Date
June 23, 2025, 7:07 a.m.
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 21.911353] ================================================================== [ 21.912301] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 21.912693] Write of size 8 at addr ffff8881023ac571 by task kunit_try_catch/205 [ 21.913391] [ 21.913868] CPU: 0 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 21.914028] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.914061] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.914099] Call Trace: [ 21.914128] <TASK> [ 21.914156] dump_stack_lvl+0x73/0xb0 [ 21.914193] print_report+0xd1/0x650 [ 21.914212] ? __virt_addr_valid+0x1db/0x2d0 [ 21.914232] ? kmalloc_oob_memset_8+0x166/0x330 [ 21.914250] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.914272] ? kmalloc_oob_memset_8+0x166/0x330 [ 21.914290] kasan_report+0x141/0x180 [ 21.914308] ? kmalloc_oob_memset_8+0x166/0x330 [ 21.914331] kasan_check_range+0x10c/0x1c0 [ 21.914351] __asan_memset+0x27/0x50 [ 21.914370] kmalloc_oob_memset_8+0x166/0x330 [ 21.914409] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 21.914429] ? __schedule+0x10cc/0x2b60 [ 21.914448] ? __pfx_read_tsc+0x10/0x10 [ 21.914468] ? ktime_get_ts64+0x86/0x230 [ 21.914490] kunit_try_run_case+0x1a5/0x480 [ 21.914512] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.914531] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.914550] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.914569] ? __kthread_parkme+0x82/0x180 [ 21.914586] ? preempt_count_sub+0x50/0x80 [ 21.914606] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.914626] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.914646] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.914666] kthread+0x337/0x6f0 [ 21.914682] ? trace_preempt_on+0x20/0xc0 [ 21.914702] ? __pfx_kthread+0x10/0x10 [ 21.914719] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.914736] ? calculate_sigpending+0x7b/0xa0 [ 21.914756] ? __pfx_kthread+0x10/0x10 [ 21.914774] ret_from_fork+0x116/0x1d0 [ 21.914790] ? __pfx_kthread+0x10/0x10 [ 21.914807] ret_from_fork_asm+0x1a/0x30 [ 21.914853] </TASK> [ 21.914867] [ 21.924738] Allocated by task 205: [ 21.925485] kasan_save_stack+0x45/0x70 [ 21.925803] kasan_save_track+0x18/0x40 [ 21.926283] kasan_save_alloc_info+0x3b/0x50 [ 21.926600] __kasan_kmalloc+0xb7/0xc0 [ 21.926811] __kmalloc_cache_noprof+0x189/0x420 [ 21.927480] kmalloc_oob_memset_8+0xac/0x330 [ 21.927679] kunit_try_run_case+0x1a5/0x480 [ 21.927811] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.928309] kthread+0x337/0x6f0 [ 21.928475] ret_from_fork+0x116/0x1d0 [ 21.928823] ret_from_fork_asm+0x1a/0x30 [ 21.929153] [ 21.929447] The buggy address belongs to the object at ffff8881023ac500 [ 21.929447] which belongs to the cache kmalloc-128 of size 128 [ 21.930317] The buggy address is located 113 bytes inside of [ 21.930317] allocated 120-byte region [ffff8881023ac500, ffff8881023ac578) [ 21.930749] [ 21.931010] The buggy address belongs to the physical page: [ 21.931474] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1023ac [ 21.931791] flags: 0x200000000000000(node=0|zone=2) [ 21.932220] page_type: f5(slab) [ 21.932596] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 21.932850] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.933755] page dumped because: kasan: bad access detected [ 21.934144] [ 21.934247] Memory state around the buggy address: [ 21.934417] ffff8881023ac400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.935187] ffff8881023ac480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.935484] >ffff8881023ac500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.935762] ^ [ 21.936754] ffff8881023ac580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.937113] ffff8881023ac600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.937437] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 21.872970] ================================================================== [ 21.873751] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 21.874187] Write of size 4 at addr ffff8881023ac475 by task kunit_try_catch/203 [ 21.874537] [ 21.874682] CPU: 0 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 21.874766] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.874788] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.874823] Call Trace: [ 21.874847] <TASK> [ 21.874880] dump_stack_lvl+0x73/0xb0 [ 21.876876] print_report+0xd1/0x650 [ 21.876968] ? __virt_addr_valid+0x1db/0x2d0 [ 21.877011] ? kmalloc_oob_memset_4+0x166/0x330 [ 21.877042] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.877081] ? kmalloc_oob_memset_4+0x166/0x330 [ 21.877135] kasan_report+0x141/0x180 [ 21.877170] ? kmalloc_oob_memset_4+0x166/0x330 [ 21.877203] kasan_check_range+0x10c/0x1c0 [ 21.877225] __asan_memset+0x27/0x50 [ 21.877245] kmalloc_oob_memset_4+0x166/0x330 [ 21.877265] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 21.877284] ? __schedule+0x10cc/0x2b60 [ 21.877304] ? __pfx_read_tsc+0x10/0x10 [ 21.877325] ? ktime_get_ts64+0x86/0x230 [ 21.877347] kunit_try_run_case+0x1a5/0x480 [ 21.877369] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.877411] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.877432] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.877451] ? __kthread_parkme+0x82/0x180 [ 21.877470] ? preempt_count_sub+0x50/0x80 [ 21.877491] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.877511] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.877531] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.877550] kthread+0x337/0x6f0 [ 21.877567] ? trace_preempt_on+0x20/0xc0 [ 21.877587] ? __pfx_kthread+0x10/0x10 [ 21.877605] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.877640] ? calculate_sigpending+0x7b/0xa0 [ 21.877663] ? __pfx_kthread+0x10/0x10 [ 21.877682] ret_from_fork+0x116/0x1d0 [ 21.877698] ? __pfx_kthread+0x10/0x10 [ 21.877715] ret_from_fork_asm+0x1a/0x30 [ 21.877744] </TASK> [ 21.877755] [ 21.891689] Allocated by task 203: [ 21.892273] kasan_save_stack+0x45/0x70 [ 21.892550] kasan_save_track+0x18/0x40 [ 21.893118] kasan_save_alloc_info+0x3b/0x50 [ 21.893315] __kasan_kmalloc+0xb7/0xc0 [ 21.893597] __kmalloc_cache_noprof+0x189/0x420 [ 21.893985] kmalloc_oob_memset_4+0xac/0x330 [ 21.894412] kunit_try_run_case+0x1a5/0x480 [ 21.894812] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.895354] kthread+0x337/0x6f0 [ 21.895737] ret_from_fork+0x116/0x1d0 [ 21.896075] ret_from_fork_asm+0x1a/0x30 [ 21.896302] [ 21.896396] The buggy address belongs to the object at ffff8881023ac400 [ 21.896396] which belongs to the cache kmalloc-128 of size 128 [ 21.897246] The buggy address is located 117 bytes inside of [ 21.897246] allocated 120-byte region [ffff8881023ac400, ffff8881023ac478) [ 21.898331] [ 21.898497] The buggy address belongs to the physical page: [ 21.899045] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1023ac [ 21.899608] flags: 0x200000000000000(node=0|zone=2) [ 21.900424] page_type: f5(slab) [ 21.900672] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 21.900916] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.901401] page dumped because: kasan: bad access detected [ 21.901752] [ 21.901868] Memory state around the buggy address: [ 21.902143] ffff8881023ac300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.903458] ffff8881023ac380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.903690] >ffff8881023ac400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.904226] ^ [ 21.904456] ffff8881023ac480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.905150] ffff8881023ac500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.905367] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 21.836888] ================================================================== [ 21.838270] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 21.838993] Write of size 2 at addr ffff888102b4ec77 by task kunit_try_catch/201 [ 21.839245] [ 21.839360] CPU: 1 UID: 0 PID: 201 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 21.839463] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.839483] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.839514] Call Trace: [ 21.839536] <TASK> [ 21.839563] dump_stack_lvl+0x73/0xb0 [ 21.839612] print_report+0xd1/0x650 [ 21.839644] ? __virt_addr_valid+0x1db/0x2d0 [ 21.839682] ? kmalloc_oob_memset_2+0x166/0x330 [ 21.839714] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.839751] ? kmalloc_oob_memset_2+0x166/0x330 [ 21.839786] kasan_report+0x141/0x180 [ 21.839824] ? kmalloc_oob_memset_2+0x166/0x330 [ 21.839867] kasan_check_range+0x10c/0x1c0 [ 21.839907] __asan_memset+0x27/0x50 [ 21.839948] kmalloc_oob_memset_2+0x166/0x330 [ 21.839984] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 21.840066] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 21.840109] kunit_try_run_case+0x1a5/0x480 [ 21.840151] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.840190] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.840230] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.840269] ? __kthread_parkme+0x82/0x180 [ 21.840306] ? preempt_count_sub+0x50/0x80 [ 21.840349] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.840406] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.840448] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.840489] kthread+0x337/0x6f0 [ 21.840519] ? trace_preempt_on+0x20/0xc0 [ 21.840555] ? __pfx_kthread+0x10/0x10 [ 21.840583] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.840612] ? calculate_sigpending+0x7b/0xa0 [ 21.840649] ? __pfx_kthread+0x10/0x10 [ 21.840683] ret_from_fork+0x116/0x1d0 [ 21.840710] ? __pfx_kthread+0x10/0x10 [ 21.840738] ret_from_fork_asm+0x1a/0x30 [ 21.840787] </TASK> [ 21.840805] [ 21.853587] Allocated by task 201: [ 21.854185] kasan_save_stack+0x45/0x70 [ 21.854403] kasan_save_track+0x18/0x40 [ 21.854931] kasan_save_alloc_info+0x3b/0x50 [ 21.855106] __kasan_kmalloc+0xb7/0xc0 [ 21.855463] __kmalloc_cache_noprof+0x189/0x420 [ 21.855816] kmalloc_oob_memset_2+0xac/0x330 [ 21.856328] kunit_try_run_case+0x1a5/0x480 [ 21.856486] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.857069] kthread+0x337/0x6f0 [ 21.857338] ret_from_fork+0x116/0x1d0 [ 21.857638] ret_from_fork_asm+0x1a/0x30 [ 21.858409] [ 21.858528] The buggy address belongs to the object at ffff888102b4ec00 [ 21.858528] which belongs to the cache kmalloc-128 of size 128 [ 21.859341] The buggy address is located 119 bytes inside of [ 21.859341] allocated 120-byte region [ffff888102b4ec00, ffff888102b4ec78) [ 21.860176] [ 21.860470] The buggy address belongs to the physical page: [ 21.860972] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b4e [ 21.861228] flags: 0x200000000000000(node=0|zone=2) [ 21.861621] page_type: f5(slab) [ 21.861865] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 21.862968] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.863360] page dumped because: kasan: bad access detected [ 21.863862] [ 21.863987] Memory state around the buggy address: [ 21.864151] ffff888102b4eb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.865099] ffff888102b4eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.865438] >ffff888102b4ec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.866107] ^ [ 21.866581] ffff888102b4ec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.866942] ffff888102b4ed00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.867876] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 21.807779] ================================================================== [ 21.808190] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 21.808931] Write of size 128 at addr ffff8881023ac300 by task kunit_try_catch/199 [ 21.809721] [ 21.810501] CPU: 0 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 21.810607] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.810629] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.810665] Call Trace: [ 21.810690] <TASK> [ 21.810719] dump_stack_lvl+0x73/0xb0 [ 21.810773] print_report+0xd1/0x650 [ 21.810795] ? __virt_addr_valid+0x1db/0x2d0 [ 21.810816] ? kmalloc_oob_in_memset+0x15f/0x320 [ 21.810856] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.810884] ? kmalloc_oob_in_memset+0x15f/0x320 [ 21.810913] kasan_report+0x141/0x180 [ 21.810942] ? kmalloc_oob_in_memset+0x15f/0x320 [ 21.810966] kasan_check_range+0x10c/0x1c0 [ 21.810988] __asan_memset+0x27/0x50 [ 21.811008] kmalloc_oob_in_memset+0x15f/0x320 [ 21.811026] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 21.811045] ? __schedule+0x10cc/0x2b60 [ 21.811063] ? __pfx_read_tsc+0x10/0x10 [ 21.811099] ? ktime_get_ts64+0x86/0x230 [ 21.811131] kunit_try_run_case+0x1a5/0x480 [ 21.811162] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.811192] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.811212] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.811231] ? __kthread_parkme+0x82/0x180 [ 21.811248] ? preempt_count_sub+0x50/0x80 [ 21.811267] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.811287] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.811307] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.811327] kthread+0x337/0x6f0 [ 21.811343] ? trace_preempt_on+0x20/0xc0 [ 21.811362] ? __pfx_kthread+0x10/0x10 [ 21.811395] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.811415] ? calculate_sigpending+0x7b/0xa0 [ 21.811436] ? __pfx_kthread+0x10/0x10 [ 21.811454] ret_from_fork+0x116/0x1d0 [ 21.811470] ? __pfx_kthread+0x10/0x10 [ 21.811487] ret_from_fork_asm+0x1a/0x30 [ 21.811513] </TASK> [ 21.811524] [ 21.820659] Allocated by task 199: [ 21.820907] kasan_save_stack+0x45/0x70 [ 21.821065] kasan_save_track+0x18/0x40 [ 21.821332] kasan_save_alloc_info+0x3b/0x50 [ 21.821504] __kasan_kmalloc+0xb7/0xc0 [ 21.821665] __kmalloc_cache_noprof+0x189/0x420 [ 21.822108] kmalloc_oob_in_memset+0xac/0x320 [ 21.822627] kunit_try_run_case+0x1a5/0x480 [ 21.822969] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.823486] kthread+0x337/0x6f0 [ 21.823661] ret_from_fork+0x116/0x1d0 [ 21.823864] ret_from_fork_asm+0x1a/0x30 [ 21.824132] [ 21.824272] The buggy address belongs to the object at ffff8881023ac300 [ 21.824272] which belongs to the cache kmalloc-128 of size 128 [ 21.824732] The buggy address is located 0 bytes inside of [ 21.824732] allocated 120-byte region [ffff8881023ac300, ffff8881023ac378) [ 21.825452] [ 21.825973] The buggy address belongs to the physical page: [ 21.826311] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1023ac [ 21.826975] flags: 0x200000000000000(node=0|zone=2) [ 21.827290] page_type: f5(slab) [ 21.827535] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 21.827894] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.828114] page dumped because: kasan: bad access detected [ 21.828284] [ 21.828364] Memory state around the buggy address: [ 21.828519] ffff8881023ac200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.828693] ffff8881023ac280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.828874] >ffff8881023ac300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.829057] ^ [ 21.829249] ffff8881023ac380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.829453] ffff8881023ac400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.829632] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 21.774710] ================================================================== [ 21.775143] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x47b/0x4c0 [ 21.775619] Read of size 16 at addr ffff8881023702e0 by task kunit_try_catch/197 [ 21.776060] [ 21.776196] CPU: 0 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 21.776265] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.776278] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.776297] Call Trace: [ 21.776310] <TASK> [ 21.776326] dump_stack_lvl+0x73/0xb0 [ 21.776353] print_report+0xd1/0x650 [ 21.776371] ? __virt_addr_valid+0x1db/0x2d0 [ 21.776639] ? kmalloc_uaf_16+0x47b/0x4c0 [ 21.776670] ? kasan_complete_mode_report_info+0x64/0x200 [ 21.776694] ? kmalloc_uaf_16+0x47b/0x4c0 [ 21.776712] kasan_report+0x141/0x180 [ 21.776731] ? kmalloc_uaf_16+0x47b/0x4c0 [ 21.776753] __asan_report_load16_noabort+0x18/0x20 [ 21.776774] kmalloc_uaf_16+0x47b/0x4c0 [ 21.776791] ? __pfx_kmalloc_uaf_16+0x10/0x10 [ 21.776809] ? __schedule+0x10cc/0x2b60 [ 21.776830] ? __pfx_read_tsc+0x10/0x10 [ 21.777227] ? ktime_get_ts64+0x86/0x230 [ 21.777255] kunit_try_run_case+0x1a5/0x480 [ 21.777278] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.777298] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.777317] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.777337] ? __kthread_parkme+0x82/0x180 [ 21.777354] ? preempt_count_sub+0x50/0x80 [ 21.777373] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.777414] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.777434] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.777454] kthread+0x337/0x6f0 [ 21.777471] ? trace_preempt_on+0x20/0xc0 [ 21.777491] ? __pfx_kthread+0x10/0x10 [ 21.777508] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.777526] ? calculate_sigpending+0x7b/0xa0 [ 21.777546] ? __pfx_kthread+0x10/0x10 [ 21.777564] ret_from_fork+0x116/0x1d0 [ 21.777580] ? __pfx_kthread+0x10/0x10 [ 21.777597] ret_from_fork_asm+0x1a/0x30 [ 21.777624] </TASK> [ 21.777636] [ 21.788536] Allocated by task 197: [ 21.788821] kasan_save_stack+0x45/0x70 [ 21.789075] kasan_save_track+0x18/0x40 [ 21.789533] kasan_save_alloc_info+0x3b/0x50 [ 21.789736] __kasan_kmalloc+0xb7/0xc0 [ 21.790229] __kmalloc_cache_noprof+0x189/0x420 [ 21.790468] kmalloc_uaf_16+0x15b/0x4c0 [ 21.790631] kunit_try_run_case+0x1a5/0x480 [ 21.790824] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.791080] kthread+0x337/0x6f0 [ 21.791231] ret_from_fork+0x116/0x1d0 [ 21.791411] ret_from_fork_asm+0x1a/0x30 [ 21.791591] [ 21.791672] Freed by task 197: [ 21.791812] kasan_save_stack+0x45/0x70 [ 21.792562] kasan_save_track+0x18/0x40 [ 21.792800] kasan_save_free_info+0x3f/0x60 [ 21.792956] __kasan_slab_free+0x56/0x70 [ 21.793095] kfree+0x222/0x3f0 [ 21.793796] kmalloc_uaf_16+0x1d6/0x4c0 [ 21.794000] kunit_try_run_case+0x1a5/0x480 [ 21.794229] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.794470] kthread+0x337/0x6f0 [ 21.794633] ret_from_fork+0x116/0x1d0 [ 21.794799] ret_from_fork_asm+0x1a/0x30 [ 21.795521] [ 21.795786] The buggy address belongs to the object at ffff8881023702e0 [ 21.795786] which belongs to the cache kmalloc-16 of size 16 [ 21.796508] The buggy address is located 0 bytes inside of [ 21.796508] freed 16-byte region [ffff8881023702e0, ffff8881023702f0) [ 21.797093] [ 21.797307] The buggy address belongs to the physical page: [ 21.797674] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102370 [ 21.798417] flags: 0x200000000000000(node=0|zone=2) [ 21.798613] page_type: f5(slab) [ 21.798764] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 21.799007] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 21.799412] page dumped because: kasan: bad access detected [ 21.799787] [ 21.799956] Memory state around the buggy address: [ 21.800342] ffff888102370180: 00 05 fc fc 00 00 fc fc 00 06 fc fc 00 06 fc fc [ 21.800909] ffff888102370200: 00 00 fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 21.801125] >ffff888102370280: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 21.801524] ^ [ 21.801767] ffff888102370300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.802252] ffff888102370380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.802534] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 21.742418] ================================================================== [ 21.742867] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 21.743395] Write of size 16 at addr ffff888102370280 by task kunit_try_catch/195 [ 21.743750] [ 21.744173] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 21.744261] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.744283] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.744315] Call Trace: [ 21.744339] <TASK> [ 21.744364] dump_stack_lvl+0x73/0xb0 [ 21.744439] print_report+0xd1/0x650 [ 21.744477] ? __virt_addr_valid+0x1db/0x2d0 [ 21.744533] ? kmalloc_oob_16+0x452/0x4a0 [ 21.744570] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.744614] ? kmalloc_oob_16+0x452/0x4a0 [ 21.744652] kasan_report+0x141/0x180 [ 21.744691] ? kmalloc_oob_16+0x452/0x4a0 [ 21.744736] __asan_report_store16_noabort+0x1b/0x30 [ 21.744773] kmalloc_oob_16+0x452/0x4a0 [ 21.744800] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 21.744825] ? __schedule+0x10cc/0x2b60 [ 21.744872] ? __pfx_read_tsc+0x10/0x10 [ 21.744892] ? ktime_get_ts64+0x86/0x230 [ 21.744914] kunit_try_run_case+0x1a5/0x480 [ 21.744936] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.744955] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.744974] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.744993] ? __kthread_parkme+0x82/0x180 [ 21.745010] ? preempt_count_sub+0x50/0x80 [ 21.745031] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.745051] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.745074] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.745131] kthread+0x337/0x6f0 [ 21.745162] ? trace_preempt_on+0x20/0xc0 [ 21.745195] ? __pfx_kthread+0x10/0x10 [ 21.745214] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.745232] ? calculate_sigpending+0x7b/0xa0 [ 21.745252] ? __pfx_kthread+0x10/0x10 [ 21.745270] ret_from_fork+0x116/0x1d0 [ 21.745286] ? __pfx_kthread+0x10/0x10 [ 21.745303] ret_from_fork_asm+0x1a/0x30 [ 21.745330] </TASK> [ 21.745340] [ 21.755694] Allocated by task 195: [ 21.755967] kasan_save_stack+0x45/0x70 [ 21.756273] kasan_save_track+0x18/0x40 [ 21.756628] kasan_save_alloc_info+0x3b/0x50 [ 21.756998] __kasan_kmalloc+0xb7/0xc0 [ 21.757705] __kmalloc_cache_noprof+0x189/0x420 [ 21.758090] kmalloc_oob_16+0xa8/0x4a0 [ 21.758403] kunit_try_run_case+0x1a5/0x480 [ 21.758867] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.759516] kthread+0x337/0x6f0 [ 21.759740] ret_from_fork+0x116/0x1d0 [ 21.759935] ret_from_fork_asm+0x1a/0x30 [ 21.760452] [ 21.760612] The buggy address belongs to the object at ffff888102370280 [ 21.760612] which belongs to the cache kmalloc-16 of size 16 [ 21.761687] The buggy address is located 0 bytes inside of [ 21.761687] allocated 13-byte region [ffff888102370280, ffff88810237028d) [ 21.762553] [ 21.762792] The buggy address belongs to the physical page: [ 21.763340] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102370 [ 21.763788] flags: 0x200000000000000(node=0|zone=2) [ 21.764062] page_type: f5(slab) [ 21.764312] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 21.764678] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 21.764930] page dumped because: kasan: bad access detected [ 21.765285] [ 21.765819] Memory state around the buggy address: [ 21.766414] ffff888102370180: 00 05 fc fc 00 00 fc fc 00 06 fc fc 00 06 fc fc [ 21.766976] ffff888102370200: 00 00 fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 21.767706] >ffff888102370280: 00 05 fc fc 00 00 fc fc fc fc fc fc fc fc fc fc [ 21.768290] ^ [ 21.768442] ffff888102370300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.768993] ffff888102370380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.769619] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 21.672053] ================================================================== [ 21.672559] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x1b8/0x5e0 [ 21.673578] Read of size 1 at addr ffff888100377400 by task kunit_try_catch/193 [ 21.673913] [ 21.674051] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 21.674135] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.674161] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.674195] Call Trace: [ 21.674216] <TASK> [ 21.674238] dump_stack_lvl+0x73/0xb0 [ 21.674280] print_report+0xd1/0x650 [ 21.674307] ? __virt_addr_valid+0x1db/0x2d0 [ 21.674337] ? krealloc_uaf+0x1b8/0x5e0 [ 21.674368] ? kasan_complete_mode_report_info+0x64/0x200 [ 21.674421] ? krealloc_uaf+0x1b8/0x5e0 [ 21.674448] kasan_report+0x141/0x180 [ 21.674468] ? krealloc_uaf+0x1b8/0x5e0 [ 21.674496] ? krealloc_uaf+0x1b8/0x5e0 [ 21.674517] __kasan_check_byte+0x3d/0x50 [ 21.674538] krealloc_noprof+0x3f/0x340 [ 21.674564] krealloc_uaf+0x1b8/0x5e0 [ 21.674584] ? __pfx_krealloc_uaf+0x10/0x10 [ 21.674603] ? finish_task_switch.isra.0+0x153/0x700 [ 21.674624] ? __switch_to+0x47/0xf50 [ 21.674650] ? __schedule+0x10cc/0x2b60 [ 21.674669] ? __pfx_read_tsc+0x10/0x10 [ 21.674690] ? ktime_get_ts64+0x86/0x230 [ 21.674715] kunit_try_run_case+0x1a5/0x480 [ 21.674738] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.674759] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.674780] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.674801] ? __kthread_parkme+0x82/0x180 [ 21.674819] ? preempt_count_sub+0x50/0x80 [ 21.674840] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.674862] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.674884] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.674906] kthread+0x337/0x6f0 [ 21.674924] ? trace_preempt_on+0x20/0xc0 [ 21.674945] ? __pfx_kthread+0x10/0x10 [ 21.674964] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.674983] ? calculate_sigpending+0x7b/0xa0 [ 21.675005] ? __pfx_kthread+0x10/0x10 [ 21.675023] ret_from_fork+0x116/0x1d0 [ 21.675039] ? __pfx_kthread+0x10/0x10 [ 21.675056] ret_from_fork_asm+0x1a/0x30 [ 21.675083] </TASK> [ 21.675094] [ 21.685710] Allocated by task 193: [ 21.685888] kasan_save_stack+0x45/0x70 [ 21.686065] kasan_save_track+0x18/0x40 [ 21.686525] kasan_save_alloc_info+0x3b/0x50 [ 21.686890] __kasan_kmalloc+0xb7/0xc0 [ 21.687282] __kmalloc_cache_noprof+0x189/0x420 [ 21.687621] krealloc_uaf+0xbb/0x5e0 [ 21.687907] kunit_try_run_case+0x1a5/0x480 [ 21.688157] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.688496] kthread+0x337/0x6f0 [ 21.688627] ret_from_fork+0x116/0x1d0 [ 21.689018] ret_from_fork_asm+0x1a/0x30 [ 21.689373] [ 21.689512] Freed by task 193: [ 21.689654] kasan_save_stack+0x45/0x70 [ 21.689915] kasan_save_track+0x18/0x40 [ 21.690204] kasan_save_free_info+0x3f/0x60 [ 21.690411] __kasan_slab_free+0x56/0x70 [ 21.690708] kfree+0x222/0x3f0 [ 21.690970] krealloc_uaf+0x13d/0x5e0 [ 21.691356] kunit_try_run_case+0x1a5/0x480 [ 21.691666] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.691865] kthread+0x337/0x6f0 [ 21.692246] ret_from_fork+0x116/0x1d0 [ 21.692451] ret_from_fork_asm+0x1a/0x30 [ 21.692690] [ 21.692786] The buggy address belongs to the object at ffff888100377400 [ 21.692786] which belongs to the cache kmalloc-256 of size 256 [ 21.693314] The buggy address is located 0 bytes inside of [ 21.693314] freed 256-byte region [ffff888100377400, ffff888100377500) [ 21.693980] [ 21.694143] The buggy address belongs to the physical page: [ 21.694409] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100376 [ 21.694850] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.695205] flags: 0x200000000000040(head|node=0|zone=2) [ 21.695747] page_type: f5(slab) [ 21.696007] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 21.696526] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.696941] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 21.697456] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.697705] head: 0200000000000001 ffffea000400dd81 00000000ffffffff 00000000ffffffff [ 21.697960] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 21.698561] page dumped because: kasan: bad access detected [ 21.698954] [ 21.699247] Memory state around the buggy address: [ 21.699583] ffff888100377300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.700466] ffff888100377380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.700956] >ffff888100377400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.701464] ^ [ 21.701654] ffff888100377480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.701935] ffff888100377500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.703266] ================================================================== [ 21.704629] ================================================================== [ 21.705515] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x53c/0x5e0 [ 21.706191] Read of size 1 at addr ffff888100377400 by task kunit_try_catch/193 [ 21.706854] [ 21.706973] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 21.707031] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.707045] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.707066] Call Trace: [ 21.707567] <TASK> [ 21.707621] dump_stack_lvl+0x73/0xb0 [ 21.707679] print_report+0xd1/0x650 [ 21.707765] ? __virt_addr_valid+0x1db/0x2d0 [ 21.707807] ? krealloc_uaf+0x53c/0x5e0 [ 21.707854] ? kasan_complete_mode_report_info+0x64/0x200 [ 21.707881] ? krealloc_uaf+0x53c/0x5e0 [ 21.707899] kasan_report+0x141/0x180 [ 21.707918] ? krealloc_uaf+0x53c/0x5e0 [ 21.707939] __asan_report_load1_noabort+0x18/0x20 [ 21.707960] krealloc_uaf+0x53c/0x5e0 [ 21.707978] ? __pfx_krealloc_uaf+0x10/0x10 [ 21.707995] ? finish_task_switch.isra.0+0x153/0x700 [ 21.708013] ? __switch_to+0x47/0xf50 [ 21.708036] ? __schedule+0x10cc/0x2b60 [ 21.708054] ? __pfx_read_tsc+0x10/0x10 [ 21.708076] ? ktime_get_ts64+0x86/0x230 [ 21.708109] kunit_try_run_case+0x1a5/0x480 [ 21.708140] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.708167] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.708196] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.708220] ? __kthread_parkme+0x82/0x180 [ 21.708238] ? preempt_count_sub+0x50/0x80 [ 21.708257] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.708278] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.708298] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.708318] kthread+0x337/0x6f0 [ 21.708335] ? trace_preempt_on+0x20/0xc0 [ 21.708354] ? __pfx_kthread+0x10/0x10 [ 21.708371] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.708407] ? calculate_sigpending+0x7b/0xa0 [ 21.708428] ? __pfx_kthread+0x10/0x10 [ 21.708446] ret_from_fork+0x116/0x1d0 [ 21.708462] ? __pfx_kthread+0x10/0x10 [ 21.708480] ret_from_fork_asm+0x1a/0x30 [ 21.708507] </TASK> [ 21.708518] [ 21.717553] Allocated by task 193: [ 21.717641] kasan_save_stack+0x45/0x70 [ 21.717888] kasan_save_track+0x18/0x40 [ 21.718181] kasan_save_alloc_info+0x3b/0x50 [ 21.719523] __kasan_kmalloc+0xb7/0xc0 [ 21.719808] __kmalloc_cache_noprof+0x189/0x420 [ 21.719992] krealloc_uaf+0xbb/0x5e0 [ 21.720164] kunit_try_run_case+0x1a5/0x480 [ 21.720322] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.720489] kthread+0x337/0x6f0 [ 21.720614] ret_from_fork+0x116/0x1d0 [ 21.720754] ret_from_fork_asm+0x1a/0x30 [ 21.721040] [ 21.721180] Freed by task 193: [ 21.721640] kasan_save_stack+0x45/0x70 [ 21.721980] kasan_save_track+0x18/0x40 [ 21.722515] kasan_save_free_info+0x3f/0x60 [ 21.722881] __kasan_slab_free+0x56/0x70 [ 21.723692] kfree+0x222/0x3f0 [ 21.724000] krealloc_uaf+0x13d/0x5e0 [ 21.724548] kunit_try_run_case+0x1a5/0x480 [ 21.724908] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.725472] kthread+0x337/0x6f0 [ 21.725727] ret_from_fork+0x116/0x1d0 [ 21.726316] ret_from_fork_asm+0x1a/0x30 [ 21.726669] [ 21.726823] The buggy address belongs to the object at ffff888100377400 [ 21.726823] which belongs to the cache kmalloc-256 of size 256 [ 21.727496] The buggy address is located 0 bytes inside of [ 21.727496] freed 256-byte region [ffff888100377400, ffff888100377500) [ 21.728130] [ 21.728323] The buggy address belongs to the physical page: [ 21.728691] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100376 [ 21.729422] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.729647] flags: 0x200000000000040(head|node=0|zone=2) [ 21.730370] page_type: f5(slab) [ 21.730845] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 21.731409] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.731725] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 21.732428] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.732652] head: 0200000000000001 ffffea000400dd81 00000000ffffffff 00000000ffffffff [ 21.732938] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 21.733551] page dumped because: kasan: bad access detected [ 21.733806] [ 21.734001] Memory state around the buggy address: [ 21.734513] ffff888100377300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.734940] ffff888100377380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.735455] >ffff888100377400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.736034] ^ [ 21.736369] ffff888100377480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.737028] ffff888100377500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.737400] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 21.439034] ================================================================== [ 21.439410] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 21.439969] Write of size 1 at addr ffff888100ab4eea by task kunit_try_catch/187 [ 21.440356] [ 21.440522] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 21.440804] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.440821] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.440857] Call Trace: [ 21.440871] <TASK> [ 21.440886] dump_stack_lvl+0x73/0xb0 [ 21.440925] print_report+0xd1/0x650 [ 21.440951] ? __virt_addr_valid+0x1db/0x2d0 [ 21.440971] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 21.440990] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.441010] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 21.441029] kasan_report+0x141/0x180 [ 21.441047] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 21.441070] __asan_report_store1_noabort+0x1b/0x30 [ 21.441089] krealloc_less_oob_helper+0xe90/0x11d0 [ 21.441110] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 21.441129] ? finish_task_switch.isra.0+0x153/0x700 [ 21.441146] ? __switch_to+0x47/0xf50 [ 21.441167] ? __schedule+0x10cc/0x2b60 [ 21.441184] ? __pfx_read_tsc+0x10/0x10 [ 21.441205] krealloc_less_oob+0x1c/0x30 [ 21.441222] kunit_try_run_case+0x1a5/0x480 [ 21.441241] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.441259] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.441277] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.441295] ? __kthread_parkme+0x82/0x180 [ 21.441311] ? preempt_count_sub+0x50/0x80 [ 21.441330] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.441349] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.441367] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.441421] kthread+0x337/0x6f0 [ 21.441460] ? trace_preempt_on+0x20/0xc0 [ 21.441498] ? __pfx_kthread+0x10/0x10 [ 21.441535] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.441571] ? calculate_sigpending+0x7b/0xa0 [ 21.441604] ? __pfx_kthread+0x10/0x10 [ 21.441623] ret_from_fork+0x116/0x1d0 [ 21.441639] ? __pfx_kthread+0x10/0x10 [ 21.441655] ret_from_fork_asm+0x1a/0x30 [ 21.441682] </TASK> [ 21.441692] [ 21.450110] Allocated by task 187: [ 21.450392] kasan_save_stack+0x45/0x70 [ 21.450609] kasan_save_track+0x18/0x40 [ 21.450767] kasan_save_alloc_info+0x3b/0x50 [ 21.450967] __kasan_krealloc+0x190/0x1f0 [ 21.451116] krealloc_noprof+0xf3/0x340 [ 21.451265] krealloc_less_oob_helper+0x1aa/0x11d0 [ 21.451593] krealloc_less_oob+0x1c/0x30 [ 21.451909] kunit_try_run_case+0x1a5/0x480 [ 21.452201] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.452558] kthread+0x337/0x6f0 [ 21.452736] ret_from_fork+0x116/0x1d0 [ 21.452900] ret_from_fork_asm+0x1a/0x30 [ 21.453052] [ 21.453138] The buggy address belongs to the object at ffff888100ab4e00 [ 21.453138] which belongs to the cache kmalloc-256 of size 256 [ 21.453768] The buggy address is located 33 bytes to the right of [ 21.453768] allocated 201-byte region [ffff888100ab4e00, ffff888100ab4ec9) [ 21.454609] [ 21.454759] The buggy address belongs to the physical page: [ 21.455151] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab4 [ 21.455535] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.455908] flags: 0x200000000000040(head|node=0|zone=2) [ 21.456217] page_type: f5(slab) [ 21.456447] raw: 0200000000000040 ffff888100041b40 ffffea000402a900 dead000000000004 [ 21.456740] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.457111] head: 0200000000000040 ffff888100041b40 ffffea000402a900 dead000000000004 [ 21.457434] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.457774] head: 0200000000000001 ffffea000402ad01 00000000ffffffff 00000000ffffffff [ 21.458039] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 21.458273] page dumped because: kasan: bad access detected [ 21.458626] [ 21.458768] Memory state around the buggy address: [ 21.459124] ffff888100ab4d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.459575] ffff888100ab4e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.460029] >ffff888100ab4e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 21.460328] ^ [ 21.460537] ffff888100ab4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.460916] ffff888100ab4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.461349] ================================================================== [ 21.642277] ================================================================== [ 21.642768] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 21.643375] Write of size 1 at addr ffff8881028320eb by task kunit_try_catch/191 [ 21.644321] [ 21.644491] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 21.644567] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.644590] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.644623] Call Trace: [ 21.644648] <TASK> [ 21.644674] dump_stack_lvl+0x73/0xb0 [ 21.644712] print_report+0xd1/0x650 [ 21.644732] ? __virt_addr_valid+0x1db/0x2d0 [ 21.644751] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 21.644771] ? kasan_addr_to_slab+0x11/0xa0 [ 21.644788] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 21.644808] kasan_report+0x141/0x180 [ 21.644827] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 21.644866] __asan_report_store1_noabort+0x1b/0x30 [ 21.644900] krealloc_less_oob_helper+0xd47/0x11d0 [ 21.644942] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 21.644980] ? irqentry_exit+0x2a/0x60 [ 21.645016] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 21.645063] ? __pfx_krealloc_large_less_oob+0x10/0x10 [ 21.645098] krealloc_large_less_oob+0x1c/0x30 [ 21.645126] kunit_try_run_case+0x1a5/0x480 [ 21.645157] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.645185] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.645213] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.645240] ? __kthread_parkme+0x82/0x180 [ 21.645265] ? preempt_count_sub+0x50/0x80 [ 21.645292] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.645322] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.645351] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.645398] kthread+0x337/0x6f0 [ 21.645424] ? trace_preempt_on+0x20/0xc0 [ 21.645452] ? __pfx_kthread+0x10/0x10 [ 21.645476] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.645505] ? calculate_sigpending+0x7b/0xa0 [ 21.645536] ? __pfx_kthread+0x10/0x10 [ 21.645564] ret_from_fork+0x116/0x1d0 [ 21.645588] ? __pfx_kthread+0x10/0x10 [ 21.645615] ret_from_fork_asm+0x1a/0x30 [ 21.645659] </TASK> [ 21.645690] [ 21.655818] The buggy address belongs to the physical page: [ 21.656042] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102830 [ 21.656680] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.657552] flags: 0x200000000000040(head|node=0|zone=2) [ 21.657952] page_type: f8(unknown) [ 21.658336] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.659499] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.660085] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.660825] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.661457] head: 0200000000000002 ffffea00040a0c01 00000000ffffffff 00000000ffffffff [ 21.662205] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.663005] page dumped because: kasan: bad access detected [ 21.663372] [ 21.663473] Memory state around the buggy address: [ 21.663719] ffff888102831f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.664028] ffff888102832000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.664990] >ffff888102832080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 21.665558] ^ [ 21.665769] ffff888102832100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.666286] ffff888102832180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.666702] ================================================================== [ 21.405745] ================================================================== [ 21.406929] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 21.407851] Write of size 1 at addr ffff888100ab4eda by task kunit_try_catch/187 [ 21.408329] [ 21.408469] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 21.408769] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.408790] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.408813] Call Trace: [ 21.408829] <TASK> [ 21.408849] dump_stack_lvl+0x73/0xb0 [ 21.408881] print_report+0xd1/0x650 [ 21.408911] ? __virt_addr_valid+0x1db/0x2d0 [ 21.408934] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 21.408953] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.408974] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 21.408993] kasan_report+0x141/0x180 [ 21.409010] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 21.409033] __asan_report_store1_noabort+0x1b/0x30 [ 21.409052] krealloc_less_oob_helper+0xec6/0x11d0 [ 21.409072] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 21.409091] ? finish_task_switch.isra.0+0x153/0x700 [ 21.409108] ? __switch_to+0x47/0xf50 [ 21.409129] ? __schedule+0x10cc/0x2b60 [ 21.409147] ? __pfx_read_tsc+0x10/0x10 [ 21.409167] krealloc_less_oob+0x1c/0x30 [ 21.409184] kunit_try_run_case+0x1a5/0x480 [ 21.409203] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.409221] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.409239] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.409257] ? __kthread_parkme+0x82/0x180 [ 21.409273] ? preempt_count_sub+0x50/0x80 [ 21.409292] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.409311] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.409329] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.409348] kthread+0x337/0x6f0 [ 21.409363] ? trace_preempt_on+0x20/0xc0 [ 21.409405] ? __pfx_kthread+0x10/0x10 [ 21.409437] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.409472] ? calculate_sigpending+0x7b/0xa0 [ 21.409509] ? __pfx_kthread+0x10/0x10 [ 21.409547] ret_from_fork+0x116/0x1d0 [ 21.409581] ? __pfx_kthread+0x10/0x10 [ 21.409618] ret_from_fork_asm+0x1a/0x30 [ 21.409651] </TASK> [ 21.409662] [ 21.421259] Allocated by task 187: [ 21.421502] kasan_save_stack+0x45/0x70 [ 21.421987] kasan_save_track+0x18/0x40 [ 21.422200] kasan_save_alloc_info+0x3b/0x50 [ 21.422630] __kasan_krealloc+0x190/0x1f0 [ 21.423088] krealloc_noprof+0xf3/0x340 [ 21.423234] krealloc_less_oob_helper+0x1aa/0x11d0 [ 21.423651] krealloc_less_oob+0x1c/0x30 [ 21.424065] kunit_try_run_case+0x1a5/0x480 [ 21.424296] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.424653] kthread+0x337/0x6f0 [ 21.424809] ret_from_fork+0x116/0x1d0 [ 21.425162] ret_from_fork_asm+0x1a/0x30 [ 21.425494] [ 21.425818] The buggy address belongs to the object at ffff888100ab4e00 [ 21.425818] which belongs to the cache kmalloc-256 of size 256 [ 21.426471] The buggy address is located 17 bytes to the right of [ 21.426471] allocated 201-byte region [ffff888100ab4e00, ffff888100ab4ec9) [ 21.427373] [ 21.427547] The buggy address belongs to the physical page: [ 21.427982] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab4 [ 21.428339] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.428950] flags: 0x200000000000040(head|node=0|zone=2) [ 21.429286] page_type: f5(slab) [ 21.429649] raw: 0200000000000040 ffff888100041b40 ffffea000402a900 dead000000000004 [ 21.430100] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.430636] head: 0200000000000040 ffff888100041b40 ffffea000402a900 dead000000000004 [ 21.431203] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.431645] head: 0200000000000001 ffffea000402ad01 00000000ffffffff 00000000ffffffff [ 21.432069] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 21.432614] page dumped because: kasan: bad access detected [ 21.433139] [ 21.433232] Memory state around the buggy address: [ 21.433502] ffff888100ab4d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.433869] ffff888100ab4e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.434226] >ffff888100ab4e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 21.434589] ^ [ 21.434884] ffff888100ab4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.435815] ffff888100ab4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.436224] ================================================================== [ 21.616646] ================================================================== [ 21.616984] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 21.617801] Write of size 1 at addr ffff8881028320ea by task kunit_try_catch/191 [ 21.618066] [ 21.618250] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 21.618335] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.618360] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.618410] Call Trace: [ 21.618439] <TASK> [ 21.618467] dump_stack_lvl+0x73/0xb0 [ 21.618522] print_report+0xd1/0x650 [ 21.618559] ? __virt_addr_valid+0x1db/0x2d0 [ 21.618592] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 21.618625] ? kasan_addr_to_slab+0x11/0xa0 [ 21.618656] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 21.618695] kasan_report+0x141/0x180 [ 21.618729] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 21.619292] __asan_report_store1_noabort+0x1b/0x30 [ 21.619349] krealloc_less_oob_helper+0xe90/0x11d0 [ 21.619408] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 21.619445] ? irqentry_exit+0x2a/0x60 [ 21.619486] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 21.619531] ? __pfx_krealloc_large_less_oob+0x10/0x10 [ 21.619590] krealloc_large_less_oob+0x1c/0x30 [ 21.619628] kunit_try_run_case+0x1a5/0x480 [ 21.619673] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.619708] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.619747] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.619786] ? __kthread_parkme+0x82/0x180 [ 21.619822] ? preempt_count_sub+0x50/0x80 [ 21.619858] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.619890] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.619928] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.619967] kthread+0x337/0x6f0 [ 21.620006] ? trace_preempt_on+0x20/0xc0 [ 21.620091] ? __pfx_kthread+0x10/0x10 [ 21.620131] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.620168] ? calculate_sigpending+0x7b/0xa0 [ 21.620209] ? __pfx_kthread+0x10/0x10 [ 21.620249] ret_from_fork+0x116/0x1d0 [ 21.620284] ? __pfx_kthread+0x10/0x10 [ 21.620319] ret_from_fork_asm+0x1a/0x30 [ 21.620392] </TASK> [ 21.620408] [ 21.630750] The buggy address belongs to the physical page: [ 21.631641] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102830 [ 21.632477] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.633147] flags: 0x200000000000040(head|node=0|zone=2) [ 21.633556] page_type: f8(unknown) [ 21.633988] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.634619] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.634873] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.635104] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.635458] head: 0200000000000002 ffffea00040a0c01 00000000ffffffff 