ 25.287008] ? krealloc_more_oob_helper+0x7eb/0x930 [ 25.287066] kasan_report+0x141/0x180 [ 25.287114] ? krealloc_more_oob_helper+0x7eb/0x930 [ 25.287225] __asan_report_store1_noabort+0x1b/0x30 [ 25.287278] krealloc_more_oob_helper+0x7eb/0x930 [ 25.287330] ? __schedule+0x10cc/0x2b60 [ 25.287382] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 25.287460] ? finish_task_switch.isra.0+0x153/0x700 [ 25.287504] ? __switch_to+0x47/0xf50 [ 25.287549] ? __schedule+0x10cc/0x2b60 [ 25.287573] ? __pfx_read_tsc+0x10/0x10 [ 25.287600] krealloc_large_more_oob+0x1c/0x30 [ 25.287625] kunit_try_run_case+0x1a5/0x480 [ 25.287653] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.287676] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.287700] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.287724] ? __kthread_parkme+0x82/0x180 [ 25.287746] ? preempt_count_sub+0x50/0x80 [ 25.287770] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.287795] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.287820] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.287845] kthread+0x337/0x6f0 [ 25.287866] ? trace_preempt_on+0x20/0xc0 [ 25.287891] ? __pfx_kthread+0x10/0x10 [ 25.287913] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.287936] ? calculate_sigpending+0x7b/0xa0 [ 25.287961] ? __pfx_kthread+0x10/0x10 [ 25.287984] ret_from_fork+0x116/0x1d0 [ 25.288004] ? __pfx_kthread+0x10/0x10 [ 25.288026] ret_from_fork_asm+0x1a/0x30 [ 25.288059] </TASK> [ 25.288072] [ 25.300201] The buggy address belongs to the physical page: [ 25.300657] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102af4 [ 25.301123] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.301653] flags: 0x200000000000040(head|node=0|zone=2) [ 25.302092] page_type: f8(unknown) [ 25.302415] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.302921] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.303432] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.303729] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.304362] head: 0200000000000002 ffffea00040abd01 00000000ffffffff 00000000ffffffff [ 25.304953] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.305433] page dumped because: kasan: bad access detected [ 25.305808] [ 25.305909] Memory state around the buggy address: [ 25.306248] ffff888102af5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.306665] ffff888102af6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.306923] >ffff888102af6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 25.307415] ^ [ 25.307925] ffff888102af6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.308387] ffff888102af6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.308869] ================================================================== [ 25.257110] ================================================================== [ 25.257620] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 25.258382] Write of size 1 at addr ffff888102af60eb by task kunit_try_catch/189 [ 25.259392] [ 25.259613] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 25.259704] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.259721] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.259747] Call Trace: [ 25.259766] <TASK> [ 25.259790] dump_stack_lvl+0x73/0xb0 [ 25.259846] print_report+0xd1/0x650 [ 25.259907] ? __virt_addr_valid+0x1db/0x2d0 [ 25.259962] ? krealloc_more_oob_helper+0x821/0x930 [ 25.260008] ? kasan_addr_to_slab+0x11/0xa0 [ 25.260050] ? krealloc_more_oob_helper+0x821/0x930 [ 25.260088] kasan_report+0x141/0x180 [ 25.260130] ? krealloc_more_oob_helper+0x821/0x930 [ 25.260205] __asan_report_store1_noabort+0x1b/0x30 [ 25.260259] krealloc_more_oob_helper+0x821/0x930 [ 25.260299] ? __schedule+0x10cc/0x2b60 [ 25.260325] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 25.260351] ? finish_task_switch.isra.0+0x153/0x700 [ 25.260377] ? __switch_to+0x47/0xf50 [ 25.260406] ? __schedule+0x10cc/0x2b60 [ 25.260429] ? __pfx_read_tsc+0x10/0x10 [ 25.260482] krealloc_large_more_oob+0x1c/0x30 [ 25.260508] kunit_try_run_case+0x1a5/0x480 [ 25.260536] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.260559] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.260584] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.260608] ? __kthread_parkme+0x82/0x180 [ 25.260630] ? preempt_count_sub+0x50/0x80 [ 25.260654] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.260679] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.260704] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.260728] kthread+0x337/0x6f0 [ 25.260749] ? trace_preempt_on+0x20/0xc0 [ 25.260776] ? __pfx_kthread+0x10/0x10 [ 25.260797] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.260820] ? calculate_sigpending+0x7b/0xa0 [ 25.260846] ? __pfx_kthread+0x10/0x10 [ 25.260868] ret_from_fork+0x116/0x1d0 [ 25.260890] ? __pfx_kthread+0x10/0x10 [ 25.260912] ret_from_fork_asm+0x1a/0x30 [ 25.260945] </TASK> [ 25.260959] [ 25.273448] The buggy address belongs to the physical page: [ 25.273881] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102af4 [ 25.274398] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.275056] flags: 0x200000000000040(head|node=0|zone=2) [ 25.275392] page_type: f8(unknown) [ 25.275758] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.276296] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.276778] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.277278] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.277867] head: 0200000000000002 ffffea00040abd01 00000000ffffffff 00000000ffffffff [ 25.278389] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.278873] page dumped because: kasan: bad access detected [ 25.279317] [ 25.279436] Memory state around the buggy address: [ 25.279775] ffff888102af5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.280178] ffff888102af6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.280624] >ffff888102af6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 25.281181] ^ [ 25.281544] ffff888102af6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.281809] ffff888102af6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.282389] ================================================================== [ 25.008091] ================================================================== [ 25.009369] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 25.010428] Write of size 1 at addr ffff888100a1bcf0 by task kunit_try_catch/185 [ 25.010999] [ 25.011258] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 25.011366] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.011394] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.011450] Call Trace: [ 25.011491] <TASK> [ 25.011529] dump_stack_lvl+0x73/0xb0 [ 25.011751] print_report+0xd1/0x650 [ 25.011801] ? __virt_addr_valid+0x1db/0x2d0 [ 25.011848] ? krealloc_more_oob_helper+0x7eb/0x930 [ 25.011895] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.011939] ? krealloc_more_oob_helper+0x7eb/0x930 [ 25.011982] kasan_report+0x141/0x180 [ 25.012028] ? krealloc_more_oob_helper+0x7eb/0x930 [ 25.012090] __asan_report_store1_noabort+0x1b/0x30 [ 25.012172] krealloc_more_oob_helper+0x7eb/0x930 [ 25.012216] ? __schedule+0x10cc/0x2b60 [ 25.012253] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 25.012278] ? finish_task_switch.isra.0+0x153/0x700 [ 25.012303] ? __switch_to+0x47/0xf50 [ 25.012332] ? __schedule+0x10cc/0x2b60 [ 25.012354] ? __pfx_read_tsc+0x10/0x10 [ 25.012380] krealloc_more_oob+0x1c/0x30 [ 25.012402] kunit_try_run_case+0x1a5/0x480 [ 25.012429] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.012474] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.012500] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.012524] ? __kthread_parkme+0x82/0x180 [ 25.012561] ? preempt_count_sub+0x50/0x80 [ 25.012639] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.012682] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.012714] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.012738] kthread+0x337/0x6f0 [ 25.012760] ? trace_preempt_on+0x20/0xc0 [ 25.012785] ? __pfx_kthread+0x10/0x10 [ 25.012807] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.012829] ? calculate_sigpending+0x7b/0xa0 [ 25.012854] ? __pfx_kthread+0x10/0x10 [ 25.012877] ret_from_fork+0x116/0x1d0 [ 25.012898] ? __pfx_kthread+0x10/0x10 [ 25.012920] ret_from_fork_asm+0x1a/0x30 [ 25.012952] </TASK> [ 25.012966] [ 25.027059] Allocated by task 185: [ 25.028033] kasan_save_stack+0x45/0x70 [ 25.028458] kasan_save_track+0x18/0x40 [ 25.028971] kasan_save_alloc_info+0x3b/0x50 [ 25.029262] __kasan_krealloc+0x190/0x1f0 [ 25.029625] krealloc_noprof+0xf3/0x340 [ 25.029938] krealloc_more_oob_helper+0x1a9/0x930 [ 25.030272] krealloc_more_oob+0x1c/0x30 [ 25.030542] kunit_try_run_case+0x1a5/0x480 [ 25.031074] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.031386] kthread+0x337/0x6f0 [ 25.032018] ret_from_fork+0x116/0x1d0 [ 25.032680] ret_from_fork_asm+0x1a/0x30 [ 25.033049] [ 25.033248] The buggy address belongs to the object at ffff888100a1bc00 [ 25.033248] which belongs to the cache kmalloc-256 of size 256 [ 25.034129] The buggy address is located 5 bytes to the right of [ 25.034129] allocated 235-byte region [ffff888100a1bc00, ffff888100a1bceb) [ 25.034850] [ 25.035019] The buggy address belongs to the physical page: [ 25.035456] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a1a [ 25.035924] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.036341] flags: 0x200000000000040(head|node=0|zone=2) [ 25.036877] page_type: f5(slab) [ 25.037206] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 25.038515] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.039096] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 25.039490] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.040111] head: 0200000000000001 ffffea0004028681 00000000ffffffff 00000000ffffffff [ 25.040685] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.041064] page dumped because: kasan: bad access detected [ 25.041363] [ 25.041534] Memory state around the buggy address: [ 25.041991] ffff888100a1bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.042398] ffff888100a1bc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.043430] >ffff888100a1bc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 25.043703] ^ [ 25.044296] ffff888100a1bd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.044877] ffff888100a1bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.045292] ==================================================================