00000000ffffffff [ 21.636083] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.636653] page dumped because: kasan: bad access detected [ 21.637389] [ 21.637563] Memory state around the buggy address: [ 21.637877] ffff888102831f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.638370] ffff888102832000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.639208] >ffff888102832080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 21.639835] ^ [ 21.640473] ffff888102832100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.641023] ffff888102832180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.641593] ================================================================== [ 21.541414] ================================================================== [ 21.542225] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 21.542888] Write of size 1 at addr ffff8881028320c9 by task kunit_try_catch/191 [ 21.543600] [ 21.543765] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 21.543969] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.543997] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.544219] Call Trace: [ 21.544263] <TASK> [ 21.544296] dump_stack_lvl+0x73/0xb0 [ 21.544688] print_report+0xd1/0x650 [ 21.544715] ? __virt_addr_valid+0x1db/0x2d0 [ 21.544751] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 21.544772] ? kasan_addr_to_slab+0x11/0xa0 [ 21.544789] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 21.544809] kasan_report+0x141/0x180 [ 21.544829] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 21.544862] __asan_report_store1_noabort+0x1b/0x30 [ 21.544883] krealloc_less_oob_helper+0xd70/0x11d0 [ 21.544905] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 21.544924] ? irqentry_exit+0x2a/0x60 [ 21.544943] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 21.544967] ? __pfx_krealloc_large_less_oob+0x10/0x10 [ 21.544990] krealloc_large_less_oob+0x1c/0x30 [ 21.545009] kunit_try_run_case+0x1a5/0x480 [ 21.545031] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.545050] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.545070] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.545109] ? __kthread_parkme+0x82/0x180 [ 21.545136] ? preempt_count_sub+0x50/0x80 [ 21.545165] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.545196] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.545225] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.545255] kthread+0x337/0x6f0 [ 21.545281] ? trace_preempt_on+0x20/0xc0 [ 21.545311] ? __pfx_kthread+0x10/0x10 [ 21.545339] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.545368] ? calculate_sigpending+0x7b/0xa0 [ 21.545417] ? __pfx_kthread+0x10/0x10 [ 21.545438] ret_from_fork+0x116/0x1d0 [ 21.545456] ? __pfx_kthread+0x10/0x10 [ 21.545473] ret_from_fork_asm+0x1a/0x30 [ 21.545500] </TASK> [ 21.545512] [ 21.557747] The buggy address belongs to the physical page: [ 21.557960] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102830 [ 21.558820] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.559361] flags: 0x200000000000040(head|node=0|zone=2) [ 21.559583] page_type: f8(unknown) [ 21.560008] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.560875] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.561417] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.561737] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.562601] head: 0200000000000002 ffffea00040a0c01 00000000ffffffff 00000000ffffffff [ 21.563309] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.563520] page dumped because: kasan: bad access detected [ 21.564007] [ 21.564287] Memory state around the buggy address: [ 21.564563] ffff888102831f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.565038] ffff888102832000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.565530] >ffff888102832080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 21.565820] ^ [ 21.566683] ffff888102832100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.567101] ffff888102832180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.567572] ================================================================== [ 21.568438] ================================================================== [ 21.569022] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 21.569907] Write of size 1 at addr ffff8881028320d0 by task kunit_try_catch/191 [ 21.570266] [ 21.570402] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 21.570748] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.570800] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.570890] Call Trace: [ 21.570920] <TASK> [ 21.570946] dump_stack_lvl+0x73/0xb0 [ 21.571001] print_report+0xd1/0x650 [ 21.571040] ? __virt_addr_valid+0x1db/0x2d0 [ 21.571081] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 21.571122] ? kasan_addr_to_slab+0x11/0xa0 [ 21.571159] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 21.571201] kasan_report+0x141/0x180 [ 21.571239] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 21.571394] __asan_report_store1_noabort+0x1b/0x30 [ 21.571422] krealloc_less_oob_helper+0xe23/0x11d0 [ 21.571445] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 21.571465] ? irqentry_exit+0x2a/0x60 [ 21.571483] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 21.571507] ? __pfx_krealloc_large_less_oob+0x10/0x10 [ 21.571529] krealloc_large_less_oob+0x1c/0x30 [ 21.571548] kunit_try_run_case+0x1a5/0x480 [ 21.571568] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.571587] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.571606] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.571625] ? __kthread_parkme+0x82/0x180 [ 21.571641] ? preempt_count_sub+0x50/0x80 [ 21.571661] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.571681] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.571700] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.571720] kthread+0x337/0x6f0 [ 21.571736] ? trace_preempt_on+0x20/0xc0 [ 21.571754] ? __pfx_kthread+0x10/0x10 [ 21.571772] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.571789] ? calculate_sigpending+0x7b/0xa0 [ 21.571809] ? __pfx_kthread+0x10/0x10 [ 21.571827] ret_from_fork+0x116/0x1d0 [ 21.571852] ? __pfx_kthread+0x10/0x10 [ 21.571871] ret_from_fork_asm+0x1a/0x30 [ 21.571898] </TASK> [ 21.571909] [ 21.582195] The buggy address belongs to the physical page: [ 21.582334] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102830 [ 21.582807] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.583278] flags: 0x200000000000040(head|node=0|zone=2) [ 21.584554] page_type: f8(unknown) [ 21.584726] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.585170] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.585855] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.586570] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.587129] head: 0200000000000002 ffffea00040a0c01 00000000ffffffff 00000000ffffffff [ 21.587580] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.588415] page dumped because: kasan: bad access detected [ 21.588696] [ 21.588792] Memory state around the buggy address: [ 21.589178] ffff888102831f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.589995] ffff888102832000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.590882] >ffff888102832080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 21.591324] ^ [ 21.591819] ffff888102832100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.592293] ffff888102832180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.592731] ================================================================== [ 21.348830] ================================================================== [ 21.349243] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 21.349848] Write of size 1 at addr ffff888100ab4ec9 by task kunit_try_catch/187 [ 21.350820] [ 21.350952] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 21.351070] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.351094] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.351142] Call Trace: [ 21.351166] <TASK> [ 21.351191] dump_stack_lvl+0x73/0xb0 [ 21.351241] print_report+0xd1/0x650 [ 21.351274] ? __virt_addr_valid+0x1db/0x2d0 [ 21.351312] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 21.351352] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.351409] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 21.351444] kasan_report+0x141/0x180 [ 21.351464] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 21.351487] __asan_report_store1_noabort+0x1b/0x30 [ 21.351506] krealloc_less_oob_helper+0xd70/0x11d0 [ 21.351527] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 21.351546] ? finish_task_switch.isra.0+0x153/0x700 [ 21.351564] ? __switch_to+0x47/0xf50 [ 21.351585] ? __schedule+0x10cc/0x2b60 [ 21.351603] ? __pfx_read_tsc+0x10/0x10 [ 21.351623] krealloc_less_oob+0x1c/0x30 [ 21.351640] kunit_try_run_case+0x1a5/0x480 [ 21.351660] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.351678] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.351696] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.351715] ? __kthread_parkme+0x82/0x180 [ 21.351732] ? preempt_count_sub+0x50/0x80 [ 21.351750] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.351769] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.351787] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.351806] kthread+0x337/0x6f0 [ 21.351822] ? trace_preempt_on+0x20/0xc0 [ 21.351860] ? __pfx_kthread+0x10/0x10 [ 21.351877] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.351894] ? calculate_sigpending+0x7b/0xa0 [ 21.351913] ? __pfx_kthread+0x10/0x10 [ 21.351931] ret_from_fork+0x116/0x1d0 [ 21.351946] ? __pfx_kthread+0x10/0x10 [ 21.351962] ret_from_fork_asm+0x1a/0x30 [ 21.351989] </TASK> [ 21.352000] [ 21.361724] Allocated by task 187: [ 21.362557] kasan_save_stack+0x45/0x70 [ 21.362762] kasan_save_track+0x18/0x40 [ 21.363035] kasan_save_alloc_info+0x3b/0x50 [ 21.363254] __kasan_krealloc+0x190/0x1f0 [ 21.363508] krealloc_noprof+0xf3/0x340 [ 21.363715] krealloc_less_oob_helper+0x1aa/0x11d0 [ 21.364624] krealloc_less_oob+0x1c/0x30 [ 21.364788] kunit_try_run_case+0x1a5/0x480 [ 21.365202] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.365466] kthread+0x337/0x6f0 [ 21.365619] ret_from_fork+0x116/0x1d0 [ 21.365785] ret_from_fork_asm+0x1a/0x30 [ 21.366785] [ 21.366942] The buggy address belongs to the object at ffff888100ab4e00 [ 21.366942] which belongs to the cache kmalloc-256 of size 256 [ 21.367409] The buggy address is located 0 bytes to the right of [ 21.367409] allocated 201-byte region [ffff888100ab4e00, ffff888100ab4ec9) [ 21.368150] [ 21.368287] The buggy address belongs to the physical page: [ 21.368648] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab4 [ 21.369082] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.369506] flags: 0x200000000000040(head|node=0|zone=2) [ 21.369820] page_type: f5(slab) [ 21.369959] raw: 0200000000000040 ffff888100041b40 ffffea000402a900 dead000000000004 [ 21.370448] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.370762] head: 0200000000000040 ffff888100041b40 ffffea000402a900 dead000000000004 [ 21.371165] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.371723] head: 0200000000000001 ffffea000402ad01 00000000ffffffff 00000000ffffffff [ 21.372249] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 21.372720] page dumped because: kasan: bad access detected [ 21.373093] [ 21.373253] Memory state around the buggy address: [ 21.373642] ffff888100ab4d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.374172] ffff888100ab4e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.374580] >ffff888100ab4e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 21.375251] ^ [ 21.375552] ffff888100ab4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.375816] ffff888100ab4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.376339] ================================================================== [ 21.462646] ================================================================== [ 21.463489] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 21.463995] Write of size 1 at addr ffff888100ab4eeb by task kunit_try_catch/187 [ 21.464460] [ 21.464640] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 21.464715] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.464735] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.464768] Call Trace: [ 21.464792] <TASK> [ 21.464818] dump_stack_lvl+0x73/0xb0 [ 21.464901] print_report+0xd1/0x650 [ 21.464942] ? __virt_addr_valid+0x1db/0x2d0 [ 21.464981] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 21.465021] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.465065] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 21.465106] kasan_report+0x141/0x180 [ 21.465144] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 21.465194] __asan_report_store1_noabort+0x1b/0x30 [ 21.465230] krealloc_less_oob_helper+0xd47/0x11d0 [ 21.465267] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 21.465690] ? finish_task_switch.isra.0+0x153/0x700 [ 21.465759] ? __switch_to+0x47/0xf50 [ 21.465793] ? __schedule+0x10cc/0x2b60 [ 21.465828] ? __pfx_read_tsc+0x10/0x10 [ 21.465892] krealloc_less_oob+0x1c/0x30 [ 21.465927] kunit_try_run_case+0x1a5/0x480 [ 21.465965] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.466003] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.466050] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.466091] ? __kthread_parkme+0x82/0x180 [ 21.466130] ? preempt_count_sub+0x50/0x80 [ 21.466173] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.466216] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.466257] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.466299] kthread+0x337/0x6f0 [ 21.466335] ? trace_preempt_on+0x20/0xc0 [ 21.466391] ? __pfx_kthread+0x10/0x10 [ 21.466433] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.466473] ? calculate_sigpending+0x7b/0xa0 [ 21.466513] ? __pfx_kthread+0x10/0x10 [ 21.466569] ret_from_fork+0x116/0x1d0 [ 21.466604] ? __pfx_kthread+0x10/0x10 [ 21.466639] ret_from_fork_asm+0x1a/0x30 [ 21.466697] </TASK> [ 21.466719] [ 21.476538] Allocated by task 187: [ 21.476735] kasan_save_stack+0x45/0x70 [ 21.477003] kasan_save_track+0x18/0x40 [ 21.477217] kasan_save_alloc_info+0x3b/0x50 [ 21.477522] __kasan_krealloc+0x190/0x1f0 [ 21.477692] krealloc_noprof+0xf3/0x340 [ 21.477967] krealloc_less_oob_helper+0x1aa/0x11d0 [ 21.478221] krealloc_less_oob+0x1c/0x30 [ 21.478536] kunit_try_run_case+0x1a5/0x480 [ 21.478751] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.479115] kthread+0x337/0x6f0 [ 21.479356] ret_from_fork+0x116/0x1d0 [ 21.479593] ret_from_fork_asm+0x1a/0x30 [ 21.479805] [ 21.479976] The buggy address belongs to the object at ffff888100ab4e00 [ 21.479976] which belongs to the cache kmalloc-256 of size 256 [ 21.480550] The buggy address is located 34 bytes to the right of [ 21.480550] allocated 201-byte region [ffff888100ab4e00, ffff888100ab4ec9) [ 21.481216] [ 21.481356] The buggy address belongs to the physical page: [ 21.481589] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab4 [ 21.481904] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.482425] flags: 0x200000000000040(head|node=0|zone=2) [ 21.482856] page_type: f5(slab) [ 21.483105] raw: 0200000000000040 ffff888100041b40 ffffea000402a900 dead000000000004 [ 21.483372] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.483649] head: 0200000000000040 ffff888100041b40 ffffea000402a900 dead000000000004 [ 21.484151] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.484565] head: 0200000000000001 ffffea000402ad01 00000000ffffffff 00000000ffffffff [ 21.484858] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 21.485083] page dumped because: kasan: bad access detected [ 21.485253] [ 21.485334] Memory state around the buggy address: [ 21.485503] ffff888100ab4d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.485956] ffff888100ab4e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.486437] >ffff888100ab4e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 21.486890] ^ [ 21.487282] ffff888100ab4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.487667] ffff888100ab4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.487954] ================================================================== [ 21.593428] ================================================================== [ 21.593731] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 21.594412] Write of size 1 at addr ffff8881028320da by task kunit_try_catch/191 [ 21.594673] [ 21.594787] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 21.594904] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.594943] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.594979] Call Trace: [ 21.595005] <TASK> [ 21.595028] dump_stack_lvl+0x73/0xb0 [ 21.595085] print_report+0xd1/0x650 [ 21.595122] ? __virt_addr_valid+0x1db/0x2d0 [ 21.595159] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 21.595196] ? kasan_addr_to_slab+0x11/0xa0 [ 21.595232] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 21.595273] kasan_report+0x141/0x180 [ 21.595312] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 21.595364] __asan_report_store1_noabort+0x1b/0x30 [ 21.595420] krealloc_less_oob_helper+0xec6/0x11d0 [ 21.595465] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 21.595504] ? irqentry_exit+0x2a/0x60 [ 21.595542] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 21.595591] ? __pfx_krealloc_large_less_oob+0x10/0x10 [ 21.595628] krealloc_large_less_oob+0x1c/0x30 [ 21.595659] kunit_try_run_case+0x1a5/0x480 [ 21.595696] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.595730] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.595764] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.595802] ? __kthread_parkme+0x82/0x180 [ 21.595836] ? preempt_count_sub+0x50/0x80 [ 21.595872] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.595905] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.595941] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.595976] kthread+0x337/0x6f0 [ 21.596007] ? trace_preempt_on+0x20/0xc0 [ 21.596045] ? __pfx_kthread+0x10/0x10 [ 21.596082] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.596120] ? calculate_sigpending+0x7b/0xa0 [ 21.596161] ? __pfx_kthread+0x10/0x10 [ 21.596200] ret_from_fork+0x116/0x1d0 [ 21.596235] ? __pfx_kthread+0x10/0x10 [ 21.596288] ret_from_fork_asm+0x1a/0x30 [ 21.596357] </TASK> [ 21.596375] [ 21.607487] The buggy address belongs to the physical page: [ 21.607909] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102830 [ 21.608214] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.608453] flags: 0x200000000000040(head|node=0|zone=2) [ 21.608643] page_type: f8(unknown) [ 21.608830] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.609399] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.609860] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.610781] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.611588] head: 0200000000000002 ffffea00040a0c01 00000000ffffffff 00000000ffffffff [ 21.611859] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.612520] page dumped because: kasan: bad access detected [ 21.612794] [ 21.612962] Memory state around the buggy address: [ 21.613337] ffff888102831f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.613655] ffff888102832000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.614542] >ffff888102832080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 21.614845] ^ [ 21.615052] ffff888102832100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.615264] ffff888102832180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.615726] ================================================================== [ 21.377956] ================================================================== [ 21.378751] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 21.379148] Write of size 1 at addr ffff888100ab4ed0 by task kunit_try_catch/187 [ 21.379360] [ 21.379485] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 21.379564] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.379583] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.379644] Call Trace: [ 21.379670] <TASK> [ 21.379694] dump_stack_lvl+0x73/0xb0 [ 21.379745] print_report+0xd1/0x650 [ 21.379789] ? __virt_addr_valid+0x1db/0x2d0 [ 21.379822] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 21.379853] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.379891] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 21.379927] kasan_report+0x141/0x180 [ 21.379964] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 21.380013] __asan_report_store1_noabort+0x1b/0x30 [ 21.380047] krealloc_less_oob_helper+0xe23/0x11d0 [ 21.380091] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 21.380131] ? finish_task_switch.isra.0+0x153/0x700 [ 21.380169] ? __switch_to+0x47/0xf50 [ 21.380214] ? __schedule+0x10cc/0x2b60 [ 21.380254] ? __pfx_read_tsc+0x10/0x10 [ 21.380298] krealloc_less_oob+0x1c/0x30 [ 21.380331] kunit_try_run_case+0x1a5/0x480 [ 21.380363] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.380400] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.380421] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.380440] ? __kthread_parkme+0x82/0x180 [ 21.380457] ? preempt_count_sub+0x50/0x80 [ 21.380475] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.380494] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.380513] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.380534] kthread+0x337/0x6f0 [ 21.380550] ? trace_preempt_on+0x20/0xc0 [ 21.380569] ? __pfx_kthread+0x10/0x10 [ 21.380585] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.380602] ? calculate_sigpending+0x7b/0xa0 [ 21.380622] ? __pfx_kthread+0x10/0x10 [ 21.380640] ret_from_fork+0x116/0x1d0 [ 21.380655] ? __pfx_kthread+0x10/0x10 [ 21.380671] ret_from_fork_asm+0x1a/0x30 [ 21.380697] </TASK> [ 21.380707] [ 21.390103] Allocated by task 187: [ 21.390412] kasan_save_stack+0x45/0x70 [ 21.390612] kasan_save_track+0x18/0x40 [ 21.390806] kasan_save_alloc_info+0x3b/0x50 [ 21.391398] __kasan_krealloc+0x190/0x1f0 [ 21.391573] krealloc_noprof+0xf3/0x340 [ 21.391719] krealloc_less_oob_helper+0x1aa/0x11d0 [ 21.392297] krealloc_less_oob+0x1c/0x30 [ 21.392514] kunit_try_run_case+0x1a5/0x480 [ 21.392720] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.393261] kthread+0x337/0x6f0 [ 21.393436] ret_from_fork+0x116/0x1d0 [ 21.393607] ret_from_fork_asm+0x1a/0x30 [ 21.393785] [ 21.394300] The buggy address belongs to the object at ffff888100ab4e00 [ 21.394300] which belongs to the cache kmalloc-256 of size 256 [ 21.395192] The buggy address is located 7 bytes to the right of [ 21.395192] allocated 201-byte region [ffff888100ab4e00, ffff888100ab4ec9) [ 21.395788] [ 21.395961] The buggy address belongs to the physical page: [ 21.396310] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab4 [ 21.396598] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.397041] flags: 0x200000000000040(head|node=0|zone=2) [ 21.397287] page_type: f5(slab) [ 21.398096] raw: 0200000000000040 ffff888100041b40 ffffea000402a900 dead000000000004 [ 21.398475] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.398797] head: 0200000000000040 ffff888100041b40 ffffea000402a900 dead000000000004 [ 21.399559] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.400397] head: 0200000000000001 ffffea000402ad01 00000000ffffffff 00000000ffffffff [ 21.400731] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 21.401302] page dumped because: kasan: bad access detected [ 21.401524] [ 21.401818] Memory state around the buggy address: [ 21.402285] ffff888100ab4d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.402603] ffff888100ab4e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.403216] >ffff888100ab4e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 21.403586] ^ [ 21.403772] ffff888100ab4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.404170] ffff888100ab4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.404501] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 21.493273] ================================================================== [ 21.493698] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 21.494171] Write of size 1 at addr ffff8881029920eb by task kunit_try_catch/189 [ 21.494674] [ 21.494792] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 21.494902] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.494925] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.494960] Call Trace: [ 21.494986] <TASK> [ 21.495014] dump_stack_lvl+0x73/0xb0 [ 21.495066] print_report+0xd1/0x650 [ 21.495097] ? __virt_addr_valid+0x1db/0x2d0 [ 21.495132] ? krealloc_more_oob_helper+0x821/0x930 [ 21.495168] ? kasan_addr_to_slab+0x11/0xa0 [ 21.495202] ? krealloc_more_oob_helper+0x821/0x930 [ 21.495239] kasan_report+0x141/0x180 [ 21.495278] ? krealloc_more_oob_helper+0x821/0x930 [ 21.495323] __asan_report_store1_noabort+0x1b/0x30 [ 21.495360] krealloc_more_oob_helper+0x821/0x930 [ 21.495411] ? __schedule+0x10cc/0x2b60 [ 21.495448] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 21.495487] ? finish_task_switch.isra.0+0x153/0x700 [ 21.495522] ? __switch_to+0x47/0xf50 [ 21.495560] ? __schedule+0x10cc/0x2b60 [ 21.495578] ? __pfx_read_tsc+0x10/0x10 [ 21.495599] krealloc_large_more_oob+0x1c/0x30 [ 21.495617] kunit_try_run_case+0x1a5/0x480 [ 21.495637] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.495655] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.495673] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.495692] ? __kthread_parkme+0x82/0x180 [ 21.495708] ? preempt_count_sub+0x50/0x80 [ 21.495727] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.495746] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.495764] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.495783] kthread+0x337/0x6f0 [ 21.495799] ? trace_preempt_on+0x20/0xc0 [ 21.495817] ? __pfx_kthread+0x10/0x10 [ 21.495839] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.495891] ? calculate_sigpending+0x7b/0xa0 [ 21.495922] ? __pfx_kthread+0x10/0x10 [ 21.495955] ret_from_fork+0x116/0x1d0 [ 21.495984] ? __pfx_kthread+0x10/0x10 [ 21.496015] ret_from_fork_asm+0x1a/0x30 [ 21.496067] </TASK> [ 21.496089] [ 21.507289] The buggy address belongs to the physical page: [ 21.507614] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102990 [ 21.508418] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.508709] flags: 0x200000000000040(head|node=0|zone=2) [ 21.509051] page_type: f8(unknown) [ 21.509259] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.509537] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.509952] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.510301] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.510702] head: 0200000000000002 ffffea00040a6401 00000000ffffffff 00000000ffffffff [ 21.510984] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.511428] page dumped because: kasan: bad access detected [ 21.511920] [ 21.512052] Memory state around the buggy address: [ 21.512367] ffff888102991f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.512825] ffff888102992000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.513253] >ffff888102992080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 21.513666] ^ [ 21.514070] ffff888102992100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.514508] ffff888102992180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.515022] ================================================================== [ 21.282823] ================================================================== [ 21.283215] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 21.283771] Write of size 1 at addr ffff888100ab9eeb by task kunit_try_catch/185 [ 21.284696] [ 21.285174] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 21.285257] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.285276] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.285307] Call Trace: [ 21.285327] <TASK> [ 21.285352] dump_stack_lvl+0x73/0xb0 [ 21.285590] print_report+0xd1/0x650 [ 21.285635] ? __virt_addr_valid+0x1db/0x2d0 [ 21.285670] ? krealloc_more_oob_helper+0x821/0x930 [ 21.285706] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.285744] ? krealloc_more_oob_helper+0x821/0x930 [ 21.285957] kasan_report+0x141/0x180 [ 21.285984] ? krealloc_more_oob_helper+0x821/0x930 [ 21.286020] __asan_report_store1_noabort+0x1b/0x30 [ 21.286045] krealloc_more_oob_helper+0x821/0x930 [ 21.286065] ? __schedule+0x10cc/0x2b60 [ 21.286096] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 21.286128] ? finish_task_switch.isra.0+0x153/0x700 [ 21.286158] ? __switch_to+0x47/0xf50 [ 21.286194] ? __schedule+0x10cc/0x2b60 [ 21.286213] ? __pfx_read_tsc+0x10/0x10 [ 21.286236] krealloc_more_oob+0x1c/0x30 [ 21.286255] kunit_try_run_case+0x1a5/0x480 [ 21.286277] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.286296] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.286316] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.286335] ? __kthread_parkme+0x82/0x180 [ 21.286353] ? preempt_count_sub+0x50/0x80 [ 21.286372] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.286421] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.286459] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.286496] kthread+0x337/0x6f0 [ 21.286529] ? trace_preempt_on+0x20/0xc0 [ 21.286566] ? __pfx_kthread+0x10/0x10 [ 21.286585] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.286604] ? calculate_sigpending+0x7b/0xa0 [ 21.286625] ? __pfx_kthread+0x10/0x10 [ 21.286644] ret_from_fork+0x116/0x1d0 [ 21.286661] ? __pfx_kthread+0x10/0x10 [ 21.286679] ret_from_fork_asm+0x1a/0x30 [ 21.286708] </TASK> [ 21.286720] [ 21.297605] Allocated by task 185: [ 21.297916] kasan_save_stack+0x45/0x70 [ 21.298355] kasan_save_track+0x18/0x40 [ 21.298622] kasan_save_alloc_info+0x3b/0x50 [ 21.298800] __kasan_krealloc+0x190/0x1f0 [ 21.298991] krealloc_noprof+0xf3/0x340 [ 21.299260] krealloc_more_oob_helper+0x1a9/0x930 [ 21.299508] krealloc_more_oob+0x1c/0x30 [ 21.299783] kunit_try_run_case+0x1a5/0x480 [ 21.300048] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.300549] kthread+0x337/0x6f0 [ 21.300802] ret_from_fork+0x116/0x1d0 [ 21.301589] ret_from_fork_asm+0x1a/0x30 [ 21.301938] [ 21.302226] The buggy address belongs to the object at ffff888100ab9e00 [ 21.302226] which belongs to the cache kmalloc-256 of size 256 [ 21.302819] The buggy address is located 0 bytes to the right of [ 21.302819] allocated 235-byte region [ffff888100ab9e00, ffff888100ab9eeb) [ 21.303671] [ 21.303836] The buggy address belongs to the physical page: [ 21.304320] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab8 [ 21.304682] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.304917] flags: 0x200000000000040(head|node=0|zone=2) [ 21.305107] page_type: f5(slab) [ 21.305514] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 21.306047] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.307013] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 21.307678] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.308207] head: 0200000000000001 ffffea000402ae01 00000000ffffffff 00000000ffffffff [ 21.308434] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 21.308871] page dumped because: kasan: bad access detected [ 21.309352] [ 21.309518] Memory state around the buggy address: [ 21.309798] ffff888100ab9d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.310240] ffff888100ab9e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.310771] >ffff888100ab9e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 21.311064] ^ [ 21.311916] ffff888100ab9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.312127] ffff888100ab9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.312744] ================================================================== [ 21.314754] ================================================================== [ 21.315128] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 21.315369] Write of size 1 at addr ffff888100ab9ef0 by task kunit_try_catch/185 [ 21.315888] [ 21.315999] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 21.316081] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.316103] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.316134] Call Trace: [ 21.316159] <TASK> [ 21.316184] dump_stack_lvl+0x73/0xb0 [ 21.316235] print_report+0xd1/0x650 [ 21.316272] ? __virt_addr_valid+0x1db/0x2d0 [ 21.316312] ? krealloc_more_oob_helper+0x7eb/0x930 [ 21.316351] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.316402] ? krealloc_more_oob_helper+0x7eb/0x930 [ 21.316442] kasan_report+0x141/0x180 [ 21.316478] ? krealloc_more_oob_helper+0x7eb/0x930 [ 21.316522] __asan_report_store1_noabort+0x1b/0x30 [ 21.316563] krealloc_more_oob_helper+0x7eb/0x930 [ 21.316623] ? __schedule+0x10cc/0x2b60 [ 21.316663] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 21.316704] ? finish_task_switch.isra.0+0x153/0x700 [ 21.316743] ? __switch_to+0x47/0xf50 [ 21.316788] ? __schedule+0x10cc/0x2b60 [ 21.316827] ? __pfx_read_tsc+0x10/0x10 [ 21.316870] krealloc_more_oob+0x1c/0x30 [ 21.316908] kunit_try_run_case+0x1a5/0x480 [ 21.316949] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.316978] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.316998] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.317017] ? __kthread_parkme+0x82/0x180 [ 21.317034] ? preempt_count_sub+0x50/0x80 [ 21.317052] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.317071] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.317090] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.317109] kthread+0x337/0x6f0 [ 21.317125] ? trace_preempt_on+0x20/0xc0 [ 21.317143] ? __pfx_kthread+0x10/0x10 [ 21.317160] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.317177] ? calculate_sigpending+0x7b/0xa0 [ 21.317196] ? __pfx_kthread+0x10/0x10 [ 21.317214] ret_from_fork+0x116/0x1d0 [ 21.317229] ? __pfx_kthread+0x10/0x10 [ 21.317245] ret_from_fork_asm+0x1a/0x30 [ 21.317272] </TASK> [ 21.317283] [ 21.328326] Allocated by task 185: [ 21.328485] kasan_save_stack+0x45/0x70 [ 21.328641] kasan_save_track+0x18/0x40 [ 21.328795] kasan_save_alloc_info+0x3b/0x50 [ 21.329261] __kasan_krealloc+0x190/0x1f0 [ 21.329560] krealloc_noprof+0xf3/0x340 [ 21.329820] krealloc_more_oob_helper+0x1a9/0x930 [ 21.330029] krealloc_more_oob+0x1c/0x30 [ 21.330481] kunit_try_run_case+0x1a5/0x480 [ 21.330811] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.331518] kthread+0x337/0x6f0 [ 21.331795] ret_from_fork+0x116/0x1d0 [ 21.332217] ret_from_fork_asm+0x1a/0x30 [ 21.332450] [ 21.332603] The buggy address belongs to the object at ffff888100ab9e00 [ 21.332603] which belongs to the cache kmalloc-256 of size 256 [ 21.333462] The buggy address is located 5 bytes to the right of [ 21.333462] allocated 235-byte region [ffff888100ab9e00, ffff888100ab9eeb) [ 21.334030] [ 21.334311] The buggy address belongs to the physical page: [ 21.334680] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab8 [ 21.335056] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.335604] flags: 0x200000000000040(head|node=0|zone=2) [ 21.336009] page_type: f5(slab) [ 21.336697] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 21.337050] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.337730] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 21.338319] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.338665] head: 0200000000000001 ffffea000402ae01 00000000ffffffff 00000000ffffffff [ 21.339276] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 21.339702] page dumped because: kasan: bad access detected [ 21.339879] [ 21.340034] Memory state around the buggy address: [ 21.340469] ffff888100ab9d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.340757] ffff888100ab9e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.341131] >ffff888100ab9e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 21.341657] ^ [ 21.341993] ffff888100ab9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.342418] ffff888100ab9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.342778] ================================================================== [ 21.516899] ================================================================== [ 21.517248] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 21.517555] Write of size 1 at addr ffff8881029920f0 by task kunit_try_catch/189 [ 21.518002] [ 21.518139] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 21.518221] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.518244] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.518284] Call Trace: [ 21.518309] <TASK> [ 21.518338] dump_stack_lvl+0x73/0xb0 [ 21.518423] print_report+0xd1/0x650 [ 21.518464] ? __virt_addr_valid+0x1db/0x2d0 [ 21.518508] ? krealloc_more_oob_helper+0x7eb/0x930 [ 21.518548] ? kasan_addr_to_slab+0x11/0xa0 [ 21.518593] ? krealloc_more_oob_helper+0x7eb/0x930 [ 21.518650] kasan_report+0x141/0x180 [ 21.518690] ? krealloc_more_oob_helper+0x7eb/0x930 [ 21.518738] __asan_report_store1_noabort+0x1b/0x30 [ 21.518779] krealloc_more_oob_helper+0x7eb/0x930 [ 21.518825] ? __schedule+0x10cc/0x2b60 [ 21.518865] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 21.518922] ? finish_task_switch.isra.0+0x153/0x700 [ 21.518968] ? __switch_to+0x47/0xf50 [ 21.519030] ? __schedule+0x10cc/0x2b60 [ 21.519074] ? __pfx_read_tsc+0x10/0x10 [ 21.519118] krealloc_large_more_oob+0x1c/0x30 [ 21.519163] kunit_try_run_case+0x1a5/0x480 [ 21.519200] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.519225] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.519250] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.519272] ? __kthread_parkme+0x82/0x180 [ 21.519289] ? preempt_count_sub+0x50/0x80 [ 21.519308] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.519327] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.519346] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.519365] kthread+0x337/0x6f0 [ 21.519399] ? trace_preempt_on+0x20/0xc0 [ 21.519427] ? __pfx_kthread+0x10/0x10 [ 21.519449] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.519470] ? calculate_sigpending+0x7b/0xa0 [ 21.519490] ? __pfx_kthread+0x10/0x10 [ 21.519507] ret_from_fork+0x116/0x1d0 [ 21.519522] ? __pfx_kthread+0x10/0x10 [ 21.519538] ret_from_fork_asm+0x1a/0x30 [ 21.519564] </TASK> [ 21.519575] [ 21.528162] The buggy address belongs to the physical page: [ 21.528443] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102990 [ 21.528692] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.529013] flags: 0x200000000000040(head|node=0|zone=2) [ 21.529429] page_type: f8(unknown) [ 21.529697] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.530363] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.530622] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.531019] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.531526] head: 0200000000000002 ffffea00040a6401 00000000ffffffff 00000000ffffffff [ 21.531826] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.532244] page dumped because: kasan: bad access detected [ 21.532560] [ 21.532702] Memory state around the buggy address: [ 21.532952] ffff888102991f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.533332] ffff888102992000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.533731] >ffff888102992080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 21.534210] ^ [ 21.534566] ffff888102992100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.534857] ffff888102992180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.535257] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 21.051201] ================================================================== [ 21.051606] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0 [ 21.052694] Read of size 1 at addr ffff88810385b000 by task kunit_try_catch/169 [ 21.053262] [ 21.053517] CPU: 0 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 21.053600] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.053619] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.053648] Call Trace: [ 21.053669] <TASK> [ 21.053694] dump_stack_lvl+0x73/0xb0 [ 21.053743] print_report+0xd1/0x650 [ 21.053773] ? __virt_addr_valid+0x1db/0x2d0 [ 21.053806] ? kmalloc_node_oob_right+0x369/0x3c0 [ 21.053994] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.054033] ? kmalloc_node_oob_right+0x369/0x3c0 [ 21.054057] kasan_report+0x141/0x180 [ 21.054086] ? kmalloc_node_oob_right+0x369/0x3c0 [ 21.054126] __asan_report_load1_noabort+0x18/0x20 [ 21.054161] kmalloc_node_oob_right+0x369/0x3c0 [ 21.054197] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 21.054220] ? __schedule+0x10cc/0x2b60 [ 21.054239] ? __pfx_read_tsc+0x10/0x10 [ 21.054258] ? ktime_get_ts64+0x86/0x230 [ 21.054280] kunit_try_run_case+0x1a5/0x480 [ 21.054303] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.054324] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.054345] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.054365] ? __kthread_parkme+0x82/0x180 [ 21.054402] ? preempt_count_sub+0x50/0x80 [ 21.054426] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.054449] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.054470] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.054491] kthread+0x337/0x6f0 [ 21.054509] ? trace_preempt_on+0x20/0xc0 [ 21.054531] ? __pfx_kthread+0x10/0x10 [ 21.054550] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.054569] ? calculate_sigpending+0x7b/0xa0 [ 21.054591] ? __pfx_kthread+0x10/0x10 [ 21.054610] ret_from_fork+0x116/0x1d0 [ 21.054627] ? __pfx_kthread+0x10/0x10 [ 21.054646] ret_from_fork_asm+0x1a/0x30 [ 21.054675] </TASK> [ 21.054688] [ 21.064156] Allocated by task 169: [ 21.064311] kasan_save_stack+0x45/0x70 [ 21.064481] kasan_save_track+0x18/0x40 [ 21.064742] kasan_save_alloc_info+0x3b/0x50 [ 21.065024] __kasan_kmalloc+0xb7/0xc0 [ 21.065286] __kmalloc_cache_node_noprof+0x188/0x420 [ 21.066776] kmalloc_node_oob_right+0xab/0x3c0 [ 21.067017] kunit_try_run_case+0x1a5/0x480 [ 21.067181] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.067421] kthread+0x337/0x6f0 [ 21.067668] ret_from_fork+0x116/0x1d0 [ 21.068826] ret_from_fork_asm+0x1a/0x30 [ 21.069120] [ 21.069214] The buggy address belongs to the object at ffff88810385a000 [ 21.069214] which belongs to the cache kmalloc-4k of size 4096 [ 21.069427] The buggy address is located 0 bytes to the right of [ 21.069427] allocated 4096-byte region [ffff88810385a000, ffff88810385b000) [ 21.069716] [ 21.069805] The buggy address belongs to the physical page: [ 21.070348] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103858 [ 21.070796] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.070940] flags: 0x200000000000040(head|node=0|zone=2) [ 21.071130] page_type: f5(slab) [ 21.071201] raw: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 21.071317] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 21.071683] head: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 21.072721] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 21.073411] head: 0200000000000003 ffffea00040e1601 00000000ffffffff 00000000ffffffff [ 21.073996] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 21.074725] page dumped because: kasan: bad access detected [ 21.075232] [ 21.075400] Memory state around the buggy address: [ 21.075763] ffff88810385af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.076319] ffff88810385af80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.076799] >ffff88810385b000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.077602] ^ [ 21.078135] ffff88810385b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.078407] ffff88810385b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.078865] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 21.020039] ================================================================== [ 21.020571] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 21.021090] Read of size 1 at addr ffff888101bb7f5f by task kunit_try_catch/167 [ 21.021541] [ 21.021645] CPU: 1 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 21.021691] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.021703] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.021720] Call Trace: [ 21.021734] <TASK> [ 21.021750] dump_stack_lvl+0x73/0xb0 [ 21.021778] print_report+0xd1/0x650 [ 21.021797] ? __virt_addr_valid+0x1db/0x2d0 [ 21.021815] ? kmalloc_oob_left+0x361/0x3c0 [ 21.021861] ? kasan_complete_mode_report_info+0x64/0x200 [ 21.021905] ? kmalloc_oob_left+0x361/0x3c0 [ 21.021939] kasan_report+0x141/0x180 [ 21.021973] ? kmalloc_oob_left+0x361/0x3c0 [ 21.022177] __asan_report_load1_noabort+0x18/0x20 [ 21.022240] kmalloc_oob_left+0x361/0x3c0 [ 21.022415] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 21.022470] ? __schedule+0x10cc/0x2b60 [ 21.022514] ? __pfx_read_tsc+0x10/0x10 [ 21.022565] ? ktime_get_ts64+0x86/0x230 [ 21.022616] kunit_try_run_case+0x1a5/0x480 [ 21.022664] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.022707] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.022744] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.022773] ? __kthread_parkme+0x82/0x180 [ 21.022793] ? preempt_count_sub+0x50/0x80 [ 21.022813] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.022839] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.022881] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.022901] kthread+0x337/0x6f0 [ 21.022919] ? trace_preempt_on+0x20/0xc0 [ 21.022939] ? __pfx_kthread+0x10/0x10 [ 21.022958] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.022976] ? calculate_sigpending+0x7b/0xa0 [ 21.022997] ? __pfx_kthread+0x10/0x10 [ 21.023016] ret_from_fork+0x116/0x1d0 [ 21.023033] ? __pfx_kthread+0x10/0x10 [ 21.023051] ret_from_fork_asm+0x1a/0x30 [ 21.023077] </TASK> [ 21.023088] [ 21.030085] Allocated by task 21: [ 21.030329] kasan_save_stack+0x45/0x70 [ 21.030653] kasan_save_track+0x18/0x40 [ 21.030969] kasan_save_alloc_info+0x3b/0x50 [ 21.031267] __kasan_kmalloc+0xb7/0xc0 [ 21.031551] __kmalloc_cache_node_noprof+0x188/0x420 [ 21.031898] build_sched_domains+0x38c/0x5dd0 [ 21.032147] partition_sched_domains+0x471/0x9c0 [ 21.032398] rebuild_sched_domains_locked+0x97d/0xd50 [ 21.032664] cpuset_update_active_cpus+0x80f/0x1a90 [ 21.033038] sched_cpu_activate+0x2bf/0x330 [ 21.033200] cpuhp_invoke_callback+0x2a1/0xf00 [ 21.033536] cpuhp_thread_fun+0x2ce/0x5c0 [ 21.033686] smpboot_thread_fn+0x2bc/0x730 [ 21.033837] kthread+0x337/0x6f0 [ 21.034085] ret_from_fork+0x116/0x1d0 [ 21.034394] ret_from_fork_asm+0x1a/0x30 [ 21.034664] [ 21.034778] Freed by task 21: [ 21.034931] kasan_save_stack+0x45/0x70 [ 21.035082] kasan_save_track+0x18/0x40 [ 21.035224] kasan_save_free_info+0x3f/0x60 [ 21.035377] __kasan_slab_free+0x56/0x70 [ 21.035537] kfree+0x222/0x3f0 [ 21.035665] build_sched_domains+0x1fff/0x5dd0 [ 21.035824] partition_sched_domains+0x471/0x9c0 [ 21.036136] rebuild_sched_domains_locked+0x97d/0xd50 [ 21.036498] cpuset_update_active_cpus+0x80f/0x1a90 [ 21.036837] sched_cpu_activate+0x2bf/0x330 [ 21.037132] cpuhp_invoke_callback+0x2a1/0xf00 [ 21.037458] cpuhp_thread_fun+0x2ce/0x5c0 [ 21.037843] smpboot_thread_fn+0x2bc/0x730 [ 21.038148] kthread+0x337/0x6f0 [ 21.038420] ret_from_fork+0x116/0x1d0 [ 21.038716] ret_from_fork_asm+0x1a/0x30 [ 21.039110] [ 21.039265] The buggy address belongs to the object at ffff888101bb7f40 [ 21.039265] which belongs to the cache kmalloc-16 of size 16 [ 21.039728] The buggy address is located 15 bytes to the right of [ 21.039728] allocated 16-byte region [ffff888101bb7f40, ffff888101bb7f50) [ 21.040591] [ 21.040744] The buggy address belongs to the physical page: [ 