Failure - kunit - drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_output_bpc_format_driver_rgb_only
<8>[ 390.469344] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_output_bpc_format_driver_rgb_only RESULT=fail>
Failure - kunit - drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_output_bpc_format_driver_8bpc_only
<8>[ 390.269525] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_output_bpc_format_driver_8bpc_only RESULT=fail>
Failure - kunit - drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_output_bpc_format_display_rgb_only
<8>[ 390.075120] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_output_bpc_format_display_rgb_only RESULT=fail>
Failure - kunit - drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_output_bpc_format_display_8bpc_only
<8>[ 389.875327] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_output_bpc_format_display_8bpc_only RESULT=fail>
Failure - log-parser-boot - kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 27.747835] ================================================================== [ 27.748395] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 27.749083] Read of size 1 at addr ffff888103a1fc4a by task kunit_try_catch/282 [ 27.750013] [ 27.750427] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 27.750546] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.750564] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.750591] Call Trace: [ 27.750611] <TASK> [ 27.750635] dump_stack_lvl+0x73/0xb0 [ 27.750680] print_report+0xd1/0x650 [ 27.750708] ? __virt_addr_valid+0x1db/0x2d0 [ 27.750735] ? kasan_alloca_oob_right+0x329/0x390 [ 27.750761] ? kasan_addr_to_slab+0x11/0xa0 [ 27.750785] ? kasan_alloca_oob_right+0x329/0x390 [ 27.750809] kasan_report+0x141/0x180 [ 27.750833] ? kasan_alloca_oob_right+0x329/0x390 [ 27.750863] __asan_report_load1_noabort+0x18/0x20 [ 27.750890] kasan_alloca_oob_right+0x329/0x390 [ 27.750915] ? __pfx_sched_clock_cpu+0x10/0x10 [ 27.750941] ? finish_task_switch.isra.0+0x153/0x700 [ 27.750969] ? __up.isra.0+0xee/0x140 [ 27.750993] ? trace_hardirqs_on+0x37/0xe0 [ 27.751020] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 27.751047] ? __schedule+0x10cc/0x2b60 [ 27.751071] ? __pfx_read_tsc+0x10/0x10 [ 27.751096] ? ktime_get_ts64+0x86/0x230 [ 27.751124] kunit_try_run_case+0x1a5/0x480 [ 27.751160] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.751198] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.751243] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.751288] ? __kthread_parkme+0x82/0x180 [ 27.751326] ? preempt_count_sub+0x50/0x80 [ 27.751370] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.751416] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.751483] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.751536] kthread+0x337/0x6f0 [ 27.751582] ? trace_preempt_on+0x20/0xc0 [ 27.751621] ? __pfx_kthread+0x10/0x10 [ 27.751656] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.751699] ? calculate_sigpending+0x7b/0xa0 [ 27.751745] ? __pfx_kthread+0x10/0x10 [ 27.751793] ret_from_fork+0x116/0x1d0 [ 27.751838] ? __pfx_kthread+0x10/0x10 [ 27.751887] ret_from_fork_asm+0x1a/0x30 [ 27.751953] </TASK> [ 27.751976] [ 27.764740] The buggy address belongs to stack of task kunit_try_catch/282 [ 27.765390] [ 27.765576] The buggy address belongs to the physical page: [ 27.765852] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a1f [ 27.766849] flags: 0x200000000000000(node=0|zone=2) [ 27.767349] raw: 0200000000000000 ffffea00040e87c8 ffffea00040e87c8 0000000000000000 [ 27.767836] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 27.768317] page dumped because: kasan: bad access detected [ 27.768660] [ 27.768846] Memory state around the buggy address: [ 27.769039] ffff888103a1fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.769514] ffff888103a1fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.770006] >ffff888103a1fc00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 27.770571] ^ [ 27.770858] ffff888103a1fc80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 27.771432] ffff888103a1fd00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 27.772025] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 27.718771] ================================================================== [ 27.719771] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x320/0x380 [ 27.720121] Read of size 1 at addr ffff888103a0fc3f by task kunit_try_catch/280 [ 27.720518] [ 27.720693] CPU: 0 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 27.720796] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.720825] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.720877] Call Trace: [ 27.720909] <TASK> [ 27.720951] dump_stack_lvl+0x73/0xb0 [ 27.721015] print_report+0xd1/0x650 [ 27.721060] ? __virt_addr_valid+0x1db/0x2d0 [ 27.721107] ? kasan_alloca_oob_left+0x320/0x380 [ 27.721149] ? kasan_addr_to_slab+0x11/0xa0 [ 27.721184] ? kasan_alloca_oob_left+0x320/0x380 [ 27.721223] kasan_report+0x141/0x180 [ 27.721268] ? kasan_alloca_oob_left+0x320/0x380 [ 27.721325] __asan_report_load1_noabort+0x18/0x20 [ 27.721376] kasan_alloca_oob_left+0x320/0x380 [ 27.721423] ? __pfx_sched_clock_cpu+0x10/0x10 [ 27.721487] ? finish_task_switch.isra.0+0x153/0x700 [ 27.721539] ? __up.isra.0+0xee/0x140 [ 27.721590] ? trace_hardirqs_on+0x37/0xe0 [ 27.721646] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 27.721699] ? __schedule+0x10cc/0x2b60 [ 27.721743] ? __pfx_read_tsc+0x10/0x10 [ 27.721794] ? ktime_get_ts64+0x86/0x230 [ 27.721857] kunit_try_run_case+0x1a5/0x480 [ 27.721907] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.721951] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.721999] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.722067] ? __kthread_parkme+0x82/0x180 [ 27.722116] ? preempt_count_sub+0x50/0x80 [ 27.722167] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.722216] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.722248] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.722275] kthread+0x337/0x6f0 [ 27.722298] ? trace_preempt_on+0x20/0xc0 [ 27.722322] ? __pfx_kthread+0x10/0x10 [ 27.722345] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.722369] ? calculate_sigpending+0x7b/0xa0 [ 27.722395] ? __pfx_kthread+0x10/0x10 [ 27.722420] ret_from_fork+0x116/0x1d0 [ 27.722460] ? __pfx_kthread+0x10/0x10 [ 27.722490] ret_from_fork_asm+0x1a/0x30 [ 27.722527] </TASK> [ 27.722541] [ 27.733621] The buggy address belongs to stack of task kunit_try_catch/280 [ 27.734045] [ 27.734168] The buggy address belongs to the physical page: [ 27.735426] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a0f [ 27.735963] flags: 0x200000000000000(node=0|zone=2) [ 27.736409] raw: 0200000000000000 ffffea00040e83c8 ffffea00040e83c8 0000000000000000 [ 27.736873] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 27.737251] page dumped because: kasan: bad access detected [ 27.737734] [ 27.737906] Memory state around the buggy address: [ 27.738150] ffff888103a0fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.738829] ffff888103a0fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.739128] >ffff888103a0fc00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 27.739501] ^ [ 27.739864] ffff888103a0fc80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 27.740290] ffff888103a0fd00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 27.740911] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 27.684515] ================================================================== [ 27.685484] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2b5/0x300 [ 27.686065] Read of size 1 at addr ffff8881039afd02 by task kunit_try_catch/278 [ 27.686316] [ 27.686533] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 