21.041106] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101bb7 [ 21.041484] flags: 0x200000000000000(node=0|zone=2) [ 21.041664] page_type: f5(slab) [ 21.041798] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 21.042314] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 21.042668] page dumped because: kasan: bad access detected [ 21.042877] [ 21.043011] Memory state around the buggy address: [ 21.043338] ffff888101bb7e00: 00 06 fc fc 00 06 fc fc 00 06 fc fc fa fb fc fc [ 21.043731] ffff888101bb7e80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 21.044087] >ffff888101bb7f00: fa fb fc fc fa fb fc fc fa fb fc fc 00 07 fc fc [ 21.044562] ^ [ 21.044851] ffff888101bb7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.045150] ffff888101bb8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.045360] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 20.990820] ================================================================== [ 20.991559] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 20.992257] Read of size 1 at addr ffff888102b4eb80 by task kunit_try_catch/165 [ 20.993166] [ 20.993320] CPU: 1 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 20.993367] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.993395] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.993427] Call Trace: [ 20.993450] <TASK> [ 20.993475] dump_stack_lvl+0x73/0xb0 [ 20.993523] print_report+0xd1/0x650 [ 20.993707] ? __virt_addr_valid+0x1db/0x2d0 [ 20.993729] ? kmalloc_oob_right+0x68a/0x7f0 [ 20.993747] ? kasan_complete_mode_report_info+0x2a/0x200 [ 20.993767] ? kmalloc_oob_right+0x68a/0x7f0 [ 20.993785] kasan_report+0x141/0x180 [ 20.993802] ? kmalloc_oob_right+0x68a/0x7f0 [ 20.993823] __asan_report_load1_noabort+0x18/0x20 [ 20.993852] kmalloc_oob_right+0x68a/0x7f0 [ 20.993872] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 20.993890] ? __schedule+0x10cc/0x2b60 [ 20.993908] ? __pfx_read_tsc+0x10/0x10 [ 20.993925] ? ktime_get_ts64+0x86/0x230 [ 20.993945] kunit_try_run_case+0x1a5/0x480 [ 20.993965] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.993983] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.994002] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.994035] ? __kthread_parkme+0x82/0x180 [ 20.994056] ? preempt_count_sub+0x50/0x80 [ 20.994078] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.994099] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.994119] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.994140] kthread+0x337/0x6f0 [ 20.994158] ? trace_preempt_on+0x20/0xc0 [ 20.994178] ? __pfx_kthread+0x10/0x10 [ 20.994197] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.994215] ? calculate_sigpending+0x7b/0xa0 [ 20.994236] ? __pfx_kthread+0x10/0x10 [ 20.994255] ret_from_fork+0x116/0x1d0 [ 20.994271] ? __pfx_kthread+0x10/0x10 [ 20.994289] ret_from_fork_asm+0x1a/0x30 [ 20.994318] </TASK> [ 20.994330] [ 21.004560] Allocated by task 165: [ 21.004704] kasan_save_stack+0x45/0x70 [ 21.004846] kasan_save_track+0x18/0x40 [ 21.004967] kasan_save_alloc_info+0x3b/0x50 [ 21.005121] __kasan_kmalloc+0xb7/0xc0 [ 21.005260] __kmalloc_cache_noprof+0x189/0x420 [ 21.005554] kmalloc_oob_right+0xa9/0x7f0 [ 21.005944] kunit_try_run_case+0x1a5/0x480 [ 21.006290] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.006731] kthread+0x337/0x6f0 [ 21.007051] ret_from_fork+0x116/0x1d0 [ 21.007319] ret_from_fork_asm+0x1a/0x30 [ 21.007663] [ 21.007911] The buggy address belongs to the object at ffff888102b4eb00 [ 21.007911] which belongs to the cache kmalloc-128 of size 128 [ 21.008482] The buggy address is located 13 bytes to the right of [ 21.008482] allocated 115-byte region [ffff888102b4eb00, ffff888102b4eb73) [ 21.009155] [ 21.009305] The buggy address belongs to the physical page: [ 21.009703] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b4e [ 21.010170] flags: 0x200000000000000(node=0|zone=2) [ 21.010569] page_type: f5(slab) [ 21.010723] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 21.011332] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.011735] page dumped because: kasan: bad access detected [ 21.012100] [ 21.012257] Memory state around the buggy address: [ 21.012582] ffff888102b4ea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.013013] ffff888102b4eb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 21.013431] >ffff888102b4eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.013822] ^ [ 21.014101] ffff888102b4ec00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.014448] ffff888102b4ec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.014993] ================================================================== [ 20.928472] ================================================================== [ 20.929231] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 20.930390] Write of size 1 at addr ffff888102b4eb73 by task kunit_try_catch/165 [ 20.930859] [ 20.932754] CPU: 1 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 20.933193] Tainted: [N]=TEST [ 20.933247] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.933561] Call Trace: [ 20.933640] <TASK> [ 20.933795] dump_stack_lvl+0x73/0xb0 [ 20.933900] print_report+0xd1/0x650 [ 20.933928] ? __virt_addr_valid+0x1db/0x2d0 [ 20.933951] ? kmalloc_oob_right+0x6f0/0x7f0 [ 20.933969] ? kasan_complete_mode_report_info+0x2a/0x200 [ 20.933990] ? kmalloc_oob_right+0x6f0/0x7f0 [ 20.934009] kasan_report+0x141/0x180 [ 20.934042] ? kmalloc_oob_right+0x6f0/0x7f0 [ 20.934068] __asan_report_store1_noabort+0x1b/0x30 [ 20.934104] kmalloc_oob_right+0x6f0/0x7f0 [ 20.934136] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 20.934165] ? __schedule+0x10cc/0x2b60 [ 20.934194] ? __pfx_read_tsc+0x10/0x10 [ 20.934227] ? ktime_get_ts64+0x86/0x230 [ 20.934255] kunit_try_run_case+0x1a5/0x480 [ 20.934280] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.934300] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.934320] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.934341] ? __kthread_parkme+0x82/0x180 [ 20.934361] ? preempt_count_sub+0x50/0x80 [ 20.934399] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.934423] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.934445] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.934465] kthread+0x337/0x6f0 [ 20.934483] ? trace_preempt_on+0x20/0xc0 [ 20.934506] ? __pfx_kthread+0x10/0x10 [ 20.934524] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.934543] ? calculate_sigpending+0x7b/0xa0 [ 20.934565] ? __pfx_kthread+0x10/0x10 [ 20.934584] ret_from_fork+0x116/0x1d0 [ 20.934601] ? __pfx_kthread+0x10/0x10 [ 20.934620] ret_from_fork_asm+0x1a/0x30 [ 20.934678] </TASK> [ 20.934754] [ 20.946584] Allocated by task 165: [ 20.947085] kasan_save_stack+0x45/0x70 [ 20.947962] kasan_save_track+0x18/0x40 [ 20.948351] kasan_save_alloc_info+0x3b/0x50 [ 20.948546] __kasan_kmalloc+0xb7/0xc0 [ 20.948951] __kmalloc_cache_noprof+0x189/0x420 [ 20.949264] kmalloc_oob_right+0xa9/0x7f0 [ 20.949577] kunit_try_run_case+0x1a5/0x480 [ 20.949757] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.950534] kthread+0x337/0x6f0 [ 20.950747] ret_from_fork+0x116/0x1d0 [ 20.951089] ret_from_fork_asm+0x1a/0x30 [ 20.951731] [ 20.952040] The buggy address belongs to the object at ffff888102b4eb00 [ 20.952040] which belongs to the cache kmalloc-128 of size 128 [ 20.952596] The buggy address is located 0 bytes to the right of [ 20.952596] allocated 115-byte region [ffff888102b4eb00, ffff888102b4eb73) [ 20.953727] [ 20.954062] The buggy address belongs to the physical page: [ 20.954880] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b4e [ 20.955712] flags: 0x200000000000000(node=0|zone=2) [ 20.956700] page_type: f5(slab) [ 20.957291] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 20.957581] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.958170] page dumped because: kasan: bad access detected [ 20.958427] [ 20.958582] Memory state around the buggy address: [ 20.959916] ffff888102b4ea00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.960255] ffff888102b4ea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.960444] >ffff888102b4eb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 20.960996] ^ [ 20.961317] ffff888102b4eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.961778] ffff888102b4ec00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.962263] ================================================================== [ 20.964922] ================================================================== [ 20.965739] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 20.966153] Write of size 1 at addr ffff888102b4eb78 by task kunit_try_catch/165 [ 20.966514] [ 20.966640] CPU: 1 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 20.966688] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.966700] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.966721] Call Trace: [ 20.966736] <TASK> [ 20.966754] dump_stack_lvl+0x73/0xb0 [ 20.966784] print_report+0xd1/0x650 [ 20.966803] ? __virt_addr_valid+0x1db/0x2d0 [ 20.966824] ? kmalloc_oob_right+0x6bd/0x7f0 [ 20.966854] ? kasan_complete_mode_report_info+0x2a/0x200 [ 20.966877] ? kmalloc_oob_right+0x6bd/0x7f0 [ 20.966896] kasan_report+0x141/0x180 [ 20.966915] ? kmalloc_oob_right+0x6bd/0x7f0 [ 20.966937] __asan_report_store1_noabort+0x1b/0x30 [ 20.966957] kmalloc_oob_right+0x6bd/0x7f0 [ 20.966974] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 20.966992] ? __schedule+0x10cc/0x2b60 [ 20.967010] ? __pfx_read_tsc+0x10/0x10 [ 20.967028] ? ktime_get_ts64+0x86/0x230 [ 20.967049] kunit_try_run_case+0x1a5/0x480 [ 20.967069] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.967087] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.967105] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.967123] ? __kthread_parkme+0x82/0x180 [ 20.967140] ? preempt_count_sub+0x50/0x80 [ 20.967159] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.967178] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.967197] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.967216] kthread+0x337/0x6f0 [ 20.967232] ? trace_preempt_on+0x20/0xc0 [ 20.967251] ? __pfx_kthread+0x10/0x10 [ 20.967268] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.967284] ? calculate_sigpending+0x7b/0xa0 [ 20.967304] ? __pfx_kthread+0x10/0x10 [ 20.967322] ret_from_fork+0x116/0x1d0 [ 20.967337] ? __pfx_kthread+0x10/0x10 [ 20.967353] ret_from_fork_asm+0x1a/0x30 [ 20.967393] </TASK> [ 20.967412] [ 20.977040] Allocated by task 165: [ 20.977400] kasan_save_stack+0x45/0x70 [ 20.977739] kasan_save_track+0x18/0x40 [ 20.978224] kasan_save_alloc_info+0x3b/0x50 [ 20.978481] __kasan_kmalloc+0xb7/0xc0 [ 20.978774] __kmalloc_cache_noprof+0x189/0x420 [ 20.978994] kmalloc_oob_right+0xa9/0x7f0 [ 20.979309] kunit_try_run_case+0x1a5/0x480 [ 20.979557] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.979865] kthread+0x337/0x6f0 [ 20.980144] ret_from_fork+0x116/0x1d0 [ 20.980446] ret_from_fork_asm+0x1a/0x30 [ 20.980680] [ 20.980822] The buggy address belongs to the object at ffff888102b4eb00 [ 20.980822] which belongs to the cache kmalloc-128 of size 128 [ 20.981417] The buggy address is located 5 bytes to the right of [ 20.981417] allocated 115-byte region [ffff888102b4eb00, ffff888102b4eb73) [ 20.982409] [ 20.982503] The buggy address belongs to the physical page: [ 20.982867] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b4e [ 20.983598] flags: 0x200000000000000(node=0|zone=2) [ 20.983802] page_type: f5(slab) [ 20.984331] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 20.984790] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.985453] page dumped because: kasan: bad access detected [ 20.985678] [ 20.985764] Memory state around the buggy address: [ 20.986866] ffff888102b4ea00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.987226] ffff888102b4ea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.987634] >ffff888102b4eb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 20.988095] ^ [ 20.988357] ffff888102b4eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.988792] ffff888102b4ec00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.989469] ==================================================================
Failure - log-parser-boot - exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_vscale
------------[ cut here ]------------ [ 164.405038] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#0: kunit_try_catch/2859 [ 164.405918] Modules linked in: [ 164.406570] CPU: 0 UID: 0 PID: 2859 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 164.407073] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 164.408361] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 164.408756] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 164.409001] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 164.410057] RSP: 0000:ffff88810207fc78 EFLAGS: 00010286 [ 164.410546] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 164.410937] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffffb9c40394 [ 164.411694] RBP: ffff88810207fca0 R08: 0000000000000000 R09: ffffed10218f9ae0 [ 164.411960] R10: ffff88810c7cd707 R11: 0000000000000000 R12: ffffffffb9c40380 [ 164.412148] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810207fd38 [ 164.412978] FS: 0000000000000000(0000) GS:ffff88819f455000(0000) knlGS:0000000000000000 [ 164.413407] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 164.413609] CR2: dffffc00000000c5 CR3: 00000000132bc000 CR4: 00000000000006f0 [ 164.413913] DR0: ffffffffbbc71480 DR1: ffffffffbbc71481 DR2: ffffffffbbc71482 [ 164.414278] DR3: ffffffffbbc71483 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 164.414695] Call Trace: [ 164.414879] <TASK> [ 164.415073] drm_test_rect_calc_vscale+0x108/0x270 [ 164.415562] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 164.415938] ? __schedule+0x10cc/0x2b60 [ 164.416314] ? __pfx_read_tsc+0x10/0x10 [ 164.416654] ? ktime_get_ts64+0x86/0x230 [ 164.416972] kunit_try_run_case+0x1a5/0x480 [ 164.417534] ? __pfx_kunit_try_run_case+0x10/0x10 [ 164.417994] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 164.418483] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 164.418898] ? __kthread_parkme+0x82/0x180 [ 164.419348] ? preempt_count_sub+0x50/0x80 [ 164.419643] ? __pfx_kunit_try_run_case+0x10/0x10 [ 164.419834] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 164.420849] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 164.421253] kthread+0x337/0x6f0 [ 164.421477] ? trace_preempt_on+0x20/0xc0 [ 164.421644] ? __pfx_kthread+0x10/0x10 [ 164.421898] ? _raw_spin_unlock_irq+0x47/0x80 [ 164.422161] ? calculate_sigpending+0x7b/0xa0 [ 164.422499] ? __pfx_kthread+0x10/0x10 [ 164.422814] ret_from_fork+0x116/0x1d0 [ 164.423014] ? __pfx_kthread+0x10/0x10 [ 164.423797] ret_from_fork_asm+0x1a/0x30 [ 164.424232] </TASK> [ 164.424389] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 164.379657] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#0: kunit_try_catch/2857 [ 164.380116] Modules linked in: [ 164.380438] CPU: 0 UID: 0 PID: 2857 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 164.380955] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 164.381172] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 164.381815] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 164.382275] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 164.383072] RSP: 0000:ffff88810c55fc78 EFLAGS: 00010286 [ 164.383541] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 164.383923] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffffb9c4035c [ 164.384337] RBP: ffff88810c55fca0 R08: 0000000000000000 R09: ffffed1021803b00 [ 164.384617] R10: ffff88810c01d807 R11: 0000000000000000 R12: ffffffffb9c40348 [ 164.384941] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810c55fd38 [ 164.385379] FS: 0000000000000000(0000) GS:ffff88819f455000(0000) knlGS:0000000000000000 [ 164.385846] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 164.386052] CR2: dffffc00000000c5 CR3: 00000000132bc000 CR4: 00000000000006f0 [ 164.386629] DR0: ffffffffbbc71480 DR1: ffffffffbbc71481 DR2: ffffffffbbc71482 [ 164.388069] DR3: ffffffffbbc71483 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 164.388612] Call Trace: [ 164.388740] <TASK> [ 164.388975] drm_test_rect_calc_vscale+0x108/0x270 [ 164.389384] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 164.389759] ? __schedule+0x10cc/0x2b60 [ 164.391088] ? __pfx_read_tsc+0x10/0x10 [ 164.391394] ? ktime_get_ts64+0x86/0x230 [ 164.391539] kunit_try_run_case+0x1a5/0x480 [ 164.391834] ? __pfx_kunit_try_run_case+0x10/0x10 [ 164.392197] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 164.392416] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 164.392786] ? __kthread_parkme+0x82/0x180 [ 164.393344] ? preempt_count_sub+0x50/0x80 [ 164.393535] ? __pfx_kunit_try_run_case+0x10/0x10 [ 164.393888] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 164.394355] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 164.395072] kthread+0x337/0x6f0 [ 164.395258] ? trace_preempt_on+0x20/0xc0 [ 164.395449] ? __pfx_kthread+0x10/0x10 [ 164.395907] ? _raw_spin_unlock_irq+0x47/0x80 [ 164.396732] ? calculate_sigpending+0x7b/0xa0 [ 164.397106] ? __pfx_kthread+0x10/0x10 [ 164.397492] ret_from_fork+0x116/0x1d0 [ 164.397797] ? __pfx_kthread+0x10/0x10 [ 164.398055] ret_from_fork_asm+0x1a/0x30 [ 164.398789] </TASK> [ 164.398975] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_hscale
------------[ cut here ]------------ [ 164.307739] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#1: kunit_try_catch/2845 [ 164.308348] Modules linked in: [ 164.309076] CPU: 1 UID: 0 PID: 2845 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 164.309527] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 164.309698] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 164.309974] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 164.310224] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 1b f9 20 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 164.311343] RSP: 0000:ffff888101cd7c78 EFLAGS: 00010286 [ 164.312082] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 164.312695] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffb9c40360 [ 164.313614] RBP: ffff888101cd7ca0 R08: 0000000000000000 R09: ffffed10218f91e0 [ 164.313966] R10: ffff88810c7c8f07 R11: 0000000000000000 R12: ffffffffb9c40348 [ 164.314245] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888101cd7d38 [ 164.314509] FS: 0000000000000000(0000) GS:ffff88819f555000(0000) knlGS:0000000000000000 [ 164.314789] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 164.314987] CR2: dffffc00000000c5 CR3: 00000000132bc000 CR4: 00000000000006f0 [ 164.315167] DR0: ffffffffbbc71480 DR1: ffffffffbbc71481 DR2: ffffffffbbc71483 [ 164.315440] DR3: ffffffffbbc71485 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 164.317496] Call Trace: [ 164.318571] <TASK> [ 164.319278] drm_test_rect_calc_hscale+0x108/0x270 [ 164.322863] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 164.323604] ? __schedule+0x10cc/0x2b60 [ 164.323874] ? __pfx_read_tsc+0x10/0x10 [ 164.324045] ? ktime_get_ts64+0x86/0x230 [ 164.324216] kunit_try_run_case+0x1a5/0x480 [ 164.325576] ? __pfx_kunit_try_run_case+0x10/0x10 [ 164.326208] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 164.326968] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 164.328223] ? __kthread_parkme+0x82/0x180 [ 164.328946] ? preempt_count_sub+0x50/0x80 [ 164.329395] ? __pfx_kunit_try_run_case+0x10/0x10 [ 164.329729] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 164.330203] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 164.330642] kthread+0x337/0x6f0 [ 164.330927] ? trace_preempt_on+0x20/0xc0 [ 164.331284] ? __pfx_kthread+0x10/0x10 [ 164.331588] ? _raw_spin_unlock_irq+0x47/0x80 [ 164.332595] ? calculate_sigpending+0x7b/0xa0 [ 164.332986] ? __pfx_kthread+0x10/0x10 [ 164.333206] ret_from_fork+0x116/0x1d0 [ 164.333367] ? __pfx_kthread+0x10/0x10 [ 164.333793] ret_from_fork_asm+0x1a/0x30 [ 164.334552] </TASK> [ 164.335040] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 164.340831] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#1: kunit_try_catch/2847 [ 164.341505] Modules linked in: [ 164.341740] CPU: 1 UID: 0 PID: 2847 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 164.342821] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 164.343385] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 164.343863] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 164.344497] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 1b f9 20 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 164.345499] RSP: 0000:ffff8881020c7c78 EFLAGS: 00010286 [ 164.345908] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 164.346206] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffb9c40398 [ 164.346651] RBP: ffff8881020c7ca0 R08: 0000000000000000 R09: ffffed10218f9a20 [ 164.347799] R10: ffff88810c7cd107 R11: 0000000000000000 R12: ffffffffb9c40380 [ 164.348412] R13: 0000000000000000 R14: 000000007fffffff R15: ffff8881020c7d38 [ 164.348810] FS: 0000000000000000(0000) GS:ffff88819f555000(0000) knlGS:0000000000000000 [ 164.349137] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 164.349521] CR2: dffffc00000000c5 CR3: 00000000132bc000 CR4: 00000000000006f0 [ 164.350004] DR0: ffffffffbbc71480 DR1: ffffffffbbc71481 DR2: ffffffffbbc71483 [ 164.350598] DR3: ffffffffbbc71485 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 164.350966] Call Trace: [ 164.351427] <TASK> [ 164.351654] drm_test_rect_calc_hscale+0x108/0x270 [ 164.351958] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 164.352768] ? __schedule+0x10cc/0x2b60 [ 164.353347] ? __pfx_read_tsc+0x10/0x10 [ 164.353723] ? ktime_get_ts64+0x86/0x230 [ 164.353899] kunit_try_run_case+0x1a5/0x480 [ 164.354087] ? __pfx_kunit_try_run_case+0x10/0x10 [ 164.354382] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 164.354679] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 164.355033] ? __kthread_parkme+0x82/0x180 [ 164.355258] ? preempt_count_sub+0x50/0x80 [ 164.355489] ? __pfx_kunit_try_run_case+0x10/0x10 [ 164.355663] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 164.355854] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 164.356397] kthread+0x337/0x6f0 [ 164.356681] ? trace_preempt_on+0x20/0xc0 [ 164.356997] ? __pfx_kthread+0x10/0x10 [ 164.357536] ? _raw_spin_unlock_irq+0x47/0x80 [ 164.357866] ? calculate_sigpending+0x7b/0xa0 [ 164.358065] ? __pfx_kthread+0x10/0x10 [ 164.358232] ret_from_fork+0x116/0x1d0 [ 164.358987] ? __pfx_kthread+0x10/0x10 [ 164.359480] ret_from_fork_asm+0x1a/0x30 [ 164.359808] </TASK> [ 164.359994] ---[ end trace 0000000000000000 ]---
Failure - kunit - _Writeback
<8>[ 256.784588] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_Writeback RESULT=fail> _Writeback fail
Failure - kunit - _DPI
<8>[ 256.512995] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_DPI RESULT=fail> _DPI fail
Failure - kunit - _DSI
<8>[ 256.248790] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_DSI RESULT=fail> _DSI fail
Failure - kunit - _Virtual
<8>[ 256.008667] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_Virtual RESULT=fail> _Virtual fail
Failure - kunit - _eDP
<8>[ 255.736084] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_eDP RESULT=fail> _eDP fail
Failure - kunit - _TV
<8>[ 255.385011] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_TV RESULT=fail> _TV fail
Failure - kunit - _HDMI-B
<8>[ 255.066919] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_HDMI-B RESULT=fail> _HDMI-B fail
Failure - kunit - _HDMI-A
<8>[ 254.788034] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_HDMI-A RESULT=fail> _HDMI-A fail
Failure - kunit - _DP
<8>[ 254.542877] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_DP RESULT=fail> _DP fail _DPI fail
Failure - kunit - _DIN
<8>[ 254.300619] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_DIN RESULT=fail> _DIN fail
Failure - kunit - drm_modes_analog_tv_drm_modes_analog_tv
<8>[ 312.754031] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_modes_analog_tv_drm_modes_analog_tv RESULT=fail>
Failure - kunit - drm_modes_analog_tv_drm_test_modes_analog_tv_pal_576i_inlined
<8>[ 312.624911] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_modes_analog_tv_drm_test_modes_analog_tv_pal_576i_inlined RESULT=fail>
Failure - kunit - drm_modes_analog_tv_drm_test_modes_analog_tv_pal_576i
<8>[ 312.495530] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_modes_analog_tv_drm_test_modes_analog_tv_pal_576i RESULT=fail>
Failure - kunit - _Component
<8>[ 254.048120] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_Component RESULT=fail> _Component fail
Failure - kunit - drm_modes_analog_tv_drm_test_modes_analog_tv_ntsc_480i_inlined
<8>[ 312.367235] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_modes_analog_tv_drm_test_modes_analog_tv_ntsc_480i_inlined RESULT=fail>
Failure - kunit - drm_modes_analog_tv_drm_test_modes_analog_tv_ntsc_480i
<8>[ 312.231702] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_modes_analog_tv_drm_test_modes_analog_tv_ntsc_480i RESULT=fail>
Failure - kunit - _LVDS
<8>[ 253.692008] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_LVDS RESULT=fail> _LVDS fail
Failure - kunit - drm_modes_analog_tv_drm_test_modes_analog_tv_mono_576i
<8>[ 312.104495] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_modes_analog_tv_drm_test_modes_analog_tv_mono_576i RESULT=fail>
Failure - kunit - drm_managed_drm_managed
<8>[ 311.070412] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_managed_drm_managed RESULT=fail>
Failure - kunit - drm_managed_drm_test_managed_run_action
<8>[ 310.936366] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_managed_drm_test_managed_run_action RESULT=fail>
Failure - kunit - drm_managed_drm_test_managed_release_action
<8>[ 310.803543] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_managed_drm_test_managed_release_action RESULT=fail>
Failure - log-parser-boot - oops-oops-oops-smp-kasan-pti
[ 162.244588] Oops: Oops: 0002 [#50] SMP KASAN PTI [ 162.278344] Oops: Oops: 0002 [#51] SMP KASAN PTI [ 162.210385] Oops: Oops: 0002 [#49] SMP KASAN PTI [ 162.315566] Oops: Oops: 0002 [#52] SMP KASAN PTI
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 22.529504] ================================================================== [ 22.529890] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 22.530307] Free of addr ffff8881023c4000 by task kunit_try_catch/238 [ 22.530648] [ 22.530820] CPU: 0 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 22.530904] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.530928] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.530964] Call Trace: [ 22.530989] <TASK> [ 22.531017] dump_stack_lvl+0x73/0xb0 [ 22.531068] print_report+0xd1/0x650 [ 22.531100] ? __virt_addr_valid+0x1db/0x2d0 [ 22.531138] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.531174] ? kmem_cache_double_free+0x1e5/0x480 [ 22.531212] kasan_report_invalid_free+0x10a/0x130 [ 22.531251] ? kmem_cache_double_free+0x1e5/0x480 [ 22.531293] ? kmem_cache_double_free+0x1e5/0x480 [ 22.531330] check_slab_allocation+0x101/0x130 [ 22.531362] __kasan_slab_pre_free+0x28/0x40 [ 22.531444] kmem_cache_free+0xed/0x420 [ 22.531479] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 22.531521] ? kmem_cache_double_free+0x1e5/0x480 [ 22.531557] kmem_cache_double_free+0x1e5/0x480 [ 22.531590] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 22.531627] ? finish_task_switch.isra.0+0x153/0x700 [ 22.531664] ? __switch_to+0x47/0xf50 [ 22.531716] ? __pfx_read_tsc+0x10/0x10 [ 22.531756] ? ktime_get_ts64+0x86/0x230 [ 22.531792] kunit_try_run_case+0x1a5/0x480 [ 22.531825] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.531883] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.531915] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.531945] ? __kthread_parkme+0x82/0x180 [ 22.531973] ? preempt_count_sub+0x50/0x80 [ 22.532007] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.532043] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.532101] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.532135] kthread+0x337/0x6f0 [ 22.532166] ? trace_preempt_on+0x20/0xc0 [ 22.532200] ? __pfx_kthread+0x10/0x10 [ 22.532228] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.532254] ? calculate_sigpending+0x7b/0xa0 [ 22.532288] ? __pfx_kthread+0x10/0x10 [ 22.532320] ret_from_fork+0x116/0x1d0 [ 22.532349] ? __pfx_kthread+0x10/0x10 [ 22.532392] ret_from_fork_asm+0x1a/0x30 [ 22.532440] </TASK> [ 22.532458] [ 22.541643] Allocated by task 238: [ 22.541797] kasan_save_stack+0x45/0x70 [ 22.541954] kasan_save_track+0x18/0x40 [ 22.542208] kasan_save_alloc_info+0x3b/0x50 [ 22.542513] __kasan_slab_alloc+0x91/0xa0 [ 22.542797] kmem_cache_alloc_noprof+0x123/0x3f0 [ 22.543106] kmem_cache_double_free+0x14f/0x480 [ 22.543616] kunit_try_run_case+0x1a5/0x480 [ 22.543942] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.544425] kthread+0x337/0x6f0 [ 22.544684] ret_from_fork+0x116/0x1d0 [ 22.544885] ret_from_fork_asm+0x1a/0x30 [ 22.545060] [ 22.545279] Freed by task 238: [ 22.545471] kasan_save_stack+0x45/0x70 [ 22.545773] kasan_save_track+0x18/0x40 [ 22.546218] kasan_save_free_info+0x3f/0x60 [ 22.546574] __kasan_slab_free+0x56/0x70 [ 22.546882] kmem_cache_free+0x249/0x420 [ 22.547315] kmem_cache_double_free+0x16a/0x480 [ 22.547685] kunit_try_run_case+0x1a5/0x480 [ 22.547962] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.548496] kthread+0x337/0x6f0 [ 22.548740] ret_from_fork+0x116/0x1d0 [ 22.548984] ret_from_fork_asm+0x1a/0x30 [ 22.549315] [ 22.549438] The buggy address belongs to the object at ffff8881023c4000 [ 22.549438] which belongs to the cache test_cache of size 200 [ 22.550240] The buggy address is located 0 bytes inside of [ 22.550240] 200-byte region [ffff8881023c4000, ffff8881023c40c8) [ 22.551020] [ 22.551322] The buggy address belongs to the physical page: [ 22.551702] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1023c4 [ 22.552312] flags: 0x200000000000000(node=0|zone=2) [ 22.552598] page_type: f5(slab) [ 22.552748] raw: 0200000000000000 ffff8881009aedc0 dead000000000122 0000000000000000 [ 22.553005] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 22.553509] page dumped because: kasan: bad access detected [ 22.553860] [ 22.554032] Memory state around the buggy address: [ 22.554498] ffff8881023c3f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.555025] ffff8881023c3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.555705] >ffff8881023c4000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.556308] ^ [ 22.556515] ffff8881023c4080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 22.556727] ffff8881023c4100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.556973] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 22.487307] ================================================================== [ 22.487778] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 22.488489] Read of size 1 at addr ffff8881023c20c8 by task kunit_try_catch/236 [ 22.488765] [ 22.488951] CPU: 0 UID: 0 PID: 236 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 22.489033] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.489055] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.489088] Call Trace: [ 22.489110] <TASK> [ 22.489138] dump_stack_lvl+0x73/0xb0 [ 22.489189] print_report+0xd1/0x650 [ 22.489220] ? __virt_addr_valid+0x1db/0x2d0 [ 22.489261] ? kmem_cache_oob+0x402/0x530 [ 22.489300] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.489339] ? kmem_cache_oob+0x402/0x530 [ 22.489374] kasan_report+0x141/0x180 [ 22.489426] ? kmem_cache_oob+0x402/0x530 [ 22.489465] __asan_report_load1_noabort+0x18/0x20 [ 22.489503] kmem_cache_oob+0x402/0x530 [ 22.489533] ? trace_hardirqs_on+0x37/0xe0 [ 22.489572] ? __pfx_kmem_cache_oob+0x10/0x10 [ 22.489605] ? finish_task_switch.isra.0+0x153/0x700 [ 22.489642] ? __switch_to+0x47/0xf50 [ 22.489686] ? __pfx_read_tsc+0x10/0x10 [ 22.489718] ? ktime_get_ts64+0x86/0x230 [ 22.489759] kunit_try_run_case+0x1a5/0x480 [ 22.489798] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.489834] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.489874] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.489910] ? __kthread_parkme+0x82/0x180 [ 22.489940] ? preempt_count_sub+0x50/0x80 [ 22.489976] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.490023] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.490101] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.490169] kthread+0x337/0x6f0 [ 22.490249] ? trace_preempt_on+0x20/0xc0 [ 22.490273] ? __pfx_kthread+0x10/0x10 [ 22.490293] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.490313] ? calculate_sigpending+0x7b/0xa0 [ 22.490337] ? __pfx_kthread+0x10/0x10 [ 22.490356] ret_from_fork+0x116/0x1d0 [ 22.490374] ? __pfx_kthread+0x10/0x10 [ 22.490416] ret_from_fork_asm+0x1a/0x30 [ 22.490446] </TASK> [ 22.490459] [ 22.499958] Allocated by task 236: [ 22.500288] kasan_save_stack+0x45/0x70 [ 22.500476] kasan_save_track+0x18/0x40 [ 22.500711] kasan_save_alloc_info+0x3b/0x50 [ 22.500975] __kasan_slab_alloc+0x91/0xa0 [ 22.501280] kmem_cache_alloc_noprof+0x123/0x3f0 [ 22.501577] kmem_cache_oob+0x157/0x530 [ 22.501861] kunit_try_run_case+0x1a5/0x480 [ 22.502189] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.502523] kthread+0x337/0x6f0 [ 22.502675] ret_from_fork+0x116/0x1d0 [ 22.502853] ret_from_fork_asm+0x1a/0x30 [ 22.503020] [ 22.503122] The buggy address belongs to the object at ffff8881023c2000 [ 22.503122] which belongs to the cache test_cache of size 200 [ 22.503858] The buggy address is located 0 bytes to the right of [ 22.503858] allocated 200-byte region [ffff8881023c2000, ffff8881023c20c8) [ 22.504629] [ 22.504720] The buggy address belongs to the physical page: [ 22.504897] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1023c2 [ 22.505350] flags: 0x200000000000000(node=0|zone=2) [ 22.506335] page_type: f5(slab) [ 22.506620] raw: 0200000000000000 ffff8881009aec80 dead000000000122 0000000000000000 [ 22.507002] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 22.507432] page dumped because: kasan: bad access detected [ 22.507742] [ 22.507910] Memory state around the buggy address: [ 22.508268] ffff8881023c1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.508479] ffff8881023c2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.508694] >ffff8881023c2080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 22.508900] ^ [ 22.509242] ffff8881023c2100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.509705] ffff8881023c2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.510207] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 22.444239] ================================================================== [ 22.444836] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x4d6/0x560 [ 22.445246] Read of size 8 at addr ffff888102c09540 by task kunit_try_catch/229 [ 22.446084] [ 22.446271] CPU: 1 UID: 0 PID: 229 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 22.446362] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.446401] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.446437] Call Trace: [ 22.446459] <TASK> [ 22.446487] dump_stack_lvl+0x73/0xb0 [ 22.446539] print_report+0xd1/0x650 [ 22.446576] ? __virt_addr_valid+0x1db/0x2d0 [ 22.446616] ? workqueue_uaf+0x4d6/0x560 [ 22.446647] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.446692] ? workqueue_uaf+0x4d6/0x560 [ 22.446731] kasan_report+0x141/0x180 [ 22.446769] ? workqueue_uaf+0x4d6/0x560 [ 22.446809] __asan_report_load8_noabort+0x18/0x20 [ 22.447046] workqueue_uaf+0x4d6/0x560 [ 22.447109] ? __pfx_workqueue_uaf+0x10/0x10 [ 22.447146] ? __schedule+0x10cc/0x2b60 [ 22.447182] ? __pfx_read_tsc+0x10/0x10 [ 22.447220] ? ktime_get_ts64+0x86/0x230 [ 22.447264] kunit_try_run_case+0x1a5/0x480 [ 22.447305] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.447336] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.447369] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.447420] ? __kthread_parkme+0x82/0x180 [ 22.447452] ? preempt_count_sub+0x50/0x80 [ 22.447494] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.447530] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.447561] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.447590] kthread+0x337/0x6f0 [ 22.447615] ? trace_preempt_on+0x20/0xc0 [ 22.447645] ? __pfx_kthread+0x10/0x10 [ 22.447672] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.447701] ? calculate_sigpending+0x7b/0xa0 [ 22.447731] ? __pfx_kthread+0x10/0x10 [ 22.447759] ret_from_fork+0x116/0x1d0 [ 22.447784] ? __pfx_kthread+0x10/0x10 [ 22.447811] ret_from_fork_asm+0x1a/0x30 [ 22.447866] </TASK> [ 22.447883] [ 22.456499] Allocated by task 229: [ 22.456724] kasan_save_stack+0x45/0x70 [ 22.457014] kasan_save_track+0x18/0x40 [ 22.457462] kasan_save_alloc_info+0x3b/0x50 [ 22.457644] __kasan_kmalloc+0xb7/0xc0 [ 22.457897] __kmalloc_cache_noprof+0x189/0x420 [ 22.458091] workqueue_uaf+0x152/0x560 [ 22.458330] kunit_try_run_case+0x1a5/0x480 [ 22.458495] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.458677] kthread+0x337/0x6f0 [ 22.458808] ret_from_fork+0x116/0x1d0 [ 22.458945] ret_from_fork_asm+0x1a/0x30 [ 22.459100] [ 22.459231] Freed by task 71: [ 22.459830] kasan_save_stack+0x45/0x70 [ 22.460308] kasan_save_track+0x18/0x40 [ 22.460628] kasan_save_free_info+0x3f/0x60 [ 22.460927] __kasan_slab_free+0x56/0x70 [ 22.461351] kfree+0x222/0x3f0 [ 22.461624] workqueue_uaf_work+0x12/0x20 [ 22.461891] process_one_work+0x5ee/0xf60 [ 22.462344] worker_thread+0x758/0x1220 [ 22.462666] kthread+0x337/0x6f0 [ 22.462812] ret_from_fork+0x116/0x1d0 [ 22.463068] ret_from_fork_asm+0x1a/0x30 [ 22.463655] [ 22.463746] Last potentially related work creation: [ 22.463893] kasan_save_stack+0x45/0x70 [ 22.464042] kasan_record_aux_stack+0xb2/0xc0 [ 22.464198] __queue_work+0x61a/0xe70 [ 22.464339] queue_work_on+0xb6/0xc0 [ 22.464605] workqueue_uaf+0x26d/0x560 [ 22.465094] kunit_try_run_case+0x1a5/0x480 [ 22.465427] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.465785] kthread+0x337/0x6f0 [ 22.466094] ret_from_fork+0x116/0x1d0 [ 22.466358] ret_from_fork_asm+0x1a/0x30 [ 22.466659] [ 22.466793] The buggy address belongs to the object at ffff888102c09540 [ 22.466793] which belongs to the cache kmalloc-32 of size 32 [ 22.467648] The buggy address is located 0 bytes inside of [ 22.467648] freed 32-byte region [ffff888102c09540, ffff888102c09560) [ 22.468349] [ 22.468466] The buggy address belongs to the physical page: [ 22.468640] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c09 [ 22.468878] flags: 0x200000000000000(node=0|zone=2) [ 22.469053] page_type: f5(slab) [ 22.469189] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 22.469465] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 22.470055] page dumped because: kasan: bad access detected [ 22.470461] [ 22.470612] Memory state around the buggy address: [ 22.471122] ffff888102c09400: 00 00 05 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 22.472094] ffff888102c09480: fa fb fb fb fc fc fc fc 00 00 07 fc fc fc fc fc [ 22.472435] >ffff888102c09500: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 22.472821] ^ [ 22.473397] ffff888102c09580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.473630] ffff888102c09600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.474259] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 22.397302] ================================================================== [ 22.397757] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x50/0x60 [ 22.398327] Read of size 4 at addr ffff888102c09480 by task swapper/1/0 [ 22.398937] [ 22.399319] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 22.399446] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.399472] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.399508] Call Trace: [ 22.399557] <IRQ> [ 22.399578] dump_stack_lvl+0x73/0xb0 [ 22.399614] print_report+0xd1/0x650 [ 22.399633] ? __virt_addr_valid+0x1db/0x2d0 [ 22.399653] ? rcu_uaf_reclaim+0x50/0x60 [ 22.399669] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.399690] ? rcu_uaf_reclaim+0x50/0x60 [ 22.399706] kasan_report+0x141/0x180 [ 22.399724] ? rcu_uaf_reclaim+0x50/0x60 [ 22.399744] __asan_report_load4_noabort+0x18/0x20 [ 22.399764] rcu_uaf_reclaim+0x50/0x60 [ 22.399780] rcu_core+0x66f/0x1c40 [ 22.399805] ? __pfx_rcu_core+0x10/0x10 [ 22.399823] ? ktime_get+0x6b/0x150 [ 22.399851] ? handle_softirqs+0x18e/0x730 [ 22.399874] rcu_core_si+0x12/0x20 [ 22.399891] handle_softirqs+0x209/0x730 [ 22.399906] ? hrtimer_interrupt+0x2fe/0x780 [ 22.399925] ? __pfx_handle_softirqs+0x10/0x10 [ 22.399945] __irq_exit_rcu+0xc9/0x110 [ 22.399962] irq_exit_rcu+0x12/0x20 [ 22.399978] sysvec_apic_timer_interrupt+0x81/0x90 [ 22.399998] </IRQ> [ 22.400028] <TASK> [ 22.400043] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 22.400176] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 22.400671] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 83 f9 1d 00 fb f4 <e9> 7c 1d 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 22.400790] RSP: 0000:ffff888100877dc8 EFLAGS: 00010216 [ 22.400900] RAX: ffff88819f555000 RBX: ffff888100853000 RCX: ffffffffb96ac165 [ 22.400944] RDX: ffffed102b626193 RSI: 0000000000000004 RDI: 000000000000c21c [ 22.400984] RBP: ffff888100877dd0 R08: 0000000000000001 R09: ffffed102b626192 [ 22.401023] R10: ffff88815b130c93 R11: 0000000000013800 R12: 0000000000000001 [ 22.401075] R13: ffffed102010a600 R14: ffffffffbb3c8a90 R15: 0000000000000000 [ 22.401162] ? ct_kernel_exit.constprop.0+0xa5/0xd0 [ 22.401233] ? default_idle+0xd/0x20 [ 22.401254] arch_cpu_idle+0xd/0x20 [ 22.401273] default_idle_call+0x48/0x80 [ 22.401305] do_idle+0x379/0x4f0 [ 22.401329] ? __pfx_do_idle+0x10/0x10 [ 22.401347] ? _raw_spin_unlock_irqrestore+0x49/0x90 [ 22.401367] ? complete+0x15b/0x1d0 [ 22.401407] cpu_startup_entry+0x5c/0x70 [ 22.401428] start_secondary+0x211/0x290 [ 22.401447] ? __pfx_start_secondary+0x10/0x10 [ 22.401469] common_startup_64+0x13e/0x148 [ 22.401497] </TASK> [ 22.401508] [ 22.419620] Allocated by task 227: [ 22.419763] kasan_save_stack+0x45/0x70 [ 22.419928] kasan_save_track+0x18/0x40 [ 22.420097] kasan_save_alloc_info+0x3b/0x50 [ 22.420244] __kasan_kmalloc+0xb7/0xc0 [ 22.420542] __kmalloc_cache_noprof+0x189/0x420 [ 22.420720] rcu_uaf+0xb0/0x330 [ 22.420882] kunit_try_run_case+0x1a5/0x480 [ 22.421304] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.421708] kthread+0x337/0x6f0 [ 22.422021] ret_from_fork+0x116/0x1d0 [ 22.422436] ret_from_fork_asm+0x1a/0x30 [ 22.422736] [ 22.422916] Freed by task 0: [ 22.423318] kasan_save_stack+0x45/0x70 [ 22.423661] kasan_save_track+0x18/0x40 [ 22.423963] kasan_save_free_info+0x3f/0x60 [ 22.424406] __kasan_slab_free+0x56/0x70 [ 22.424607] kfree+0x222/0x3f0 [ 22.424751] rcu_uaf_reclaim+0x1f/0x60 [ 22.425025] rcu_core+0x66f/0x1c40 [ 22.425329] rcu_core_si+0x12/0x20 [ 22.425494] handle_softirqs+0x209/0x730 [ 22.425757] __irq_exit_rcu+0xc9/0x110 [ 22.425955] irq_exit_rcu+0x12/0x20 [ 22.426111] sysvec_apic_timer_interrupt+0x81/0x90 [ 22.426457] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 22.426771] [ 22.426949] Last potentially related work creation: [ 22.427161] kasan_save_stack+0x45/0x70 [ 22.427369] kasan_record_aux_stack+0xb2/0xc0 [ 22.427620] __call_rcu_common.constprop.0+0x7b/0x9e0 [ 22.427946] call_rcu+0x12/0x20 [ 22.428247] rcu_uaf+0x168/0x330 [ 22.428461] kunit_try_run_case+0x1a5/0x480 [ 22.428613] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.428792] kthread+0x337/0x6f0 [ 22.429049] ret_from_fork+0x116/0x1d0 [ 22.429437] ret_from_fork_asm+0x1a/0x30 [ 22.429739] [ 22.429925] The buggy address belongs to the object at ffff888102c09480 [ 22.429925] which belongs to the cache kmalloc-32 of size 32 [ 22.430732] The buggy address is located 0 bytes inside of [ 22.430732] freed 32-byte region [ffff888102c09480, ffff888102c094a0) [ 22.431487] [ 22.431630] The buggy address belongs to the physical page: [ 22.431897] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c09 [ 22.432434] flags: 0x200000000000000(node=0|zone=2) [ 22.432760] page_type: f5(slab) [ 22.433029] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 22.433394] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 22.433619] page dumped because: kasan: bad access detected [ 22.433903] [ 22.434198] Memory state around the buggy address: [ 22.434543] ffff888102c09380: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 22.435046] ffff888102c09400: 00 00 05 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 22.435578] >ffff888102c09480: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 22.435912] ^ [ 22.436056] ffff888102c09500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.436343] ffff888102c09580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.436713] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 22.302785] ================================================================== [ 22.303207] BUG: KASAN: slab-use-after-free in ksize_uaf+0x19d/0x6c0 [ 22.303401] Read of size 1 at addr ffff888102b4ee00 by task kunit_try_catch/225 [ 22.303677] [ 22.303847] CPU: 1 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 22.303921] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.303941] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.303970] Call Trace: [ 22.303988] <TASK> [ 22.304011] dump_stack_lvl+0x73/0xb0 [ 22.304055] print_report+0xd1/0x650 [ 22.304089] ? __virt_addr_valid+0x1db/0x2d0 [ 22.304126] ? ksize_uaf+0x19d/0x6c0 [ 22.304161] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.304204] ? ksize_uaf+0x19d/0x6c0 [ 22.304241] kasan_report+0x141/0x180 [ 22.304280] ? ksize_uaf+0x19d/0x6c0 [ 22.304322] ? ksize_uaf+0x19d/0x6c0 [ 22.304358] __kasan_check_byte+0x3d/0x50 [ 22.304413] ksize+0x20/0x60 [ 22.304456] ksize_uaf+0x19d/0x6c0 [ 22.304488] ? __pfx_ksize_uaf+0x10/0x10 [ 22.304517] ? __schedule+0x10cc/0x2b60 [ 22.304551] ? __pfx_read_tsc+0x10/0x10 [ 22.304584] ? ktime_get_ts64+0x86/0x230 [ 22.304623] kunit_try_run_case+0x1a5/0x480 [ 22.304663] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.304700] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.304735] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.304766] ? __kthread_parkme+0x82/0x180 [ 22.304794] ? preempt_count_sub+0x50/0x80 [ 22.304827] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.304860] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.304896] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.304935] kthread+0x337/0x6f0 [ 22.304967] ? trace_preempt_on+0x20/0xc0 [ 22.305006] ? __pfx_kthread+0x10/0x10 [ 22.305037] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.305060] ? calculate_sigpending+0x7b/0xa0 [ 22.305086] ? __pfx_kthread+0x10/0x10 [ 22.305108] ret_from_fork+0x116/0x1d0 [ 22.305124] ? __pfx_kthread+0x10/0x10 [ 22.305141] ret_from_fork_asm+0x1a/0x30 [ 22.305168] </TASK> [ 22.305180] [ 22.314337] Allocated by task 225: [ 22.314780] kasan_save_stack+0x45/0x70 [ 22.315213] kasan_save_track+0x18/0x40 [ 22.315579] kasan_save_alloc_info+0x3b/0x50 [ 22.315968] __kasan_kmalloc+0xb7/0xc0 [ 22.316287] __kmalloc_cache_noprof+0x189/0x420 [ 22.316673] ksize_uaf+0xaa/0x6c0 [ 22.316986] kunit_try_run_case+0x1a5/0x480 [ 22.317194] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.317529] kthread+0x337/0x6f0 [ 22.317790] ret_from_fork+0x116/0x1d0 [ 22.318197] ret_from_fork_asm+0x1a/0x30 [ 22.318637] [ 22.318804] Freed by task 225: [ 22.319106] kasan_save_stack+0x45/0x70 [ 22.319427] kasan_save_track+0x18/0x40 [ 22.319581] kasan_save_free_info+0x3f/0x60 [ 22.319761] __kasan_slab_free+0x56/0x70 [ 22.320103] kfree+0x222/0x3f0 [ 22.320575] ksize_uaf+0x12c/0x6c0 [ 22.320822] kunit_try_run_case+0x1a5/0x480 [ 22.321154] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.321562] kthread+0x337/0x6f0 [ 22.321852] ret_from_fork+0x116/0x1d0 [ 22.322182] ret_from_fork_asm+0x1a/0x30 [ 22.322523] [ 22.322649] The buggy address belongs to the object at ffff888102b4ee00 [ 22.322649] which belongs to the cache kmalloc-128 of size 128 [ 22.323231] The buggy address is located 0 bytes inside of [ 22.323231] freed 128-byte region [ffff888102b4ee00, ffff888102b4ee80) [ 22.323649] [ 22.323806] The buggy address belongs to the physical page: [ 22.324094] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b4e [ 22.324525] flags: 0x200000000000000(node=0|zone=2) [ 22.324868] page_type: f5(slab) [ 22.325115] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.325513] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.325896] page dumped because: kasan: bad access detected [ 22.326168] [ 22.326263] Memory state around the buggy address: [ 22.326626] ffff888102b4ed00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.327130] ffff888102b4ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.327440] >ffff888102b4ee00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.327816] ^ [ 22.328085] ffff888102b4ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.328364] ffff888102b4ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.328797] ================================================================== [ 22.356028] ================================================================== [ 22.356631] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5e4/0x6c0 [ 22.357052] Read of size 1 at addr ffff888102b4ee78 by task kunit_try_catch/225 [ 22.357277] [ 22.357392] CPU: 1 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 22.357470] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.357494] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.357528] Call Trace: [ 22.357554] <TASK> [ 22.357579] dump_stack_lvl+0x73/0xb0 [ 22.357626] print_report+0xd1/0x650 [ 22.357664] ? __virt_addr_valid+0x1db/0x2d0 [ 22.357742] ? ksize_uaf+0x5e4/0x6c0 [ 22.357773] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.357813] ? ksize_uaf+0x5e4/0x6c0 [ 22.357865] kasan_report+0x141/0x180 [ 22.357905] ? ksize_uaf+0x5e4/0x6c0 [ 22.357951] __asan_report_load1_noabort+0x18/0x20 [ 22.357994] ksize_uaf+0x5e4/0x6c0 [ 22.358041] ? __pfx_ksize_uaf+0x10/0x10 [ 22.358084] ? __schedule+0x10cc/0x2b60 [ 22.358127] ? __pfx_read_tsc+0x10/0x10 [ 22.358168] ? ktime_get_ts64+0x86/0x230 [ 22.358217] kunit_try_run_case+0x1a5/0x480 [ 22.358263] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.358305] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.358347] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.358405] ? __kthread_parkme+0x82/0x180 [ 22.358448] ? preempt_count_sub+0x50/0x80 [ 22.358494] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.358539] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.358583] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.358626] kthread+0x337/0x6f0 [ 22.358664] ? trace_preempt_on+0x20/0xc0 [ 22.358696] ? __pfx_kthread+0x10/0x10 [ 22.358715] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.358734] ? calculate_sigpending+0x7b/0xa0 [ 22.358763] ? __pfx_kthread+0x10/0x10 [ 22.358782] ret_from_fork+0x116/0x1d0 [ 22.358799] ? __pfx_kthread+0x10/0x10 [ 22.358817] ret_from_fork_asm+0x1a/0x30 [ 22.358858] </TASK> [ 22.358870] [ 22.369268] Allocated by task 225: [ 22.369619] kasan_save_stack+0x45/0x70 [ 22.369946] kasan_save_track+0x18/0x40 [ 22.370225] kasan_save_alloc_info+0x3b/0x50 [ 22.370606] __kasan_kmalloc+0xb7/0xc0 [ 22.370943] __kmalloc_cache_noprof+0x189/0x420 [ 22.371263] ksize_uaf+0xaa/0x6c0 [ 22.371556] kunit_try_run_case+0x1a5/0x480 [ 22.371718] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.372195] kthread+0x337/0x6f0 [ 22.372553] ret_from_fork+0x116/0x1d0 [ 22.372792] ret_from_fork_asm+0x1a/0x30 [ 22.372974] [ 22.373057] Freed by task 225: [ 22.373275] kasan_save_stack+0x45/0x70 [ 22.373572] kasan_save_track+0x18/0x40 [ 22.373918] kasan_save_free_info+0x3f/0x60 [ 22.374335] __kasan_slab_free+0x56/0x70 [ 22.374607] kfree+0x222/0x3f0 [ 22.374913] ksize_uaf+0x12c/0x6c0 [ 22.375168] kunit_try_run_case+0x1a5/0x480 [ 22.375337] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.375531] kthread+0x337/0x6f0 [ 22.375666] ret_from_fork+0x116/0x1d0 [ 22.375960] ret_from_fork_asm+0x1a/0x30 [ 22.376445] [ 22.376627] The buggy address belongs to the object at ffff888102b4ee00 [ 22.376627] which belongs to the cache kmalloc-128 of size 128 [ 22.377433] The buggy address is located 120 bytes inside of [ 22.377433] freed 128-byte region [ffff888102b4ee00, ffff888102b4ee80) [ 22.378292] [ 22.378482] The buggy address belongs to the physical page: [ 22.378750] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b4e [ 22.379046] flags: 0x200000000000000(node=0|zone=2) [ 22.379389] page_type: f5(slab) [ 22.379783] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.380244] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.380788] page dumped because: kasan: bad access detected [ 22.381151] [ 22.381235] Memory state around the buggy address: [ 22.381451] ffff888102b4ed00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.382096] ffff888102b4ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.382438] >ffff888102b4ee00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.382973] ^ [ 22.383431] ffff888102b4ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.383824] ffff888102b4ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.384182] ================================================================== [ 22.330094] ================================================================== [ 22.330398] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5fe/0x6c0 [ 22.331078] Read of size 1 at addr ffff888102b4ee00 by task kunit_try_catch/225 [ 22.331710] [ 22.332443] CPU: 1 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 22.332534] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.332565] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.332597] Call Trace: [ 22.332636] <TASK> [ 22.332663] dump_stack_lvl+0x73/0xb0 [ 22.332716] print_report+0xd1/0x650 [ 22.332751] ? __virt_addr_valid+0x1db/0x2d0 [ 22.332785] ? ksize_uaf+0x5fe/0x6c0 [ 22.332817] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.332891] ? ksize_uaf+0x5fe/0x6c0 [ 22.332927] kasan_report+0x141/0x180 [ 22.332963] ? ksize_uaf+0x5fe/0x6c0 [ 22.333008] __asan_report_load1_noabort+0x18/0x20 [ 22.333047] ksize_uaf+0x5fe/0x6c0 [ 22.333097] ? __pfx_ksize_uaf+0x10/0x10 [ 22.333134] ? __schedule+0x10cc/0x2b60 [ 22.333173] ? __pfx_read_tsc+0x10/0x10 [ 22.333203] ? ktime_get_ts64+0x86/0x230 [ 22.333226] kunit_try_run_case+0x1a5/0x480 [ 22.333247] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.333265] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.333283] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.333301] ? __kthread_parkme+0x82/0x180 [ 22.333318] ? preempt_count_sub+0x50/0x80 [ 22.333338] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.333357] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.333376] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.333415] kthread+0x337/0x6f0 [ 22.333431] ? trace_preempt_on+0x20/0xc0 [ 22.333450] ? __pfx_kthread+0x10/0x10 [ 22.333466] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.333483] ? calculate_sigpending+0x7b/0xa0 [ 22.333503] ? __pfx_kthread+0x10/0x10 [ 22.333520] ret_from_fork+0x116/0x1d0 [ 22.333535] ? __pfx_kthread+0x10/0x10 [ 22.333552] ret_from_fork_asm+0x1a/0x30 [ 22.333578] </TASK> [ 22.333589] [ 22.340697] Allocated by task 225: [ 22.341019] kasan_save_stack+0x45/0x70 [ 22.341320] kasan_save_track+0x18/0x40 [ 22.341607] kasan_save_alloc_info+0x3b/0x50 [ 22.341940] __kasan_kmalloc+0xb7/0xc0 [ 22.342238] __kmalloc_cache_noprof+0x189/0x420 [ 22.342576] ksize_uaf+0xaa/0x6c0 [ 22.342866] kunit_try_run_case+0x1a5/0x480 [ 22.343191] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.343574] kthread+0x337/0x6f0 [ 22.343741] ret_from_fork+0x116/0x1d0 [ 22.343992] ret_from_fork_asm+0x1a/0x30 [ 22.344150] [ 22.344247] Freed by task 225: [ 22.344496] kasan_save_stack+0x45/0x70 [ 22.344770] kasan_save_track+0x18/0x40 [ 22.345060] kasan_save_free_info+0x3f/0x60 [ 22.345339] __kasan_slab_free+0x56/0x70 [ 22.345550] kfree+0x222/0x3f0 [ 22.345682] ksize_uaf+0x12c/0x6c0 [ 22.345985] kunit_try_run_case+0x1a5/0x480 [ 22.346308] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.346486] kthread+0x337/0x6f0 [ 22.346613] ret_from_fork+0x116/0x1d0 [ 22.346753] ret_from_fork_asm+0x1a/0x30 [ 22.346930] [ 22.347016] The buggy address belongs to the object at ffff888102b4ee00 [ 22.347016] which belongs to the cache kmalloc-128 of size 128 [ 22.347346] The buggy address is located 0 bytes inside of [ 22.347346] freed 128-byte region [ffff888102b4ee00, ffff888102b4ee80) [ 22.348128] [ 22.348280] The buggy address belongs to the physical page: [ 22.348659] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b4e [ 22.349175] flags: 0x200000000000000(node=0|zone=2) [ 22.349541] page_type: f5(slab) [ 22.349802] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.350274] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.350770] page dumped because: kasan: bad access detected [ 22.350994] [ 22.351076] Memory state around the buggy address: [ 22.351238] ffff888102b4ed00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.351707] ffff888102b4ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.352196] >ffff888102b4ee00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.352669] ^ [ 22.352953] ffff888102b4ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.353170] ffff888102b4ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.353389] ==================================================================
Failure - log-parser-boot - bug-bug-kernel-null-pointer-dereference-address
[ 162.313120] BUG: kernel NULL pointer dereference, address: 0000000000000690 [ 162.207559] BUG: kernel NULL pointer dereference, address: 0000000000000690 [ 162.277025] BUG: kernel NULL pointer dereference, address: 0000000000000690 [ 162.242619] BUG: kernel NULL pointer dereference, address: 0000000000000690
Failure - log-parser-boot - oops-oops-general-protection-fault-probably-for-non-canonical-address-smp-kasan-pti
[ 162.072468] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#45] SMP KASAN PTI [ 119.859981] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI [ 160.902892] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#9] SMP KASAN PTI [ 161.810684] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#37] SMP KASAN PTI [ 162.003849] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#43] SMP KASAN PTI [ 162.475292] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#57] SMP KASAN PTI [ 161.549049] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#29] SMP KASAN PTI [ 161.480979] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#27] SMP KASAN PTI [ 162.412487] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#55] SMP KASAN PTI [ 160.745113] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#4] SMP KASAN PTI [ 162.169582] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#48] SMP KASAN PTI [ 161.743549] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#35] SMP KASAN PTI [ 160.775954] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#5] SMP KASAN PTI [ 161.939062] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#41] SMP KASAN PTI [ 161.646794] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#32] SMP KASAN PTI [ 161.318889] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#22] SMP KASAN PTI [ 162.352964] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#53] SMP KASAN PTI [ 161.516851] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#28] SMP KASAN PTI [ 161.417878] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#25] SMP KASAN PTI [ 161.582493] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#30] SMP KASAN PTI [ 162.381865] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#54] SMP KASAN PTI [ 161.063862] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#14] SMP KASAN PTI [ 162.038958] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#44] SMP KASAN PTI [ 160.716528] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#3] SMP KASAN PTI [ 161.193873] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#18] SMP KASAN PTI [ 161.842854] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#38] SMP KASAN PTI [ 161.258742] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#20] SMP KASAN PTI [ 161.033069] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#13] SMP KASAN PTI [ 161.128608] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#16] SMP KASAN PTI [ 161.384582] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#24] SMP KASAN PTI [ 160.808876] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#6] SMP KASAN PTI [ 160.872781] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#8] SMP KASAN PTI [ 161.005876] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#12] SMP KASAN PTI [ 161.286810] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#21] SMP KASAN PTI [ 162.506934] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#58] SMP KASAN PTI [ 161.679298] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#33] SMP KASAN PTI [ 159.856580] Oops: general protection fault, probably for non-canonical address 0xe0d8bc17000000d2: 0000 [#2] SMP KASAN PTI [ 161.352551] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#23] SMP KASAN PTI [ 161.225949] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#19] SMP KASAN PTI [ 161.907534] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#40] SMP KASAN PTI [ 160.937732] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#10] SMP KASAN PTI [ 160.972762] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#11] SMP KASAN PTI [ 161.778277] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#36] SMP KASAN PTI [ 161.096755] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#15] SMP KASAN PTI [ 162.104697] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#46] SMP KASAN PTI [ 162.540051] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#59] SMP KASAN PTI [ 162.444472] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#56] SMP KASAN PTI [ 161.615403] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#31] SMP KASAN PTI [ 161.875260] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#39] SMP KASAN PTI [ 162.137746] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#47] SMP KASAN PTI [ 160.840832] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#7] SMP KASAN PTI [ 161.970908] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#42] SMP KASAN PTI [ 161.450402] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#26] SMP KASAN PTI [ 161.710889] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#34] SMP KASAN PTI [ 161.162442] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#17] SMP KASAN PTI
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 60.269491] ================================================================== [ 60.269835] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0 [ 60.269835] [ 60.270242] Use-after-free read at 0x(____ptrval____) (in kfence-#163): [ 60.270474] test_krealloc+0x6fc/0xbe0 [ 60.270640] kunit_try_run_case+0x1a5/0x480 [ 60.270760] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 60.270905] kthread+0x337/0x6f0 [ 60.271044] ret_from_fork+0x116/0x1d0 [ 60.271215] ret_from_fork_asm+0x1a/0x30 [ 60.271443] [ 60.271542] kfence-#163: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 60.271542] [ 60.272041] allocated by task 366 on cpu 1 at 60.268573s (0.003464s ago): [ 60.272338] test_alloc+0x364/0x10f0 [ 60.272660] test_krealloc+0xad/0xbe0 [ 60.272978] kunit_try_run_case+0x1a5/0x480 [ 60.273322] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 60.273744] kthread+0x337/0x6f0 [ 60.274114] ret_from_fork+0x116/0x1d0 [ 60.274333] ret_from_fork_asm+0x1a/0x30 [ 60.274501] [ 60.274714] freed by task 366 on cpu 1 at 60.268856s (0.005852s ago): [ 60.275256] krealloc_noprof+0x108/0x340 [ 60.275577] test_krealloc+0x226/0xbe0 [ 60.275872] kunit_try_run_case+0x1a5/0x480 [ 60.276193] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 60.276479] kthread+0x337/0x6f0 [ 60.276621] ret_from_fork+0x116/0x1d0 [ 60.276897] ret_from_fork_asm+0x1a/0x30 [ 60.277097] [ 60.277275] CPU: 1 UID: 0 PID: 366 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 60.277793] Tainted: [B]=BAD_PAGE, [N]=TEST [ 60.278108] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 60.278482] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 60.170940] ================================================================== [ 60.171269] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 60.171269] [ 60.171599] Use-after-free read at 0x(____ptrval____) (in kfence-#162): [ 60.172014] test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 60.172387] kunit_try_run_case+0x1a5/0x480 [ 60.172591] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 60.173455] kthread+0x337/0x6f0 [ 60.173651] ret_from_fork+0x116/0x1d0 [ 60.173844] ret_from_fork_asm+0x1a/0x30 [ 60.174118] [ 60.174220] kfence-#162: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 60.174220] [ 60.174500] allocated by task 364 on cpu 0 at 60.164569s (0.009925s ago): [ 60.174880] test_alloc+0x2a6/0x10f0 [ 60.175047] test_memcache_typesafe_by_rcu+0x16f/0x670 [ 60.175330] kunit_try_run_case+0x1a5/0x480 [ 60.175501] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 60.175685] kthread+0x337/0x6f0 [ 60.175960] ret_from_fork+0x116/0x1d0 [ 60.176208] ret_from_fork_asm+0x1a/0x30 [ 60.176497] [ 60.176578] freed by task 364 on cpu 0 at 60.164756s (0.011818s ago): [ 60.176910] test_memcache_typesafe_by_rcu+0x1bf/0x670 [ 60.177223] kunit_try_run_case+0x1a5/0x480 [ 60.177490] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 60.177712] kthread+0x337/0x6f0 [ 60.177921] ret_from_fork+0x116/0x1d0 [ 60.178191] ret_from_fork_asm+0x1a/0x30 [ 60.178436] [ 60.178582] CPU: 0 UID: 0 PID: 364 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 60.179192] Tainted: [B]=BAD_PAGE, [N]=TEST [ 60.179396] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 60.179767] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 35.334885] ================================================================== [ 35.335505] BUG: KFENCE: invalid read in test_invalid_access+0xf0/0x210 [ 35.335505] [ 35.336204] Invalid read at 0x(____ptrval____): [ 35.337069] test_invalid_access+0xf0/0x210 [ 35.337329] kunit_try_run_case+0x1a5/0x480 [ 35.337511] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.337689] kthread+0x337/0x6f0 [ 35.337944] ret_from_fork+0x116/0x1d0 [ 35.338415] ret_from_fork_asm+0x1a/0x30 [ 35.339045] [ 35.339451] CPU: 0 UID: 0 PID: 360 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 35.339929] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.340131] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.340737] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 35.101109] ================================================================== [ 35.101364] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x24f/0x340 [ 35.101364] [ 35.101565] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#158): [ 35.101960] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 35.102204] kunit_try_run_case+0x1a5/0x480 [ 35.102542] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.102937] kthread+0x337/0x6f0 [ 35.103194] ret_from_fork+0x116/0x1d0 [ 35.103416] ret_from_fork_asm+0x1a/0x30 [ 35.103569] [ 35.103703] kfence-#158: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 35.103703] [ 35.104299] allocated by task 354 on cpu 1 at 35.100834s (0.003460s ago): [ 35.104601] test_alloc+0x364/0x10f0 [ 35.104761] test_kmalloc_aligned_oob_write+0xc8/0x340 [ 35.104971] kunit_try_run_case+0x1a5/0x480 [ 35.105132] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.105477] kthread+0x337/0x6f0 [ 35.105729] ret_from_fork+0x116/0x1d0 [ 35.106066] ret_from_fork_asm+0x1a/0x30 [ 35.106418] [ 35.106594] freed by task 354 on cpu 1 at 35.100973s (0.005601s ago): [ 35.107128] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 35.107389] kunit_try_run_case+0x1a5/0x480 [ 35.107659] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.107977] kthread+0x337/0x6f0 [ 35.108193] ret_from_fork+0x116/0x1d0 [ 35.108486] ret_from_fork_asm+0x1a/0x30 [ 35.108701] [ 35.108861] CPU: 1 UID: 0 PID: 354 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 35.109216] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.109354] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.109975] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 22.243958] ================================================================== [ 22.245133] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 22.245599] Read of size 1 at addr ffff888102b4ed78 by task kunit_try_catch/223 [ 22.245961] [ 22.246256] CPU: 1 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 22.246343] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.246365] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.246411] Call Trace: [ 22.246437] <TASK> [ 22.246461] dump_stack_lvl+0x73/0xb0 [ 22.246517] print_report+0xd1/0x650 [ 22.246558] ? __virt_addr_valid+0x1db/0x2d0 [ 22.246599] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 22.246630] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.246669] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 22.246707] kasan_report+0x141/0x180 [ 22.246743] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 22.246784] __asan_report_load1_noabort+0x18/0x20 [ 22.246818] ksize_unpoisons_memory+0x7e9/0x9b0 [ 22.246873] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 22.246907] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 22.246956] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 22.247008] kunit_try_run_case+0x1a5/0x480 [ 22.247035] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.247053] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.247074] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.247103] ? __kthread_parkme+0x82/0x180 [ 22.247127] ? preempt_count_sub+0x50/0x80 [ 22.247156] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.247185] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.247213] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.247241] kthread+0x337/0x6f0 [ 22.247261] ? trace_preempt_on+0x20/0xc0 [ 22.247279] ? __pfx_kthread+0x10/0x10 [ 22.247296] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.247313] ? calculate_sigpending+0x7b/0xa0 [ 22.247332] ? __pfx_kthread+0x10/0x10 [ 22.247350] ret_from_fork+0x116/0x1d0 [ 22.247365] ? __pfx_kthread+0x10/0x10 [ 22.247399] ret_from_fork_asm+0x1a/0x30 [ 22.247428] </TASK> [ 22.247438] [ 22.255972] Allocated by task 223: [ 22.256288] kasan_save_stack+0x45/0x70 [ 22.256586] kasan_save_track+0x18/0x40 [ 22.256975] kasan_save_alloc_info+0x3b/0x50 [ 22.257306] __kasan_kmalloc+0xb7/0xc0 [ 22.257522] __kmalloc_cache_noprof+0x189/0x420 [ 22.257731] ksize_unpoisons_memory+0xc7/0x9b0 [ 22.258176] kunit_try_run_case+0x1a5/0x480 [ 22.258396] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.258590] kthread+0x337/0x6f0 [ 22.258733] ret_from_fork+0x116/0x1d0 [ 22.258939] ret_from_fork_asm+0x1a/0x30 [ 22.259211] [ 22.259352] The buggy address belongs to the object at ffff888102b4ed00 [ 22.259352] which belongs to the cache kmalloc-128 of size 128 [ 22.259948] The buggy address is located 5 bytes to the right of [ 22.259948] allocated 115-byte region [ffff888102b4ed00, ffff888102b4ed73) [ 22.260807] [ 22.260925] The buggy address belongs to the physical page: [ 22.261197] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b4e [ 22.262301] flags: 0x200000000000000(node=0|zone=2) [ 22.262702] page_type: f5(slab) [ 22.262858] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.263292] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.263611] page dumped because: kasan: bad access detected [ 22.264023] [ 22.264255] Memory state around the buggy address: [ 22.264441] ffff888102b4ec00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.264661] ffff888102b4ec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.264891] >ffff888102b4ed00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.265320] ^ [ 22.266115] ffff888102b4ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.266603] ffff888102b4ee00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.266955] ================================================================== [ 22.213526] ================================================================== [ 22.214403] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 22.214871] Read of size 1 at addr ffff888102b4ed73 by task kunit_try_catch/223 [ 22.215476] [ 22.215618] CPU: 1 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 22.215699] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.215720] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.215755] Call Trace: [ 22.215781] <TASK> [ 22.215808] dump_stack_lvl+0x73/0xb0 [ 22.215859] print_report+0xd1/0x650 [ 22.215897] ? __virt_addr_valid+0x1db/0x2d0 [ 22.215930] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 22.215951] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.215972] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 22.215991] kasan_report+0x141/0x180 [ 22.216009] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 22.216031] __asan_report_load1_noabort+0x18/0x20 [ 22.216057] ksize_unpoisons_memory+0x81c/0x9b0 [ 22.216432] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 22.216480] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 22.216522] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 22.216559] kunit_try_run_case+0x1a5/0x480 [ 22.216593] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.216623] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.216653] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.216683] ? __kthread_parkme+0x82/0x180 [ 22.216710] ? preempt_count_sub+0x50/0x80 [ 22.216742] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.216767] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.216787] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.216806] kthread+0x337/0x6f0 [ 22.216821] ? trace_preempt_on+0x20/0xc0 [ 22.216871] ? __pfx_kthread+0x10/0x10 [ 22.216894] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.216912] ? calculate_sigpending+0x7b/0xa0 [ 22.216932] ? __pfx_kthread+0x10/0x10 [ 22.216950] ret_from_fork+0x116/0x1d0 [ 22.216966] ? __pfx_kthread+0x10/0x10 [ 22.216983] ret_from_fork_asm+0x1a/0x30 [ 22.217009] </TASK> [ 22.217021] [ 22.229824] Allocated by task 223: [ 22.229996] kasan_save_stack+0x45/0x70 [ 22.230154] kasan_save_track+0x18/0x40 [ 22.230447] kasan_save_alloc_info+0x3b/0x50 [ 22.230621] __kasan_kmalloc+0xb7/0xc0 [ 22.231205] __kmalloc_cache_noprof+0x189/0x420 [ 22.231723] ksize_unpoisons_memory+0xc7/0x9b0 [ 22.232193] kunit_try_run_case+0x1a5/0x480 [ 22.232428] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.232675] kthread+0x337/0x6f0 [ 22.232821] ret_from_fork+0x116/0x1d0 [ 22.232994] ret_from_fork_asm+0x1a/0x30 [ 22.233507] [ 22.233728] The buggy address belongs to the object at ffff888102b4ed00 [ 22.233728] which belongs to the cache kmalloc-128 of size 128 [ 22.234701] The buggy address is located 0 bytes to the right of [ 22.234701] allocated 115-byte region [ffff888102b4ed00, ffff888102b4ed73) [ 22.235422] [ 22.235588] The buggy address belongs to the physical page: [ 22.236361] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b4e [ 22.236758] flags: 0x200000000000000(node=0|zone=2) [ 22.237560] page_type: f5(slab) [ 22.237865] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.238569] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.239184] page dumped because: kasan: bad access detected [ 22.239612] [ 22.239697] Memory state around the buggy address: [ 22.240280] ffff888102b4ec00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.240630] ffff888102b4ec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.241324] >ffff888102b4ed00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.241533] ^ [ 22.242184] ffff888102b4ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.242698] ffff888102b4ee00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.243184] ================================================================== [ 22.267510] ================================================================== [ 22.267841] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 22.268478] Read of size 1 at addr ffff888102b4ed7f by task kunit_try_catch/223 [ 22.268785] [ 22.268955] CPU: 1 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 22.269027] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.269048] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.269077] Call Trace: [ 22.269100] <TASK> [ 22.269123] dump_stack_lvl+0x73/0xb0 [ 22.269175] print_report+0xd1/0x650 [ 22.269213] ? __virt_addr_valid+0x1db/0x2d0 [ 22.269250] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 22.269289] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.269512] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 22.269574] kasan_report+0x141/0x180 [ 22.269617] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 22.269667] __asan_report_load1_noabort+0x18/0x20 [ 22.269708] ksize_unpoisons_memory+0x7b6/0x9b0 [ 22.269750] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 22.269788] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 22.269838] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 22.269883] kunit_try_run_case+0x1a5/0x480 [ 22.269925] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.269960] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.269991] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.270058] ? __kthread_parkme+0x82/0x180 [ 22.270207] ? preempt_count_sub+0x50/0x80 [ 22.270254] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.270297] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.270340] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.270392] kthread+0x337/0x6f0 [ 22.270427] ? trace_preempt_on+0x20/0xc0 [ 22.270465] ? __pfx_kthread+0x10/0x10 [ 22.270501] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.270538] ? calculate_sigpending+0x7b/0xa0 [ 22.270578] ? __pfx_kthread+0x10/0x10 [ 22.270616] ret_from_fork+0x116/0x1d0 [ 22.270649] ? __pfx_kthread+0x10/0x10 [ 22.270685] ret_from_fork_asm+0x1a/0x30 [ 22.270741] </TASK> [ 22.270763] [ 22.284001] Allocated by task 223: [ 22.284808] kasan_save_stack+0x45/0x70 [ 22.285003] kasan_save_track+0x18/0x40 [ 22.285132] kasan_save_alloc_info+0x3b/0x50 [ 22.285402] __kasan_kmalloc+0xb7/0xc0 [ 22.286237] __kmalloc_cache_noprof+0x189/0x420 [ 22.286455] ksize_unpoisons_memory+0xc7/0x9b0 [ 22.287033] kunit_try_run_case+0x1a5/0x480 [ 22.287412] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.287751] kthread+0x337/0x6f0 [ 22.288296] ret_from_fork+0x116/0x1d0 [ 22.288610] ret_from_fork_asm+0x1a/0x30 [ 22.289044] [ 22.289205] The buggy address belongs to the object at ffff888102b4ed00 [ 22.289205] which belongs to the cache kmalloc-128 of size 128 [ 22.289991] The buggy address is located 12 bytes to the right of [ 22.289991] allocated 115-byte region [ffff888102b4ed00, ffff888102b4ed73) [ 22.291347] [ 22.291788] The buggy address belongs to the physical page: [ 22.291991] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b4e [ 22.292845] flags: 0x200000000000000(node=0|zone=2) [ 22.293137] page_type: f5(slab) [ 22.293372] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.293714] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.294769] page dumped because: kasan: bad access detected [ 22.295176] [ 22.295273] Memory state around the buggy address: [ 22.295460] ffff888102b4ec00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.296019] ffff888102b4ec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.296596] >ffff888102b4ed00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.297117] ^ [ 22.297513] ffff888102b4ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.297906] ffff888102b4ee00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.298249] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-kfree_sensitive
[ 22.173975] ================================================================== [ 22.174816] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 22.175848] Free of addr ffff888101bb7f80 by task kunit_try_catch/221 [ 22.176197] [ 22.176331] CPU: 1 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 22.176423] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.176539] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.176574] Call Trace: [ 22.176598] <TASK> [ 22.176623] dump_stack_lvl+0x73/0xb0 [ 22.176799] print_report+0xd1/0x650 [ 22.176844] ? __virt_addr_valid+0x1db/0x2d0 [ 22.176878] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.176913] ? kfree_sensitive+0x2e/0x90 [ 22.176951] kasan_report_invalid_free+0x10a/0x130 [ 22.177005] ? kfree_sensitive+0x2e/0x90 [ 22.177047] ? kfree_sensitive+0x2e/0x90 [ 22.177093] check_slab_allocation+0x101/0x130 [ 22.177126] __kasan_slab_pre_free+0x28/0x40 [ 22.177158] kfree+0xf0/0x3f0 [ 22.177192] ? kfree_sensitive+0x2e/0x90 [ 22.177228] kfree_sensitive+0x2e/0x90 [ 22.177263] kmalloc_double_kzfree+0x19c/0x350 [ 22.177300] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 22.177466] ? __schedule+0x10cc/0x2b60 [ 22.177489] ? __pfx_read_tsc+0x10/0x10 [ 22.177508] ? ktime_get_ts64+0x86/0x230 [ 22.177529] kunit_try_run_case+0x1a5/0x480 [ 22.177550] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.177568] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.177586] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.177604] ? __kthread_parkme+0x82/0x180 [ 22.177621] ? preempt_count_sub+0x50/0x80 [ 22.177640] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.177659] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.177678] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.177698] kthread+0x337/0x6f0 [ 22.177713] ? trace_preempt_on+0x20/0xc0 [ 22.177732] ? __pfx_kthread+0x10/0x10 [ 22.177749] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.177766] ? calculate_sigpending+0x7b/0xa0 [ 22.177785] ? __pfx_kthread+0x10/0x10 [ 22.177802] ret_from_fork+0x116/0x1d0 [ 22.177818] ? __pfx_kthread+0x10/0x10 [ 22.177839] ret_from_fork_asm+0x1a/0x30 [ 22.177871] </TASK> [ 22.177882] [ 22.188092] Allocated by task 221: [ 22.188412] kasan_save_stack+0x45/0x70 [ 22.188855] kasan_save_track+0x18/0x40 [ 22.189254] kasan_save_alloc_info+0x3b/0x50 [ 22.189863] __kasan_kmalloc+0xb7/0xc0 [ 22.190170] __kmalloc_cache_noprof+0x189/0x420 [ 22.190547] kmalloc_double_kzfree+0xa9/0x350 [ 22.190740] kunit_try_run_case+0x1a5/0x480 [ 22.191291] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.191829] kthread+0x337/0x6f0 [ 22.192069] ret_from_fork+0x116/0x1d0 [ 22.192331] ret_from_fork_asm+0x1a/0x30 [ 22.192698] [ 22.192855] Freed by task 221: [ 22.193184] kasan_save_stack+0x45/0x70 [ 22.193874] kasan_save_track+0x18/0x40 [ 22.194129] kasan_save_free_info+0x3f/0x60 [ 22.194651] __kasan_slab_free+0x56/0x70 [ 22.195240] kfree+0x222/0x3f0 [ 22.195405] kfree_sensitive+0x67/0x90 [ 22.195552] kmalloc_double_kzfree+0x12b/0x350 [ 22.195829] kunit_try_run_case+0x1a5/0x480 [ 22.196194] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.197404] kthread+0x337/0x6f0 [ 22.197868] ret_from_fork+0x116/0x1d0 [ 22.198425] ret_from_fork_asm+0x1a/0x30 [ 22.199007] [ 22.199078] The buggy address belongs to the object at ffff888101bb7f80 [ 22.199078] which belongs to the cache kmalloc-16 of size 16 [ 22.199750] The buggy address is located 0 bytes inside of [ 22.199750] 16-byte region [ffff888101bb7f80, ffff888101bb7f90) [ 22.200852] [ 22.200985] The buggy address belongs to the physical page: [ 22.201173] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101bb7 [ 22.201998] flags: 0x200000000000000(node=0|zone=2) [ 22.202216] page_type: f5(slab) [ 22.202618] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 22.203314] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 22.203691] page dumped because: kasan: bad access detected [ 22.204019] [ 22.204098] Memory state around the buggy address: [ 22.204420] ffff888101bb7e80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 22.204701] ffff888101bb7f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 22.205857] >ffff888101bb7f80: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.206331] ^ [ 22.206504] ffff888101bb8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.207057] ffff888101bb8080: 00 fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 22.207638] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 22.138801] ================================================================== [ 22.139531] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350 [ 22.139784] Read of size 1 at addr ffff888101bb7f80 by task kunit_try_catch/221 [ 22.140266] [ 22.140400] CPU: 1 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 22.140481] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.140504] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.140534] Call Trace: [ 22.140558] <TASK> [ 22.140584] dump_stack_lvl+0x73/0xb0 [ 22.140635] print_report+0xd1/0x650 [ 22.140666] ? __virt_addr_valid+0x1db/0x2d0 [ 22.140698] ? kmalloc_double_kzfree+0x19c/0x350 [ 22.140729] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.140769] ? kmalloc_double_kzfree+0x19c/0x350 [ 22.140804] kasan_report+0x141/0x180 [ 22.140837] ? kmalloc_double_kzfree+0x19c/0x350 [ 22.140874] ? kmalloc_double_kzfree+0x19c/0x350 [ 22.140908] __kasan_check_byte+0x3d/0x50 [ 22.140944] kfree_sensitive+0x22/0x90 [ 22.140987] kmalloc_double_kzfree+0x19c/0x350 [ 22.141026] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 22.141064] ? __schedule+0x10cc/0x2b60 [ 22.141096] ? __pfx_read_tsc+0x10/0x10 [ 22.141129] ? ktime_get_ts64+0x86/0x230 [ 22.141168] kunit_try_run_case+0x1a5/0x480 [ 22.141203] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.141238] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.141272] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.141310] ? __kthread_parkme+0x82/0x180 [ 22.141341] ? preempt_count_sub+0x50/0x80 [ 22.141644] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.141721] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.141750] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.141772] kthread+0x337/0x6f0 [ 22.141789] ? trace_preempt_on+0x20/0xc0 [ 22.141809] ? __pfx_kthread+0x10/0x10 [ 22.141826] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.141852] ? calculate_sigpending+0x7b/0xa0 [ 22.141879] ? __pfx_kthread+0x10/0x10 [ 22.141902] ret_from_fork+0x116/0x1d0 [ 22.141924] ? __pfx_kthread+0x10/0x10 [ 22.141941] ret_from_fork_asm+0x1a/0x30 [ 22.141967] </TASK> [ 22.141978] [ 22.155445] Allocated by task 221: [ 22.155700] kasan_save_stack+0x45/0x70 [ 22.156422] kasan_save_track+0x18/0x40 [ 22.156699] kasan_save_alloc_info+0x3b/0x50 [ 22.156851] __kasan_kmalloc+0xb7/0xc0 [ 22.157126] __kmalloc_cache_noprof+0x189/0x420 [ 22.157336] kmalloc_double_kzfree+0xa9/0x350 [ 22.157557] kunit_try_run_case+0x1a5/0x480 [ 22.157703] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.158455] kthread+0x337/0x6f0 [ 22.158615] ret_from_fork+0x116/0x1d0 [ 22.159296] ret_from_fork_asm+0x1a/0x30 [ 22.159480] [ 22.159953] Freed by task 221: [ 22.160077] kasan_save_stack+0x45/0x70 [ 22.160220] kasan_save_track+0x18/0x40 [ 22.160740] kasan_save_free_info+0x3f/0x60 [ 22.161024] __kasan_slab_free+0x56/0x70 [ 22.161722] kfree+0x222/0x3f0 [ 22.161926] kfree_sensitive+0x67/0x90 [ 22.162069] kmalloc_double_kzfree+0x12b/0x350 [ 22.162801] kunit_try_run_case+0x1a5/0x480 [ 22.163001] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.163424] kthread+0x337/0x6f0 [ 22.163610] ret_from_fork+0x116/0x1d0 [ 22.163734] ret_from_fork_asm+0x1a/0x30 [ 22.164596] [ 22.164704] The buggy address belongs to the object at ffff888101bb7f80 [ 22.164704] which belongs to the cache kmalloc-16 of size 16 [ 22.165050] The buggy address is located 0 bytes inside of [ 22.165050] freed 16-byte region [ffff888101bb7f80, ffff888101bb7f90) [ 22.166341] [ 22.167028] The buggy address belongs to the physical page: [ 22.167452] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101bb7 [ 22.167951] flags: 0x200000000000000(node=0|zone=2) [ 22.168071] page_type: f5(slab) [ 22.168518] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 22.169028] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 22.169506] page dumped because: kasan: bad access detected [ 22.169682] [ 22.169868] Memory state around the buggy address: [ 22.170238] ffff888101bb7e80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 22.170610] ffff888101bb7f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 22.171460] >ffff888101bb7f80: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.171683] ^ [ 22.171855] ffff888101bb8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.172692] ffff888101bb8080: 00 fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 22.173268] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 22.104829] ================================================================== [ 22.105300] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x4a8/0x520 [ 22.105554] Read of size 1 at addr ffff8881023b5ca8 by task kunit_try_catch/217 [ 22.105952] [ 22.106081] CPU: 0 UID: 0 PID: 217 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 22.106164] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.106190] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.106225] Call Trace: [ 22.106360] <TASK> [ 22.106411] dump_stack_lvl+0x73/0xb0 [ 22.106471] print_report+0xd1/0x650 [ 22.106507] ? __virt_addr_valid+0x1db/0x2d0 [ 22.106542] ? kmalloc_uaf2+0x4a8/0x520 [ 22.106574] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.106613] ? kmalloc_uaf2+0x4a8/0x520 [ 22.106648] kasan_report+0x141/0x180 [ 22.106686] ? kmalloc_uaf2+0x4a8/0x520 [ 22.106728] __asan_report_load1_noabort+0x18/0x20 [ 22.106769] kmalloc_uaf2+0x4a8/0x520 [ 22.106807] ? __pfx_kmalloc_uaf2+0x10/0x10 [ 22.106841] ? finish_task_switch.isra.0+0x153/0x700 [ 22.106881] ? __switch_to+0x47/0xf50 [ 22.106925] ? __schedule+0x10cc/0x2b60 [ 22.106957] ? __pfx_read_tsc+0x10/0x10 [ 22.106990] ? ktime_get_ts64+0x86/0x230 [ 22.107028] kunit_try_run_case+0x1a5/0x480 [ 22.107070] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.107113] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.107148] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.107182] ? __kthread_parkme+0x82/0x180 [ 22.107216] ? preempt_count_sub+0x50/0x80 [ 22.107254] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.107290] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.107323] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.107358] kthread+0x337/0x6f0 [ 22.107404] ? trace_preempt_on+0x20/0xc0 [ 22.107445] ? __pfx_kthread+0x10/0x10 [ 22.107481] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.107517] ? calculate_sigpending+0x7b/0xa0 [ 22.107558] ? __pfx_kthread+0x10/0x10 [ 22.107584] ret_from_fork+0x116/0x1d0 [ 22.107600] ? __pfx_kthread+0x10/0x10 [ 22.107618] ret_from_fork_asm+0x1a/0x30 [ 22.107645] </TASK> [ 22.107656] [ 22.115862] Allocated by task 217: [ 22.116012] kasan_save_stack+0x45/0x70 [ 22.116169] kasan_save_track+0x18/0x40 [ 22.116312] kasan_save_alloc_info+0x3b/0x50 [ 22.117045] __kasan_kmalloc+0xb7/0xc0 [ 22.117487] __kmalloc_cache_noprof+0x189/0x420 [ 22.117820] kmalloc_uaf2+0xc6/0x520 [ 22.118096] kunit_try_run_case+0x1a5/0x480 [ 22.118409] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.118773] kthread+0x337/0x6f0 [ 22.119072] ret_from_fork+0x116/0x1d0 [ 22.119338] ret_from_fork_asm+0x1a/0x30 [ 22.119637] [ 22.119760] Freed by task 217: [ 22.120058] kasan_save_stack+0x45/0x70 [ 22.120339] kasan_save_track+0x18/0x40 [ 22.120497] kasan_save_free_info+0x3f/0x60 [ 22.120653] __kasan_slab_free+0x56/0x70 [ 22.120929] kfree+0x222/0x3f0 [ 22.121139] kmalloc_uaf2+0x14c/0x520 [ 22.121408] kunit_try_run_case+0x1a5/0x480 [ 22.121679] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.122148] kthread+0x337/0x6f0 [ 22.122361] ret_from_fork+0x116/0x1d0 [ 22.122628] ret_from_fork_asm+0x1a/0x30 [ 22.122948] [ 22.123053] The buggy address belongs to the object at ffff8881023b5c80 [ 22.123053] which belongs to the cache kmalloc-64 of size 64 [ 22.123371] The buggy address is located 40 bytes inside of [ 22.123371] freed 64-byte region [ffff8881023b5c80, ffff8881023b5cc0) [ 22.123710] [ 22.123797] The buggy address belongs to the physical page: [ 22.123965] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1023b5 [ 22.124200] flags: 0x200000000000000(node=0|zone=2) [ 22.124373] page_type: f5(slab) [ 22.124619] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 22.125238] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.125727] page dumped because: kasan: bad access detected [ 22.126306] [ 22.126479] Memory state around the buggy address: [ 22.126847] ffff8881023b5b80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.127472] ffff8881023b5c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.127787] >ffff8881023b5c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.128687] ^ [ 22.129857] ffff8881023b5d00: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 22.131051] ffff8881023b5d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.131352] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 22.070659] ================================================================== [ 22.071056] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x1a3/0x360 [ 22.071501] Write of size 33 at addr ffff888102c0a000 by task kunit_try_catch/215 [ 22.071892] [ 22.072005] CPU: 1 UID: 0 PID: 215 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 22.072119] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.072138] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.072164] Call Trace: [ 22.072184] <TASK> [ 22.072207] dump_stack_lvl+0x73/0xb0 [ 22.072252] print_report+0xd1/0x650 [ 22.072287] ? __virt_addr_valid+0x1db/0x2d0 [ 22.072325] ? kmalloc_uaf_memset+0x1a3/0x360 [ 22.072357] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.072413] ? kmalloc_uaf_memset+0x1a3/0x360 [ 22.072449] kasan_report+0x141/0x180 [ 22.072487] ? kmalloc_uaf_memset+0x1a3/0x360 [ 22.072526] kasan_check_range+0x10c/0x1c0 [ 22.072556] __asan_memset+0x27/0x50 [ 22.072587] kmalloc_uaf_memset+0x1a3/0x360 [ 22.072619] ? __pfx_kmalloc_uaf_memset+0x10/0x10 [ 22.072654] ? __schedule+0x10cc/0x2b60 [ 22.072692] ? __pfx_read_tsc+0x10/0x10 [ 22.072727] ? ktime_get_ts64+0x86/0x230 [ 22.072771] kunit_try_run_case+0x1a5/0x480 [ 22.072801] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.072819] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.073058] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.073117] ? __kthread_parkme+0x82/0x180 [ 22.073185] ? preempt_count_sub+0x50/0x80 [ 22.073550] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.073596] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.073640] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.073680] kthread+0x337/0x6f0 [ 22.073701] ? trace_preempt_on+0x20/0xc0 [ 22.073721] ? __pfx_kthread+0x10/0x10 [ 22.073738] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.073756] ? calculate_sigpending+0x7b/0xa0 [ 22.073775] ? __pfx_kthread+0x10/0x10 [ 22.073794] ret_from_fork+0x116/0x1d0 [ 22.073810] ? __pfx_kthread+0x10/0x10 [ 22.073827] ret_from_fork_asm+0x1a/0x30 [ 22.073864] </TASK> [ 22.073875] [ 22.084734] Allocated by task 215: [ 22.085057] kasan_save_stack+0x45/0x70 [ 22.085540] kasan_save_track+0x18/0x40 [ 22.085824] kasan_save_alloc_info+0x3b/0x50 [ 22.086420] __kasan_kmalloc+0xb7/0xc0 [ 22.086791] __kmalloc_cache_noprof+0x189/0x420 [ 22.087293] kmalloc_uaf_memset+0xa9/0x360 [ 22.087447] kunit_try_run_case+0x1a5/0x480 [ 22.087761] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.088340] kthread+0x337/0x6f0 [ 22.088504] ret_from_fork+0x116/0x1d0 [ 22.088818] ret_from_fork_asm+0x1a/0x30 [ 22.089159] [ 22.089247] Freed by task 215: [ 22.089409] kasan_save_stack+0x45/0x70 [ 22.089677] kasan_save_track+0x18/0x40 [ 22.089956] kasan_save_free_info+0x3f/0x60 [ 22.090282] __kasan_slab_free+0x56/0x70 [ 22.090575] kfree+0x222/0x3f0 [ 22.090793] kmalloc_uaf_memset+0x12b/0x360 [ 22.091092] kunit_try_run_case+0x1a5/0x480 [ 22.091343] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.091714] kthread+0x337/0x6f0 [ 22.091887] ret_from_fork+0x116/0x1d0 [ 22.092031] ret_from_fork_asm+0x1a/0x30 [ 22.092355] [ 22.092511] The buggy address belongs to the object at ffff888102c0a000 [ 22.092511] which belongs to the cache kmalloc-64 of size 64 [ 22.093446] The buggy address is located 0 bytes inside of [ 22.093446] freed 64-byte region [ffff888102c0a000, ffff888102c0a040) [ 22.094335] [ 22.094469] The buggy address belongs to the physical page: [ 22.094663] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c0a [ 22.094952] flags: 0x200000000000000(node=0|zone=2) [ 22.095310] page_type: f5(slab) [ 22.095576] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 22.096395] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.096920] page dumped because: kasan: bad access detected [ 22.097588] [ 22.097710] Memory state around the buggy address: [ 22.097899] ffff888102c09f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.098826] ffff888102c09f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.099268] >ffff888102c0a000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.099572] ^ [ 22.099697] ffff888102c0a080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.100259] ffff888102c0a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.100560] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 34.996686] ================================================================== [ 34.997075] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x27e/0x560 [ 34.997075] [ 34.997430] Out-of-bounds read at 0x(____ptrval____) (105B right of kfence-#157): [ 34.997652] test_kmalloc_aligned_oob_read+0x27e/0x560 [ 34.997972] kunit_try_run_case+0x1a5/0x480 [ 34.998275] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.998571] kthread+0x337/0x6f0 [ 34.998682] ret_from_fork+0x116/0x1d0 [ 34.998796] ret_from_fork_asm+0x1a/0x30 [ 34.998966] [ 34.999114] kfence-#157: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 34.999114] [ 34.999588] allocated by task 352 on cpu 0 at 34.996411s (0.003173s ago): [ 34.999835] test_alloc+0x364/0x10f0 [ 34.999977] test_kmalloc_aligned_oob_read+0x105/0x560 [ 35.000147] kunit_try_run_case+0x1a5/0x480 [ 35.000460] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.000800] kthread+0x337/0x6f0 [ 35.001093] ret_from_fork+0x116/0x1d0 [ 35.001346] ret_from_fork_asm+0x1a/0x30 [ 35.001654] [ 35.001823] CPU: 0 UID: 0 PID: 352 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 35.002290] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.002567] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.002850] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-test_corruption