27.686644] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.686673] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.686719] Call Trace: [ 27.686752] <TASK> [ 27.686790] dump_stack_lvl+0x73/0xb0 [ 27.686860] print_report+0xd1/0x650 [ 27.686911] ? __virt_addr_valid+0x1db/0x2d0 [ 27.686959] ? kasan_stack_oob+0x2b5/0x300 [ 27.686996] ? kasan_addr_to_slab+0x11/0xa0 [ 27.687037] ? kasan_stack_oob+0x2b5/0x300 [ 27.687079] kasan_report+0x141/0x180 [ 27.687121] ? kasan_stack_oob+0x2b5/0x300 [ 27.687169] __asan_report_load1_noabort+0x18/0x20 [ 27.687217] kasan_stack_oob+0x2b5/0x300 [ 27.687259] ? __pfx_kasan_stack_oob+0x10/0x10 [ 27.687296] ? finish_task_switch.isra.0+0x153/0x700 [ 27.687349] ? __switch_to+0x47/0xf50 [ 27.687404] ? __schedule+0x10cc/0x2b60 [ 27.687497] ? __pfx_read_tsc+0x10/0x10 [ 27.687549] ? ktime_get_ts64+0x86/0x230 [ 27.687604] kunit_try_run_case+0x1a5/0x480 [ 27.687664] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.687713] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.687756] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.687796] ? __kthread_parkme+0x82/0x180 [ 27.687835] ? preempt_count_sub+0x50/0x80 [ 27.687884] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.687938] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.687979] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.688006] kthread+0x337/0x6f0 [ 27.688029] ? trace_preempt_on+0x20/0xc0 [ 27.688056] ? __pfx_kthread+0x10/0x10 [ 27.688078] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.688101] ? calculate_sigpending+0x7b/0xa0 [ 27.688128] ? __pfx_kthread+0x10/0x10 [ 27.688175] ret_from_fork+0x116/0x1d0 [ 27.688208] ? __pfx_kthread+0x10/0x10 [ 27.688231] ret_from_fork_asm+0x1a/0x30 [ 27.688267] </TASK> [ 27.688282] [ 27.701461] The buggy address belongs to stack of task kunit_try_catch/278 [ 27.702627] and is located at offset 138 in frame: [ 27.702944] kasan_stack_oob+0x0/0x300 [ 27.703578] [ 27.703720] This frame has 4 objects: [ 27.704122] [48, 49) '__assertion' [ 27.704257] [64, 72) 'array' [ 27.704624] [96, 112) '__assertion' [ 27.704982] [128, 138) 'stack_array' [ 27.705401] [ 27.705894] The buggy address belongs to the physical page: [ 27.706385] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039af [ 27.706806] flags: 0x200000000000000(node=0|zone=2) [ 27.707343] raw: 0200000000000000 ffffea00040e6bc8 ffffea00040e6bc8 0000000000000000 [ 27.707754] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 27.708172] page dumped because: kasan: bad access detected [ 27.708496] [ 27.708648] Memory state around the buggy address: [ 27.708881] ffff8881039afc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 27.709239] ffff8881039afc80: f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 [ 27.709713] >ffff8881039afd00: 02 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 27.710066] ^ [ 27.710371] ffff8881039afd80: f1 f1 f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 [ 27.710771] ffff8881039afe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.711047] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 27.652131] ================================================================== [ 27.652850] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x286/0x2d0 [ 27.653704] Read of size 1 at addr ffffffffb5c79ecd by task kunit_try_catch/274 [ 27.654148] [ 27.654422] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 27.654550] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.654579] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.654624] Call Trace: [ 27.654653] <TASK> [ 27.654688] dump_stack_lvl+0x73/0xb0 [ 27.654750] print_report+0xd1/0x650 [ 27.654795] ? __virt_addr_valid+0x1db/0x2d0 [ 27.654835] ? kasan_global_oob_right+0x286/0x2d0 [ 27.654869] ? kasan_addr_to_slab+0x11/0xa0 [ 27.654904] ? kasan_global_oob_right+0x286/0x2d0 [ 27.654941] kasan_report+0x141/0x180 [ 27.654981] ? kasan_global_oob_right+0x286/0x2d0 [ 27.655036] __asan_report_load1_noabort+0x18/0x20 [ 27.655084] kasan_global_oob_right+0x286/0x2d0 [ 27.655132] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 27.655180] ? __schedule+0x10cc/0x2b60 [ 27.655225] ? __pfx_read_tsc+0x10/0x10 [ 27.655265] ? ktime_get_ts64+0x86/0x230 [ 27.655309] kunit_try_run_case+0x1a5/0x480 [ 27.655338] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.655361] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.655385] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.655409] ? __kthread_parkme+0x82/0x180 [ 27.655432] ? preempt_count_sub+0x50/0x80 [ 27.655532] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.655597] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.655648] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.655699] kthread+0x337/0x6f0 [ 27.655745] ? trace_preempt_on+0x20/0xc0 [ 27.655785] ? __pfx_kthread+0x10/0x10 [ 27.655825] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.655875] ? calculate_sigpending+0x7b/0xa0 [ 27.655929] ? __pfx_kthread+0x10/0x10 [ 27.655977] ret_from_fork+0x116/0x1d0 [ 27.656023] ? __pfx_kthread+0x10/0x10 [ 27.656069] ret_from_fork_asm+0x1a/0x30 [ 27.656178] </TASK> [ 27.656206] [ 27.666255] The buggy address belongs to the variable: [ 27.666508] global_array+0xd/0x40 [ 27.666739] [ 27.666876] The buggy address belongs to the physical page: [ 27.667095] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x122a79 [ 27.667779] flags: 0x200000000002000(reserved|node=0|zone=2) [ 27.668089] raw: 0200000000002000 ffffea00048a9e48 ffffea00048a9e48 0000000000000000 [ 27.668385] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 27.669574] page dumped because: kasan: bad access detected [ 27.670057] [ 27.670236] Memory state around the buggy address: [ 27.670640] ffffffffb5c79d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.671188] ffffffffb5c79e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.672124] >ffffffffb5c79e80: 00 00 00 00 00 00 00 00 00 02 f9 f9 f9 f9 f9 f9 [ 27.672638] ^ [ 27.672889] ffffffffb5c79f00: 00 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 [ 27.673345] ffffffffb5c79f80: 02 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 [ 27.673818] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 27.569189] ================================================================== [ 27.570234] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 27.570780] Free of addr ffff88810232ae01 by task kunit_try_catch/270 [ 27.571257] [ 27.571433] CPU: 0 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 27.571552] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.571583] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.571633] Call Trace: [ 27.571665] <TASK> [ 27.571702] dump_stack_lvl+0x73/0xb0 [ 27.571764] print_report+0xd1/0x650 [ 27.571808] ? __virt_addr_valid+0x1db/0x2d0 [ 27.571853] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.571907] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 27.571960] kasan_report_invalid_free+0x10a/0x130 [ 27.572012] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 27.572061] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 27.572105] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 27.572150] check_slab_allocation+0x11f/0x130 [ 27.572190] __kasan_mempool_poison_object+0x91/0x1d0 [ 27.572231] mempool_free+0x2ec/0x380 [ 27.572283] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 27.572337] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 27.572394] ? __kasan_check_write+0x18/0x20 [ 27.572614] ? __pfx_sched_clock_cpu+0x10/0x10 [ 27.572678] ? finish_task_switch.isra.0+0x153/0x700 [ 27.572736] mempool_kmalloc_invalid_free+0xed/0x140 [ 27.572778] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 27.572831] ? __pfx_mempool_kmalloc+0x10/0x10 [ 27.572859] ? __pfx_mempool_kfree+0x10/0x10 [ 27.572885] ? __pfx_read_tsc+0x10/0x10 [ 27.572910] ? ktime_get_ts64+0x86/0x230 [ 27.572939] kunit_try_run_case+0x1a5/0x480 [ 27.572967] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.572991] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.573016] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.573041] ? __kthread_parkme+0x82/0x180 [ 27.573063] ? preempt_count_sub+0x50/0x80 [ 27.573088] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.573113] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.573138] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.573173] kthread+0x337/0x6f0 [ 27.573202] ? trace_preempt_on+0x20/0xc0 [ 27.573226] ? __pfx_kthread+0x10/0x10 [ 27.573250] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.573272] ? calculate_sigpending+0x7b/0xa0 [ 27.573297] ? __pfx_kthread+0x10/0x10 [ 27.573320] ret_from_fork+0x116/0x1d0 [ 27.573339] ? __pfx_kthread+0x10/0x10 [ 27.573361] ret_from_fork_asm+0x1a/0x30 [ 27.573393] </TASK> [ 27.573406] [ 27.590457] Allocated by task 270: [ 27.591483] kasan_save_stack+0x45/0x70 [ 27.592099] kasan_save_track+0x18/0x40 [ 27.592493] kasan_save_alloc_info+0x3b/0x50 [ 27.592934] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 27.593340] remove_element+0x11e/0x190 [ 27.593786] mempool_alloc_preallocated+0x4d/0x90 [ 27.594307] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 27.595135] mempool_kmalloc_invalid_free+0xed/0x140 [ 27.595436] kunit_try_run_case+0x1a5/0x480 [ 27.595831] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.596317] kthread+0x337/0x6f0 [ 27.596586] ret_from_fork+0x116/0x1d0 [ 27.596880] ret_from_fork_asm+0x1a/0x30 [ 27.597285] [ 27.597475] The buggy address belongs to the object at ffff88810232ae00 [ 27.597475] which belongs to the cache kmalloc-128 of size 128 [ 27.598381] The buggy address is located 1 bytes inside of [ 27.598381] 128-byte region [ffff88810232ae00, ffff88810232ae80) [ 27.599524] [ 27.599781] The buggy address belongs to the physical page: [ 27.600101] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10232a [ 27.600876] flags: 0x200000000000000(node=0|zone=2) [ 27.601334] page_type: f5(slab) [ 27.601828] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.602204] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.602916] page dumped because: kasan: bad access detected [ 27.603688] [ 27.603846] Memory state around the buggy address: [ 27.604465] ffff88810232ad00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.604888] ffff88810232ad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.605419] >ffff88810232ae00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.606061] ^ [ 27.606292] ffff88810232ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.606796] ffff88810232af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.607575] ================================================================== [ 27.614280] ================================================================== [ 27.615187] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 27.615682] Free of addr ffff888102a64001 by task kunit_try_catch/272 [ 27.616255] [ 27.616463] CPU: 1 UID: 0 PID: 272 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 27.616591] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.616621] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.616669] Call Trace: [ 27.616700] <TASK> [ 27.616743] dump_stack_lvl+0x73/0xb0 [ 27.616817] print_report+0xd1/0x650 [ 27.616867] ? __virt_addr_valid+0x1db/0x2d0 [ 27.617059] ? kasan_addr_to_slab+0x11/0xa0 [ 27.617112] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 27.617161] kasan_report_invalid_free+0x10a/0x130 [ 27.617207] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 27.617259] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 27.617309] __kasan_mempool_poison_object+0x102/0x1d0 [ 27.617368] mempool_free+0x2ec/0x380 [ 27.617453] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 27.617508] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 27.617561] ? __kasan_check_write+0x18/0x20 [ 27.617727] ? __pfx_sched_clock_cpu+0x10/0x10 [ 27.617799] ? finish_task_switch.isra.0+0x153/0x700 [ 27.617854] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 27.617899] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 27.617929] ? __pfx_mempool_kmalloc+0x10/0x10 [ 27.617953] ? __pfx_mempool_kfree+0x10/0x10 [ 27.617979] ? __pfx_read_tsc+0x10/0x10 [ 27.618003] ? ktime_get_ts64+0x86/0x230 [ 27.618045] kunit_try_run_case+0x1a5/0x480 [ 27.618077] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.618101] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.618127] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.618158] ? __kthread_parkme+0x82/0x180 [ 27.618196] ? preempt_count_sub+0x50/0x80 [ 27.618221] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.618246] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.618270] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.618294] kthread+0x337/0x6f0 [ 27.618316] ? trace_preempt_on+0x20/0xc0 [ 27.618343] ? __pfx_kthread+0x10/0x10 [ 27.618365] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.618387] ? calculate_sigpending+0x7b/0xa0 [ 27.618414] ? __pfx_kthread+0x10/0x10 [ 27.618436] ret_from_fork+0x116/0x1d0 [ 27.618479] ? __pfx_kthread+0x10/0x10 [ 27.618502] ret_from_fork_asm+0x1a/0x30 [ 27.618537] </TASK> [ 27.618557] [ 27.633693] The buggy address belongs to the physical page: [ 27.633996] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a64 [ 27.634862] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 27.635710] flags: 0x200000000000040(head|node=0|zone=2) [ 27.637066] page_type: f8(unknown) [ 27.637301] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.638089] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 27.638356] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.638630] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 27.638890] head: 0200000000000002 ffffea00040a9901 00000000ffffffff 00000000ffffffff [ 27.639143] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 27.639387] page dumped because: kasan: bad access detected [ 27.640737] [ 27.640865] Memory state around the buggy address: [ 27.641062] ffff888102a63f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.641321] ffff888102a63f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.643698] >ffff888102a64000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.644355] ^ [ 27.644572] ffff888102a64080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.644806] ffff888102a64100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.645010] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 27.499465] ================================================================== [ 27.500247] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 27.501105] Free of addr ffff888102a64000 by task kunit_try_catch/266 [ 27.501614] [ 27.501782] CPU: 1 UID: 0 PID: 266 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 27.501894] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.501922] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.501971] Call Trace: [ 27.502005] <TASK> [ 27.502073] dump_stack_lvl+0x73/0xb0 [ 27.502160] print_report+0xd1/0x650 [ 27.502210] ? __virt_addr_valid+0x1db/0x2d0 [ 27.502265] ? kasan_addr_to_slab+0x11/0xa0 [ 27.502305] ? mempool_double_free_helper+0x184/0x370 [ 27.502379] kasan_report_invalid_free+0x10a/0x130 [ 27.502455] ? mempool_double_free_helper+0x184/0x370 [ 27.502514] ? mempool_double_free_helper+0x184/0x370 [ 27.502594] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 27.502649] mempool_free+0x2ec/0x380 [ 27.502712] mempool_double_free_helper+0x184/0x370 [ 27.502768] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 27.502815] ? __kasan_check_write+0x18/0x20 [ 27.502858] ? __pfx_sched_clock_cpu+0x10/0x10 [ 27.502895] ? finish_task_switch.isra.0+0x153/0x700 [ 27.502939] mempool_kmalloc_large_double_free+0xed/0x140 [ 27.502985] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 27.503022] ? __pfx_mempool_kmalloc+0x10/0x10 [ 27.503046] ? __pfx_mempool_kfree+0x10/0x10 [ 27.503072] ? __pfx_read_tsc+0x10/0x10 [ 27.503097] ? ktime_get_ts64+0x86/0x230 [ 27.503125] kunit_try_run_case+0x1a5/0x480 [ 27.503181] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.503212] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.503239] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.503262] ? __kthread_parkme+0x82/0x180 [ 27.503284] ? preempt_count_sub+0x50/0x80 [ 27.503308] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.503331] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.503355] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.503378] kthread+0x337/0x6f0 [ 27.503398] ? trace_preempt_on+0x20/0xc0 [ 27.503422] ? __pfx_kthread+0x10/0x10 [ 27.503463] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.503487] ? calculate_sigpending+0x7b/0xa0 [ 27.503512] ? __pfx_kthread+0x10/0x10 [ 27.503535] ret_from_fork+0x116/0x1d0 [ 27.503565] ? __pfx_kthread+0x10/0x10 [ 27.503601] ret_from_fork_asm+0x1a/0x30 [ 27.503652] </TASK> [ 27.503673] [ 27.517296] The buggy address belongs to the physical page: [ 27.518007] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a64 [ 27.518907] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 27.519742] flags: 0x200000000000040(head|node=0|zone=2) [ 27.520228] page_type: f8(unknown) [ 27.520531] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.521103] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 27.522112] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.522778] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 27.523122] head: 0200000000000002 ffffea00040a9901 00000000ffffffff 00000000ffffffff [ 27.523701] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 27.524041] page dumped because: kasan: bad access detected [ 27.524818] [ 27.525058] Memory state around the buggy address: [ 27.525486] ffff888102a63f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.526003] ffff888102a63f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.526762] >ffff888102a64000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.527166] ^ [ 27.527472] ffff888102a64080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.527929] ffff888102a64100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.528373] ================================================================== [ 27.449317] ================================================================== [ 27.450200] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 27.450830] Free of addr ffff88810232aa00 by task kunit_try_catch/264 [ 27.451313] [ 27.451532] CPU: 0 UID: 0 PID: 264 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 27.451670] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.451695] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.451738] Call Trace: [ 27.451778] <TASK> [ 27.451816] dump_stack_lvl+0x73/0xb0 [ 27.451899] print_report+0xd1/0x650 [ 27.451970] ? __virt_addr_valid+0x1db/0x2d0 [ 27.452038] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.452089] ? mempool_double_free_helper+0x184/0x370 [ 27.452143] kasan_report_invalid_free+0x10a/0x130 [ 27.452208] ? mempool_double_free_helper+0x184/0x370 [ 27.452261] ? mempool_double_free_helper+0x184/0x370 [ 27.452312] ? mempool_double_free_helper+0x184/0x370 [ 27.452363] check_slab_allocation+0x101/0x130 [ 27.452415] __kasan_mempool_poison_object+0x91/0x1d0 [ 27.452481] mempool_free+0x2ec/0x380 [ 27.452544] mempool_double_free_helper+0x184/0x370 [ 27.452603] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 27.452660] ? pick_eevdf+0x3c9/0x590 [ 27.452716] ? __pfx_sched_clock_cpu+0x10/0x10 [ 27.452757] ? finish_task_switch.isra.0+0x153/0x700 [ 27.452813] mempool_kmalloc_double_free+0xed/0x140 [ 27.452857] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 27.452901] ? __pfx_mempool_kmalloc+0x10/0x10 [ 27.452936] ? __pfx_mempool_kfree+0x10/0x10 [ 27.452976] ? __pfx_read_tsc+0x10/0x10 [ 27.453013] ? ktime_get_ts64+0x86/0x230 [ 27.453057] kunit_try_run_case+0x1a5/0x480 [ 27.453101] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.453133] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.453172] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.453207] ? __kthread_parkme+0x82/0x180 [ 27.453242] ? preempt_count_sub+0x50/0x80 [ 27.453285] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.453321] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.453348] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.453374] kthread+0x337/0x6f0 [ 27.453397] ? trace_preempt_on+0x20/0xc0 [ 27.453423] ? __pfx_kthread+0x10/0x10 [ 27.453471] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.453498] ? calculate_sigpending+0x7b/0xa0 [ 27.453526] ? __pfx_kthread+0x10/0x10 [ 27.453549] ret_from_fork+0x116/0x1d0 [ 27.453579] ? __pfx_kthread+0x10/0x10 [ 27.453615] ret_from_fork_asm+0x1a/0x30 [ 27.453671] </TASK> [ 27.453692] [ 27.471539] Allocated by task 264: [ 27.471922] kasan_save_stack+0x45/0x70 [ 27.472319] kasan_save_track+0x18/0x40 [ 27.472655] kasan_save_alloc_info+0x3b/0x50 [ 27.473068] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 27.473636] remove_element+0x11e/0x190 [ 27.474108] mempool_alloc_preallocated+0x4d/0x90 [ 27.474562] mempool_double_free_helper+0x8a/0x370 [ 27.475096] mempool_kmalloc_double_free+0xed/0x140 [ 27.475347] kunit_try_run_case+0x1a5/0x480 [ 27.475686] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.476138] kthread+0x337/0x6f0 [ 27.476528] ret_from_fork+0x116/0x1d0 [ 27.476930] ret_from_fork_asm+0x1a/0x30 [ 27.477366] [ 27.477557] Freed by task 264: [ 27.477882] kasan_save_stack+0x45/0x70 [ 27.478270] kasan_save_track+0x18/0x40 [ 27.478435] kasan_save_free_info+0x3f/0x60 [ 27.478756] __kasan_mempool_poison_object+0x131/0x1d0 [ 27.479516] mempool_free+0x2ec/0x380 [ 27.480101] mempool_double_free_helper+0x109/0x370 [ 27.480319] mempool_kmalloc_double_free+0xed/0x140 [ 27.480664] kunit_try_run_case+0x1a5/0x480 [ 27.481107] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.481554] kthread+0x337/0x6f0 [ 27.481946] ret_from_fork+0x116/0x1d0 [ 27.482172] ret_from_fork_asm+0x1a/0x30 [ 27.482363] [ 27.482559] The buggy address belongs to the object at ffff88810232aa00 [ 27.482559] which belongs to the cache kmalloc-128 of size 128 [ 27.484189] The buggy address is located 0 bytes inside of [ 27.484189] 128-byte region [ffff88810232aa00, ffff88810232aa80) [ 27.484991] [ 27.485226] The buggy address belongs to the physical page: [ 27.485926] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10232a [ 27.486330] flags: 0x200000000000000(node=0|zone=2) [ 27.486744] page_type: f5(slab) [ 27.486992] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.487687] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.488340] page dumped because: kasan: bad access detected [ 27.488601] [ 27.488707] Memory state around the buggy address: [ 27.489128] ffff88810232a900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.490301] ffff88810232a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.490947] >ffff88810232aa00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.491310] ^ [ 27.491603] ffff88810232aa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.492336] ffff88810232ab00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.492652] ================================================================== [ 27.535380] ================================================================== [ 27.536106] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 27.537349] Free of addr ffff888102a64000 by task kunit_try_catch/268 [ 27.538070] [ 27.538275] CPU: 1 UID: 0 PID: 268 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 27.538393] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.538420] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.538481] Call Trace: [ 27.538512] <TASK> [ 27.538587] dump_stack_lvl+0x73/0xb0 [ 27.538771] print_report+0xd1/0x650 [ 27.538818] ? __virt_addr_valid+0x1db/0x2d0 [ 27.538861] ? kasan_addr_to_slab+0x11/0xa0 [ 27.538883] ? mempool_double_free_helper+0x184/0x370 [ 27.538910] kasan_report_invalid_free+0x10a/0x130 [ 27.538936] ? mempool_double_free_helper+0x184/0x370 [ 27.538966] ? mempool_double_free_helper+0x184/0x370 [ 27.538990] __kasan_mempool_poison_pages+0x115/0x130 [ 27.539017] mempool_free+0x290/0x380 [ 27.539044] mempool_double_free_helper+0x184/0x370 [ 27.539068] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 27.539095] ? __pfx_sched_clock_cpu+0x10/0x10 [ 27.539119] ? finish_task_switch.isra.0+0x153/0x700 [ 27.539152] mempool_page_alloc_double_free+0xe8/0x140 [ 27.539193] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 27.539221] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 27.539245] ? __pfx_mempool_free_pages+0x10/0x10 [ 27.539271] ? __pfx_read_tsc+0x10/0x10 [ 27.539293] ? ktime_get_ts64+0x86/0x230 [ 27.539320] kunit_try_run_case+0x1a5/0x480 [ 27.539347] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.539369] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.539394] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.539418] ? __kthread_parkme+0x82/0x180 [ 27.539460] ? preempt_count_sub+0x50/0x80 [ 27.539490] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.539515] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.539540] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.539579] kthread+0x337/0x6f0 [ 27.539612] ? trace_preempt_on+0x20/0xc0 [ 27.539651] ? __pfx_kthread+0x10/0x10 [ 27.539685] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.539717] ? calculate_sigpending+0x7b/0xa0 [ 27.539756] ? __pfx_kthread+0x10/0x10 [ 27.539792] ret_from_fork+0x116/0x1d0 [ 27.539822] ? __pfx_kthread+0x10/0x10 [ 27.539855] ret_from_fork_asm+0x1a/0x30 [ 27.539908] </TASK> [ 27.539930] [ 27.555024] The buggy address belongs to the physical page: [ 27.555603] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a64 [ 27.556387] flags: 0x200000000000000(node=0|zone=2) [ 27.556913] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 27.557534] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 27.557891] page dumped because: kasan: bad access detected [ 27.558293] [ 27.558388] Memory state around the buggy address: [ 27.558580] ffff888102a63f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.559105] ffff888102a63f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.559528] >ffff888102a64000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.559792] ^ [ 27.560068] ffff888102a64080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.561025] ffff888102a64100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.561676] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 27.333196] ================================================================== [ 27.333682] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 27.334292] Read of size 1 at addr ffff888102a60000 by task kunit_try_catch/258 [ 27.334807] [ 27.334961] CPU: 1 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 27.335372] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.335413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.335475] Call Trace: [ 27.335507] <TASK> [ 27.335550] dump_stack_lvl+0x73/0xb0 [ 27.335621] print_report+0xd1/0x650 [ 27.335790] ? __virt_addr_valid+0x1db/0x2d0 [ 27.335836] ? mempool_uaf_helper+0x392/0x400 [ 27.335881] ? kasan_addr_to_slab+0x11/0xa0 [ 27.335926] ? mempool_uaf_helper+0x392/0x400 [ 27.335968] kasan_report+0x141/0x180 [ 27.336007] ? mempool_uaf_helper+0x392/0x400 [ 27.336091] __asan_report_load1_noabort+0x18/0x20 [ 27.336140] mempool_uaf_helper+0x392/0x400 [ 27.336204] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 27.336254] ? __kasan_check_write+0x18/0x20 [ 27.336305] ? __pfx_sched_clock_cpu+0x10/0x10 [ 