[ 28.964658] ================================================================== [ 28.965087] BUG: KFENCE: memory corruption in test_corruption+0x2d2/0x3e0 [ 28.965087] [ 28.965358] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#99): [ 28.966368] test_corruption+0x2d2/0x3e0 [ 28.966705] kunit_try_run_case+0x1a5/0x480 [ 28.967091] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.967287] kthread+0x337/0x6f0 [ 28.967523] ret_from_fork+0x116/0x1d0 [ 28.967780] ret_from_fork_asm+0x1a/0x30 [ 28.968032] [ 28.968116] kfence-#99: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 28.968116] [ 28.968431] allocated by task 340 on cpu 1 at 28.964391s (0.004035s ago): [ 28.968684] test_alloc+0x364/0x10f0 [ 28.968938] test_corruption+0xe6/0x3e0 [ 28.969211] kunit_try_run_case+0x1a5/0x480 [ 28.969495] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.969850] kthread+0x337/0x6f0 [ 28.970038] ret_from_fork+0x116/0x1d0 [ 28.970287] ret_from_fork_asm+0x1a/0x30 [ 28.970464] [ 28.970611] freed by task 340 on cpu 1 at 28.964484s (0.006122s ago): [ 28.971098] test_corruption+0x2d2/0x3e0 [ 28.971319] kunit_try_run_case+0x1a5/0x480 [ 28.971530] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.971853] kthread+0x337/0x6f0 [ 28.972100] ret_from_fork+0x116/0x1d0 [ 28.972244] ret_from_fork_asm+0x1a/0x30 [ 28.972519] [ 28.972651] CPU: 1 UID: 0 PID: 340 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 28.973425] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.973606] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.973869] ================================================================== [ 29.796730] ================================================================== [ 29.797102] BUG: KFENCE: memory corruption in test_corruption+0x2df/0x3e0 [ 29.797102] [ 29.797324] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#107): [ 29.797839] test_corruption+0x2df/0x3e0 [ 29.798223] kunit_try_run_case+0x1a5/0x480 [ 29.798522] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.798773] kthread+0x337/0x6f0 [ 29.798902] ret_from_fork+0x116/0x1d0 [ 29.799038] ret_from_fork_asm+0x1a/0x30 [ 29.799313] [ 29.799480] kfence-#107: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 29.799480] [ 29.800127] allocated by task 340 on cpu 1 at 29.796406s (0.003716s ago): [ 29.800475] test_alloc+0x364/0x10f0 [ 29.800621] test_corruption+0x1cb/0x3e0 [ 29.800773] kunit_try_run_case+0x1a5/0x480 [ 29.801069] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.801436] kthread+0x337/0x6f0 [ 29.801687] ret_from_fork+0x116/0x1d0 [ 29.802018] ret_from_fork_asm+0x1a/0x30 [ 29.802231] [ 29.802309] freed by task 340 on cpu 1 at 29.796524s (0.005781s ago): [ 29.802726] test_corruption+0x2df/0x3e0 [ 29.802881] kunit_try_run_case+0x1a5/0x480 [ 29.803037] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.803429] kthread+0x337/0x6f0 [ 29.803667] ret_from_fork+0x116/0x1d0 [ 29.803948] ret_from_fork_asm+0x1a/0x30 [ 29.804217] [ 29.804413] CPU: 1 UID: 0 PID: 340 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 29.804768] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.805034] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.805539] ================================================================== [ 30.420501] ================================================================== [ 30.420844] BUG: KFENCE: memory corruption in test_corruption+0x216/0x3e0 [ 30.420844] [ 30.421123] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#113): [ 30.421701] test_corruption+0x216/0x3e0 [ 30.421941] kunit_try_run_case+0x1a5/0x480 [ 30.422169] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.422526] kthread+0x337/0x6f0 [ 30.422774] ret_from_fork+0x116/0x1d0 [ 30.422947] ret_from_fork_asm+0x1a/0x30 [ 30.423099] [ 30.423187] kfence-#113: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 30.423187] [ 30.423917] allocated by task 342 on cpu 0 at 30.420366s (0.003547s ago): [ 30.424167] test_alloc+0x2a6/0x10f0 [ 30.424317] test_corruption+0x1cb/0x3e0 [ 30.424530] kunit_try_run_case+0x1a5/0x480 [ 30.424822] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.425248] kthread+0x337/0x6f0 [ 30.425511] ret_from_fork+0x116/0x1d0 [ 30.425733] ret_from_fork_asm+0x1a/0x30 [ 30.425996] [ 30.426150] freed by task 342 on cpu 0 at 30.420429s (0.005715s ago): [ 30.426456] test_corruption+0x216/0x3e0 [ 30.426629] kunit_try_run_case+0x1a5/0x480 [ 30.426951] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.427298] kthread+0x337/0x6f0 [ 30.427526] ret_from_fork+0x116/0x1d0 [ 30.427678] ret_from_fork_asm+0x1a/0x30 [ 30.427826] [ 30.427950] CPU: 0 UID: 0 PID: 342 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 30.428298] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.428622] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.429206] ================================================================== [ 30.108553] ================================================================== [ 30.108848] BUG: KFENCE: memory corruption in test_corruption+0x131/0x3e0 [ 30.108848] [ 30.109031] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#110): [ 30.110672] test_corruption+0x131/0x3e0 [ 30.111092] kunit_try_run_case+0x1a5/0x480 [ 30.111551] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.111807] kthread+0x337/0x6f0 [ 30.112146] ret_from_fork+0x116/0x1d0 [ 30.112616] ret_from_fork_asm+0x1a/0x30 [ 30.112826] [ 30.113153] kfence-#110: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 30.113153] [ 30.113694] allocated by task 342 on cpu 0 at 30.108397s (0.005291s ago): [ 30.114090] test_alloc+0x2a6/0x10f0 [ 30.114630] test_corruption+0xe6/0x3e0 [ 30.115051] kunit_try_run_case+0x1a5/0x480 [ 30.115297] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.115541] kthread+0x337/0x6f0 [ 30.115699] ret_from_fork+0x116/0x1d0 [ 30.116589] ret_from_fork_asm+0x1a/0x30 [ 30.116841] [ 30.117059] freed by task 342 on cpu 0 at 30.108455s (0.008599s ago): [ 30.117635] test_corruption+0x131/0x3e0 [ 30.117829] kunit_try_run_case+0x1a5/0x480 [ 30.118040] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.118312] kthread+0x337/0x6f0 [ 30.118505] ret_from_fork+0x116/0x1d0 [ 30.118698] ret_from_fork_asm+0x1a/0x30 [ 30.119492] [ 30.119731] CPU: 0 UID: 0 PID: 342 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 30.120585] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.120778] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.121145] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 28.756596] ================================================================== [ 28.756988] BUG: KFENCE: invalid free in test_invalid_addr_free+0xfb/0x260 [ 28.756988] [ 28.757355] Invalid free of 0x(____ptrval____) (in kfence-#97): [ 28.758338] test_invalid_addr_free+0xfb/0x260 [ 28.758587] kunit_try_run_case+0x1a5/0x480 [ 28.758890] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.759138] kthread+0x337/0x6f0 [ 28.759281] ret_from_fork+0x116/0x1d0 [ 28.759495] ret_from_fork_asm+0x1a/0x30 [ 28.759756] [ 28.759843] kfence-#97: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 28.759843] [ 28.760316] allocated by task 338 on cpu 0 at 28.756451s (0.003860s ago): [ 28.760794] test_alloc+0x2a6/0x10f0 [ 28.761124] test_invalid_addr_free+0xdb/0x260 [ 28.761342] kunit_try_run_case+0x1a5/0x480 [ 28.761669] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.761931] kthread+0x337/0x6f0 [ 28.762196] ret_from_fork+0x116/0x1d0 [ 28.762417] ret_from_fork_asm+0x1a/0x30 [ 28.762675] [ 28.762868] CPU: 0 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 28.763511] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.763678] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.763958] ================================================================== [ 28.652548] ================================================================== [ 28.652877] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1e1/0x260 [ 28.652877] [ 28.653370] Invalid free of 0x(____ptrval____) (in kfence-#96): [ 28.653671] test_invalid_addr_free+0x1e1/0x260 [ 28.654029] kunit_try_run_case+0x1a5/0x480 [ 28.654339] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.654634] kthread+0x337/0x6f0 [ 28.654800] ret_from_fork+0x116/0x1d0 [ 28.655071] ret_from_fork_asm+0x1a/0x30 [ 28.655434] [ 28.655544] kfence-#96: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 28.655544] [ 28.655859] allocated by task 336 on cpu 1 at 28.652401s (0.003454s ago): [ 28.656304] test_alloc+0x364/0x10f0 [ 28.656690] test_invalid_addr_free+0xdb/0x260 [ 28.656924] kunit_try_run_case+0x1a5/0x480 [ 28.657211] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.657477] kthread+0x337/0x6f0 [ 28.657715] ret_from_fork+0x116/0x1d0 [ 28.658071] ret_from_fork_asm+0x1a/0x30 [ 28.658297] [ 28.658506] CPU: 1 UID: 0 PID: 336 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 28.658969] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.659144] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.659713] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-free-in-test_double_free
[ 28.548575] ================================================================== [ 28.548888] BUG: KFENCE: invalid free in test_double_free+0x112/0x260 [ 28.548888] [ 28.549313] Invalid free of 0x(____ptrval____) (in kfence-#95): [ 28.549590] test_double_free+0x112/0x260 [ 28.549856] kunit_try_run_case+0x1a5/0x480 [ 28.550261] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.550466] kthread+0x337/0x6f0 [ 28.550746] ret_from_fork+0x116/0x1d0 [ 28.551020] ret_from_fork_asm+0x1a/0x30 [ 28.551190] [ 28.551295] kfence-#95: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 28.551295] [ 28.551874] allocated by task 334 on cpu 0 at 28.548389s (0.003480s ago): [ 28.552258] test_alloc+0x2a6/0x10f0 [ 28.552447] test_double_free+0xdb/0x260 [ 28.552730] kunit_try_run_case+0x1a5/0x480 [ 28.553108] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.553396] kthread+0x337/0x6f0 [ 28.553537] ret_from_fork+0x116/0x1d0 [ 28.553827] ret_from_fork_asm+0x1a/0x30 [ 28.554129] [ 28.554227] freed by task 334 on cpu 0 at 28.548449s (0.005773s ago): [ 28.554470] test_double_free+0xfa/0x260 [ 28.554617] kunit_try_run_case+0x1a5/0x480 [ 28.554945] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.555290] kthread+0x337/0x6f0 [ 28.555557] ret_from_fork+0x116/0x1d0 [ 28.555827] ret_from_fork_asm+0x1a/0x30 [ 28.556057] [ 28.556222] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 28.557015] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.557171] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.557489] ================================================================== [ 28.444730] ================================================================== [ 28.445054] BUG: KFENCE: invalid free in test_double_free+0x1d3/0x260 [ 28.445054] [ 28.445472] Invalid free of 0x(____ptrval____) (in kfence-#94): [ 28.446092] test_double_free+0x1d3/0x260 [ 28.446417] kunit_try_run_case+0x1a5/0x480 [ 28.446665] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.447402] kthread+0x337/0x6f0 [ 28.447666] ret_from_fork+0x116/0x1d0 [ 28.447813] ret_from_fork_asm+0x1a/0x30 [ 28.448170] [ 28.448269] kfence-#94: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 28.448269] [ 28.448813] allocated by task 332 on cpu 1 at 28.444409s (0.004399s ago): [ 28.449245] test_alloc+0x364/0x10f0 [ 28.449503] test_double_free+0xdb/0x260 [ 28.449662] kunit_try_run_case+0x1a5/0x480 [ 28.449817] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.450152] kthread+0x337/0x6f0 [ 28.450571] ret_from_fork+0x116/0x1d0 [ 28.450972] ret_from_fork_asm+0x1a/0x30 [ 28.451280] [ 28.451521] freed by task 332 on cpu 1 at 28.444498s (0.006986s ago): [ 28.452036] test_double_free+0x1e0/0x260 [ 28.452209] kunit_try_run_case+0x1a5/0x480 [ 28.452585] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.452893] kthread+0x337/0x6f0 [ 28.453045] ret_from_fork+0x116/0x1d0 [ 28.453319] ret_from_fork_asm+0x1a/0x30 [ 28.453733] [ 28.454020] CPU: 1 UID: 0 PID: 332 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 28.454740] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.454985] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.455547] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 28.028654] ================================================================== [ 28.029075] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 28.029075] [ 28.029559] Use-after-free read at 0x(____ptrval____) (in kfence-#90): [ 28.030041] test_use_after_free_read+0x129/0x270 [ 28.030406] kunit_try_run_case+0x1a5/0x480 [ 28.030577] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.030800] kthread+0x337/0x6f0 [ 28.031042] ret_from_fork+0x116/0x1d0 [ 28.031188] ret_from_fork_asm+0x1a/0x30 [ 28.031480] [ 28.031598] kfence-#90: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 28.031598] [ 28.032061] allocated by task 324 on cpu 0 at 28.028373s (0.003683s ago): [ 28.032313] test_alloc+0x364/0x10f0 [ 28.032597] test_use_after_free_read+0xdc/0x270 [ 28.032866] kunit_try_run_case+0x1a5/0x480 [ 28.033132] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.033447] kthread+0x337/0x6f0 [ 28.033590] ret_from_fork+0x116/0x1d0 [ 28.033727] ret_from_fork_asm+0x1a/0x30 [ 28.034131] [ 28.034533] freed by task 324 on cpu 0 at 28.028470s (0.005887s ago): [ 28.035097] test_use_after_free_read+0x1e7/0x270 [ 28.035308] kunit_try_run_case+0x1a5/0x480 [ 28.035561] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.035741] kthread+0x337/0x6f0 [ 28.035877] ret_from_fork+0x116/0x1d0 [ 28.036113] ret_from_fork_asm+0x1a/0x30 [ 28.036452] [ 28.036627] CPU: 0 UID: 0 PID: 324 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 28.037250] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.037474] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.037865] ================================================================== [ 28.132548] ================================================================== [ 28.132776] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 28.132776] [ 28.132983] Use-after-free read at 0x(____ptrval____) (in kfence-#91): [ 28.133167] test_use_after_free_read+0x129/0x270 [ 28.133765] kunit_try_run_case+0x1a5/0x480 [ 28.134400] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.134646] kthread+0x337/0x6f0 [ 28.135149] ret_from_fork+0x116/0x1d0 [ 28.135290] ret_from_fork_asm+0x1a/0x30 [ 28.135594] [ 28.135982] kfence-#91: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 28.135982] [ 28.136238] allocated by task 326 on cpu 0 at 28.132406s (0.003828s ago): [ 28.136855] test_alloc+0x2a6/0x10f0 [ 28.137101] test_use_after_free_read+0xdc/0x270 [ 28.137366] kunit_try_run_case+0x1a5/0x480 [ 28.137693] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.137868] kthread+0x337/0x6f0 [ 28.138103] ret_from_fork+0x116/0x1d0 [ 28.138417] ret_from_fork_asm+0x1a/0x30 [ 28.138635] [ 28.138798] freed by task 326 on cpu 0 at 28.132464s (0.006329s ago): [ 28.139102] test_use_after_free_read+0xfb/0x270 [ 28.139404] kunit_try_run_case+0x1a5/0x480 [ 28.139955] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.140227] kthread+0x337/0x6f0 [ 28.140414] ret_from_fork+0x116/0x1d0 [ 28.140589] ret_from_fork_asm+0x1a/0x30 [ 28.140766] [ 28.141324] CPU: 0 UID: 0 PID: 326 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 28.141779] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.142256] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.142599] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 27.300532] ================================================================== [ 27.300833] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 27.300833] [ 27.301351] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#83): [ 27.301696] test_out_of_bounds_write+0x10d/0x260 [ 27.302014] kunit_try_run_case+0x1a5/0x480 [ 27.302272] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.302561] kthread+0x337/0x6f0 [ 27.302711] ret_from_fork+0x116/0x1d0 [ 27.303033] ret_from_fork_asm+0x1a/0x30 [ 27.303318] [ 27.303458] kfence-#83: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 27.303458] [ 27.303880] allocated by task 320 on cpu 1 at 27.300373s (0.003503s ago): [ 27.304240] test_alloc+0x364/0x10f0 [ 27.304441] test_out_of_bounds_write+0xd4/0x260 [ 27.304609] kunit_try_run_case+0x1a5/0x480 [ 27.304785] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.305148] kthread+0x337/0x6f0 [ 27.305484] ret_from_fork+0x116/0x1d0 [ 27.305675] ret_from_fork_asm+0x1a/0x30 [ 27.305833] [ 27.305956] CPU: 1 UID: 0 PID: 320 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 27.306921] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.307131] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.307505] ================================================================== [ 27.924504] ================================================================== [ 27.924911] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 27.924911] [ 27.925257] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#89): [ 27.925853] test_out_of_bounds_write+0x10d/0x260 [ 27.926210] kunit_try_run_case+0x1a5/0x480 [ 27.926397] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.926577] kthread+0x337/0x6f0 [ 27.926828] ret_from_fork+0x116/0x1d0 [ 27.927163] ret_from_fork_asm+0x1a/0x30 [ 27.927461] [ 27.927581] kfence-#89: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 27.927581] [ 27.928003] allocated by task 322 on cpu 0 at 27.924406s (0.003593s ago): [ 27.928262] test_alloc+0x2a6/0x10f0 [ 27.928535] test_out_of_bounds_write+0xd4/0x260 [ 27.928837] kunit_try_run_case+0x1a5/0x480 [ 27.929175] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.929421] kthread+0x337/0x6f0 [ 27.929597] ret_from_fork+0x116/0x1d0 [ 27.929748] ret_from_fork_asm+0x1a/0x30 [ 27.929996] [ 27.930260] CPU: 0 UID: 0 PID: 322 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 27.930902] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.931164] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.931433] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 22.032296] ================================================================== [ 22.032768] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x320/0x380 [ 22.033535] Read of size 1 at addr ffff888102370308 by task kunit_try_catch/213 [ 22.033859] [ 22.034043] CPU: 0 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 22.034124] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.034366] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.034422] Call Trace: [ 22.034472] <TASK> [ 22.034505] dump_stack_lvl+0x73/0xb0 [ 22.034584] print_report+0xd1/0x650 [ 22.034628] ? __virt_addr_valid+0x1db/0x2d0 [ 22.034673] ? kmalloc_uaf+0x320/0x380 [ 22.034945] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.034971] ? kmalloc_uaf+0x320/0x380 [ 22.034988] kasan_report+0x141/0x180 [ 22.035007] ? kmalloc_uaf+0x320/0x380 [ 22.035028] __asan_report_load1_noabort+0x18/0x20 [ 22.035048] kmalloc_uaf+0x320/0x380 [ 22.035065] ? __pfx_kmalloc_uaf+0x10/0x10 [ 22.035093] ? __schedule+0x10cc/0x2b60 [ 22.035122] ? __pfx_read_tsc+0x10/0x10 [ 22.035151] ? ktime_get_ts64+0x86/0x230 [ 22.035184] kunit_try_run_case+0x1a5/0x480 [ 22.035207] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.035226] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.035246] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.035265] ? __kthread_parkme+0x82/0x180 [ 22.035282] ? preempt_count_sub+0x50/0x80 [ 22.035302] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.035323] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.035342] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.035362] kthread+0x337/0x6f0 [ 22.035395] ? trace_preempt_on+0x20/0xc0 [ 22.035419] ? __pfx_kthread+0x10/0x10 [ 22.035437] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.035454] ? calculate_sigpending+0x7b/0xa0 [ 22.035475] ? __pfx_kthread+0x10/0x10 [ 22.035493] ret_from_fork+0x116/0x1d0 [ 22.035509] ? __pfx_kthread+0x10/0x10 [ 22.035526] ret_from_fork_asm+0x1a/0x30 [ 22.035555] </TASK> [ 22.035566] [ 22.047361] Allocated by task 213: [ 22.047506] kasan_save_stack+0x45/0x70 [ 22.048073] kasan_save_track+0x18/0x40 [ 22.048401] kasan_save_alloc_info+0x3b/0x50 [ 22.048904] __kasan_kmalloc+0xb7/0xc0 [ 22.049072] __kmalloc_cache_noprof+0x189/0x420 [ 22.049545] kmalloc_uaf+0xaa/0x380 [ 22.049765] kunit_try_run_case+0x1a5/0x480 [ 22.050609] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.050869] kthread+0x337/0x6f0 [ 22.051561] ret_from_fork+0x116/0x1d0 [ 22.051705] ret_from_fork_asm+0x1a/0x30 [ 22.051836] [ 22.052109] Freed by task 213: [ 22.052367] kasan_save_stack+0x45/0x70 [ 22.052956] kasan_save_track+0x18/0x40 [ 22.053264] kasan_save_free_info+0x3f/0x60 [ 22.053519] __kasan_slab_free+0x56/0x70 [ 22.053727] kfree+0x222/0x3f0 [ 22.053870] kmalloc_uaf+0x12c/0x380 [ 22.054661] kunit_try_run_case+0x1a5/0x480 [ 22.054900] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.055050] kthread+0x337/0x6f0 [ 22.055278] ret_from_fork+0x116/0x1d0 [ 22.055587] ret_from_fork_asm+0x1a/0x30 [ 22.056613] [ 22.056761] The buggy address belongs to the object at ffff888102370300 [ 22.056761] which belongs to the cache kmalloc-16 of size 16 [ 22.057723] The buggy address is located 8 bytes inside of [ 22.057723] freed 16-byte region [ffff888102370300, ffff888102370310) [ 22.058506] [ 22.058678] The buggy address belongs to the physical page: [ 22.059397] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102370 [ 22.059641] flags: 0x200000000000000(node=0|zone=2) [ 22.060066] page_type: f5(slab) [ 22.060439] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 22.060827] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 22.061656] page dumped because: kasan: bad access detected [ 22.061920] [ 22.061992] Memory state around the buggy address: [ 22.062499] ffff888102370200: 00 00 fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 22.062772] ffff888102370280: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 22.063789] >ffff888102370300: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.064092] ^ [ 22.064730] ffff888102370380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.065432] ffff888102370400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.065794] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 21.998854] ================================================================== [ 21.999296] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 21.999741] Read of size 64 at addr ffff888102c02f04 by task kunit_try_catch/211 [ 22.000003] [ 22.000371] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 22.000480] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.000503] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.000538] Call Trace: [ 22.000559] <TASK> [ 22.000589] dump_stack_lvl+0x73/0xb0 [ 22.000639] print_report+0xd1/0x650 [ 22.000669] ? __virt_addr_valid+0x1db/0x2d0 [ 22.000706] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 22.000741] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.000783] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 22.000807] kasan_report+0x141/0x180 [ 22.000825] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 22.000862] kasan_check_range+0x10c/0x1c0 [ 22.000881] __asan_memmove+0x27/0x70 [ 22.000899] kmalloc_memmove_invalid_size+0x16f/0x330 [ 22.000918] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 22.000938] ? __schedule+0x10cc/0x2b60 [ 22.000957] ? __pfx_read_tsc+0x10/0x10 [ 22.000975] ? ktime_get_ts64+0x86/0x230 [ 22.000996] kunit_try_run_case+0x1a5/0x480 [ 22.001017] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.001035] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.001053] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.001074] ? __kthread_parkme+0x82/0x180 [ 22.001103] ? preempt_count_sub+0x50/0x80 [ 22.001134] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.001163] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.001193] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.001216] kthread+0x337/0x6f0 [ 22.001232] ? trace_preempt_on+0x20/0xc0 [ 22.001251] ? __pfx_kthread+0x10/0x10 [ 22.001268] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.001285] ? calculate_sigpending+0x7b/0xa0 [ 22.001304] ? __pfx_kthread+0x10/0x10 [ 22.001321] ret_from_fork+0x116/0x1d0 [ 22.001336] ? __pfx_kthread+0x10/0x10 [ 22.001353] ret_from_fork_asm+0x1a/0x30 [ 22.001396] </TASK> [ 22.001414] [ 22.014156] Allocated by task 211: [ 22.014429] kasan_save_stack+0x45/0x70 [ 22.014805] kasan_save_track+0x18/0x40 [ 22.015148] kasan_save_alloc_info+0x3b/0x50 [ 22.015316] __kasan_kmalloc+0xb7/0xc0 [ 22.015469] __kmalloc_cache_noprof+0x189/0x420 [ 22.015816] kmalloc_memmove_invalid_size+0xac/0x330 [ 22.016034] kunit_try_run_case+0x1a5/0x480 [ 22.016751] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.016982] kthread+0x337/0x6f0 [ 22.017121] ret_from_fork+0x116/0x1d0 [ 22.017266] ret_from_fork_asm+0x1a/0x30 [ 22.017892] [ 22.017987] The buggy address belongs to the object at ffff888102c02f00 [ 22.017987] which belongs to the cache kmalloc-64 of size 64 [ 22.018656] The buggy address is located 4 bytes inside of [ 22.018656] allocated 64-byte region [ffff888102c02f00, ffff888102c02f40) [ 22.019991] [ 22.020247] The buggy address belongs to the physical page: [ 22.020444] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c02 [ 22.021072] flags: 0x200000000000000(node=0|zone=2) [ 22.021484] page_type: f5(slab) [ 22.021611] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 22.022458] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.023023] page dumped because: kasan: bad access detected [ 22.023663] [ 22.023751] Memory state around the buggy address: [ 22.024422] ffff888102c02e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.024824] ffff888102c02e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.025475] >ffff888102c02f00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 22.025881] ^ [ 22.026602] ffff888102c02f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.026896] ffff888102c03000: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 22.027604] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 21.970409] ================================================================== [ 21.970814] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 21.971463] Read of size 18446744073709551614 at addr ffff8881023b5804 by task kunit_try_catch/209 [ 21.972279] [ 21.972448] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 21.972501] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.972512] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.972531] Call Trace: [ 21.972544] <TASK> [ 21.972560] dump_stack_lvl+0x73/0xb0 [ 21.972591] print_report+0xd1/0x650 [ 21.972610] ? __virt_addr_valid+0x1db/0x2d0 [ 21.972629] ? kmalloc_memmove_negative_size+0x171/0x330 [ 21.972649] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.972671] ? kmalloc_memmove_negative_size+0x171/0x330 [ 21.972720] kasan_report+0x141/0x180 [ 21.972741] ? kmalloc_memmove_negative_size+0x171/0x330 [ 21.972766] kasan_check_range+0x10c/0x1c0 [ 21.972786] __asan_memmove+0x27/0x70 [ 21.972806] kmalloc_memmove_negative_size+0x171/0x330 [ 21.972829] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 21.973096] ? __schedule+0x10cc/0x2b60 [ 21.973136] ? __pfx_read_tsc+0x10/0x10 [ 21.973170] ? ktime_get_ts64+0x86/0x230 [ 21.973263] kunit_try_run_case+0x1a5/0x480 [ 21.973309] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.973337] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.973358] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.973392] ? __kthread_parkme+0x82/0x180 [ 21.973413] ? preempt_count_sub+0x50/0x80 [ 21.973434] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.973454] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.973474] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.973495] kthread+0x337/0x6f0 [ 21.973511] ? trace_preempt_on+0x20/0xc0 [ 21.973531] ? __pfx_kthread+0x10/0x10 [ 21.973548] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.973565] ? calculate_sigpending+0x7b/0xa0 [ 21.973585] ? __pfx_kthread+0x10/0x10 [ 21.973603] ret_from_fork+0x116/0x1d0 [ 21.973619] ? __pfx_kthread+0x10/0x10 [ 21.973636] ret_from_fork_asm+0x1a/0x30 [ 21.973663] </TASK> [ 21.973674] [ 21.981815] Allocated by task 209: [ 21.981999] kasan_save_stack+0x45/0x70 [ 21.982218] kasan_save_track+0x18/0x40 [ 21.982414] kasan_save_alloc_info+0x3b/0x50 [ 21.982560] __kasan_kmalloc+0xb7/0xc0 [ 21.982707] __kmalloc_cache_noprof+0x189/0x420 [ 21.982883] kmalloc_memmove_negative_size+0xac/0x330 [ 21.983069] kunit_try_run_case+0x1a5/0x480 [ 21.983370] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.983743] kthread+0x337/0x6f0 [ 21.984120] ret_from_fork+0x116/0x1d0 [ 21.984424] ret_from_fork_asm+0x1a/0x30 [ 21.984715] [ 21.985343] The buggy address belongs to the object at ffff8881023b5800 [ 21.985343] which belongs to the cache kmalloc-64 of size 64 [ 21.986513] The buggy address is located 4 bytes inside of [ 21.986513] 64-byte region [ffff8881023b5800, ffff8881023b5840) [ 21.987412] [ 21.987733] The buggy address belongs to the physical page: [ 21.988309] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1023b5 [ 21.988644] flags: 0x200000000000000(node=0|zone=2) [ 21.989097] page_type: f5(slab) [ 21.989264] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 21.989577] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 21.990167] page dumped because: kasan: bad access detected [ 21.990583] [ 21.990751] Memory state around the buggy address: [ 21.991290] ffff8881023b5700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 21.991690] ffff8881023b5780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 21.992092] >ffff8881023b5800: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 21.992641] ^ [ 21.992806] ffff8881023b5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.993416] ffff8881023b5900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.993729] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 21.941798] ================================================================== [ 21.942219] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 21.942394] Write of size 16 at addr ffff8881023ac669 by task kunit_try_catch/207 [ 21.942660] [ 21.942828] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 21.942899] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.942912] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.942931] Call Trace: [ 21.942945] <TASK> [ 21.942959] dump_stack_lvl+0x73/0xb0 [ 21.942986] print_report+0xd1/0x650 [ 21.943004] ? __virt_addr_valid+0x1db/0x2d0 [ 21.943030] ? kmalloc_oob_memset_16+0x166/0x330 [ 21.943061] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.943100] ? kmalloc_oob_memset_16+0x166/0x330 [ 21.943136] kasan_report+0x141/0x180 [ 21.943173] ? kmalloc_oob_memset_16+0x166/0x330 [ 21.943218] kasan_check_range+0x10c/0x1c0 [ 21.943245] __asan_memset+0x27/0x50 [ 21.943266] kmalloc_oob_memset_16+0x166/0x330 [ 21.943284] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 21.943304] ? __schedule+0x10cc/0x2b60 [ 21.943322] ? __pfx_read_tsc+0x10/0x10 [ 21.943341] ? ktime_get_ts64+0x86/0x230 [ 21.943363] kunit_try_run_case+0x1a5/0x480 [ 21.943402] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.943423] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.943442] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.943462] ? __kthread_parkme+0x82/0x180 [ 21.943479] ? preempt_count_sub+0x50/0x80 [ 21.943500] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.943520] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.943540] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.943560] kthread+0x337/0x6f0 [ 21.943576] ? trace_preempt_on+0x20/0xc0 [ 21.943596] ? __pfx_kthread+0x10/0x10 [ 21.943613] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.943631] ? calculate_sigpending+0x7b/0xa0 [ 21.943651] ? __pfx_kthread+0x10/0x10 [ 21.943670] ret_from_fork+0x116/0x1d0 [ 21.943686] ? __pfx_kthread+0x10/0x10 [ 21.943703] ret_from_fork_asm+0x1a/0x30 [ 21.943730] </TASK> [ 21.943740] [ 21.954270] Allocated by task 207: [ 21.954674] kasan_save_stack+0x45/0x70 [ 21.954965] kasan_save_track+0x18/0x40 [ 21.955512] kasan_save_alloc_info+0x3b/0x50 [ 21.955733] __kasan_kmalloc+0xb7/0xc0 [ 21.955854] __kmalloc_cache_noprof+0x189/0x420 [ 21.956441] kmalloc_oob_memset_16+0xac/0x330 [ 21.956636] kunit_try_run_case+0x1a5/0x480 [ 21.957114] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.957460] kthread+0x337/0x6f0 [ 21.957715] ret_from_fork+0x116/0x1d0 [ 21.957833] ret_from_fork_asm+0x1a/0x30 [ 21.958271] [ 21.958395] The buggy address belongs to the object at ffff8881023ac600 [ 21.958395] which belongs to the cache kmalloc-128 of size 128 [ 21.958808] The buggy address is located 105 bytes inside of [ 21.958808] allocated 120-byte region [ffff8881023ac600, ffff8881023ac678) [ 21.959585] [ 21.959675] The buggy address belongs to the physical page: [ 21.960365] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1023ac [ 21.961072] flags: 0x200000000000000(node=0|zone=2) [ 21.961347] page_type: f5(slab) [ 21.961479] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 21.961837] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.962537] page dumped because: kasan: bad access detected [ 21.962757] [ 21.963115] Memory state around the buggy address: [ 21.963437] ffff8881023ac500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.963744] ffff8881023ac580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.964374] >ffff8881023ac600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.964784] ^ [ 21.965129] ffff8881023ac680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.965448] ffff8881023ac700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.965736] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 27.196490] ================================================================== [ 27.197026] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 27.197026] [ 27.197677] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#82): [ 27.197917] test_out_of_bounds_read+0x216/0x4e0 [ 27.198163] kunit_try_run_case+0x1a5/0x480 [ 27.198450] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.198806] kthread+0x337/0x6f0 [ 27.199042] ret_from_fork+0x116/0x1d0 [ 27.199193] ret_from_fork_asm+0x1a/0x30 [ 27.199498] [ 27.199586] kfence-#82: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 27.199586] [ 27.200192] allocated by task 318 on cpu 0 at 27.196403s (0.003783s ago): [ 27.200550] test_alloc+0x2a6/0x10f0 [ 27.200802] test_out_of_bounds_read+0x1e2/0x4e0 [ 27.201088] kunit_try_run_case+0x1a5/0x480 [ 27.201329] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.201663] kthread+0x337/0x6f0 [ 27.201803] ret_from_fork+0x116/0x1d0 [ 27.201947] ret_from_fork_asm+0x1a/0x30 [ 27.202118] [ 27.202258] CPU: 0 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 27.203240] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.203596] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.204311] ================================================================== [ 26.573595] ================================================================== [ 26.574034] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 26.574034] [ 26.574484] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#76): [ 26.575187] test_out_of_bounds_read+0x126/0x4e0 [ 26.575544] kunit_try_run_case+0x1a5/0x480 [ 26.575813] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.576067] kthread+0x337/0x6f0 [ 26.576223] ret_from_fork+0x116/0x1d0 [ 26.576521] ret_from_fork_asm+0x1a/0x30 [ 26.576860] [ 26.577257] kfence-#76: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 26.577257] [ 26.577956] allocated by task 316 on cpu 1 at 26.572392s (0.005461s ago): [ 26.579001] test_alloc+0x364/0x10f0 [ 26.579421] test_out_of_bounds_read+0xed/0x4e0 [ 26.579743] kunit_try_run_case+0x1a5/0x480 [ 26.579975] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.580359] kthread+0x337/0x6f0 [ 26.580575] ret_from_fork+0x116/0x1d0 [ 26.580735] ret_from_fork_asm+0x1a/0x30 [ 26.581106] [ 26.581367] CPU: 1 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 26.582033] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.582231] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.582713] ================================================================== [ 26.884426] ================================================================== [ 26.884737] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 26.884737] [ 26.885205] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#79): [ 26.885639] test_out_of_bounds_read+0x126/0x4e0 [ 26.885978] kunit_try_run_case+0x1a5/0x480 [ 26.886191] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.886423] kthread+0x337/0x6f0 [ 26.886673] ret_from_fork+0x116/0x1d0 [ 26.887098] ret_from_fork_asm+0x1a/0x30 [ 26.887909] [ 26.888016] kfence-#79: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 26.888016] [ 26.888252] allocated by task 318 on cpu 0 at 26.884345s (0.003903s ago): [ 26.888536] test_alloc+0x2a6/0x10f0 [ 26.888680] test_out_of_bounds_read+0xed/0x4e0 [ 26.888824] kunit_try_run_case+0x1a5/0x480 [ 26.888954] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.889110] kthread+0x337/0x6f0 [ 26.889227] ret_from_fork+0x116/0x1d0 [ 26.889648] ret_from_fork_asm+0x1a/0x30 [ 26.889849] [ 26.889978] CPU: 0 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 26.892158] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.892660] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.893666] ================================================================== [ 26.780713] ================================================================== [ 26.781089] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 26.781089] [ 26.781560] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#78): [ 26.782038] test_out_of_bounds_read+0x216/0x4e0 [ 26.782253] kunit_try_run_case+0x1a5/0x480 [ 26.782432] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.782812] kthread+0x337/0x6f0 [ 26.783118] ret_from_fork+0x116/0x1d0 [ 26.783326] ret_from_fork_asm+0x1a/0x30 [ 26.783499] [ 26.783589] kfence-#78: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 26.783589] [ 26.784213] allocated by task 316 on cpu 1 at 26.780474s (0.003734s ago): [ 26.784631] test_alloc+0x364/0x10f0 [ 26.784785] test_out_of_bounds_read+0x1e2/0x4e0 [ 26.785096] kunit_try_run_case+0x1a5/0x480 [ 26.785246] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.785441] kthread+0x337/0x6f0 [ 26.785683] ret_from_fork+0x116/0x1d0 [ 26.785958] ret_from_fork_asm+0x1a/0x30 [ 26.786293] [ 26.786474] CPU: 1 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 26.787154] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.787367] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.787649] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-drm_encoder_cleanup