27.336349] ? finish_task_switch.isra.0+0x153/0x700 [ 27.336388] mempool_kmalloc_large_uaf+0xef/0x140 [ 27.336412] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 27.336438] ? __pfx_mempool_kmalloc+0x10/0x10 [ 27.336489] ? __pfx_mempool_kfree+0x10/0x10 [ 27.336516] ? __pfx_read_tsc+0x10/0x10 [ 27.336540] ? ktime_get_ts64+0x86/0x230 [ 27.336583] kunit_try_run_case+0x1a5/0x480 [ 27.336623] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.336657] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.336697] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.336726] ? __kthread_parkme+0x82/0x180 [ 27.336748] ? preempt_count_sub+0x50/0x80 [ 27.336772] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.336797] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.336821] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.336845] kthread+0x337/0x6f0 [ 27.336865] ? trace_preempt_on+0x20/0xc0 [ 27.336890] ? __pfx_kthread+0x10/0x10 [ 27.336911] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.336933] ? calculate_sigpending+0x7b/0xa0 [ 27.336959] ? __pfx_kthread+0x10/0x10 [ 27.336981] ret_from_fork+0x116/0x1d0 [ 27.337001] ? __pfx_kthread+0x10/0x10 [ 27.337022] ret_from_fork_asm+0x1a/0x30 [ 27.337054] </TASK> [ 27.337068] [ 27.351904] The buggy address belongs to the physical page: [ 27.352318] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a60 [ 27.352656] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 27.353384] flags: 0x200000000000040(head|node=0|zone=2) [ 27.353839] page_type: f8(unknown) [ 27.354183] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.354510] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 27.355008] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.355394] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 27.355792] head: 0200000000000002 ffffea00040a9801 00000000ffffffff 00000000ffffffff [ 27.356118] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 27.356937] page dumped because: kasan: bad access detected [ 27.357451] [ 27.357774] Memory state around the buggy address: [ 27.358118] ffff888102a5ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.358496] ffff888102a5ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.359089] >ffff888102a60000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.359472] ^ [ 27.359919] ffff888102a60080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.360365] ffff888102a60100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.360995] ================================================================== [ 27.414996] ================================================================== [ 27.415522] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 27.416679] Read of size 1 at addr ffff888102b04000 by task kunit_try_catch/262 [ 27.417286] [ 27.417525] CPU: 0 UID: 0 PID: 262 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 27.417625] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.417651] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.417693] Call Trace: [ 27.417724] <TASK> [ 27.417760] dump_stack_lvl+0x73/0xb0 [ 27.417866] print_report+0xd1/0x650 [ 27.417916] ? __virt_addr_valid+0x1db/0x2d0 [ 27.417971] ? mempool_uaf_helper+0x392/0x400 [ 27.418022] ? kasan_addr_to_slab+0x11/0xa0 [ 27.418112] ? mempool_uaf_helper+0x392/0x400 [ 27.418176] kasan_report+0x141/0x180 [ 27.418225] ? mempool_uaf_helper+0x392/0x400 [ 27.418289] __asan_report_load1_noabort+0x18/0x20 [ 27.418347] mempool_uaf_helper+0x392/0x400 [ 27.418400] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 27.418452] ? __kasan_check_write+0x18/0x20 [ 27.418506] ? __pfx_sched_clock_cpu+0x10/0x10 [ 27.418554] ? finish_task_switch.isra.0+0x153/0x700 [ 27.418603] mempool_page_alloc_uaf+0xed/0x140 [ 27.418645] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 27.418691] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 27.418728] ? __pfx_mempool_free_pages+0x10/0x10 [ 27.418756] ? __pfx_read_tsc+0x10/0x10 [ 27.418782] ? ktime_get_ts64+0x86/0x230 [ 27.418812] kunit_try_run_case+0x1a5/0x480 [ 27.418842] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.418867] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.418894] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.418920] ? __kthread_parkme+0x82/0x180 [ 27.418943] ? preempt_count_sub+0x50/0x80 [ 27.418968] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.418993] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.419018] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.419043] kthread+0x337/0x6f0 [ 27.419064] ? trace_preempt_on+0x20/0xc0 [ 27.419090] ? __pfx_kthread+0x10/0x10 [ 27.419113] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.419136] ? calculate_sigpending+0x7b/0xa0 [ 27.419178] ? __pfx_kthread+0x10/0x10 [ 27.419202] ret_from_fork+0x116/0x1d0 [ 27.419223] ? __pfx_kthread+0x10/0x10 [ 27.419245] ret_from_fork_asm+0x1a/0x30 [ 27.419279] </TASK> [ 27.419294] [ 27.433940] The buggy address belongs to the physical page: [ 27.434830] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b04 [ 27.435410] flags: 0x200000000000000(node=0|zone=2) [ 27.436021] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 27.436720] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 27.437865] page dumped because: kasan: bad access detected [ 27.438362] [ 27.438874] Memory state around the buggy address: [ 27.439103] ffff888102b03f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.439737] ffff888102b03f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.440075] >ffff888102b04000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.441030] ^ [ 27.441310] ffff888102b04080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.441784] ffff888102b04100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.442184] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 27.369935] ================================================================== [ 27.371075] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 27.371317] Read of size 1 at addr ffff8881024dd240 by task kunit_try_catch/260 [ 27.371491] [ 27.371583] CPU: 1 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 27.371644] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.371658] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.371683] Call Trace: [ 27.371700] <TASK> [ 27.371722] dump_stack_lvl+0x73/0xb0 [ 27.371755] print_report+0xd1/0x650 [ 27.371779] ? __virt_addr_valid+0x1db/0x2d0 [ 27.371804] ? mempool_uaf_helper+0x392/0x400 [ 27.371826] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.371853] ? mempool_uaf_helper+0x392/0x400 [ 27.371877] kasan_report+0x141/0x180 [ 27.371899] ? mempool_uaf_helper+0x392/0x400 [ 27.371926] __asan_report_load1_noabort+0x18/0x20 [ 27.371951] mempool_uaf_helper+0x392/0x400 [ 27.371974] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 27.372000] ? __pfx_sched_clock_cpu+0x10/0x10 [ 27.372024] ? finish_task_switch.isra.0+0x153/0x700 [ 27.372051] mempool_slab_uaf+0xea/0x140 [ 27.372076] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 27.372102] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 27.372127] ? __pfx_mempool_free_slab+0x10/0x10 [ 27.372166] ? __pfx_read_tsc+0x10/0x10 [ 27.372204] ? ktime_get_ts64+0x86/0x230 [ 27.372249] kunit_try_run_case+0x1a5/0x480 [ 27.372293] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.372337] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.372378] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.372427] ? __kthread_parkme+0x82/0x180 [ 27.372485] ? preempt_count_sub+0x50/0x80 [ 27.372537] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.372589] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.372639] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.372679] kthread+0x337/0x6f0 [ 27.372714] ? trace_preempt_on+0x20/0xc0 [ 27.372751] ? __pfx_kthread+0x10/0x10 [ 27.372787] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.372828] ? calculate_sigpending+0x7b/0xa0 [ 27.372872] ? __pfx_kthread+0x10/0x10 [ 27.372918] ret_from_fork+0x116/0x1d0 [ 27.372961] ? __pfx_kthread+0x10/0x10 [ 27.373006] ret_from_fork_asm+0x1a/0x30 [ 27.373077] </TASK> [ 27.373104] [ 27.382387] Allocated by task 260: [ 27.382735] kasan_save_stack+0x45/0x70 [ 27.383109] kasan_save_track+0x18/0x40 [ 27.383454] kasan_save_alloc_info+0x3b/0x50 [ 27.384344] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 27.384854] remove_element+0x11e/0x190 [ 27.386572] mempool_alloc_preallocated+0x4d/0x90 [ 27.387054] mempool_uaf_helper+0x96/0x400 [ 27.387553] mempool_slab_uaf+0xea/0x140 [ 27.387752] kunit_try_run_case+0x1a5/0x480 [ 27.387949] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.388166] kthread+0x337/0x6f0 [ 27.388315] ret_from_fork+0x116/0x1d0 [ 27.388500] ret_from_fork_asm+0x1a/0x30 [ 27.388812] [ 27.388982] Freed by task 260: [ 27.389251] kasan_save_stack+0x45/0x70 [ 27.389723] kasan_save_track+0x18/0x40 [ 27.390052] kasan_save_free_info+0x3f/0x60 [ 27.391232] __kasan_mempool_poison_object+0x131/0x1d0 [ 27.391703] mempool_free+0x2ec/0x380 [ 27.391901] mempool_uaf_helper+0x11a/0x400 [ 27.392067] mempool_slab_uaf+0xea/0x140 [ 27.392397] kunit_try_run_case+0x1a5/0x480 [ 27.392768] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.393045] kthread+0x337/0x6f0 [ 27.393232] ret_from_fork+0x116/0x1d0 [ 27.393556] ret_from_fork_asm+0x1a/0x30 [ 27.393877] [ 27.393982] The buggy address belongs to the object at ffff8881024dd240 [ 27.393982] which belongs to the cache test_cache of size 123 [ 27.394722] The buggy address is located 0 bytes inside of [ 27.394722] freed 123-byte region [ffff8881024dd240, ffff8881024dd2bb) [ 27.395384] [ 27.395594] The buggy address belongs to the physical page: [ 27.395891] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024dd [ 27.396382] flags: 0x200000000000000(node=0|zone=2) [ 27.396685] page_type: f5(slab) [ 27.396860] raw: 0200000000000000 ffff888101a688c0 dead000000000122 0000000000000000 [ 27.397135] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 27.397722] page dumped because: kasan: bad access detected [ 27.398108] [ 27.398303] Memory state around the buggy address: [ 27.398578] ffff8881024dd100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.399011] ffff8881024dd180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.399492] >ffff8881024dd200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 27.399892] ^ [ 27.400251] ffff8881024dd280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.400529] ffff8881024dd300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.400860] ================================================================== [ 27.281968] ================================================================== [ 27.282589] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 27.283788] Read of size 1 at addr ffff88810232a600 by task kunit_try_catch/256 [ 27.284638] [ 27.285285] CPU: 0 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 27.285406] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.285432] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.285491] Call Trace: [ 27.285521] <TASK> [ 27.285554] dump_stack_lvl+0x73/0xb0 [ 27.285623] print_report+0xd1/0x650 [ 27.285664] ? __virt_addr_valid+0x1db/0x2d0 [ 27.285709] ? mempool_uaf_helper+0x392/0x400 [ 27.285749] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.285795] ? mempool_uaf_helper+0x392/0x400 [ 27.285835] kasan_report+0x141/0x180 [ 27.285871] ? mempool_uaf_helper+0x392/0x400 [ 27.285916] __asan_report_load1_noabort+0x18/0x20 [ 27.285989] mempool_uaf_helper+0x392/0x400 [ 27.286060] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 27.286106] ? update_load_avg+0x1be/0x21b0 [ 27.286193] ? update_load_avg+0x1be/0x21b0 [ 27.286244] ? update_curr+0x80/0x810 [ 27.286283] ? __kasan_check_write+0x18/0x20 [ 27.286316] ? finish_task_switch.isra.0+0x153/0x700 [ 27.286346] mempool_kmalloc_uaf+0xef/0x140 [ 27.286370] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 27.286397] ? __pfx_mempool_kmalloc+0x10/0x10 [ 27.286425] ? __pfx_mempool_kfree+0x10/0x10 [ 27.286477] ? __pfx_read_tsc+0x10/0x10 [ 27.286503] ? ktime_get_ts64+0x86/0x230 [ 27.286534] kunit_try_run_case+0x1a5/0x480 [ 27.286593] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.286630] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.286670] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.286712] ? __kthread_parkme+0x82/0x180 [ 27.286738] ? preempt_count_sub+0x50/0x80 [ 27.286763] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.286789] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.286816] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.286841] kthread+0x337/0x6f0 [ 27.286863] ? trace_preempt_on+0x20/0xc0 [ 27.286891] ? __pfx_kthread+0x10/0x10 [ 27.286913] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.286937] ? calculate_sigpending+0x7b/0xa0 [ 27.286964] ? __pfx_kthread+0x10/0x10 [ 27.286987] ret_from_fork+0x116/0x1d0 [ 27.287008] ? __pfx_kthread+0x10/0x10 [ 27.287030] ret_from_fork_asm+0x1a/0x30 [ 27.287064] </TASK> [ 27.287078] [ 27.303471] Allocated by task 256: [ 27.304077] kasan_save_stack+0x45/0x70 [ 27.305082] kasan_save_track+0x18/0x40 [ 27.305535] kasan_save_alloc_info+0x3b/0x50 [ 27.305779] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 27.306489] remove_element+0x11e/0x190 [ 27.306803] mempool_alloc_preallocated+0x4d/0x90 [ 27.307352] mempool_uaf_helper+0x96/0x400 [ 27.307853] mempool_kmalloc_uaf+0xef/0x140 [ 27.308053] kunit_try_run_case+0x1a5/0x480 [ 27.308212] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.308415] kthread+0x337/0x6f0 [ 27.309242] ret_from_fork+0x116/0x1d0 [ 27.309592] ret_from_fork_asm+0x1a/0x30 [ 27.309937] [ 27.310355] Freed by task 256: [ 27.310676] kasan_save_stack+0x45/0x70 [ 27.311201] kasan_save_track+0x18/0x40 [ 27.311836] kasan_save_free_info+0x3f/0x60 [ 27.312051] __kasan_mempool_poison_object+0x131/0x1d0 [ 27.312547] mempool_free+0x2ec/0x380 [ 27.312748] mempool_uaf_helper+0x11a/0x400 [ 27.313435] mempool_kmalloc_uaf+0xef/0x140 [ 27.313724] kunit_try_run_case+0x1a5/0x480 [ 27.314226] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.314537] kthread+0x337/0x6f0 [ 27.314893] ret_from_fork+0x116/0x1d0 [ 27.315293] ret_from_fork_asm+0x1a/0x30 [ 27.315631] [ 27.315740] The buggy address belongs to the object at ffff88810232a600 [ 27.315740] which belongs to the cache kmalloc-128 of size 128 [ 27.317013] The buggy address is located 0 bytes inside of [ 27.317013] freed 128-byte region [ffff88810232a600, ffff88810232a680) [ 27.317749] [ 27.317872] The buggy address belongs to the physical page: [ 27.318808] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10232a [ 27.319460] flags: 0x200000000000000(node=0|zone=2) [ 27.319911] page_type: f5(slab) [ 27.320085] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.320653] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.321270] page dumped because: kasan: bad access detected [ 27.321486] [ 27.321645] Memory state around the buggy address: [ 27.322157] ffff88810232a500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.322489] ffff88810232a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.322798] >ffff88810232a600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.323555] ^ [ 27.323779] ffff88810232a680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.324045] ffff88810232a700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.324955] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 27.205958] ================================================================== [ 27.206359] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 27.206596] Read of size 1 at addr ffff888102b06001 by task kunit_try_catch/252 [ 27.206753] [ 27.207049] CPU: 0 UID: 0 PID: 252 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 27.207155] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.207173] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.207201] Call Trace: [ 27.207220] <TASK> [ 27.207245] dump_stack_lvl+0x73/0xb0 [ 27.207296] print_report+0xd1/0x650 [ 27.207323] ? __virt_addr_valid+0x1db/0x2d0 [ 27.207354] ? mempool_oob_right_helper+0x318/0x380 [ 27.207381] ? kasan_addr_to_slab+0x11/0xa0 [ 27.207405] ? mempool_oob_right_helper+0x318/0x380 [ 27.207430] kasan_report+0x141/0x180 [ 27.207469] ? mempool_oob_right_helper+0x318/0x380 [ 27.207501] __asan_report_load1_noabort+0x18/0x20 [ 27.207529] mempool_oob_right_helper+0x318/0x380 [ 27.207556] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 27.207585] ? __pfx_sched_clock_cpu+0x10/0x10 [ 27.207613] ? finish_task_switch.isra.0+0x153/0x700 [ 27.207644] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 27.207671] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 27.207734] ? __pfx_mempool_kmalloc+0x10/0x10 [ 27.207780] ? __pfx_mempool_kfree+0x10/0x10 [ 27.207812] ? __pfx_read_tsc+0x10/0x10 [ 27.207841] ? ktime_get_ts64+0x86/0x230 [ 27.207873] kunit_try_run_case+0x1a5/0x480 [ 27.207903] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.207929] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.207956] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.207981] ? __kthread_parkme+0x82/0x180 [ 27.208006] ? preempt_count_sub+0x50/0x80 [ 27.208032] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.208061] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.208088] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.208115] kthread+0x337/0x6f0 [ 27.208137] ? trace_preempt_on+0x20/0xc0 [ 27.208183] ? __pfx_kthread+0x10/0x10 [ 27.208207] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.208232] ? calculate_sigpending+0x7b/0xa0 [ 27.208272] ? __pfx_kthread+0x10/0x10 [ 27.208300] ret_from_fork+0x116/0x1d0 [ 27.208324] ? __pfx_kthread+0x10/0x10 [ 27.208370] ret_from_fork_asm+0x1a/0x30 [ 27.208410] </TASK> [ 27.208426] [ 27.215619] The buggy address belongs to the physical page: [ 27.216542] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b04 [ 27.217501] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 27.217740] flags: 0x200000000000040(head|node=0|zone=2) [ 27.217879] page_type: f8(unknown) [ 27.217980] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.218151] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 27.218313] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.218489] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 27.218650] head: 0200000000000002 ffffea00040ac101 