[ 159.816418] ================================================================== [ 159.816751] BUG: KASAN: slab-use-after-free in drm_encoder_cleanup+0x265/0x270 [ 159.817282] Read of size 8 at addr ffff888107ecf870 by task kunit_try_catch/1678 [ 159.817563] [ 159.817689] CPU: 0 UID: 0 PID: 1678 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 159.817743] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 159.817756] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 159.817776] Call Trace: [ 159.817800] <TASK> [ 159.817833] dump_stack_lvl+0x73/0xb0 [ 159.817886] print_report+0xd1/0x650 [ 159.817925] ? __virt_addr_valid+0x1db/0x2d0 [ 159.817977] ? drm_encoder_cleanup+0x265/0x270 [ 159.818014] ? kasan_complete_mode_report_info+0x64/0x200 [ 159.818053] ? drm_encoder_cleanup+0x265/0x270 [ 159.818091] kasan_report+0x141/0x180 [ 159.818129] ? drm_encoder_cleanup+0x265/0x270 [ 159.818175] __asan_report_load8_noabort+0x18/0x20 [ 159.818215] drm_encoder_cleanup+0x265/0x270 [ 159.818256] drmm_encoder_alloc_release+0x36/0x60 [ 159.818297] drm_managed_release+0x15c/0x470 [ 159.818354] ? simple_release_fs+0x86/0xb0 [ 159.818409] drm_dev_put.part.0+0xa1/0x100 [ 159.818439] ? __pfx_devm_drm_dev_init_release+0x10/0x10 [ 159.818462] devm_drm_dev_init_release+0x17/0x30 [ 159.818483] devm_action_release+0x50/0x80 [ 159.818508] devres_release_all+0x186/0x240 [ 159.818529] ? __pfx_devres_release_all+0x10/0x10 [ 159.818548] ? kernfs_remove_by_name_ns+0x166/0x1d0 [ 159.818584] ? sysfs_remove_file_ns+0x56/0xa0 [ 159.818620] device_unbind_cleanup+0x1b/0x1b0 [ 159.818651] device_release_driver_internal+0x3e4/0x540 [ 159.818682] ? klist_devices_put+0x35/0x50 [ 159.818726] device_release_driver+0x16/0x20 [ 159.818763] bus_remove_device+0x1e9/0x3d0 [ 159.818803] device_del+0x397/0x980 [ 159.818849] ? __pfx_device_del+0x10/0x10 [ 159.818889] ? __kasan_check_write+0x18/0x20 [ 159.818932] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 159.818976] ? __pfx_device_unregister_wrapper+0x10/0x10 [ 159.819025] device_unregister+0x1b/0xa0 [ 159.819062] device_unregister_wrapper+0x12/0x20 [ 159.819105] __kunit_action_free+0x57/0x70 [ 159.819128] kunit_remove_resource+0x133/0x200 [ 159.819147] ? preempt_count_sub+0x50/0x80 [ 159.819169] kunit_cleanup+0x7a/0x120 [ 159.819191] kunit_try_run_case_cleanup+0xbd/0xf0 [ 159.819211] ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [ 159.819230] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 159.819249] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 159.819267] kthread+0x337/0x6f0 [ 159.819287] ? trace_preempt_on+0x20/0xc0 [ 159.819309] ? __pfx_kthread+0x10/0x10 [ 159.819343] ? _raw_spin_unlock_irq+0x47/0x80 [ 159.819364] ? calculate_sigpending+0x7b/0xa0 [ 159.819386] ? __pfx_kthread+0x10/0x10 [ 159.819404] ret_from_fork+0x116/0x1d0 [ 159.819423] ? __pfx_kthread+0x10/0x10 [ 159.819441] ret_from_fork_asm+0x1a/0x30 [ 159.819471] </TASK> [ 159.819484] [ 159.834193] Allocated by task 1677: [ 159.834402] kasan_save_stack+0x45/0x70 [ 159.834626] kasan_save_track+0x18/0x40 [ 159.835167] kasan_save_alloc_info+0x3b/0x50 [ 159.835544] __kasan_kmalloc+0xb7/0xc0 [ 159.835741] __kmalloc_noprof+0x1c9/0x500 [ 159.836039] __devm_drm_bridge_alloc+0x33/0x170 [ 159.836578] drm_test_bridge_init+0x188/0x5c0 [ 159.836827] drm_test_drm_bridge_get_current_state_atomic+0xea/0x870 [ 159.837154] kunit_try_run_case+0x1a5/0x480 [ 159.837318] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 159.837658] kthread+0x337/0x6f0 [ 159.837860] ret_from_fork+0x116/0x1d0 [ 159.838179] ret_from_fork_asm+0x1a/0x30 [ 159.838491] [ 159.838581] Freed by task 1678: [ 159.838834] kasan_save_stack+0x45/0x70 [ 159.839427] kasan_save_track+0x18/0x40 [ 159.839880] kasan_save_free_info+0x3f/0x60 [ 159.840042] __kasan_slab_free+0x56/0x70 [ 159.840528] kfree+0x222/0x3f0 [ 159.840808] drm_bridge_put.part.0+0xc7/0x100 [ 159.841070] drm_bridge_put_void+0x17/0x30 [ 159.841226] devm_action_release+0x50/0x80 [ 159.841387] devres_release_all+0x186/0x240 [ 159.841681] device_unbind_cleanup+0x1b/0x1b0 [ 159.841987] device_release_driver_internal+0x3e4/0x540 [ 159.842215] device_release_driver+0x16/0x20 [ 159.842381] bus_remove_device+0x1e9/0x3d0 [ 159.842565] device_del+0x397/0x980 [ 159.842833] device_unregister+0x1b/0xa0 [ 159.843061] device_unregister_wrapper+0x12/0x20 [ 159.843312] __kunit_action_free+0x57/0x70 [ 159.843487] kunit_remove_resource+0x133/0x200 [ 159.843725] kunit_cleanup+0x7a/0x120 [ 159.843871] kunit_try_run_case_cleanup+0xbd/0xf0 [ 159.844192] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 159.844558] kthread+0x337/0x6f0 [ 159.844697] ret_from_fork+0x116/0x1d0 [ 159.844869] ret_from_fork_asm+0x1a/0x30 [ 159.845145] [ 159.845267] The buggy address belongs to the object at ffff888107ecf800 [ 159.845267] which belongs to the cache kmalloc-512 of size 512 [ 159.846014] The buggy address is located 112 bytes inside of [ 159.846014] freed 512-byte region [ffff888107ecf800, ffff888107ecfa00) [ 159.846406] [ 159.846512] The buggy address belongs to the physical page: [ 159.846814] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107ecc [ 159.847342] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 159.847657] flags: 0x200000000000040(head|node=0|zone=2) [ 159.847884] page_type: f5(slab) [ 159.848080] raw: 0200000000000040 ffff888100041c80 dead000000000122 0000000000000000 [ 159.848536] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 159.849028] head: 0200000000000040 ffff888100041c80 dead000000000122 0000000000000000 [ 159.849416] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 159.849719] head: 0200000000000002 ffffea00041fb301 00000000ffffffff 00000000ffffffff [ 159.850122] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 159.850431] page dumped because: kasan: bad access detected [ 159.850810] [ 159.850948] Memory state around the buggy address: [ 159.851147] ffff888107ecf700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 159.851373] ffff888107ecf780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 159.851715] >ffff888107ecf800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 159.852217] ^ [ 159.852647] ffff888107ecf880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 159.852949] ffff888107ecf900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 159.853212] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 26.313098] ================================================================== [ 26.313632] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 26.314161] Write of size 121 at addr ffff888102c14900 by task kunit_try_catch/314 [ 26.314450] [ 26.314564] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 26.314644] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.314688] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.314723] Call Trace: [ 26.314750] <TASK> [ 26.314775] dump_stack_lvl+0x73/0xb0 [ 26.314871] print_report+0xd1/0x650 [ 26.314924] ? __virt_addr_valid+0x1db/0x2d0 [ 26.314963] ? strncpy_from_user+0x2e/0x1d0 [ 26.315004] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.315065] ? strncpy_from_user+0x2e/0x1d0 [ 26.315106] kasan_report+0x141/0x180 [ 26.315146] ? strncpy_from_user+0x2e/0x1d0 [ 26.315194] kasan_check_range+0x10c/0x1c0 [ 26.315253] __kasan_check_write+0x18/0x20 [ 26.315293] strncpy_from_user+0x2e/0x1d0 [ 26.315332] ? __kasan_check_read+0x15/0x20 [ 26.315771] copy_user_test_oob+0x760/0x10f0 [ 26.315858] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.315903] ? finish_task_switch.isra.0+0x153/0x700 [ 26.315948] ? __switch_to+0x47/0xf50 [ 26.315996] ? __schedule+0x10cc/0x2b60 [ 26.316039] ? __pfx_read_tsc+0x10/0x10 [ 26.316079] ? ktime_get_ts64+0x86/0x230 [ 26.316143] kunit_try_run_case+0x1a5/0x480 [ 26.316183] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.316218] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.316254] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.316290] ? __kthread_parkme+0x82/0x180 [ 26.316319] ? preempt_count_sub+0x50/0x80 [ 26.316356] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.316412] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.316472] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.316525] kthread+0x337/0x6f0 [ 26.316573] ? trace_preempt_on+0x20/0xc0 [ 26.316616] ? __pfx_kthread+0x10/0x10 [ 26.316664] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.316713] ? calculate_sigpending+0x7b/0xa0 [ 26.316766] ? __pfx_kthread+0x10/0x10 [ 26.316807] ret_from_fork+0x116/0x1d0 [ 26.316851] ? __pfx_kthread+0x10/0x10 [ 26.316891] ret_from_fork_asm+0x1a/0x30 [ 26.316968] </TASK> [ 26.316993] [ 26.329180] Allocated by task 314: [ 26.329510] kasan_save_stack+0x45/0x70 [ 26.329970] kasan_save_track+0x18/0x40 [ 26.330177] kasan_save_alloc_info+0x3b/0x50 [ 26.330513] __kasan_kmalloc+0xb7/0xc0 [ 26.330734] __kmalloc_noprof+0x1c9/0x500 [ 26.331013] kunit_kmalloc_array+0x25/0x60 [ 26.331628] copy_user_test_oob+0xab/0x10f0 [ 26.331775] kunit_try_run_case+0x1a5/0x480 [ 26.332237] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.332677] kthread+0x337/0x6f0 [ 26.332802] ret_from_fork+0x116/0x1d0 [ 26.333139] ret_from_fork_asm+0x1a/0x30 [ 26.333548] [ 26.333694] The buggy address belongs to the object at ffff888102c14900 [ 26.333694] which belongs to the cache kmalloc-128 of size 128 [ 26.334218] The buggy address is located 0 bytes inside of [ 26.334218] allocated 120-byte region [ffff888102c14900, ffff888102c14978) [ 26.334738] [ 26.334839] The buggy address belongs to the physical page: [ 26.335027] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c14 [ 26.335633] flags: 0x200000000000000(node=0|zone=2) [ 26.335814] page_type: f5(slab) [ 26.336065] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.336541] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.336876] page dumped because: kasan: bad access detected [ 26.337097] [ 26.337231] Memory state around the buggy address: [ 26.337547] ffff888102c14800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.337796] ffff888102c14880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.338023] >ffff888102c14900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.338570] ^ [ 26.338953] ffff888102c14980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.339173] ffff888102c14a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.339493] ================================================================== [ 26.340357] ================================================================== [ 26.341038] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 26.341285] Write of size 1 at addr ffff888102c14978 by task kunit_try_catch/314 [ 26.341527] [ 26.341737] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 26.341813] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.341851] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.341882] Call Trace: [ 26.341907] <TASK> [ 26.341933] dump_stack_lvl+0x73/0xb0 [ 26.341980] print_report+0xd1/0x650 [ 26.342019] ? __virt_addr_valid+0x1db/0x2d0 [ 26.342058] ? strncpy_from_user+0x1a5/0x1d0 [ 26.342094] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.342142] ? strncpy_from_user+0x1a5/0x1d0 [ 26.342186] kasan_report+0x141/0x180 [ 26.342232] ? strncpy_from_user+0x1a5/0x1d0 [ 26.342283] __asan_report_store1_noabort+0x1b/0x30 [ 26.342330] strncpy_from_user+0x1a5/0x1d0 [ 26.342400] copy_user_test_oob+0x760/0x10f0 [ 26.342452] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.342489] ? finish_task_switch.isra.0+0x153/0x700 [ 26.342522] ? __switch_to+0x47/0xf50 [ 26.342564] ? __schedule+0x10cc/0x2b60 [ 26.342604] ? __pfx_read_tsc+0x10/0x10 [ 26.342642] ? ktime_get_ts64+0x86/0x230 [ 26.342691] kunit_try_run_case+0x1a5/0x480 [ 26.342742] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.342788] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.342832] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.342893] ? __kthread_parkme+0x82/0x180 [ 26.342928] ? preempt_count_sub+0x50/0x80 [ 26.342966] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.343007] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.343052] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.343094] kthread+0x337/0x6f0 [ 26.343132] ? trace_preempt_on+0x20/0xc0 [ 26.343172] ? __pfx_kthread+0x10/0x10 [ 26.343209] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.343250] ? calculate_sigpending+0x7b/0xa0 [ 26.343293] ? __pfx_kthread+0x10/0x10 [ 26.343332] ret_from_fork+0x116/0x1d0 [ 26.343367] ? __pfx_kthread+0x10/0x10 [ 26.343423] ret_from_fork_asm+0x1a/0x30 [ 26.343481] </TASK> [ 26.343503] [ 26.353141] Allocated by task 314: [ 26.353392] kasan_save_stack+0x45/0x70 [ 26.353667] kasan_save_track+0x18/0x40 [ 26.353936] kasan_save_alloc_info+0x3b/0x50 [ 26.354353] __kasan_kmalloc+0xb7/0xc0 [ 26.354598] __kmalloc_noprof+0x1c9/0x500 [ 26.354774] kunit_kmalloc_array+0x25/0x60 [ 26.355058] copy_user_test_oob+0xab/0x10f0 [ 26.355340] kunit_try_run_case+0x1a5/0x480 [ 26.355645] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.355932] kthread+0x337/0x6f0 [ 26.356071] ret_from_fork+0x116/0x1d0 [ 26.356251] ret_from_fork_asm+0x1a/0x30 [ 26.356509] [ 26.356646] The buggy address belongs to the object at ffff888102c14900 [ 26.356646] which belongs to the cache kmalloc-128 of size 128 [ 26.357240] The buggy address is located 0 bytes to the right of [ 26.357240] allocated 120-byte region [ffff888102c14900, ffff888102c14978) [ 26.357612] [ 26.357703] The buggy address belongs to the physical page: [ 26.357876] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c14 [ 26.358300] flags: 0x200000000000000(node=0|zone=2) [ 26.358721] page_type: f5(slab) [ 26.359040] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.359500] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.359720] page dumped because: kasan: bad access detected [ 26.360030] [ 26.360196] Memory state around the buggy address: [ 26.360553] ffff888102c14800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.361062] ffff888102c14880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.361292] >ffff888102c14900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.361622] ^ [ 26.362182] ffff888102c14980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.362450] ffff888102c14a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.362675] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 26.221357] ================================================================== [ 26.221672] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 26.221991] Write of size 121 at addr ffff888102c14900 by task kunit_try_catch/314 [ 26.222408] [ 26.222770] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 26.223116] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.223160] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.223196] Call Trace: [ 26.223227] <TASK> [ 26.223254] dump_stack_lvl+0x73/0xb0 [ 26.223288] print_report+0xd1/0x650 [ 26.223308] ? __virt_addr_valid+0x1db/0x2d0 [ 26.223330] ? copy_user_test_oob+0x3fd/0x10f0 [ 26.223349] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.223370] ? copy_user_test_oob+0x3fd/0x10f0 [ 26.223410] kasan_report+0x141/0x180 [ 26.223431] ? copy_user_test_oob+0x3fd/0x10f0 [ 26.223455] kasan_check_range+0x10c/0x1c0 [ 26.223475] __kasan_check_write+0x18/0x20 [ 26.223495] copy_user_test_oob+0x3fd/0x10f0 [ 26.223517] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.223536] ? finish_task_switch.isra.0+0x153/0x700 [ 26.223556] ? __switch_to+0x47/0xf50 [ 26.223579] ? __schedule+0x10cc/0x2b60 [ 26.223599] ? __pfx_read_tsc+0x10/0x10 [ 26.223618] ? ktime_get_ts64+0x86/0x230 [ 26.223639] kunit_try_run_case+0x1a5/0x480 [ 26.223661] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.223681] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.223700] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.223720] ? __kthread_parkme+0x82/0x180 [ 26.223738] ? preempt_count_sub+0x50/0x80 [ 26.223757] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.223778] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.223798] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.223819] kthread+0x337/0x6f0 [ 26.223861] ? trace_preempt_on+0x20/0xc0 [ 26.223912] ? __pfx_kthread+0x10/0x10 [ 26.223949] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.223985] ? calculate_sigpending+0x7b/0xa0 [ 26.224019] ? __pfx_kthread+0x10/0x10 [ 26.224050] ret_from_fork+0x116/0x1d0 [ 26.224082] ? __pfx_kthread+0x10/0x10 [ 26.224114] ret_from_fork_asm+0x1a/0x30 [ 26.224171] </TASK> [ 26.224192] [ 26.231758] Allocated by task 314: [ 26.231936] kasan_save_stack+0x45/0x70 [ 26.232101] kasan_save_track+0x18/0x40 [ 26.232248] kasan_save_alloc_info+0x3b/0x50 [ 26.232509] __kasan_kmalloc+0xb7/0xc0 [ 26.232758] __kmalloc_noprof+0x1c9/0x500 [ 26.233073] kunit_kmalloc_array+0x25/0x60 [ 26.233339] copy_user_test_oob+0xab/0x10f0 [ 26.233647] kunit_try_run_case+0x1a5/0x480 [ 26.233958] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.234338] kthread+0x337/0x6f0 [ 26.234616] ret_from_fork+0x116/0x1d0 [ 26.234874] ret_from_fork_asm+0x1a/0x30 [ 26.235081] [ 26.235210] The buggy address belongs to the object at ffff888102c14900 [ 26.235210] which belongs to the cache kmalloc-128 of size 128 [ 26.235723] The buggy address is located 0 bytes inside of [ 26.235723] allocated 120-byte region [ffff888102c14900, ffff888102c14978) [ 26.236256] [ 26.236411] The buggy address belongs to the physical page: [ 26.236650] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c14 [ 26.236923] flags: 0x200000000000000(node=0|zone=2) [ 26.237246] page_type: f5(slab) [ 26.237498] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.237776] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.238106] page dumped because: kasan: bad access detected [ 26.238464] [ 26.238558] Memory state around the buggy address: [ 26.238736] ffff888102c14800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.239005] ffff888102c14880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.239221] >ffff888102c14900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.239501] ^ [ 26.239962] ffff888102c14980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.240458] ffff888102c14a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.240920] ================================================================== [ 26.290442] ================================================================== [ 26.290921] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 26.291390] Read of size 121 at addr ffff888102c14900 by task kunit_try_catch/314 [ 26.291758] [ 26.291975] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 26.292060] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.292084] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.292120] Call Trace: [ 26.292146] <TASK> [ 26.292189] dump_stack_lvl+0x73/0xb0 [ 26.292243] print_report+0xd1/0x650 [ 26.292281] ? __virt_addr_valid+0x1db/0x2d0 [ 26.292320] ? copy_user_test_oob+0x604/0x10f0 [ 26.292361] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.292433] ? copy_user_test_oob+0x604/0x10f0 [ 26.292475] kasan_report+0x141/0x180 [ 26.292513] ? copy_user_test_oob+0x604/0x10f0 [ 26.292558] kasan_check_range+0x10c/0x1c0 [ 26.292599] __kasan_check_read+0x15/0x20 [ 26.292656] copy_user_test_oob+0x604/0x10f0 [ 26.292701] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.292742] ? finish_task_switch.isra.0+0x153/0x700 [ 26.292781] ? __switch_to+0x47/0xf50 [ 26.292855] ? __schedule+0x10cc/0x2b60 [ 26.292916] ? __pfx_read_tsc+0x10/0x10 [ 26.292955] ? ktime_get_ts64+0x86/0x230 [ 26.292998] kunit_try_run_case+0x1a5/0x480 [ 26.293056] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.293097] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.293136] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.293177] ? __kthread_parkme+0x82/0x180 [ 26.293227] ? preempt_count_sub+0x50/0x80 [ 26.293280] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.293324] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.293390] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.293436] kthread+0x337/0x6f0 [ 26.293474] ? trace_preempt_on+0x20/0xc0 [ 26.293519] ? __pfx_kthread+0x10/0x10 [ 26.293559] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.293601] ? calculate_sigpending+0x7b/0xa0 [ 26.293644] ? __pfx_kthread+0x10/0x10 [ 26.293685] ret_from_fork+0x116/0x1d0 [ 26.293720] ? __pfx_kthread+0x10/0x10 [ 26.293754] ret_from_fork_asm+0x1a/0x30 [ 26.293807] </TASK> [ 26.293869] [ 26.301790] Allocated by task 314: [ 26.302052] kasan_save_stack+0x45/0x70 [ 26.302344] kasan_save_track+0x18/0x40 [ 26.302648] kasan_save_alloc_info+0x3b/0x50 [ 26.302999] __kasan_kmalloc+0xb7/0xc0 [ 26.303281] __kmalloc_noprof+0x1c9/0x500 [ 26.303588] kunit_kmalloc_array+0x25/0x60 [ 26.303904] copy_user_test_oob+0xab/0x10f0 [ 26.304207] kunit_try_run_case+0x1a5/0x480 [ 26.304532] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.304925] kthread+0x337/0x6f0 [ 26.305118] ret_from_fork+0x116/0x1d0 [ 26.305371] ret_from_fork_asm+0x1a/0x30 [ 26.305649] [ 26.305794] The buggy address belongs to the object at ffff888102c14900 [ 26.305794] which belongs to the cache kmalloc-128 of size 128 [ 26.306184] The buggy address is located 0 bytes inside of [ 26.306184] allocated 120-byte region [ffff888102c14900, ffff888102c14978) [ 26.306882] [ 26.307058] The buggy address belongs to the physical page: [ 26.307406] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c14 [ 26.307906] flags: 0x200000000000000(node=0|zone=2) [ 26.308164] page_type: f5(slab) [ 26.308338] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.308582] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.308951] page dumped because: kasan: bad access detected [ 26.309329] [ 26.309482] Memory state around the buggy address: [ 26.309811] ffff888102c14800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.310334] ffff888102c14880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.310728] >ffff888102c14900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.310974] ^ [ 26.311474] ffff888102c14980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.311972] ffff888102c14a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.312293] ================================================================== [ 26.267289] ================================================================== [ 26.267817] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 26.268491] Write of size 121 at addr ffff888102c14900 by task kunit_try_catch/314 [ 26.269004] [ 26.269172] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 26.269276] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.269300] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.269333] Call Trace: [ 26.269359] <TASK> [ 26.269397] dump_stack_lvl+0x73/0xb0 [ 26.269451] print_report+0xd1/0x650 [ 26.269493] ? __virt_addr_valid+0x1db/0x2d0 [ 26.269534] ? copy_user_test_oob+0x557/0x10f0 [ 26.269573] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.269635] ? copy_user_test_oob+0x557/0x10f0 [ 26.269674] kasan_report+0x141/0x180 [ 26.269714] ? copy_user_test_oob+0x557/0x10f0 [ 26.269760] kasan_check_range+0x10c/0x1c0 [ 26.269821] __kasan_check_write+0x18/0x20 [ 26.269894] copy_user_test_oob+0x557/0x10f0 [ 26.269939] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.269993] ? finish_task_switch.isra.0+0x153/0x700 [ 26.270045] ? __switch_to+0x47/0xf50 [ 26.270135] ? __schedule+0x10cc/0x2b60 [ 26.270192] ? __pfx_read_tsc+0x10/0x10 [ 26.270245] ? ktime_get_ts64+0x86/0x230 [ 26.270292] kunit_try_run_case+0x1a5/0x480 [ 26.270340] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.270396] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.270439] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.270475] ? __kthread_parkme+0x82/0x180 [ 26.270508] ? preempt_count_sub+0x50/0x80 [ 26.270548] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.270587] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.270629] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.270673] kthread+0x337/0x6f0 [ 26.270712] ? trace_preempt_on+0x20/0xc0 [ 26.270759] ? __pfx_kthread+0x10/0x10 [ 26.270801] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.270881] ? calculate_sigpending+0x7b/0xa0 [ 26.270931] ? __pfx_kthread+0x10/0x10 [ 26.270976] ret_from_fork+0x116/0x1d0 [ 26.271009] ? __pfx_kthread+0x10/0x10 [ 26.271068] ret_from_fork_asm+0x1a/0x30 [ 26.271122] </TASK> [ 26.271154] [ 26.279511] Allocated by task 314: [ 26.279767] kasan_save_stack+0x45/0x70 [ 26.280000] kasan_save_track+0x18/0x40 [ 26.280265] kasan_save_alloc_info+0x3b/0x50 [ 26.280508] __kasan_kmalloc+0xb7/0xc0 [ 26.280697] __kmalloc_noprof+0x1c9/0x500 [ 26.280925] kunit_kmalloc_array+0x25/0x60 [ 26.281107] copy_user_test_oob+0xab/0x10f0 [ 26.281287] kunit_try_run_case+0x1a5/0x480 [ 26.281451] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.281805] kthread+0x337/0x6f0 [ 26.282105] ret_from_fork+0x116/0x1d0 [ 26.282426] ret_from_fork_asm+0x1a/0x30 [ 26.282739] [ 26.282925] The buggy address belongs to the object at ffff888102c14900 [ 26.282925] which belongs to the cache kmalloc-128 of size 128 [ 26.283623] The buggy address is located 0 bytes inside of [ 26.283623] allocated 120-byte region [ffff888102c14900, ffff888102c14978) [ 26.284238] [ 26.284333] The buggy address belongs to the physical page: [ 26.284721] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c14 [ 26.285159] flags: 0x200000000000000(node=0|zone=2) [ 26.285513] page_type: f5(slab) [ 26.285710] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.286131] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.286637] page dumped because: kasan: bad access detected [ 26.286939] [ 26.287031] Memory state around the buggy address: [ 26.287352] ffff888102c14800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.287694] ffff888102c14880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.288177] >ffff888102c14900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.288529] ^ [ 26.288815] ffff888102c14980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.289246] ffff888102c14a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.289593] ================================================================== [ 26.241799] ================================================================== [ 26.242409] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 26.242774] Read of size 121 at addr ffff888102c14900 by task kunit_try_catch/314 [ 26.243146] [ 26.243299] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 26.243374] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.243411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.243444] Call Trace: [ 26.243468] <TASK> [ 26.243495] dump_stack_lvl+0x73/0xb0 [ 26.243541] print_report+0xd1/0x650 [ 26.243573] ? __virt_addr_valid+0x1db/0x2d0 [ 26.243605] ? copy_user_test_oob+0x4aa/0x10f0 [ 26.243635] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.243668] ? copy_user_test_oob+0x4aa/0x10f0 [ 26.243699] kasan_report+0x141/0x180 [ 26.243729] ? copy_user_test_oob+0x4aa/0x10f0 [ 26.243766] kasan_check_range+0x10c/0x1c0 [ 26.243843] __kasan_check_read+0x15/0x20 [ 26.243880] copy_user_test_oob+0x4aa/0x10f0 [ 26.243922] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.243958] ? finish_task_switch.isra.0+0x153/0x700 [ 26.243989] ? __switch_to+0x47/0xf50 [ 26.244028] ? __schedule+0x10cc/0x2b60 [ 26.244065] ? __pfx_read_tsc+0x10/0x10 [ 26.244096] ? ktime_get_ts64+0x86/0x230 [ 26.244133] kunit_try_run_case+0x1a5/0x480 [ 26.244174] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.244213] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.244250] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.244285] ? __kthread_parkme+0x82/0x180 [ 26.244317] ? preempt_count_sub+0x50/0x80 [ 26.244358] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.244415] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.244457] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.244498] kthread+0x337/0x6f0 [ 26.244530] ? trace_preempt_on+0x20/0xc0 [ 26.244567] ? __pfx_kthread+0x10/0x10 [ 26.244604] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.244643] ? calculate_sigpending+0x7b/0xa0 [ 26.244678] ? __pfx_kthread+0x10/0x10 [ 26.244710] ret_from_fork+0x116/0x1d0 [ 26.244737] ? __pfx_kthread+0x10/0x10 [ 26.244766] ret_from_fork_asm+0x1a/0x30 [ 26.244807] </TASK> [ 26.244860] [ 26.256793] Allocated by task 314: [ 26.257019] kasan_save_stack+0x45/0x70 [ 26.257224] kasan_save_track+0x18/0x40 [ 26.257403] kasan_save_alloc_info+0x3b/0x50 [ 26.257593] __kasan_kmalloc+0xb7/0xc0 [ 26.257879] __kmalloc_noprof+0x1c9/0x500 [ 26.258209] kunit_kmalloc_array+0x25/0x60 [ 26.258525] copy_user_test_oob+0xab/0x10f0 [ 26.258810] kunit_try_run_case+0x1a5/0x480 [ 26.259135] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.259495] kthread+0x337/0x6f0 [ 26.259737] ret_from_fork+0x116/0x1d0 [ 26.260012] ret_from_fork_asm+0x1a/0x30 [ 26.260285] [ 26.260436] The buggy address belongs to the object at ffff888102c14900 [ 26.260436] which belongs to the cache kmalloc-128 of size 128 [ 26.260997] The buggy address is located 0 bytes inside of [ 26.260997] allocated 120-byte region [ffff888102c14900, ffff888102c14978) [ 26.261457] [ 26.261563] The buggy address belongs to the physical page: [ 26.261764] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c14 [ 26.262217] flags: 0x200000000000000(node=0|zone=2) [ 26.262599] page_type: f5(slab) [ 26.262906] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.263402] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.263910] page dumped because: kasan: bad access detected [ 26.264269] [ 26.264417] Memory state around the buggy address: [ 26.264734] ffff888102c14800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.265101] ffff888102c14880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.265373] >ffff888102c14900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.265716] ^ [ 26.266112] ffff888102c14980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.266408] ffff888102c14a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.266679] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-_copy_to_user
[ 26.191145] ================================================================== [ 26.191443] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70 [ 26.191773] Read of size 121 at addr ffff888102c14900 by task kunit_try_catch/314 [ 26.192305] [ 26.192520] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 26.192604] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.192629] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.192695] Call Trace: [ 26.192723] <TASK> [ 26.192767] dump_stack_lvl+0x73/0xb0 [ 26.192820] print_report+0xd1/0x650 [ 26.192855] ? __virt_addr_valid+0x1db/0x2d0 [ 26.192922] ? _copy_to_user+0x3c/0x70 [ 26.192959] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.193021] ? _copy_to_user+0x3c/0x70 [ 26.193049] kasan_report+0x141/0x180 [ 26.193098] ? _copy_to_user+0x3c/0x70 [ 26.193142] kasan_check_range+0x10c/0x1c0 [ 26.193198] __kasan_check_read+0x15/0x20 [ 26.193239] _copy_to_user+0x3c/0x70 [ 26.193285] copy_user_test_oob+0x364/0x10f0 [ 26.193334] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.193395] ? finish_task_switch.isra.0+0x153/0x700 [ 26.193440] ? __switch_to+0x47/0xf50 [ 26.193504] ? __schedule+0x10cc/0x2b60 [ 26.193534] ? __pfx_read_tsc+0x10/0x10 [ 26.193556] ? ktime_get_ts64+0x86/0x230 [ 26.193579] kunit_try_run_case+0x1a5/0x480 [ 26.193600] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.193619] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.193639] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.193659] ? __kthread_parkme+0x82/0x180 [ 26.193677] ? preempt_count_sub+0x50/0x80 [ 26.193697] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.193717] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.193738] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.193758] kthread+0x337/0x6f0 [ 26.193775] ? trace_preempt_on+0x20/0xc0 [ 26.193795] ? __pfx_kthread+0x10/0x10 [ 26.193813] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.193853] ? calculate_sigpending+0x7b/0xa0 [ 26.193877] ? __pfx_kthread+0x10/0x10 [ 26.193896] ret_from_fork+0x116/0x1d0 [ 26.193912] ? __pfx_kthread+0x10/0x10 [ 26.193931] ret_from_fork_asm+0x1a/0x30 [ 26.193958] </TASK> [ 26.193970] [ 26.203468] Allocated by task 314: [ 26.203701] kasan_save_stack+0x45/0x70 [ 26.203937] kasan_save_track+0x18/0x40 [ 26.204245] kasan_save_alloc_info+0x3b/0x50 [ 26.204619] __kasan_kmalloc+0xb7/0xc0 [ 26.204769] __kmalloc_noprof+0x1c9/0x500 [ 26.205421] kunit_kmalloc_array+0x25/0x60 [ 26.205660] copy_user_test_oob+0xab/0x10f0 [ 26.205833] kunit_try_run_case+0x1a5/0x480 [ 26.205997] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.206197] kthread+0x337/0x6f0 [ 26.206334] ret_from_fork+0x116/0x1d0 [ 26.206537] ret_from_fork_asm+0x1a/0x30 [ 26.206826] [ 26.206973] The buggy address belongs to the object at ffff888102c14900 [ 26.206973] which belongs to the cache kmalloc-128 of size 128 [ 26.209206] The buggy address is located 0 bytes inside of [ 26.209206] allocated 120-byte region [ffff888102c14900, ffff888102c14978) [ 26.210200] [ 26.210397] The buggy address belongs to the physical page: [ 26.210948] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c14 [ 26.211305] flags: 0x200000000000000(node=0|zone=2) [ 26.211637] page_type: f5(slab) [ 26.211853] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.212255] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.212648] page dumped because: kasan: bad access detected [ 26.213023] [ 26.213177] Memory state around the buggy address: [ 26.213406] ffff888102c14800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.213852] ffff888102c14880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.214180] >ffff888102c14900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.214643] ^ [ 26.215009] ffff888102c14980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.215418] ffff888102c14a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.215680] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-_copy_from_user
[ 26.156415] ================================================================== [ 26.156865] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 26.157351] Write of size 121 at addr ffff888102c14900 by task kunit_try_catch/314 [ 26.157763] [ 26.158014] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 26.158122] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.158149] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.158188] Call Trace: [ 26.158217] <TASK> [ 26.158254] dump_stack_lvl+0x73/0xb0 [ 26.158312] print_report+0xd1/0x650 [ 26.158357] ? __virt_addr_valid+0x1db/0x2d0 [ 26.158423] ? _copy_from_user+0x32/0x90 [ 26.158467] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.158506] ? _copy_from_user+0x32/0x90 [ 26.158526] kasan_report+0x141/0x180 [ 26.158549] ? _copy_from_user+0x32/0x90 [ 26.158572] kasan_check_range+0x10c/0x1c0 [ 26.158595] __kasan_check_write+0x18/0x20 [ 26.158616] _copy_from_user+0x32/0x90 [ 26.158640] copy_user_test_oob+0x2be/0x10f0 [ 26.158678] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.158713] ? finish_task_switch.isra.0+0x153/0x700 [ 26.158748] ? __switch_to+0x47/0xf50 [ 26.158798] ? __schedule+0x10cc/0x2b60 [ 26.159011] ? __pfx_read_tsc+0x10/0x10 [ 26.159090] ? ktime_get_ts64+0x86/0x230 [ 26.159146] kunit_try_run_case+0x1a5/0x480 [ 26.159194] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.159237] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.159285] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.159323] ? __kthread_parkme+0x82/0x180 [ 26.159356] ? preempt_count_sub+0x50/0x80 [ 26.159560] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.159588] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.159611] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.159632] kthread+0x337/0x6f0 [ 26.159649] ? trace_preempt_on+0x20/0xc0 [ 26.159671] ? __pfx_kthread+0x10/0x10 [ 26.159689] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.159708] ? calculate_sigpending+0x7b/0xa0 [ 26.159729] ? __pfx_kthread+0x10/0x10 [ 26.159748] ret_from_fork+0x116/0x1d0 [ 26.159764] ? __pfx_kthread+0x10/0x10 [ 26.159782] ret_from_fork_asm+0x1a/0x30 [ 26.159810] </TASK> [ 26.159824] [ 26.171990] Allocated by task 314: [ 26.172225] kasan_save_stack+0x45/0x70 [ 26.172537] kasan_save_track+0x18/0x40 [ 26.172715] kasan_save_alloc_info+0x3b/0x50 [ 26.173094] __kasan_kmalloc+0xb7/0xc0 [ 26.173601] __kmalloc_noprof+0x1c9/0x500 [ 26.173932] kunit_kmalloc_array+0x25/0x60 [ 26.174348] copy_user_test_oob+0xab/0x10f0 [ 26.174767] kunit_try_run_case+0x1a5/0x480 [ 26.175065] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.175322] kthread+0x337/0x6f0 [ 26.175677] ret_from_fork+0x116/0x1d0 [ 26.176333] ret_from_fork_asm+0x1a/0x30 [ 26.176701] [ 26.176997] The buggy address belongs to the object at ffff888102c14900 [ 26.176997] which belongs to the cache kmalloc-128 of size 128 [ 26.177658] The buggy address is located 0 bytes inside of [ 26.177658] allocated 120-byte region [ffff888102c14900, ffff888102c14978) [ 26.178657] [ 26.178872] The buggy address belongs to the physical page: [ 26.179353] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c14 [ 26.180173] flags: 0x200000000000000(node=0|zone=2) [ 26.180669] page_type: f5(slab) [ 26.181027] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.181583] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.182049] page dumped because: kasan: bad access detected [ 26.182494] [ 26.182686] Memory state around the buggy address: [ 26.183066] ffff888102c14800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.183538] ffff888102c14880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.184050] >ffff888102c14900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.184494] ^ [ 26.184954] ffff888102c14980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.185175] ffff888102c14a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.185692] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 26.081459] ================================================================== [ 26.082437] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 26.082819] Read of size 8 at addr ffff888102c14878 by task kunit_try_catch/310 [ 26.083273] [ 26.083904] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 26.084027] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.084046] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.084068] Call Trace: [ 26.084097] <TASK> [ 26.084126] dump_stack_lvl+0x73/0xb0 [ 26.084175] print_report+0xd1/0x650 [ 26.084207] ? __virt_addr_valid+0x1db/0x2d0 [ 26.084241] ? copy_to_kernel_nofault+0x225/0x260 [ 26.084267] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.084290] ? copy_to_kernel_nofault+0x225/0x260 [ 26.084310] kasan_report+0x141/0x180 [ 26.084330] ? copy_to_kernel_nofault+0x225/0x260 [ 26.084354] __asan_report_load8_noabort+0x18/0x20 [ 26.084375] copy_to_kernel_nofault+0x225/0x260 [ 26.084428] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 26.084467] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 26.084507] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 26.084555] ? trace_hardirqs_on+0x37/0xe0 [ 26.084608] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 26.084634] kunit_try_run_case+0x1a5/0x480 [ 26.084658] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.084678] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.084698] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.084718] ? __kthread_parkme+0x82/0x180 [ 26.084737] ? preempt_count_sub+0x50/0x80 [ 26.084757] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.084778] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.084798] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.084819] kthread+0x337/0x6f0 [ 26.084844] ? trace_preempt_on+0x20/0xc0 [ 26.084865] ? __pfx_kthread+0x10/0x10 [ 26.084883] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.084901] ? calculate_sigpending+0x7b/0xa0 [ 26.084922] ? __pfx_kthread+0x10/0x10 [ 26.084941] ret_from_fork+0x116/0x1d0 [ 26.084958] ? __pfx_kthread+0x10/0x10 [ 26.084976] ret_from_fork_asm+0x1a/0x30 [ 26.085004] </TASK> [ 26.085016] [ 26.097508] Allocated by task 310: [ 26.097647] kasan_save_stack+0x45/0x70 [ 26.098519] kasan_save_track+0x18/0x40 [ 26.098740] kasan_save_alloc_info+0x3b/0x50 [ 26.099517] __kasan_kmalloc+0xb7/0xc0 [ 26.099699] __kmalloc_cache_noprof+0x189/0x420 [ 26.099867] copy_to_kernel_nofault_oob+0x12f/0x560 [ 26.100451] kunit_try_run_case+0x1a5/0x480 [ 26.100694] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.101634] kthread+0x337/0x6f0 [ 26.101858] ret_from_fork+0x116/0x1d0 [ 26.101996] ret_from_fork_asm+0x1a/0x30 [ 26.102575] [ 26.102942] The buggy address belongs to the object at ffff888102c14800 [ 26.102942] which belongs to the cache kmalloc-128 of size 128 [ 26.103799] The buggy address is located 0 bytes to the right of [ 26.103799] allocated 120-byte region [ffff888102c14800, ffff888102c14878) [ 26.104455] [ 26.104570] The buggy address belongs to the physical page: [ 26.105211] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c14 [ 26.105461] flags: 0x200000000000000(node=0|zone=2) [ 26.105621] page_type: f5(slab) [ 26.105739] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.105952] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.106396] page dumped because: kasan: bad access detected [ 26.106746] [ 26.106844] Memory state around the buggy address: [ 26.107026] ffff888102c14700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.107303] ffff888102c14780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.108593] >ffff888102c14800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.108845] ^ [ 26.109063] ffff888102c14880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.109803] ffff888102c14900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.110759] ================================================================== [ 26.112066] ================================================================== [ 26.112405] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 26.113043] Write of size 8 at addr ffff888102c14878 by task kunit_try_catch/310 [ 26.113612] [ 26.113728] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 26.113809] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.113835] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.113873] Call Trace: [ 26.113901] <TASK> [ 26.114121] dump_stack_lvl+0x73/0xb0 [ 26.114188] print_report+0xd1/0x650 [ 26.114232] ? __virt_addr_valid+0x1db/0x2d0 [ 26.114278] ? copy_to_kernel_nofault+0x99/0x260 [ 26.114320] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.114368] ? copy_to_kernel_nofault+0x99/0x260 [ 26.114434] kasan_report+0x141/0x180 [ 26.114481] ? copy_to_kernel_nofault+0x99/0x260 [ 26.114534] kasan_check_range+0x10c/0x1c0 [ 26.114579] __kasan_check_write+0x18/0x20 [ 26.114622] copy_to_kernel_nofault+0x99/0x260 [ 26.114671] copy_to_kernel_nofault_oob+0x288/0x560 [ 26.114717] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 26.114762] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 26.114812] ? trace_hardirqs_on+0x37/0xe0 [ 26.114866] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 26.114918] kunit_try_run_case+0x1a5/0x480 [ 26.114951] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.114973] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.114994] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.115016] ? __kthread_parkme+0x82/0x180 [ 26.115034] ? preempt_count_sub+0x50/0x80 [ 26.115055] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.115075] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.115095] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.115115] kthread+0x337/0x6f0 [ 26.115132] ? trace_preempt_on+0x20/0xc0 [ 26.115151] ? __pfx_kthread+0x10/0x10 [ 26.115168] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.115187] ? calculate_sigpending+0x7b/0xa0 [ 26.115207] ? __pfx_kthread+0x10/0x10 [ 26.115226] ret_from_fork+0x116/0x1d0 [ 26.115243] ? __pfx_kthread+0x10/0x10 [ 26.115261] ret_from_fork_asm+0x1a/0x30 [ 26.115289] </TASK> [ 26.115301] [ 26.127887] Allocated by task 310: [ 26.128227] kasan_save_stack+0x45/0x70 [ 26.128501] kasan_save_track+0x18/0x40 [ 26.128648] kasan_save_alloc_info+0x3b/0x50 [ 26.129177] __kasan_kmalloc+0xb7/0xc0 [ 26.129438] __kmalloc_cache_noprof+0x189/0x420 [ 26.129638] copy_to_kernel_nofault_oob+0x12f/0x560 [ 26.130881] kunit_try_run_case+0x1a5/0x480 [ 26.131121] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.131351] kthread+0x337/0x6f0 [ 26.131470] ret_from_fork+0x116/0x1d0 [ 26.131598] ret_from_fork_asm+0x1a/0x30 [ 26.132472] [ 26.132615] The buggy address belongs to the object at ffff888102c14800 [ 26.132615] which belongs to the cache kmalloc-128 of size 128 [ 26.133544] The buggy address is located 0 bytes to the right of [ 26.133544] allocated 120-byte region [ffff888102c14800, ffff888102c14878) [ 26.133963] [ 26.134129] The buggy address belongs to the physical page: [ 26.134294] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c14 [ 26.134586] flags: 0x200000000000000(node=0|zone=2) [ 26.134835] page_type: f5(slab) [ 26.135477] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.135717] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.136354] page dumped because: kasan: bad access detected [ 26.136709] [ 26.136819] Memory state around the buggy address: [ 26.137354] ffff888102c14700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.137724] ffff888102c14780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.138469] >ffff888102c14800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.138843] ^ [ 26.139101] ffff888102c14880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.139553] ffff888102c14900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.139965] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 24.500418] ================================================================== [ 24.500727] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b88/0x5450 [ 24.501751] Read of size 4 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 24.502413] [ 24.502539] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 24.502617] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.502636] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.502667] Call Trace: [ 24.502689] <TASK> [ 24.502712] dump_stack_lvl+0x73/0xb0 [ 24.502761] print_report+0xd1/0x650 [ 24.502794] ? __virt_addr_valid+0x1db/0x2d0 [ 24.502837] ? kasan_atomics_helper+0x4b88/0x5450 [ 24.502873] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.502913] ? kasan_atomics_helper+0x4b88/0x5450 [ 24.502949] kasan_report+0x141/0x180 [ 24.502981] ? kasan_atomics_helper+0x4b88/0x5450 [ 24.503016] __asan_report_load4_noabort+0x18/0x20 [ 24.503036] kasan_atomics_helper+0x4b88/0x5450 [ 24.503055] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.503073] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.503094] ? trace_hardirqs_on+0x37/0xe0 [ 24.503116] ? kasan_atomics+0x152/0x310 [ 24.503139] kasan_atomics+0x1dc/0x310 [ 24.503160] ? __pfx_kasan_atomics+0x10/0x10 [ 24.503180] ? __pfx_kasan_atomics+0x10/0x10 [ 24.503202] kunit_try_run_case+0x1a5/0x480 [ 24.503223] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.503243] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.503262] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.503282] ? __kthread_parkme+0x82/0x180 [ 24.503300] ? preempt_count_sub+0x50/0x80 [ 24.503320] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.503341] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.503361] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.503399] kthread+0x337/0x6f0 [ 24.503419] ? trace_preempt_on+0x20/0xc0 [ 24.503439] ? __pfx_kthread+0x10/0x10 [ 24.503457] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.503475] ? calculate_sigpending+0x7b/0xa0 [ 24.503496] ? __pfx_kthread+0x10/0x10 [ 24.503515] ret_from_fork+0x116/0x1d0 [ 24.503532] ? __pfx_kthread+0x10/0x10 [ 24.503551] ret_from_fork_asm+0x1a/0x30 [ 24.503579] </TASK> [ 24.503591] [ 24.511155] Allocated by task 294: [ 24.511355] kasan_save_stack+0x45/0x70 [ 24.511647] kasan_save_track+0x18/0x40 [ 24.511933] kasan_save_alloc_info+0x3b/0x50 [ 24.512227] __kasan_kmalloc+0xb7/0xc0 [ 24.512507] __kmalloc_cache_noprof+0x189/0x420 [ 24.512815] kasan_atomics+0x95/0x310 [ 24.513005] kunit_try_run_case+0x1a5/0x480 [ 24.513168] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.513475] kthread+0x337/0x6f0 [ 24.513696] ret_from_fork+0x116/0x1d0 [ 24.513993] ret_from_fork_asm+0x1a/0x30 [ 24.514248] [ 24.514331] The buggy address belongs to the object at ffff888102c1c600 [ 24.514331] which belongs to the cache kmalloc-64 of size 64 [ 24.515025] The buggy address is located 0 bytes to the right of [ 24.515025] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 24.515501] [ 24.515599] The buggy address belongs to the physical page: [ 24.515862] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 24.516344] flags: 0x200000000000000(node=0|zone=2) [ 24.516572] page_type: f5(slab) [ 24.516714] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.517337] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.517642] page dumped because: kasan: bad access detected [ 24.517839] [ 24.517985] Memory state around the buggy address: [ 24.518247] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.518540] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.518777] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.518999] ^ [ 24.519163] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.519388] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.519842] ================================================================== [ 25.763042] ================================================================== [ 25.763446] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1e12/0x5450 [ 25.763697] Write of size 8 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.763920] [ 25.764024] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.764097] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.764118] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.764153] Call Trace: [ 25.764179] <TASK> [ 25.764205] dump_stack_lvl+0x73/0xb0 [ 25.764254] print_report+0xd1/0x650 [ 25.764296] ? __virt_addr_valid+0x1db/0x2d0 [ 25.764339] ? kasan_atomics_helper+0x1e12/0x5450 [ 25.764393] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.764471] ? kasan_atomics_helper+0x1e12/0x5450 [ 25.764508] kasan_report+0x141/0x180 [ 25.764545] ? kasan_atomics_helper+0x1e12/0x5450 [ 25.764586] kasan_check_range+0x10c/0x1c0 [ 25.764620] __kasan_check_write+0x18/0x20 [ 25.764657] kasan_atomics_helper+0x1e12/0x5450 [ 25.764697] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.764737] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.764781] ? trace_hardirqs_on+0x37/0xe0 [ 25.764820] ? kasan_atomics+0x152/0x310 [ 25.764862] kasan_atomics+0x1dc/0x310 [ 25.764899] ? __pfx_kasan_atomics+0x10/0x10 [ 25.764941] ? __pfx_kasan_atomics+0x10/0x10 [ 25.764990] kunit_try_run_case+0x1a5/0x480 [ 25.765036] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.765078] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.765120] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.765165] ? __kthread_parkme+0x82/0x180 [ 25.765204] ? preempt_count_sub+0x50/0x80 [ 25.765250] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.765316] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.765361] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.765416] kthread+0x337/0x6f0 [ 25.765455] ? trace_preempt_on+0x20/0xc0 [ 25.765499] ? __pfx_kthread+0x10/0x10 [ 25.765537] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.765590] ? calculate_sigpending+0x7b/0xa0 [ 25.765634] ? __pfx_kthread+0x10/0x10 [ 25.765674] ret_from_fork+0x116/0x1d0 [ 25.765708] ? __pfx_kthread+0x10/0x10 [ 25.765743] ret_from_fork_asm+0x1a/0x30 [ 25.765796] </TASK> [ 25.765834] [ 25.775705] Allocated by task 294: [ 25.776439] kasan_save_stack+0x45/0x70 [ 25.776646] kasan_save_track+0x18/0x40 [ 25.776823] kasan_save_alloc_info+0x3b/0x50 [ 25.777457] __kasan_kmalloc+0xb7/0xc0 [ 25.777635] __kmalloc_cache_noprof+0x189/0x420 [ 25.778151] kasan_atomics+0x95/0x310 [ 25.778485] kunit_try_run_case+0x1a5/0x480 [ 25.778653] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.779083] kthread+0x337/0x6f0 [ 25.779327] ret_from_fork+0x116/0x1d0 [ 25.779574] ret_from_fork_asm+0x1a/0x30 [ 25.779796] [ 25.779944] The buggy address belongs to the object at ffff888102c1c600 [ 25.779944] which belongs to the cache kmalloc-64 of size 64 [ 25.780292] The buggy address is located 0 bytes to the right of [ 25.780292] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.780998] [ 