00000000ffffffff 00000000ffffffff [ 27.218825] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 27.220993] page dumped because: kasan: bad access detected [ 27.221336] [ 27.221434] Memory state around the buggy address: [ 27.221740] ffff888102b05f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.222076] ffff888102b05f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.222616] >ffff888102b06000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 27.222867] ^ [ 27.223048] ffff888102b06080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 27.223509] ffff888102b06100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 27.224318] ================================================================== [ 27.178998] ================================================================== [ 27.179485] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 27.179795] Read of size 1 at addr ffff888102b17573 by task kunit_try_catch/250 [ 27.180143] [ 27.180579] CPU: 1 UID: 0 PID: 250 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 27.180680] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.180697] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.180724] Call Trace: [ 27.180743] <TASK> [ 27.180767] dump_stack_lvl+0x73/0xb0 [ 27.180856] print_report+0xd1/0x650 [ 27.180918] ? __virt_addr_valid+0x1db/0x2d0 [ 27.180952] ? mempool_oob_right_helper+0x318/0x380 [ 27.180991] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.181050] ? mempool_oob_right_helper+0x318/0x380 [ 27.181076] kasan_report+0x141/0x180 [ 27.181117] ? mempool_oob_right_helper+0x318/0x380 [ 27.181170] __asan_report_load1_noabort+0x18/0x20 [ 27.181200] mempool_oob_right_helper+0x318/0x380 [ 27.181227] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 27.181255] ? finish_task_switch.isra.0+0x153/0x700 [ 27.181286] mempool_kmalloc_oob_right+0xf2/0x150 [ 27.181309] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 27.181337] ? __pfx_mempool_kmalloc+0x10/0x10 [ 27.181363] ? __pfx_mempool_kfree+0x10/0x10 [ 27.181389] ? __pfx_read_tsc+0x10/0x10 [ 27.181414] ? ktime_get_ts64+0x86/0x230 [ 27.181462] kunit_try_run_case+0x1a5/0x480 [ 27.181494] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.181519] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.181546] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.181570] ? __kthread_parkme+0x82/0x180 [ 27.181595] ? preempt_count_sub+0x50/0x80 [ 27.181619] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.181643] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.181668] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.181692] kthread+0x337/0x6f0 [ 27.181713] ? trace_preempt_on+0x20/0xc0 [ 27.181741] ? __pfx_kthread+0x10/0x10 [ 27.181764] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.181787] ? calculate_sigpending+0x7b/0xa0 [ 27.181817] ? __pfx_kthread+0x10/0x10 [ 27.181840] ret_from_fork+0x116/0x1d0 [ 27.181862] ? __pfx_kthread+0x10/0x10 [ 27.181885] ret_from_fork_asm+0x1a/0x30 [ 27.181919] </TASK> [ 27.181932] [ 27.190877] Allocated by task 250: [ 27.191539] kasan_save_stack+0x45/0x70 [ 27.191716] kasan_save_track+0x18/0x40 [ 27.191947] kasan_save_alloc_info+0x3b/0x50 [ 27.192211] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 27.192587] remove_element+0x11e/0x190 [ 27.192838] mempool_alloc_preallocated+0x4d/0x90 [ 27.192975] mempool_oob_right_helper+0x8a/0x380 [ 27.193200] mempool_kmalloc_oob_right+0xf2/0x150 [ 27.193381] kunit_try_run_case+0x1a5/0x480 [ 27.193510] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.193915] kthread+0x337/0x6f0 [ 27.194116] ret_from_fork+0x116/0x1d0 [ 27.194522] ret_from_fork_asm+0x1a/0x30 [ 27.194796] [ 27.194909] The buggy address belongs to the object at ffff888102b17500 [ 27.194909] which belongs to the cache kmalloc-128 of size 128 [ 27.195185] The buggy address is located 0 bytes to the right of [ 27.195185] allocated 115-byte region [ffff888102b17500, ffff888102b17573) [ 27.195716] [ 27.195830] The buggy address belongs to the physical page: [ 27.196001] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b17 [ 27.196472] flags: 0x200000000000000(node=0|zone=2) [ 27.196676] page_type: f5(slab) [ 27.196883] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.197070] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.197691] page dumped because: kasan: bad access detected [ 27.198021] [ 27.198099] Memory state around the buggy address: [ 27.198245] ffff888102b17400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.198637] ffff888102b17480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.198873] >ffff888102b17500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 27.199245] ^ [ 27.199635] ffff888102b17580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.199919] ffff888102b17600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 27.200233] ================================================================== [ 27.231737] ================================================================== [ 27.232143] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 27.232506] Read of size 1 at addr ffff8881023332bb by task kunit_try_catch/254 [ 27.232663] [ 27.232743] CPU: 0 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 27.232806] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.232821] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.232848] Call Trace: [ 27.234461] <TASK> [ 27.234515] dump_stack_lvl+0x73/0xb0 [ 27.234658] print_report+0xd1/0x650 [ 27.234688] ? __virt_addr_valid+0x1db/0x2d0 [ 27.234717] ? mempool_oob_right_helper+0x318/0x380 [ 27.234743] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.234774] ? mempool_oob_right_helper+0x318/0x380 [ 27.234799] kasan_report+0x141/0x180 [ 27.234823] ? mempool_oob_right_helper+0x318/0x380 [ 27.234853] __asan_report_load1_noabort+0x18/0x20 [ 27.234880] mempool_oob_right_helper+0x318/0x380 [ 27.234906] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 27.234934] ? __pfx_sched_clock_cpu+0x10/0x10 [ 27.234961] ? finish_task_switch.isra.0+0x153/0x700 [ 27.234990] mempool_slab_oob_right+0xed/0x140 [ 27.235017] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 27.235045] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 27.235073] ? __pfx_mempool_free_slab+0x10/0x10 [ 27.235101] ? __pfx_read_tsc+0x10/0x10 [ 27.235124] ? ktime_get_ts64+0x86/0x230 [ 27.235172] kunit_try_run_case+0x1a5/0x480 [ 27.235202] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.235227] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.235254] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.235279] ? __kthread_parkme+0x82/0x180 [ 27.235302] ? preempt_count_sub+0x50/0x80 [ 27.235327] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.235352] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.235378] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.235403] kthread+0x337/0x6f0 [ 27.235425] ? trace_preempt_on+0x20/0xc0 [ 27.235463] ? __pfx_kthread+0x10/0x10 [ 27.235487] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.235511] ? calculate_sigpending+0x7b/0xa0 [ 27.235556] ? __pfx_kthread+0x10/0x10 [ 27.235585] ret_from_fork+0x116/0x1d0 [ 27.235608] ? __pfx_kthread+0x10/0x10 [ 27.235630] ret_from_fork_asm+0x1a/0x30 [ 27.235666] </TASK> [ 27.235680] [ 27.250655] Allocated by task 254: [ 27.251082] kasan_save_stack+0x45/0x70 [ 27.251508] kasan_save_track+0x18/0x40 [ 27.251923] kasan_save_alloc_info+0x3b/0x50 [ 27.252276] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 27.253033] remove_element+0x11e/0x190 [ 27.253502] mempool_alloc_preallocated+0x4d/0x90 [ 27.254051] mempool_oob_right_helper+0x8a/0x380 [ 27.254488] mempool_slab_oob_right+0xed/0x140 [ 27.254977] kunit_try_run_case+0x1a5/0x480 [ 27.255187] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.255616] kthread+0x337/0x6f0 [ 27.255854] ret_from_fork+0x116/0x1d0 [ 27.256379] ret_from_fork_asm+0x1a/0x30 [ 27.257349] [ 27.257709] The buggy address belongs to the object at ffff888102333240 [ 27.257709] which belongs to the cache test_cache of size 123 [ 27.258438] The buggy address is located 0 bytes to the right of [ 27.258438] allocated 123-byte region [ffff888102333240, ffff8881023332bb) [ 27.259312] [ 27.259530] The buggy address belongs to the physical page: [ 27.259930] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102333 [ 27.260418] flags: 0x200000000000000(node=0|zone=2) [ 27.261370] page_type: f5(slab) [ 27.261711] raw: 0200000000000000 ffff8881017a3a00 dead000000000122 0000000000000000 [ 27.262175] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 27.262774] page dumped because: kasan: bad access detected [ 27.263249] [ 27.263382] Memory state around the buggy address: [ 27.263791] ffff888102333180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.264392] ffff888102333200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 27.265400] >ffff888102333280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 27.265963] ^ [ 27.266344] ffff888102333300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.266892] ffff888102333380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.267351] ==================================================================