25.781101] The buggy address belongs to the physical page: [ 25.781473] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.781873] flags: 0x200000000000000(node=0|zone=2) [ 25.782132] page_type: f5(slab) [ 25.782359] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.782659] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.782978] page dumped because: kasan: bad access detected [ 25.783465] [ 25.783611] Memory state around the buggy address: [ 25.783785] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.784422] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.784663] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.784872] ^ [ 25.785219] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.785698] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.786229] ================================================================== [ 24.865304] ================================================================== [ 24.865857] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa2b/0x5450 [ 24.866434] Write of size 4 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 24.866939] [ 24.867070] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 24.867157] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.867184] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.867222] Call Trace: [ 24.867251] <TASK> [ 24.867277] dump_stack_lvl+0x73/0xb0 [ 24.867331] print_report+0xd1/0x650 [ 24.867369] ? __virt_addr_valid+0x1db/0x2d0 [ 24.867424] ? kasan_atomics_helper+0xa2b/0x5450 [ 24.867461] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.867508] ? kasan_atomics_helper+0xa2b/0x5450 [ 24.867550] kasan_report+0x141/0x180 [ 24.867589] ? kasan_atomics_helper+0xa2b/0x5450 [ 24.867640] kasan_check_range+0x10c/0x1c0 [ 24.867679] __kasan_check_write+0x18/0x20 [ 24.867720] kasan_atomics_helper+0xa2b/0x5450 [ 24.867757] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.867821] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.867897] ? trace_hardirqs_on+0x37/0xe0 [ 24.867939] ? kasan_atomics+0x152/0x310 [ 24.867989] kasan_atomics+0x1dc/0x310 [ 24.868034] ? __pfx_kasan_atomics+0x10/0x10 [ 24.868078] ? __pfx_kasan_atomics+0x10/0x10 [ 24.868129] kunit_try_run_case+0x1a5/0x480 [ 24.868175] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.868218] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.868261] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.868302] ? __kthread_parkme+0x82/0x180 [ 24.868338] ? preempt_count_sub+0x50/0x80 [ 24.868373] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.868424] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.868465] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.868503] kthread+0x337/0x6f0 [ 24.868538] ? trace_preempt_on+0x20/0xc0 [ 24.868578] ? __pfx_kthread+0x10/0x10 [ 24.868617] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.868657] ? calculate_sigpending+0x7b/0xa0 [ 24.868702] ? __pfx_kthread+0x10/0x10 [ 24.868742] ret_from_fork+0x116/0x1d0 [ 24.868779] ? __pfx_kthread+0x10/0x10 [ 24.868818] ret_from_fork_asm+0x1a/0x30 [ 24.868906] </TASK> [ 24.868951] [ 24.878420] Allocated by task 294: [ 24.878713] kasan_save_stack+0x45/0x70 [ 24.879076] kasan_save_track+0x18/0x40 [ 24.879338] kasan_save_alloc_info+0x3b/0x50 [ 24.879536] __kasan_kmalloc+0xb7/0xc0 [ 24.879686] __kmalloc_cache_noprof+0x189/0x420 [ 24.879885] kasan_atomics+0x95/0x310 [ 24.880035] kunit_try_run_case+0x1a5/0x480 [ 24.880227] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.880453] kthread+0x337/0x6f0 [ 24.880712] ret_from_fork+0x116/0x1d0 [ 24.881050] ret_from_fork_asm+0x1a/0x30 [ 24.881362] [ 24.881526] The buggy address belongs to the object at ffff888102c1c600 [ 24.881526] which belongs to the cache kmalloc-64 of size 64 [ 24.882356] The buggy address is located 0 bytes to the right of [ 24.882356] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 24.883232] [ 24.883392] The buggy address belongs to the physical page: [ 24.883746] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 24.884030] flags: 0x200000000000000(node=0|zone=2) [ 24.884399] page_type: f5(slab) [ 24.884643] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.884942] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.885171] page dumped because: kasan: bad access detected [ 24.885346] [ 24.885443] Memory state around the buggy address: [ 24.885607] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.885848] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.886359] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.886935] ^ [ 24.887272] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.887722] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.888210] ================================================================== [ 25.455049] ================================================================== [ 25.455616] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x164f/0x5450 [ 25.456009] Write of size 8 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.456396] [ 25.456565] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.456648] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.456673] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.456710] Call Trace: [ 25.456737] <TASK> [ 25.456767] dump_stack_lvl+0x73/0xb0 [ 25.456819] print_report+0xd1/0x650 [ 25.456854] ? __virt_addr_valid+0x1db/0x2d0 [ 25.456879] ? kasan_atomics_helper+0x164f/0x5450 [ 25.456897] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.456920] ? kasan_atomics_helper+0x164f/0x5450 [ 25.456938] kasan_report+0x141/0x180 [ 25.456958] ? kasan_atomics_helper+0x164f/0x5450 [ 25.456996] kasan_check_range+0x10c/0x1c0 [ 25.457016] __kasan_check_write+0x18/0x20 [ 25.457036] kasan_atomics_helper+0x164f/0x5450 [ 25.457056] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.457075] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.457096] ? trace_hardirqs_on+0x37/0xe0 [ 25.457114] ? kasan_atomics+0x152/0x310 [ 25.457137] kasan_atomics+0x1dc/0x310 [ 25.457157] ? __pfx_kasan_atomics+0x10/0x10 [ 25.457177] ? __pfx_kasan_atomics+0x10/0x10 [ 25.457200] kunit_try_run_case+0x1a5/0x480 [ 25.457221] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.457240] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.457260] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.457280] ? __kthread_parkme+0x82/0x180 [ 25.457298] ? preempt_count_sub+0x50/0x80 [ 25.457318] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.457339] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.457360] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.457399] kthread+0x337/0x6f0 [ 25.457452] ? trace_preempt_on+0x20/0xc0 [ 25.457487] ? __pfx_kthread+0x10/0x10 [ 25.457521] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.457559] ? calculate_sigpending+0x7b/0xa0 [ 25.457603] ? __pfx_kthread+0x10/0x10 [ 25.457645] ret_from_fork+0x116/0x1d0 [ 25.457683] ? __pfx_kthread+0x10/0x10 [ 25.457721] ret_from_fork_asm+0x1a/0x30 [ 25.457782] </TASK> [ 25.457807] [ 25.465650] Allocated by task 294: [ 25.465913] kasan_save_stack+0x45/0x70 [ 25.466223] kasan_save_track+0x18/0x40 [ 25.466544] kasan_save_alloc_info+0x3b/0x50 [ 25.466975] __kasan_kmalloc+0xb7/0xc0 [ 25.467188] __kmalloc_cache_noprof+0x189/0x420 [ 25.467462] kasan_atomics+0x95/0x310 [ 25.467614] kunit_try_run_case+0x1a5/0x480 [ 25.467772] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.467952] kthread+0x337/0x6f0 [ 25.468090] ret_from_fork+0x116/0x1d0 [ 25.468236] ret_from_fork_asm+0x1a/0x30 [ 25.468590] [ 25.468727] The buggy address belongs to the object at ffff888102c1c600 [ 25.468727] which belongs to the cache kmalloc-64 of size 64 [ 25.469520] The buggy address is located 0 bytes to the right of [ 25.469520] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.470304] [ 25.470484] The buggy address belongs to the physical page: [ 25.470841] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.471198] flags: 0x200000000000000(node=0|zone=2) [ 25.471437] page_type: f5(slab) [ 25.471615] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.471850] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.472341] page dumped because: kasan: bad access detected [ 25.472723] [ 25.472837] Memory state around the buggy address: [ 25.473039] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.473259] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.473485] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.473697] ^ [ 25.473878] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.474336] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.474802] ================================================================== [ 25.786901] ================================================================== [ 25.787445] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1eaa/0x5450 [ 25.788043] Write of size 8 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.788406] [ 25.788525] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.788607] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.788632] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.788672] Call Trace: [ 25.788700] <TASK> [ 25.788728] dump_stack_lvl+0x73/0xb0 [ 25.788782] print_report+0xd1/0x650 [ 25.788823] ? __virt_addr_valid+0x1db/0x2d0 [ 25.788863] ? kasan_atomics_helper+0x1eaa/0x5450 [ 25.788901] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.788938] ? kasan_atomics_helper+0x1eaa/0x5450 [ 25.788975] kasan_report+0x141/0x180 [ 25.789011] ? kasan_atomics_helper+0x1eaa/0x5450 [ 25.789054] kasan_check_range+0x10c/0x1c0 [ 25.789095] __kasan_check_write+0x18/0x20 [ 25.789132] kasan_atomics_helper+0x1eaa/0x5450 [ 25.789165] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.789195] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.789226] ? trace_hardirqs_on+0x37/0xe0 [ 25.789255] ? kasan_atomics+0x152/0x310 [ 25.789290] kasan_atomics+0x1dc/0x310 [ 25.789319] ? __pfx_kasan_atomics+0x10/0x10 [ 25.789351] ? __pfx_kasan_atomics+0x10/0x10 [ 25.789405] kunit_try_run_case+0x1a5/0x480 [ 25.789442] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.789474] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.789531] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.789567] ? __kthread_parkme+0x82/0x180 [ 25.789599] ? preempt_count_sub+0x50/0x80 [ 25.789632] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.789668] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.789708] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.789746] kthread+0x337/0x6f0 [ 25.789775] ? trace_preempt_on+0x20/0xc0 [ 25.789807] ? __pfx_kthread+0x10/0x10 [ 25.789837] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.789896] ? calculate_sigpending+0x7b/0xa0 [ 25.789937] ? __pfx_kthread+0x10/0x10 [ 25.789970] ret_from_fork+0x116/0x1d0 [ 25.790002] ? __pfx_kthread+0x10/0x10 [ 25.790052] ret_from_fork_asm+0x1a/0x30 [ 25.790105] </TASK> [ 25.790129] [ 25.798107] Allocated by task 294: [ 25.798267] kasan_save_stack+0x45/0x70 [ 25.798531] kasan_save_track+0x18/0x40 [ 25.798837] kasan_save_alloc_info+0x3b/0x50 [ 25.799188] __kasan_kmalloc+0xb7/0xc0 [ 25.799465] __kmalloc_cache_noprof+0x189/0x420 [ 25.799791] kasan_atomics+0x95/0x310 [ 25.800066] kunit_try_run_case+0x1a5/0x480 [ 25.800408] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.800900] kthread+0x337/0x6f0 [ 25.801159] ret_from_fork+0x116/0x1d0 [ 25.801434] ret_from_fork_asm+0x1a/0x30 [ 25.801656] [ 25.801750] The buggy address belongs to the object at ffff888102c1c600 [ 25.801750] which belongs to the cache kmalloc-64 of size 64 [ 25.802100] The buggy address is located 0 bytes to the right of [ 25.802100] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.802807] [ 25.803011] The buggy address belongs to the physical page: [ 25.803354] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.804218] flags: 0x200000000000000(node=0|zone=2) [ 25.804822] page_type: f5(slab) [ 25.805849] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.806186] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.806437] page dumped because: kasan: bad access detected [ 25.807530] [ 25.808057] Memory state around the buggy address: [ 25.808250] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.808646] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.809016] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.809311] ^ [ 25.809635] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.810207] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.810549] ================================================================== [ 25.287253] ================================================================== [ 25.287591] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49ce/0x5450 [ 25.287878] Read of size 4 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.288171] [ 25.288321] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.288400] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.288421] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.288454] Call Trace: [ 25.288479] <TASK> [ 25.288503] dump_stack_lvl+0x73/0xb0 [ 25.288547] print_report+0xd1/0x650 [ 25.288584] ? __virt_addr_valid+0x1db/0x2d0 [ 25.288624] ? kasan_atomics_helper+0x49ce/0x5450 [ 25.288658] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.288702] ? kasan_atomics_helper+0x49ce/0x5450 [ 25.288741] kasan_report+0x141/0x180 [ 25.288779] ? kasan_atomics_helper+0x49ce/0x5450 [ 25.288824] __asan_report_load4_noabort+0x18/0x20 [ 25.288901] kasan_atomics_helper+0x49ce/0x5450 [ 25.288947] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.288986] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.289020] ? trace_hardirqs_on+0x37/0xe0 [ 25.289053] ? kasan_atomics+0x152/0x310 [ 25.289094] kasan_atomics+0x1dc/0x310 [ 25.289131] ? __pfx_kasan_atomics+0x10/0x10 [ 25.289173] ? __pfx_kasan_atomics+0x10/0x10 [ 25.289224] kunit_try_run_case+0x1a5/0x480 [ 25.289272] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.289314] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.289358] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.289416] ? __kthread_parkme+0x82/0x180 [ 25.289456] ? preempt_count_sub+0x50/0x80 [ 25.289501] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.289547] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.289590] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.289631] kthread+0x337/0x6f0 [ 25.289659] ? trace_preempt_on+0x20/0xc0 [ 25.289692] ? __pfx_kthread+0x10/0x10 [ 25.289725] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.289762] ? calculate_sigpending+0x7b/0xa0 [ 25.289798] ? __pfx_kthread+0x10/0x10 [ 25.289864] ret_from_fork+0x116/0x1d0 [ 25.289902] ? __pfx_kthread+0x10/0x10 [ 25.289938] ret_from_fork_asm+0x1a/0x30 [ 25.289995] </TASK> [ 25.290025] [ 25.300114] Allocated by task 294: [ 25.300289] kasan_save_stack+0x45/0x70 [ 25.300463] kasan_save_track+0x18/0x40 [ 25.300647] kasan_save_alloc_info+0x3b/0x50 [ 25.301289] __kasan_kmalloc+0xb7/0xc0 [ 25.301566] __kmalloc_cache_noprof+0x189/0x420 [ 25.301765] kasan_atomics+0x95/0x310 [ 25.302217] kunit_try_run_case+0x1a5/0x480 [ 25.302625] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.302914] kthread+0x337/0x6f0 [ 25.303418] ret_from_fork+0x116/0x1d0 [ 25.303707] ret_from_fork_asm+0x1a/0x30 [ 25.304012] [ 25.304109] The buggy address belongs to the object at ffff888102c1c600 [ 25.304109] which belongs to the cache kmalloc-64 of size 64 [ 25.304604] The buggy address is located 0 bytes to the right of [ 25.304604] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.305199] [ 25.305814] The buggy address belongs to the physical page: [ 25.306028] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.306671] flags: 0x200000000000000(node=0|zone=2) [ 25.306967] page_type: f5(slab) [ 25.307154] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.307525] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.307935] page dumped because: kasan: bad access detected [ 25.308206] [ 25.308364] Memory state around the buggy address: [ 25.308616] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.309083] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.309448] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.309764] ^ [ 25.310039] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.310420] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.310681] ================================================================== [ 24.787345] ================================================================== [ 24.787745] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x860/0x5450 [ 24.788041] Write of size 4 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 24.788532] [ 24.788691] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 24.788770] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.788793] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.788830] Call Trace: [ 24.789160] <TASK> [ 24.789186] dump_stack_lvl+0x73/0xb0 [ 24.789222] print_report+0xd1/0x650 [ 24.789241] ? __virt_addr_valid+0x1db/0x2d0 [ 24.789261] ? kasan_atomics_helper+0x860/0x5450 [ 24.789279] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.789301] ? kasan_atomics_helper+0x860/0x5450 [ 24.789319] kasan_report+0x141/0x180 [ 24.789338] ? kasan_atomics_helper+0x860/0x5450 [ 24.789360] kasan_check_range+0x10c/0x1c0 [ 24.789397] __kasan_check_write+0x18/0x20 [ 24.789421] kasan_atomics_helper+0x860/0x5450 [ 24.789441] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.789460] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.789481] ? trace_hardirqs_on+0x37/0xe0 [ 24.789499] ? kasan_atomics+0x152/0x310 [ 24.789522] kasan_atomics+0x1dc/0x310 [ 24.789541] ? __pfx_kasan_atomics+0x10/0x10 [ 24.789561] ? __pfx_kasan_atomics+0x10/0x10 [ 24.789584] kunit_try_run_case+0x1a5/0x480 [ 24.789606] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.789625] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.789645] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.789664] ? __kthread_parkme+0x82/0x180 [ 24.789682] ? preempt_count_sub+0x50/0x80 [ 24.789702] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.789723] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.789743] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.789763] kthread+0x337/0x6f0 [ 24.789780] ? trace_preempt_on+0x20/0xc0 [ 24.789799] ? __pfx_kthread+0x10/0x10 [ 24.789817] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.789858] ? calculate_sigpending+0x7b/0xa0 [ 24.789881] ? __pfx_kthread+0x10/0x10 [ 24.789900] ret_from_fork+0x116/0x1d0 [ 24.789917] ? __pfx_kthread+0x10/0x10 [ 24.789935] ret_from_fork_asm+0x1a/0x30 [ 24.789962] </TASK> [ 24.789974] [ 24.801630] Allocated by task 294: [ 24.801776] kasan_save_stack+0x45/0x70 [ 24.802045] kasan_save_track+0x18/0x40 [ 24.802246] kasan_save_alloc_info+0x3b/0x50 [ 24.802496] __kasan_kmalloc+0xb7/0xc0 [ 24.802688] __kmalloc_cache_noprof+0x189/0x420 [ 24.802904] kasan_atomics+0x95/0x310 [ 24.803119] kunit_try_run_case+0x1a5/0x480 [ 24.803348] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.804052] kthread+0x337/0x6f0 [ 24.804192] ret_from_fork+0x116/0x1d0 [ 24.804591] ret_from_fork_asm+0x1a/0x30 [ 24.804868] [ 24.805277] The buggy address belongs to the object at ffff888102c1c600 [ 24.805277] which belongs to the cache kmalloc-64 of size 64 [ 24.805807] The buggy address is located 0 bytes to the right of [ 24.805807] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 24.806496] [ 24.806661] The buggy address belongs to the physical page: [ 24.807372] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 24.807733] flags: 0x200000000000000(node=0|zone=2) [ 24.808128] page_type: f5(slab) [ 24.808256] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.808799] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.809358] page dumped because: kasan: bad access detected [ 24.809796] [ 24.809916] Memory state around the buggy address: [ 24.810083] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.810559] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.811326] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.811614] ^ [ 24.811890] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.812465] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.813037] ================================================================== [ 25.005462] ================================================================== [ 25.005953] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xde0/0x5450 [ 25.006541] Write of size 4 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.006993] [ 25.007159] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.007255] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.007277] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.007307] Call Trace: [ 25.007330] <TASK> [ 25.007356] dump_stack_lvl+0x73/0xb0 [ 25.007427] print_report+0xd1/0x650 [ 25.007469] ? __virt_addr_valid+0x1db/0x2d0 [ 25.007514] ? kasan_atomics_helper+0xde0/0x5450 [ 25.007552] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.007599] ? kasan_atomics_helper+0xde0/0x5450 [ 25.007640] kasan_report+0x141/0x180 [ 25.007682] ? kasan_atomics_helper+0xde0/0x5450 [ 25.007733] kasan_check_range+0x10c/0x1c0 [ 25.007776] __kasan_check_write+0x18/0x20 [ 25.007819] kasan_atomics_helper+0xde0/0x5450 [ 25.007899] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.007943] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.007989] ? trace_hardirqs_on+0x37/0xe0 [ 25.008030] ? kasan_atomics+0x152/0x310 [ 25.008080] kasan_atomics+0x1dc/0x310 [ 25.008124] ? __pfx_kasan_atomics+0x10/0x10 [ 25.008168] ? __pfx_kasan_atomics+0x10/0x10 [ 25.008221] kunit_try_run_case+0x1a5/0x480 [ 25.008266] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.008307] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.008349] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.008398] ? __kthread_parkme+0x82/0x180 [ 25.008434] ? preempt_count_sub+0x50/0x80 [ 25.008493] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.008535] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.008574] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.008625] kthread+0x337/0x6f0 [ 25.008660] ? trace_preempt_on+0x20/0xc0 [ 25.008699] ? __pfx_kthread+0x10/0x10 [ 25.008736] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.008775] ? calculate_sigpending+0x7b/0xa0 [ 25.008819] ? __pfx_kthread+0x10/0x10 [ 25.008901] ret_from_fork+0x116/0x1d0 [ 25.008937] ? __pfx_kthread+0x10/0x10 [ 25.008974] ret_from_fork_asm+0x1a/0x30 [ 25.009028] </TASK> [ 25.009052] [ 25.017285] Allocated by task 294: [ 25.017540] kasan_save_stack+0x45/0x70 [ 25.017879] kasan_save_track+0x18/0x40 [ 25.018181] kasan_save_alloc_info+0x3b/0x50 [ 25.018535] __kasan_kmalloc+0xb7/0xc0 [ 25.018762] __kmalloc_cache_noprof+0x189/0x420 [ 25.019090] kasan_atomics+0x95/0x310 [ 25.019235] kunit_try_run_case+0x1a5/0x480 [ 25.019401] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.019574] kthread+0x337/0x6f0 [ 25.019702] ret_from_fork+0x116/0x1d0 [ 25.019873] ret_from_fork_asm+0x1a/0x30 [ 25.020027] [ 25.020149] The buggy address belongs to the object at ffff888102c1c600 [ 25.020149] which belongs to the cache kmalloc-64 of size 64 [ 25.020493] The buggy address is located 0 bytes to the right of [ 25.020493] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.021070] [ 25.021230] The buggy address belongs to the physical page: [ 25.021623] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.022185] flags: 0x200000000000000(node=0|zone=2) [ 25.022573] page_type: f5(slab) [ 25.022866] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.023359] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.023867] page dumped because: kasan: bad access detected [ 25.024237] [ 25.024394] Memory state around the buggy address: [ 25.024727] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.025213] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.025612] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.025873] ^ [ 25.026232] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.026541] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.026773] ================================================================== [ 25.543046] ================================================================== [ 25.543555] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x18b1/0x5450 [ 25.544072] Write of size 8 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.544724] [ 25.544891] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.544969] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.544988] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.545017] Call Trace: [ 25.545054] <TASK> [ 25.545079] dump_stack_lvl+0x73/0xb0 [ 25.545129] print_report+0xd1/0x650 [ 25.545169] ? __virt_addr_valid+0x1db/0x2d0 [ 25.545213] ? kasan_atomics_helper+0x18b1/0x5450 [ 25.545253] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.545297] ? kasan_atomics_helper+0x18b1/0x5450 [ 25.545339] kasan_report+0x141/0x180 [ 25.545394] ? kasan_atomics_helper+0x18b1/0x5450 [ 25.545434] kasan_check_range+0x10c/0x1c0 [ 25.545468] __kasan_check_write+0x18/0x20 [ 25.545499] kasan_atomics_helper+0x18b1/0x5450 [ 25.545532] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.545563] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.545598] ? trace_hardirqs_on+0x37/0xe0 [ 25.545629] ? kasan_atomics+0x152/0x310 [ 25.545664] kasan_atomics+0x1dc/0x310 [ 25.545696] ? __pfx_kasan_atomics+0x10/0x10 [ 25.545732] ? __pfx_kasan_atomics+0x10/0x10 [ 25.545774] kunit_try_run_case+0x1a5/0x480 [ 25.545814] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.545880] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.545917] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.545952] ? __kthread_parkme+0x82/0x180 [ 25.545991] ? preempt_count_sub+0x50/0x80 [ 25.546046] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.546096] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.546146] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.546195] kthread+0x337/0x6f0 [ 25.546233] ? trace_preempt_on+0x20/0xc0 [ 25.546276] ? __pfx_kthread+0x10/0x10 [ 25.546319] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.546360] ? calculate_sigpending+0x7b/0xa0 [ 25.546422] ? __pfx_kthread+0x10/0x10 [ 25.546468] ret_from_fork+0x116/0x1d0 [ 25.546509] ? __pfx_kthread+0x10/0x10 [ 25.546553] ret_from_fork_asm+0x1a/0x30 [ 25.546616] </TASK> [ 25.546641] [ 25.557967] Allocated by task 294: [ 25.558145] kasan_save_stack+0x45/0x70 [ 25.558309] kasan_save_track+0x18/0x40 [ 25.558615] kasan_save_alloc_info+0x3b/0x50 [ 25.558893] __kasan_kmalloc+0xb7/0xc0 [ 25.559069] __kmalloc_cache_noprof+0x189/0x420 [ 25.559259] kasan_atomics+0x95/0x310 [ 25.560493] kunit_try_run_case+0x1a5/0x480 [ 25.560860] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.561111] kthread+0x337/0x6f0 [ 25.561265] ret_from_fork+0x116/0x1d0 [ 25.561449] ret_from_fork_asm+0x1a/0x30 [ 25.561635] [ 25.561737] The buggy address belongs to the object at ffff888102c1c600 [ 25.561737] which belongs to the cache kmalloc-64 of size 64 [ 25.562748] The buggy address is located 0 bytes to the right of [ 25.562748] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.563100] [ 25.563158] The buggy address belongs to the physical page: [ 25.563252] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.563393] flags: 0x200000000000000(node=0|zone=2) [ 25.564192] page_type: f5(slab) [ 25.564342] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.564739] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.565105] page dumped because: kasan: bad access detected [ 25.565341] [ 25.565450] Memory state around the buggy address: [ 25.565670] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.565895] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.566134] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.566439] ^ [ 25.566746] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.567206] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.567509] ================================================================== [ 25.637711] ================================================================== [ 25.638296] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1b22/0x5450 [ 25.638602] Write of size 8 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.639989] [ 25.640114] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.640164] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.640177] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.640196] Call Trace: [ 25.640211] <TASK> [ 25.640231] dump_stack_lvl+0x73/0xb0 [ 25.640278] print_report+0xd1/0x650 [ 25.640315] ? __virt_addr_valid+0x1db/0x2d0 [ 25.640351] ? kasan_atomics_helper+0x1b22/0x5450 [ 25.640521] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.640554] ? kasan_atomics_helper+0x1b22/0x5450 [ 25.640584] kasan_report+0x141/0x180 [ 25.640605] ? kasan_atomics_helper+0x1b22/0x5450 [ 25.640628] kasan_check_range+0x10c/0x1c0 [ 25.640648] __kasan_check_write+0x18/0x20 [ 25.640667] kasan_atomics_helper+0x1b22/0x5450 [ 25.640687] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.640707] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.640728] ? trace_hardirqs_on+0x37/0xe0 [ 25.640747] ? kasan_atomics+0x152/0x310 [ 25.640770] kasan_atomics+0x1dc/0x310 [ 25.640790] ? __pfx_kasan_atomics+0x10/0x10 [ 25.640810] ? __pfx_kasan_atomics+0x10/0x10 [ 25.640858] kunit_try_run_case+0x1a5/0x480 [ 25.640881] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.640901] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.640920] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.640940] ? __kthread_parkme+0x82/0x180 [ 25.640957] ? preempt_count_sub+0x50/0x80 [ 25.640978] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.640998] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.641019] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.641039] kthread+0x337/0x6f0 [ 25.641056] ? trace_preempt_on+0x20/0xc0 [ 25.641075] ? __pfx_kthread+0x10/0x10 [ 25.641093] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.641112] ? calculate_sigpending+0x7b/0xa0 [ 25.641132] ? __pfx_kthread+0x10/0x10 [ 25.641151] ret_from_fork+0x116/0x1d0 [ 25.641168] ? __pfx_kthread+0x10/0x10 [ 25.641186] ret_from_fork_asm+0x1a/0x30 [ 25.641213] </TASK> [ 25.641224] [ 25.653124] Allocated by task 294: [ 25.653547] kasan_save_stack+0x45/0x70 [ 25.653779] kasan_save_track+0x18/0x40 [ 25.654073] kasan_save_alloc_info+0x3b/0x50 [ 25.654352] __kasan_kmalloc+0xb7/0xc0 [ 25.654608] __kmalloc_cache_noprof+0x189/0x420 [ 25.655298] kasan_atomics+0x95/0x310 [ 25.655509] kunit_try_run_case+0x1a5/0x480 [ 25.655643] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.656117] kthread+0x337/0x6f0 [ 25.656321] ret_from_fork+0x116/0x1d0 [ 25.656729] ret_from_fork_asm+0x1a/0x30 [ 25.657196] [ 25.657293] The buggy address belongs to the object at ffff888102c1c600 [ 25.657293] which belongs to the cache kmalloc-64 of size 64 [ 25.657937] The buggy address is located 0 bytes to the right of [ 25.657937] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.658700] [ 25.658786] The buggy address belongs to the physical page: [ 25.659190] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.660037] flags: 0x200000000000000(node=0|zone=2) [ 25.660279] page_type: f5(slab) [ 25.660416] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.660960] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.661521] page dumped because: kasan: bad access detected [ 25.661805] [ 25.662094] Memory state around the buggy address: [ 25.662577] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.662904] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.663725] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.664035] ^ [ 25.664513] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.664824] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.665187] ================================================================== [ 26.002100] ================================================================== [ 26.002650] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x224c/0x5450 [ 26.003212] Write of size 8 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 26.003872] [ 26.004066] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 26.004309] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.004346] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.004392] Call Trace: [ 26.004872] <TASK> [ 26.004903] dump_stack_lvl+0x73/0xb0 [ 26.004941] print_report+0xd1/0x650 [ 26.004963] ? __virt_addr_valid+0x1db/0x2d0 [ 26.004984] ? kasan_atomics_helper+0x224c/0x5450 [ 26.005003] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.005025] ? kasan_atomics_helper+0x224c/0x5450 [ 26.005044] kasan_report+0x141/0x180 [ 26.005064] ? kasan_atomics_helper+0x224c/0x5450 [ 26.005086] kasan_check_range+0x10c/0x1c0 [ 26.005107] __kasan_check_write+0x18/0x20 [ 26.005127] kasan_atomics_helper+0x224c/0x5450 [ 26.005147] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.005166] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.005186] ? trace_hardirqs_on+0x37/0xe0 [ 26.005205] ? kasan_atomics+0x152/0x310 [ 26.005227] kasan_atomics+0x1dc/0x310 [ 26.005246] ? __pfx_kasan_atomics+0x10/0x10 [ 26.005266] ? __pfx_kasan_atomics+0x10/0x10 [ 26.005289] kunit_try_run_case+0x1a5/0x480 [ 26.005309] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.005329] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.005348] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.005368] ? __kthread_parkme+0x82/0x180 [ 26.005408] ? preempt_count_sub+0x50/0x80 [ 26.005443] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.005483] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.005524] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.005568] kthread+0x337/0x6f0 [ 26.005604] ? trace_preempt_on+0x20/0xc0 [ 26.005642] ? __pfx_kthread+0x10/0x10 [ 26.005662] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.005681] ? calculate_sigpending+0x7b/0xa0 [ 26.005702] ? __pfx_kthread+0x10/0x10 [ 26.005721] ret_from_fork+0x116/0x1d0 [ 26.005739] ? __pfx_kthread+0x10/0x10 [ 26.005757] ret_from_fork_asm+0x1a/0x30 [ 26.005784] </TASK> [ 26.005795] [ 26.015812] Allocated by task 294: [ 26.016082] kasan_save_stack+0x45/0x70 [ 26.016374] kasan_save_track+0x18/0x40 [ 26.016571] kasan_save_alloc_info+0x3b/0x50 [ 26.016730] __kasan_kmalloc+0xb7/0xc0 [ 26.017107] __kmalloc_cache_noprof+0x189/0x420 [ 26.017431] kasan_atomics+0x95/0x310 [ 26.017694] kunit_try_run_case+0x1a5/0x480 [ 26.017853] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.018049] kthread+0x337/0x6f0 [ 26.018200] ret_from_fork+0x116/0x1d0 [ 26.018356] ret_from_fork_asm+0x1a/0x30 [ 26.018540] [ 26.018635] The buggy address belongs to the object at ffff888102c1c600 [ 26.018635] which belongs to the cache kmalloc-64 of size 64 [ 26.019473] The buggy address is located 0 bytes to the right of [ 26.019473] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 26.020198] [ 26.020407] The buggy address belongs to the physical page: [ 26.020723] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 26.021407] flags: 0x200000000000000(node=0|zone=2) [ 26.021545] page_type: f5(slab) [ 26.021621] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.021740] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.022645] page dumped because: kasan: bad access detected [ 26.023313] [ 26.023645] Memory state around the buggy address: [ 26.024085] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.024414] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.024871] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.025237] ^ [ 26.025592] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.026241] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.026541] ================================================================== [ 25.881346] ================================================================== [ 25.881770] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f98/0x5450 [ 25.882508] Read of size 8 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.883023] [ 25.883152] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.883235] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.883261] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.883300] Call Trace: [ 25.883328] <TASK> [ 25.883357] dump_stack_lvl+0x73/0xb0 [ 25.883426] print_report+0xd1/0x650 [ 25.883469] ? __virt_addr_valid+0x1db/0x2d0 [ 25.883512] ? kasan_atomics_helper+0x4f98/0x5450 [ 25.883552] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.883597] ? kasan_atomics_helper+0x4f98/0x5450 [ 25.883639] kasan_report+0x141/0x180 [ 25.883680] ? kasan_atomics_helper+0x4f98/0x5450 [ 25.883730] __asan_report_load8_noabort+0x18/0x20 [ 25.883775] kasan_atomics_helper+0x4f98/0x5450 [ 25.883813] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.883859] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.883897] ? trace_hardirqs_on+0x37/0xe0 [ 25.883933] ? kasan_atomics+0x152/0x310 [ 25.883971] kasan_atomics+0x1dc/0x310 [ 25.884004] ? __pfx_kasan_atomics+0x10/0x10 [ 25.884045] ? __pfx_kasan_atomics+0x10/0x10 [ 25.884090] kunit_try_run_case+0x1a5/0x480 [ 25.884136] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.884178] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.884221] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.884265] ? __kthread_parkme+0x82/0x180 [ 25.884304] ? preempt_count_sub+0x50/0x80 [ 25.884349] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.884410] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.884456] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.884499] kthread+0x337/0x6f0 [ 25.884539] ? trace_preempt_on+0x20/0xc0 [ 25.884581] ? __pfx_kthread+0x10/0x10 [ 25.884620] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.884657] ? calculate_sigpending+0x7b/0xa0 [ 25.884701] ? __pfx_kthread+0x10/0x10 [ 25.884742] ret_from_fork+0x116/0x1d0 [ 25.884780] ? __pfx_kthread+0x10/0x10 [ 25.884819] ret_from_fork_asm+0x1a/0x30 [ 25.884872] </TASK> [ 25.884892] [ 25.893270] Allocated by task 294: [ 25.893541] kasan_save_stack+0x45/0x70 [ 25.893823] kasan_save_track+0x18/0x40 [ 25.894071] kasan_save_alloc_info+0x3b/0x50 [ 25.894243] __kasan_kmalloc+0xb7/0xc0 [ 25.894494] __kmalloc_cache_noprof+0x189/0x420 [ 25.894718] kasan_atomics+0x95/0x310 [ 25.895000] kunit_try_run_case+0x1a5/0x480 [ 25.895213] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.895530] kthread+0x337/0x6f0 [ 25.895727] ret_from_fork+0x116/0x1d0 [ 25.896023] ret_from_fork_asm+0x1a/0x30 [ 25.896191] [ 25.896325] The buggy address belongs to the object at ffff888102c1c600 [ 25.896325] which belongs to the cache kmalloc-64 of size 64 [ 25.896827] The buggy address is located 0 bytes to the right of [ 25.896827] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.897301] [ 25.897413] The buggy address belongs to the physical page: [ 25.897589] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.897831] flags: 0x200000000000000(node=0|zone=2) [ 25.898189] page_type: f5(slab) [ 25.898459] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.898967] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.899408] page dumped because: kasan: bad access detected [ 25.899587] [ 25.899673] Memory state around the buggy address: [ 25.899870] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.900288] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.900737] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.901991] ^ [ 25.902364] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.902721] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.904351] ================================================================== [ 25.218016] ================================================================== [ 25.218755] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1217/0x5450 [ 25.219288] Write of size 4 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.219765] [ 25.219981] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.220063] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.220085] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.220117] Call Trace: [ 25.220144] <TASK> [ 25.220172] dump_stack_lvl+0x73/0xb0 [ 25.220228] print_report+0xd1/0x650 [ 25.220271] ? __virt_addr_valid+0x1db/0x2d0 [ 25.220315] ? kasan_atomics_helper+0x1217/0x5450 [ 25.220353] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.220414] ? kasan_atomics_helper+0x1217/0x5450 [ 25.220456] kasan_report+0x141/0x180 [ 25.220499] ? kasan_atomics_helper+0x1217/0x5450 [ 25.220550] kasan_check_range+0x10c/0x1c0 [ 25.220594] __kasan_check_write+0x18/0x20 [ 25.220638] kasan_atomics_helper+0x1217/0x5450 [ 25.220683] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.220724] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.220769] ? trace_hardirqs_on+0x37/0xe0 [ 25.220806] ? kasan_atomics+0x152/0x310 [ 25.220881] kasan_atomics+0x1dc/0x310 [ 25.220919] ? __pfx_kasan_atomics+0x10/0x10 [ 25.220983] ? __pfx_kasan_atomics+0x10/0x10 [ 25.221027] kunit_try_run_case+0x1a5/0x480 [ 25.221081] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.221123] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.221171] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.221216] ? __kthread_parkme+0x82/0x180 [ 25.221266] ? preempt_count_sub+0x50/0x80 [ 25.221308] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.221349] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.221404] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.221448] kthread+0x337/0x6f0 [ 25.221486] ? trace_preempt_on+0x20/0xc0 [ 25.221526] ? __pfx_kthread+0x10/0x10 [ 25.221564] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.221604] ? calculate_sigpending+0x7b/0xa0 [ 25.221649] ? __pfx_kthread+0x10/0x10 [ 25.221693] ret_from_fork+0x116/0x1d0 [ 25.221729] ? __pfx_kthread+0x10/0x10 [ 25.221765] ret_from_fork_asm+0x1a/0x30 [ 25.221855] </TASK> [ 25.221881] [ 25.230067] Allocated by task 294: [ 25.230348] kasan_save_stack+0x45/0x70 [ 25.230696] kasan_save_track+0x18/0x40 [ 25.231014] kasan_save_alloc_info+0x3b/0x50 [ 25.231218] __kasan_kmalloc+0xb7/0xc0 [ 25.231370] __kmalloc_cache_noprof+0x189/0x420 [ 25.231712] kasan_atomics+0x95/0x310 [ 25.232016] kunit_try_run_case+0x1a5/0x480 [ 25.232230] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.232553] kthread+0x337/0x6f0 [ 25.232788] ret_from_fork+0x116/0x1d0 [ 25.233014] ret_from_fork_asm+0x1a/0x30 [ 25.233292] [ 25.233431] The buggy address belongs to the object at ffff888102c1c600 [ 25.233431] which belongs to the cache kmalloc-64 of size 64 [ 25.233877] The buggy address is located 0 bytes to the right of [ 25.233877] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.234572] [ 25.234729] The buggy address belongs to the physical page: [ 25.235120] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.235639] flags: 0x200000000000000(node=0|zone=2) [ 25.235819] page_type: f5(slab) [ 25.235987] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.236218] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.236452] page dumped because: kasan: bad access detected [ 25.236627] [ 25.236711] Memory state around the buggy address: [ 25.236896] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.237108] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.237576] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.238078] ^ [ 25.238449] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.238971] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.239417] ================================================================== [ 25.688466] ================================================================== [ 25.688849] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f30/0x5450 [ 25.689432] Read of size 8 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.689731] [ 25.689846] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.689929] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.689953] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.689990] Call Trace: [ 25.690029] <TASK> [ 25.690060] dump_stack_lvl+0x73/0xb0 [ 25.690120] print_report+0xd1/0x650 [ 25.690153] ? __virt_addr_valid+0x1db/0x2d0 [ 25.690185] ? kasan_atomics_helper+0x4f30/0x5450 [ 25.690214] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.690255] ? kasan_atomics_helper+0x4f30/0x5450 [ 25.690289] kasan_report+0x141/0x180 [ 25.690326] ? kasan_atomics_helper+0x4f30/0x5450 [ 25.690394] __asan_report_load8_noabort+0x18/0x20 [ 25.690445] kasan_atomics_helper+0x4f30/0x5450 [ 25.690493] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.690538] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.690587] ? trace_hardirqs_on+0x37/0xe0 [ 25.690630] ? kasan_atomics+0x152/0x310 [ 25.690683] kasan_atomics+0x1dc/0x310 [ 25.690731] ? __pfx_kasan_atomics+0x10/0x10 [ 25.690780] ? __pfx_kasan_atomics+0x10/0x10 [ 25.690833] kunit_try_run_case+0x1a5/0x480 [ 25.690881] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.690927] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.690973] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.691021] ? __kthread_parkme+0x82/0x180 [ 25.691060] ? preempt_count_sub+0x50/0x80 [ 25.691126] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.691163] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.691202] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.691242] kthread+0x337/0x6f0 [ 25.691280] ? trace_preempt_on+0x20/0xc0 [ 25.691322] ? __pfx_kthread+0x10/0x10 [ 25.691363] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.691417] ? calculate_sigpending+0x7b/0xa0 [ 25.691463] ? __pfx_kthread+0x10/0x10 [ 25.691506] ret_from_fork+0x116/0x1d0 [ 25.691546] ? __pfx_kthread+0x10/0x10 [ 25.691585] ret_from_fork_asm+0x1a/0x30 [ 25.691646] </TASK> [ 25.691673] [ 25.701564] Allocated by task 294: [ 25.702320] kasan_save_stack+0x45/0x70 [ 25.702546] kasan_save_track+0x18/0x40 [ 25.702711] kasan_save_alloc_info+0x3b/0x50 [ 25.702900] __kasan_kmalloc+0xb7/0xc0 [ 25.703061] __kmalloc_cache_noprof+0x189/0x420 [ 25.703230] kasan_atomics+0x95/0x310 [ 25.703387] kunit_try_run_case+0x1a5/0x480 [ 25.703548] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.703729] kthread+0x337/0x6f0 [ 25.703857] ret_from_fork+0x116/0x1d0 [ 25.703937] ret_from_fork_asm+0x1a/0x30 [ 25.704015] [ 25.704060] The buggy address belongs to the object at ffff888102c1c600 [ 25.704060] which belongs to the cache kmalloc-64 of size 64 [ 25.704238] The buggy address is located 0 bytes to the right of [ 25.704238] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.704644] [ 25.704817] The buggy address belongs to the physical page: [ 25.705299] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.705928] flags: 0x200000000000000(node=0|zone=2) [ 25.706333] page_type: f5(slab) [ 25.706659] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.707263] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.707781] page dumped because: kasan: bad access detected [ 25.708254] [ 25.708428] Memory state around the buggy address: [ 25.708812] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.709315] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.709602] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.710416] ^ [ 25.710729] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.711174] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.711575] ================================================================== [ 25.240339] ================================================================== [ 25.240890] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49e8/0x5450 [ 25.241302] Read of size 4 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.241589] [ 25.241739] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.241822] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.241877] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.241917] Call Trace: [ 25.241946] <TASK> [ 25.241974] dump_stack_lvl+0x73/0xb0 [ 25.242040] print_report+0xd1/0x650 [ 25.242089] ? __virt_addr_valid+0x1db/0x2d0 [ 25.242137] ? kasan_atomics_helper+0x49e8/0x5450 [ 25.242181] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.242231] ? kasan_atomics_helper+0x49e8/0x5450 [ 25.242273] kasan_report+0x141/0x180 [ 25.242318] ? kasan_atomics_helper+0x49e8/0x5450 [ 25.242372] __asan_report_load4_noabort+0x18/0x20 [ 25.242428] kasan_atomics_helper+0x49e8/0x5450 [ 25.242494] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.242539] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.242580] ? trace_hardirqs_on+0x37/0xe0 [ 25.242618] ? kasan_atomics+0x152/0x310 [ 25.242661] kasan_atomics+0x1dc/0x310 [ 25.242698] ? __pfx_kasan_atomics+0x10/0x10 [ 25.242740] ? __pfx_kasan_atomics+0x10/0x10 [ 25.242807] kunit_try_run_case+0x1a5/0x480 [ 25.242897] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.242944] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.242998] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.243046] ? __kthread_parkme+0x82/0x180 [ 25.243086] ? preempt_count_sub+0x50/0x80 [ 25.243130] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.243174] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.243217] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.243259] kthread+0x337/0x6f0 [ 25.243294] ? trace_preempt_on+0x20/0xc0 [ 25.243336] ? __pfx_kthread+0x10/0x10 [ 25.243389] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.243434] ? calculate_sigpending+0x7b/0xa0 [ 25.243479] ? __pfx_kthread+0x10/0x10 [ 25.243520] ret_from_fork+0x116/0x1d0 [ 25.243560] ? __pfx_kthread+0x10/0x10 [ 25.243600] ret_from_fork_asm+0x1a/0x30 [ 25.243659] </TASK> [ 25.243684] [ 25.251938] Allocated by task 294: [ 25.252090] kasan_save_stack+0x45/0x70 [ 25.252255] kasan_save_track+0x18/0x40 [ 25.252455] kasan_save_alloc_info+0x3b/0x50 [ 25.252762] __kasan_kmalloc+0xb7/0xc0 [ 25.253063] __kmalloc_cache_noprof+0x189/0x420 [ 25.253396] kasan_atomics+0x95/0x310 [ 25.253659] kunit_try_run_case+0x1a5/0x480 [ 25.253980] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.254372] kthread+0x337/0x6f0 [ 25.254634] ret_from_fork+0x116/0x1d0 [ 25.254820] ret_from_fork_asm+0x1a/0x30 [ 25.255079] [ 25.255172] The buggy address belongs to the object at ffff888102c1c600 [ 25.255172] which belongs to the cache kmalloc-64 of size 64 [ 25.255704] The buggy address is located 0 bytes to the right of [ 25.255704] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.256404] [ 25.256502] The buggy address belongs to the physical page: [ 25.256679] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.257204] flags: 0x200000000000000(node=0|zone=2) [ 25.257562] page_type: f5(slab) [ 25.257812] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.258113] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.258353] page dumped because: kasan: bad access detected [ 25.258757] [ 25.258946] Memory state around the buggy address: [ 25.259284] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.259753] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.259999] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.260257] ^ [ 25.260590] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.261071] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.261491] ================================================================== [ 24.760585] ================================================================== [ 24.761109] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x7c7/0x5450 [ 24.762149] Write of size 4 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 24.762411] [ 24.763292] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 24.763352] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.763366] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.763403] Call Trace: [ 24.763428] <TASK> [ 24.763452] dump_stack_lvl+0x73/0xb0 [ 24.763503] print_report+0xd1/0x650 [ 24.763540] ? __virt_addr_valid+0x1db/0x2d0 [ 24.763613] ? kasan_atomics_helper+0x7c7/0x5450 [ 24.763651] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.763694] ? kasan_atomics_helper+0x7c7/0x5450 [ 24.763741] kasan_report+0x141/0x180 [ 24.763773] ? kasan_atomics_helper+0x7c7/0x5450 [ 24.763803] kasan_check_range+0x10c/0x1c0 [ 24.763835] __kasan_check_write+0x18/0x20 [ 24.763869] kasan_atomics_helper+0x7c7/0x5450 [ 24.763890] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.763910] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.763930] ? trace_hardirqs_on+0x37/0xe0 [ 24.763949] ? kasan_atomics+0x152/0x310 [ 24.763971] kasan_atomics+0x1dc/0x310 [ 24.763991] ? __pfx_kasan_atomics+0x10/0x10 [ 24.764011] ? __pfx_kasan_atomics+0x10/0x10 [ 24.764034] kunit_try_run_case+0x1a5/0x480 [ 24.764055] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.764074] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.764094] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.764113] ? __kthread_parkme+0x82/0x180 [ 24.764131] ? preempt_count_sub+0x50/0x80 [ 24.764152] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.764172] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.764193] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.764213] kthread+0x337/0x6f0 [ 24.764230] ? trace_preempt_on+0x20/0xc0 [ 24.764249] ? __pfx_kthread+0x10/0x10 [ 24.764267] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.764285] ? calculate_sigpending+0x7b/0xa0 [ 24.764305] ? __pfx_kthread+0x10/0x10 [ 24.764324] ret_from_fork+0x116/0x1d0 [ 24.764341] ? __pfx_kthread+0x10/0x10 [ 24.764358] ret_from_fork_asm+0x1a/0x30 [ 24.764401] </TASK> [ 24.764415] [ 24.773185] Allocated by task 294: [ 24.773341] kasan_save_stack+0x45/0x70 [ 24.773630] kasan_save_track+0x18/0x40 [ 24.773943] kasan_save_alloc_info+0x3b/0x50 [ 24.774254] __kasan_kmalloc+0xb7/0xc0 [ 24.774445] __kmalloc_cache_noprof+0x189/0x420 [ 24.774612] kasan_atomics+0x95/0x310 [ 24.774759] kunit_try_run_case+0x1a5/0x480 [ 24.774912] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.775255] kthread+0x337/0x6f0 [ 24.775525] ret_from_fork+0x116/0x1d0 [ 24.775807] ret_from_fork_asm+0x1a/0x30 [ 24.777502] [ 24.778142] The buggy address belongs to the object at ffff888102c1c600 [ 24.778142] which belongs to the cache kmalloc-64 of size 64 [ 24.779074] The buggy address is located 0 bytes to the right of [ 24.779074] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 24.779582] [ 24.779680] The buggy address belongs to the physical page: [ 24.780396] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 24.780970] flags: 0x200000000000000(node=0|zone=2) [ 24.781142] page_type: f5(slab) [ 24.781298] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.781778] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.782105] page dumped because: kasan: bad access detected [ 24.782344] [ 24.782446] Memory state around the buggy address: [ 24.782744] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.783045] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.783853] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.784642] ^ [ 24.785038] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.785314] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.785720] ================================================================== [ 24.700618] ================================================================== [ 24.701122] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x697/0x5450 [ 24.701764] Write of size 4 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 24.702888] [ 24.703085] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 24.703165] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.703186] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.703221] Call Trace: [ 24.703246] <TASK> [ 24.703273] dump_stack_lvl+0x73/0xb0 [ 24.703329] print_report+0xd1/0x650 [ 24.703371] ? __virt_addr_valid+0x1db/0x2d0 [ 24.703435] ? kasan_atomics_helper+0x697/0x5450 [ 24.703475] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.703522] ? kasan_atomics_helper+0x697/0x5450 [ 24.703556] kasan_report+0x141/0x180 [ 24.703590] ? kasan_atomics_helper+0x697/0x5450 [ 24.703633] kasan_check_range+0x10c/0x1c0 [ 24.703671] __kasan_check_write+0x18/0x20 [ 24.703705] kasan_atomics_helper+0x697/0x5450 [ 24.703742] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.703780] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.703821] ? trace_hardirqs_on+0x37/0xe0 [ 24.703855] ? kasan_atomics+0x152/0x310 [ 24.703897] kasan_atomics+0x1dc/0x310 [ 24.703937] ? __pfx_kasan_atomics+0x10/0x10 [ 24.703971] ? __pfx_kasan_atomics+0x10/0x10 [ 24.704017] kunit_try_run_case+0x1a5/0x480 [ 24.704058] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.704098] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.704141] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.704184] ? __kthread_parkme+0x82/0x180 [ 24.704224] ? preempt_count_sub+0x50/0x80 [ 24.704268] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.704306] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.704344] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.704396] kthread+0x337/0x6f0 [ 24.704434] ? trace_preempt_on+0x20/0xc0 [ 24.704472] ? __pfx_kthread+0x10/0x10 [ 24.704505] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.704540] ? calculate_sigpending+0x7b/0xa0 [ 24.704582] ? __pfx_kthread+0x10/0x10 [ 24.704622] ret_from_fork+0x116/0x1d0 [ 24.704660] ? __pfx_kthread+0x10/0x10 [ 24.704700] ret_from_fork_asm+0x1a/0x30 [ 24.704760] </TASK> [ 24.704784] [ 24.718724] Allocated by task 294: [ 24.718861] kasan_save_stack+0x45/0x70 [ 24.719064] kasan_save_track+0x18/0x40 [ 24.719532] kasan_save_alloc_info+0x3b/0x50 [ 24.720161] __kasan_kmalloc+0xb7/0xc0 [ 24.720364] __kmalloc_cache_noprof+0x189/0x420 [ 24.720530] kasan_atomics+0x95/0x310 [ 24.721092] kunit_try_run_case+0x1a5/0x480 [ 24.721319] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.721491] kthread+0x337/0x6f0 [ 24.721749] ret_from_fork+0x116/0x1d0 [ 24.722342] ret_from_fork_asm+0x1a/0x30 [ 24.722682] [ 24.722978] The buggy address belongs to the object at ffff888102c1c600 [ 24.722978] which belongs to the cache kmalloc-64 of size 64 [ 24.723762] The buggy address is located 0 bytes to the right of [ 24.723762] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 24.724815] [ 24.724940] The buggy address belongs to the physical page: [ 24.725149] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 24.725697] flags: 0x200000000000000(node=0|zone=2) [ 24.726425] page_type: f5(slab) [ 24.726770] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.727352] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.727579] page dumped because: kasan: bad access detected [ 24.727918] [ 24.728414] Memory state around the buggy address: [ 24.728656] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.728996] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.729264] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.729691] ^ [ 24.729954] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.730441] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.730831] ================================================================== [ 25.196682] ================================================================== [ 25.197241] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a02/0x5450 [ 25.197763] Read of size 4 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.198111] [ 25.198229] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.198312] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.198338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.198373] Call Trace: [ 25.198415] <TASK> [ 25.198444] dump_stack_lvl+0x73/0xb0 [ 25.198497] print_report+0xd1/0x650 [ 25.198540] ? __virt_addr_valid+0x1db/0x2d0 [ 25.198583] ? kasan_atomics_helper+0x4a02/0x5450 [ 25.198624] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.198670] ? kasan_atomics_helper+0x4a02/0x5450 [ 25.198711] kasan_report+0x141/0x180 [ 25.198754] ? kasan_atomics_helper+0x4a02/0x5450 [ 25.198805] __asan_report_load4_noabort+0x18/0x20 [ 25.198905] kasan_atomics_helper+0x4a02/0x5450 [ 25.198953] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.198994] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.199040] ? trace_hardirqs_on+0x37/0xe0 [ 25.199082] ? kasan_atomics+0x152/0x310 [ 25.199133] kasan_atomics+0x1dc/0x310 [ 25.199178] ? __pfx_kasan_atomics+0x10/0x10 [ 25.199223] ? __pfx_kasan_atomics+0x10/0x10 [ 25.199273] kunit_try_run_case+0x1a5/0x480 [ 25.199319] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.199353] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.199408] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.199447] ? __kthread_parkme+0x82/0x180 [ 25.199505] ? preempt_count_sub+0x50/0x80 [ 25.199548] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.199589] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.199630] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.199671] kthread+0x337/0x6f0 [ 25.199705] ? trace_preempt_on+0x20/0xc0 [ 25.199766] ? __pfx_kthread+0x10/0x10 [ 25.199804] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.199871] ? calculate_sigpending+0x7b/0xa0 [ 25.199902] ? __pfx_kthread+0x10/0x10 [ 25.199922] ret_from_fork+0x116/0x1d0 [ 25.199941] ? __pfx_kthread+0x10/0x10 [ 25.199959] ret_from_fork_asm+0x1a/0x30 [ 25.199987] </TASK> [ 25.199999] [ 25.208090] Allocated by task 294: [ 25.208363] kasan_save_stack+0x45/0x70 [ 25.208669] kasan_save_track+0x18/0x40 [ 25.208973] kasan_save_alloc_info+0x3b/0x50 [ 25.209288] __kasan_kmalloc+0xb7/0xc0 [ 25.209584] __kmalloc_cache_noprof+0x189/0x420 [ 25.209933] kasan_atomics+0x95/0x310 [ 25.210180] kunit_try_run_case+0x1a5/0x480 [ 25.210495] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.210692] kthread+0x337/0x6f0 [ 25.210996] ret_from_fork+0x116/0x1d0 [ 25.211287] ret_from_fork_asm+0x1a/0x30 [ 25.211507] [ 25.211596] The buggy address belongs to the object at ffff888102c1c600 [ 25.211596] which belongs to the cache kmalloc-64 of size 64 [ 25.212133] The buggy address is located 0 bytes to the right of [ 25.212133] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.212494] [ 25.212585] The buggy address belongs to the physical page: [ 25.212761] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.213023] flags: 0x200000000000000(node=0|zone=2) [ 25.213310] page_type: f5(slab) [ 25.213572] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.214089] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.214629] page dumped because: kasan: bad access detected [ 25.215048] [ 25.215207] Memory state around the buggy address: [ 25.215473] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.215699] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.215941] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.216148] ^ [ 25.216317] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.216760] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.217238] ================================================================== [ 24.732578] ================================================================== [ 24.732827] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x72f/0x5450 [ 24.733364] Write of size 4 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 24.733733] [ 24.734144] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 24.734288] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.734302] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.734321] Call Trace: [ 24.734337] <TASK> [ 24.734359] dump_stack_lvl+0x73/0xb0 [ 24.734425] print_report+0xd1/0x650 [ 24.734465] ? __virt_addr_valid+0x1db/0x2d0 [ 24.734610] ? kasan_atomics_helper+0x72f/0x5450 [ 24.734734] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.734760] ? kasan_atomics_helper+0x72f/0x5450 [ 24.734780] kasan_report+0x141/0x180 [ 24.734801] ? kasan_atomics_helper+0x72f/0x5450 [ 24.734823] kasan_check_range+0x10c/0x1c0 [ 24.734855] __kasan_check_write+0x18/0x20 [ 24.734875] kasan_atomics_helper+0x72f/0x5450 [ 24.734895] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.734917] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.734938] ? trace_hardirqs_on+0x37/0xe0 [ 24.734956] ? kasan_atomics+0x152/0x310 [ 24.734979] kasan_atomics+0x1dc/0x310 [ 24.734998] ? __pfx_kasan_atomics+0x10/0x10 [ 24.735018] ? __pfx_kasan_atomics+0x10/0x10 [ 24.735041] kunit_try_run_case+0x1a5/0x480 [ 24.735063] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.735082] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.735101] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.735121] ? __kthread_parkme+0x82/0x180 [ 24.735138] ? preempt_count_sub+0x50/0x80 [ 24.735159] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.735179] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.735200] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.735220] kthread+0x337/0x6f0 [ 24.735237] ? trace_preempt_on+0x20/0xc0 [ 24.735257] ? __pfx_kthread+0x10/0x10 [ 24.735275] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.735294] ? calculate_sigpending+0x7b/0xa0 [ 24.735314] ? __pfx_kthread+0x10/0x10 [ 24.735333] ret_from_fork+0x116/0x1d0 [ 24.735350] ? __pfx_kthread+0x10/0x10 [ 24.735368] ret_from_fork_asm+0x1a/0x30 [ 24.735415] </TASK> [ 24.735427] [ 24.747446] Allocated by task 294: [ 24.747693] kasan_save_stack+0x45/0x70 [ 24.747989] kasan_save_track+0x18/0x40 [ 24.748672] kasan_save_alloc_info+0x3b/0x50 [ 24.748904] __kasan_kmalloc+0xb7/0xc0 [ 24.749037] __kmalloc_cache_noprof+0x189/0x420 [ 24.749451] kasan_atomics+0x95/0x310 [ 24.749718] kunit_try_run_case+0x1a5/0x480 [ 24.750203] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.750491] kthread+0x337/0x6f0 [ 24.750631] ret_from_fork+0x116/0x1d0 [ 24.750895] ret_from_fork_asm+0x1a/0x30 [ 24.751560] [ 24.751686] The buggy address belongs to the object at ffff888102c1c600 [ 24.751686] which belongs to the cache kmalloc-64 of size 64 [ 24.752033] The buggy address is located 0 bytes to the right of [ 24.752033] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 24.752832] [ 24.753239] The buggy address belongs to the physical page: [ 24.753619] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 24.754149] flags: 0x200000000000000(node=0|zone=2) [ 24.754512] page_type: f5(slab) [ 24.754651] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.755355] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.755785] page dumped because: kasan: bad access detected [ 24.756375] [ 24.756495] Memory state around the buggy address: [ 24.756658] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.757438] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.757761] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.758365] ^ [ 24.758619] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.759301] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.759810] ================================================================== [ 25.568231] ================================================================== [ 25.568701] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x194a/0x5450 [ 25.569201] Write of size 8 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.569524] [ 25.569639] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.569712] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.569734] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.569768] Call Trace: [ 25.569795] <TASK> [ 25.569823] dump_stack_lvl+0x73/0xb0 [ 25.569909] print_report+0xd1/0x650 [ 25.569953] ? __virt_addr_valid+0x1db/0x2d0 [ 25.569987] ? kasan_atomics_helper+0x194a/0x5450 [ 25.570032] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.570109] ? kasan_atomics_helper+0x194a/0x5450 [ 25.570146] kasan_report+0x141/0x180 [ 25.570185] ? kasan_atomics_helper+0x194a/0x5450 [ 25.570238] kasan_check_range+0x10c/0x1c0 [ 25.570279] __kasan_check_write+0x18/0x20 [ 25.570317] kasan_atomics_helper+0x194a/0x5450 [ 25.570357] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.570414] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.570464] ? trace_hardirqs_on+0x37/0xe0 [ 25.570509] ? kasan_atomics+0x152/0x310 [ 25.570560] kasan_atomics+0x1dc/0x310 [ 25.570602] ? __pfx_kasan_atomics+0x10/0x10 [ 25.570640] ? __pfx_kasan_atomics+0x10/0x10 [ 25.570686] kunit_try_run_case+0x1a5/0x480 [ 25.570731] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.570773] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.570817] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.570902] ? __kthread_parkme+0x82/0x180 [ 25.570947] ? preempt_count_sub+0x50/0x80 [ 25.570994] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.571039] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.571083] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.571127] kthread+0x337/0x6f0 [ 25.571163] ? trace_preempt_on+0x20/0xc0 [ 25.571196] ? __pfx_kthread+0x10/0x10 [ 25.571225] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.571256] ? calculate_sigpending+0x7b/0xa0 [ 25.571293] ? __pfx_kthread+0x10/0x10 [ 25.571331] ret_from_fork+0x116/0x1d0 [ 25.571368] ? __pfx_kthread+0x10/0x10 [ 25.571422] ret_from_fork_asm+0x1a/0x30 [ 25.571481] </TASK> [ 25.571504] [ 25.579414] Allocated by task 294: [ 25.579662] kasan_save_stack+0x45/0x70 [ 25.579979] kasan_save_track+0x18/0x40 [ 25.580277] kasan_save_alloc_info+0x3b/0x50 [ 25.580585] __kasan_kmalloc+0xb7/0xc0 [ 25.580858] __kmalloc_cache_noprof+0x189/0x420 [ 25.581106] kasan_atomics+0x95/0x310 [ 25.581273] kunit_try_run_case+0x1a5/0x480 [ 25.581531] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.581780] kthread+0x337/0x6f0 [ 25.582007] ret_from_fork+0x116/0x1d0 [ 25.582263] ret_from_fork_asm+0x1a/0x30 [ 25.582493] [ 25.582599] The buggy address belongs to the object at ffff888102c1c600 [ 25.582599] which belongs to the cache kmalloc-64 of size 64 [ 25.583069] The buggy address is located 0 bytes to the right of [ 25.583069] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.583718] [ 25.583814] The buggy address belongs to the physical page: [ 25.584122] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.584477] flags: 0x200000000000000(node=0|zone=2) [ 25.584772] page_type: f5(slab) [ 25.585023] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.585296] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.585652] page dumped because: kasan: bad access detected [ 25.585985] [ 25.586136] Memory state around the buggy address: [ 25.586365] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.586732] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.587003] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.587215] ^ [ 25.587389] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.587820] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.588301] ================================================================== [ 24.679741] ================================================================== [ 24.680300] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5fe/0x5450 [ 24.681115] Write of size 4 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 24.681622] [ 24.681799] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 24.681894] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.681920] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.681959] Call Trace: [ 24.681988] <TASK> [ 24.682027] dump_stack_lvl+0x73/0xb0 [ 24.682091] print_report+0xd1/0x650 [ 24.682140] ? __virt_addr_valid+0x1db/0x2d0 [ 24.682190] ? kasan_atomics_helper+0x5fe/0x5450 [ 24.682231] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.682279] ? kasan_atomics_helper+0x5fe/0x5450 [ 24.682317] kasan_report+0x141/0x180 [ 24.682357] ? kasan_atomics_helper+0x5fe/0x5450 [ 24.682425] kasan_check_range+0x10c/0x1c0 [ 24.682469] __kasan_check_write+0x18/0x20 [ 24.682510] kasan_atomics_helper+0x5fe/0x5450 [ 24.682555] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.682601] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.682649] ? trace_hardirqs_on+0x37/0xe0 [ 24.682693] ? kasan_atomics+0x152/0x310 [ 24.682747] kasan_atomics+0x1dc/0x310 [ 24.682789] ? __pfx_kasan_atomics+0x10/0x10 [ 24.682824] ? __pfx_kasan_atomics+0x10/0x10 [ 24.682869] kunit_try_run_case+0x1a5/0x480 [ 24.682911] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.682952] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.682995] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.683039] ? __kthread_parkme+0x82/0x180 [ 24.683078] ? preempt_count_sub+0x50/0x80 [ 24.683136] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.683160] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.683181] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.683202] kthread+0x337/0x6f0 [ 24.683220] ? trace_preempt_on+0x20/0xc0 [ 24.683240] ? __pfx_kthread+0x10/0x10 [ 24.683258] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.683277] ? calculate_sigpending+0x7b/0xa0 [ 24.683298] ? __pfx_kthread+0x10/0x10 [ 24.683316] ret_from_fork+0x116/0x1d0 [ 24.683333] ? __pfx_kthread+0x10/0x10 [ 24.683351] ret_from_fork_asm+0x1a/0x30 [ 24.683395] </TASK> [ 24.683410] [ 24.690835] Allocated by task 294: [ 24.690999] kasan_save_stack+0x45/0x70 [ 24.691162] kasan_save_track+0x18/0x40 [ 24.691309] kasan_save_alloc_info+0x3b/0x50 [ 24.691691] __kasan_kmalloc+0xb7/0xc0 [ 24.691999] __kmalloc_cache_noprof+0x189/0x420 [ 24.692327] kasan_atomics+0x95/0x310 [ 24.692614] kunit_try_run_case+0x1a5/0x480 [ 24.692899] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.693336] kthread+0x337/0x6f0 [ 24.693601] ret_from_fork+0x116/0x1d0 [ 24.693870] ret_from_fork_asm+0x1a/0x30 [ 24.694154] [ 24.694298] The buggy address belongs to the object at ffff888102c1c600 [ 24.694298] which belongs to the cache kmalloc-64 of size 64 [ 24.695038] The buggy address is located 0 bytes to the right of [ 24.695038] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 24.695549] [ 24.695651] The buggy address belongs to the physical page: [ 24.695857] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 24.696317] flags: 0x200000000000000(node=0|zone=2) [ 24.696582] page_type: f5(slab) [ 24.696718] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.697048] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.697475] page dumped because: kasan: bad access detected [ 24.697715] [ 24.697862] Memory state around the buggy address: [ 24.698149] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.698492] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.699002] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.699297] ^ [ 24.699563] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.699783] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.699991] ================================================================== [ 25.589095] ================================================================== [ 25.589552] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x19e3/0x5450 [ 25.589997] Write of size 8 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.590412] [ 25.590580] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.590665] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.590692] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.590721] Call Trace: [ 25.590745] <TASK> [ 25.590769] dump_stack_lvl+0x73/0xb0 [ 25.590818] print_report+0xd1/0x650 [ 25.590889] ? __virt_addr_valid+0x1db/0x2d0 [ 25.590930] ? kasan_atomics_helper+0x19e3/0x5450 [ 25.590966] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.591004] ? kasan_atomics_helper+0x19e3/0x5450 [ 25.591035] kasan_report+0x141/0x180 [ 25.591070] ? kasan_atomics_helper+0x19e3/0x5450 [ 25.591116] kasan_check_range+0x10c/0x1c0 [ 25.591156] __kasan_check_write+0x18/0x20 [ 25.591195] kasan_atomics_helper+0x19e3/0x5450 [ 25.591235] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.591270] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.591311] ? trace_hardirqs_on+0x37/0xe0 [ 25.591345] ? kasan_atomics+0x152/0x310 [ 25.591406] kasan_atomics+0x1dc/0x310 [ 25.591447] ? __pfx_kasan_atomics+0x10/0x10 [ 25.591486] ? __pfx_kasan_atomics+0x10/0x10 [ 25.591528] kunit_try_run_case+0x1a5/0x480 [ 25.591571] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.591607] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.591647] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.591683] ? __kthread_parkme+0x82/0x180 [ 25.591719] ? preempt_count_sub+0x50/0x80 [ 25.591759] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.591797] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.591869] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.591912] kthread+0x337/0x6f0 [ 25.591948] ? trace_preempt_on+0x20/0xc0 [ 25.591987] ? __pfx_kthread+0x10/0x10 [ 25.592021] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.592059] ? calculate_sigpending+0x7b/0xa0 [ 25.592100] ? __pfx_kthread+0x10/0x10 [ 25.592138] ret_from_fork+0x116/0x1d0 [ 25.592174] ? __pfx_kthread+0x10/0x10 [ 25.592209] ret_from_fork_asm+0x1a/0x30 [ 25.592262] </TASK> [ 25.592285] [ 25.602997] Allocated by task 294: [ 25.603245] kasan_save_stack+0x45/0x70 [ 25.603438] kasan_save_track+0x18/0x40 [ 25.603691] kasan_save_alloc_info+0x3b/0x50 [ 25.604048] __kasan_kmalloc+0xb7/0xc0 [ 25.604206] __kmalloc_cache_noprof+0x189/0x420 [ 25.604529] kasan_atomics+0x95/0x310 [ 25.604702] kunit_try_run_case+0x1a5/0x480 [ 25.605073] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.605276] kthread+0x337/0x6f0 [ 25.605519] ret_from_fork+0x116/0x1d0 [ 25.605702] ret_from_fork_asm+0x1a/0x30 [ 25.605982] [ 25.606093] The buggy address belongs to the object at ffff888102c1c600 [ 25.606093] which belongs to the cache kmalloc-64 of size 64 [ 25.606562] The buggy address is located 0 bytes to the right of [ 25.606562] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.607095] [ 25.607290] The buggy address belongs to the physical page: [ 25.607656] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.607909] flags: 0x200000000000000(node=0|zone=2) [ 25.608083] page_type: f5(slab) [ 25.608221] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.608462] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.608686] page dumped because: kasan: bad access detected [ 25.608862] [ 25.608969] Memory state around the buggy address: [ 25.609291] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.609758] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.610437] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.611104] ^ [ 25.611277] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.611506] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.611719] ================================================================== [ 25.612473] ================================================================== [ 25.612961] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1a7f/0x5450 [ 25.613556] Write of size 8 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.614067] [ 25.614243] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.614328] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.614355] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.614409] Call Trace: [ 25.614437] <TASK> [ 25.614463] dump_stack_lvl+0x73/0xb0 [ 25.614519] print_report+0xd1/0x650 [ 25.614562] ? __virt_addr_valid+0x1db/0x2d0 [ 25.614608] ? kasan_atomics_helper+0x1a7f/0x5450 [ 25.614649] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.614700] ? kasan_atomics_helper+0x1a7f/0x5450 [ 25.614746] kasan_report+0x141/0x180 [ 25.614790] ? kasan_atomics_helper+0x1a7f/0x5450 [ 25.614840] kasan_check_range+0x10c/0x1c0 [ 25.614888] __kasan_check_write+0x18/0x20 [ 25.614934] kasan_atomics_helper+0x1a7f/0x5450 [ 25.614977] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.615020] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.615063] ? trace_hardirqs_on+0x37/0xe0 [ 25.615105] ? kasan_atomics+0x152/0x310 [ 25.615153] kasan_atomics+0x1dc/0x310 [ 25.615192] ? __pfx_kasan_atomics+0x10/0x10 [ 25.615234] ? __pfx_kasan_atomics+0x10/0x10 [ 25.615284] kunit_try_run_case+0x1a5/0x480 [ 25.615329] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.615372] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.615421] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.615468] ? __kthread_parkme+0x82/0x180 [ 25.615501] ? preempt_count_sub+0x50/0x80 [ 25.615538] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.615576] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.615620] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.615664] kthread+0x337/0x6f0 [ 25.615700] ? trace_preempt_on+0x20/0xc0 [ 25.615741] ? __pfx_kthread+0x10/0x10 [ 25.615780] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.615819] ? calculate_sigpending+0x7b/0xa0 [ 25.615861] ? __pfx_kthread+0x10/0x10 [ 25.615902] ret_from_fork+0x116/0x1d0 [ 25.615940] ? __pfx_kthread+0x10/0x10 [ 25.615979] ret_from_fork_asm+0x1a/0x30 [ 25.616040] </TASK> [ 25.616064] [ 25.624552] Allocated by task 294: [ 25.624710] kasan_save_stack+0x45/0x70 [ 25.624902] kasan_save_track+0x18/0x40 [ 25.625171] kasan_save_alloc_info+0x3b/0x50 [ 25.625617] __kasan_kmalloc+0xb7/0xc0 [ 25.625914] __kmalloc_cache_noprof+0x189/0x420 [ 25.626760] kasan_atomics+0x95/0x310 [ 25.627286] kunit_try_run_case+0x1a5/0x480 [ 25.627949] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.628172] kthread+0x337/0x6f0 [ 25.628313] ret_from_fork+0x116/0x1d0 [ 25.628476] ret_from_fork_asm+0x1a/0x30 [ 25.628631] [ 25.628723] The buggy address belongs to the object at ffff888102c1c600 [ 25.628723] which belongs to the cache kmalloc-64 of size 64 [ 25.630026] The buggy address is located 0 bytes to the right of [ 25.630026] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.630977] [ 25.631132] The buggy address belongs to the physical page: [ 25.632017] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.632452] flags: 0x200000000000000(node=0|zone=2) [ 25.632682] page_type: f5(slab) [ 25.633220] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.633754] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.633990] page dumped because: kasan: bad access detected [ 25.634180] [ 25.634264] Memory state around the buggy address: [ 25.634796] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.635094] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.635370] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.635588] ^ [ 25.635751] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.636366] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.636974] ================================================================== [ 25.811553] ================================================================== [ 25.811999] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1f43/0x5450 [ 25.813158] Write of size 8 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.813499] [ 25.813714] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.813822] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.813875] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.813911] Call Trace: [ 25.813937] <TASK> [ 25.813962] dump_stack_lvl+0x73/0xb0 [ 25.814028] print_report+0xd1/0x650 [ 25.814078] ? __virt_addr_valid+0x1db/0x2d0 [ 25.814132] ? kasan_atomics_helper+0x1f43/0x5450 [ 25.814173] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.814243] ? kasan_atomics_helper+0x1f43/0x5450 [ 25.814297] kasan_report+0x141/0x180 [ 25.814342] ? kasan_atomics_helper+0x1f43/0x5450 [ 25.814406] kasan_check_range+0x10c/0x1c0 [ 25.814448] __kasan_check_write+0x18/0x20 [ 25.814487] kasan_atomics_helper+0x1f43/0x5450 [ 25.814527] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.814561] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.814611] ? trace_hardirqs_on+0x37/0xe0 [ 25.814664] ? kasan_atomics+0x152/0x310 [ 25.814700] kasan_atomics+0x1dc/0x310 [ 25.814720] ? __pfx_kasan_atomics+0x10/0x10 [ 25.814742] ? __pfx_kasan_atomics+0x10/0x10 [ 25.814765] kunit_try_run_case+0x1a5/0x480 [ 25.814787] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.814807] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.814857] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.814881] ? __kthread_parkme+0x82/0x180 [ 25.814900] ? preempt_count_sub+0x50/0x80 [ 25.814920] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.814941] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.814962] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.814982] kthread+0x337/0x6f0 [ 25.815000] ? trace_preempt_on+0x20/0xc0 [ 25.815019] ? __pfx_kthread+0x10/0x10 [ 25.815038] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.815057] ? calculate_sigpending+0x7b/0xa0 [ 25.815078] ? __pfx_kthread+0x10/0x10 [ 25.815097] ret_from_fork+0x116/0x1d0 [ 25.815114] ? __pfx_kthread+0x10/0x10 [ 25.815132] ret_from_fork_asm+0x1a/0x30 [ 25.815161] </TASK> [ 25.815173] [ 25.823721] Allocated by task 294: [ 25.824007] kasan_save_stack+0x45/0x70 [ 25.824176] kasan_save_track+0x18/0x40 [ 25.824323] kasan_save_alloc_info+0x3b/0x50 [ 25.824634] __kasan_kmalloc+0xb7/0xc0 [ 25.824921] __kmalloc_cache_noprof+0x189/0x420 [ 25.825285] kasan_atomics+0x95/0x310 [ 25.825545] kunit_try_run_case+0x1a5/0x480 [ 25.825817] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.826119] kthread+0x337/0x6f0 [ 25.826357] ret_from_fork+0x116/0x1d0 [ 25.826576] ret_from_fork_asm+0x1a/0x30 [ 25.826771] [ 25.826921] The buggy address belongs to the object at ffff888102c1c600 [ 25.826921] which belongs to the cache kmalloc-64 of size 64 [ 25.827431] The buggy address is located 0 bytes to the right of [ 25.827431] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.828106] [ 25.828226] The buggy address belongs to the physical page: [ 25.828590] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.829014] flags: 0x200000000000000(node=0|zone=2) [ 25.829224] page_type: f5(slab) [ 25.829487] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.829742] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.829964] page dumped because: kasan: bad access detected [ 25.830186] [ 25.830279] Memory state around the buggy address: [ 25.830554] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.831055] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.831594] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.831829] ^ [ 25.832195] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.832495] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.832832] ================================================================== [ 24.521025] ================================================================== [ 24.522103] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b6e/0x5450 [ 24.522638] Write of size 4 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 24.523113] [ 24.523231] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 24.523315] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.523342] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.523395] Call Trace: [ 24.523424] <TASK> [ 24.523455] dump_stack_lvl+0x73/0xb0 [ 24.523508] print_report+0xd1/0x650 [ 24.523551] ? __virt_addr_valid+0x1db/0x2d0 [ 24.523596] ? kasan_atomics_helper+0x4b6e/0x5450 [ 24.523636] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.523679] ? kasan_atomics_helper+0x4b6e/0x5450 [ 24.523718] kasan_report+0x141/0x180 [ 24.523754] ? kasan_atomics_helper+0x4b6e/0x5450 [ 24.523802] __asan_report_store4_noabort+0x1b/0x30 [ 24.523838] kasan_atomics_helper+0x4b6e/0x5450 [ 24.523872] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.523903] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.523938] ? trace_hardirqs_on+0x37/0xe0 [ 24.523973] ? kasan_atomics+0x152/0x310 [ 24.524018] kasan_atomics+0x1dc/0x310 [ 24.524059] ? __pfx_kasan_atomics+0x10/0x10 [ 24.524102] ? __pfx_kasan_atomics+0x10/0x10 [ 24.524151] kunit_try_run_case+0x1a5/0x480 [ 24.524196] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.524234] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.524276] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.524320] ? __kthread_parkme+0x82/0x180 [ 24.524359] ? preempt_count_sub+0x50/0x80 [ 24.524417] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.524463] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.524508] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.524552] kthread+0x337/0x6f0 [ 24.524590] ? trace_preempt_on+0x20/0xc0 [ 24.524626] ? __pfx_kthread+0x10/0x10 [ 24.524655] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.524689] ? calculate_sigpending+0x7b/0xa0 [ 24.524728] ? __pfx_kthread+0x10/0x10 [ 24.524767] ret_from_fork+0x116/0x1d0 [ 24.524803] ? __pfx_kthread+0x10/0x10 [ 24.524856] ret_from_fork_asm+0x1a/0x30 [ 24.524910] </TASK> [ 24.524929] [ 24.533449] Allocated by task 294: [ 24.533728] kasan_save_stack+0x45/0x70 [ 24.534090] kasan_save_track+0x18/0x40 [ 24.534398] kasan_save_alloc_info+0x3b/0x50 [ 24.534715] __kasan_kmalloc+0xb7/0xc0 [ 24.537294] __kmalloc_cache_noprof+0x189/0x420 [ 24.537706] kasan_atomics+0x95/0x310 [ 24.538065] kunit_try_run_case+0x1a5/0x480 [ 24.538396] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.538764] kthread+0x337/0x6f0 [ 24.539068] ret_from_fork+0x116/0x1d0 [ 24.539350] ret_from_fork_asm+0x1a/0x30 [ 24.539623] [ 24.539712] The buggy address belongs to the object at ffff888102c1c600 [ 24.539712] which belongs to the cache kmalloc-64 of size 64 [ 24.541309] The buggy address is located 0 bytes to the right of [ 24.541309] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 24.542545] [ 24.542820] The buggy address belongs to the physical page: [ 24.543113] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 24.543591] flags: 0x200000000000000(node=0|zone=2) [ 24.543842] page_type: f5(slab) [ 24.543975] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.544258] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.545193] page dumped because: kasan: bad access detected [ 24.545656] [ 24.545745] Memory state around the buggy address: [ 24.546193] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.546467] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.547280] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.547556] ^ [ 24.547840] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.548248] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.548617] ================================================================== [ 25.174618] ================================================================== [ 25.175125] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1148/0x5450 [ 25.175601] Write of size 4 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.175922] [ 25.176034] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.176117] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.176141] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.176174] Call Trace: [ 25.176198] <TASK> [ 25.176221] dump_stack_lvl+0x73/0xb0 [ 25.176268] print_report+0xd1/0x650 [ 25.176306] ? __virt_addr_valid+0x1db/0x2d0 [ 25.176348] ? kasan_atomics_helper+0x1148/0x5450 [ 25.176403] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.176454] ? kasan_atomics_helper+0x1148/0x5450 [ 25.176488] kasan_report+0x141/0x180 [ 25.176526] ? kasan_atomics_helper+0x1148/0x5450 [ 25.176571] kasan_check_range+0x10c/0x1c0 [ 25.176610] __kasan_check_write+0x18/0x20 [ 25.176661] kasan_atomics_helper+0x1148/0x5450 [ 25.176703] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.176760] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.176806] ? trace_hardirqs_on+0x37/0xe0 [ 25.176873] ? kasan_atomics+0x152/0x310 [ 25.176924] kasan_atomics+0x1dc/0x310 [ 25.176967] ? __pfx_kasan_atomics+0x10/0x10 [ 25.177006] ? __pfx_kasan_atomics+0x10/0x10 [ 25.177052] kunit_try_run_case+0x1a5/0x480 [ 25.177096] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.177137] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.177179] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.177219] ? __kthread_parkme+0x82/0x180 [ 25.177278] ? preempt_count_sub+0x50/0x80 [ 25.177317] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.177362] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.177420] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.177465] kthread+0x337/0x6f0 [ 25.177505] ? trace_preempt_on+0x20/0xc0 [ 25.177548] ? __pfx_kthread+0x10/0x10 [ 25.177589] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.177631] ? calculate_sigpending+0x7b/0xa0 [ 25.177661] ? __pfx_kthread+0x10/0x10 [ 25.177681] ret_from_fork+0x116/0x1d0 [ 25.177699] ? __pfx_kthread+0x10/0x10 [ 25.177718] ret_from_fork_asm+0x1a/0x30 [ 25.177746] </TASK> [ 25.177757] [ 25.186005] Allocated by task 294: [ 25.186303] kasan_save_stack+0x45/0x70 [ 25.186647] kasan_save_track+0x18/0x40 [ 25.186866] kasan_save_alloc_info+0x3b/0x50 [ 25.187189] __kasan_kmalloc+0xb7/0xc0 [ 25.187421] __kmalloc_cache_noprof+0x189/0x420 [ 25.187686] kasan_atomics+0x95/0x310 [ 25.187907] kunit_try_run_case+0x1a5/0x480 [ 25.188173] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.188399] kthread+0x337/0x6f0 [ 25.188660] ret_from_fork+0x116/0x1d0 [ 25.188876] ret_from_fork_asm+0x1a/0x30 [ 25.189096] [ 25.189210] The buggy address belongs to the object at ffff888102c1c600 [ 25.189210] which belongs to the cache kmalloc-64 of size 64 [ 25.189726] The buggy address is located 0 bytes to the right of [ 25.189726] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.190122] [ 25.190222] The buggy address belongs to the physical page: [ 25.190424] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.190681] flags: 0x200000000000000(node=0|zone=2) [ 25.190913] page_type: f5(slab) [ 25.191169] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.191682] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.192196] page dumped because: kasan: bad access detected [ 25.192568] [ 25.192705] Memory state around the buggy address: [ 25.193051] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.193513] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.193737] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.193980] ^ [ 25.194162] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.194622] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.195112] ================================================================== [ 25.150303] ================================================================== [ 25.151008] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a1c/0x5450 [ 25.151598] Read of size 4 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.152145] [ 25.152346] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.152446] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.152474] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.152527] Call Trace: [ 25.152555] <TASK> [ 25.152583] dump_stack_lvl+0x73/0xb0 [ 25.152637] print_report+0xd1/0x650 [ 25.152674] ? __virt_addr_valid+0x1db/0x2d0 [ 25.152711] ? kasan_atomics_helper+0x4a1c/0x5450 [ 25.152747] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.152810] ? kasan_atomics_helper+0x4a1c/0x5450 [ 25.152881] kasan_report+0x141/0x180 [ 25.152922] ? kasan_atomics_helper+0x4a1c/0x5450 [ 25.152968] __asan_report_load4_noabort+0x18/0x20 [ 25.153010] kasan_atomics_helper+0x4a1c/0x5450 [ 25.153067] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.153109] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.153150] ? trace_hardirqs_on+0x37/0xe0 [ 25.153190] ? kasan_atomics+0x152/0x310 [ 25.153238] kasan_atomics+0x1dc/0x310 [ 25.153295] ? __pfx_kasan_atomics+0x10/0x10 [ 25.153339] ? __pfx_kasan_atomics+0x10/0x10 [ 25.153399] kunit_try_run_case+0x1a5/0x480 [ 25.153440] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.153464] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.153488] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.153508] ? __kthread_parkme+0x82/0x180 [ 25.153527] ? preempt_count_sub+0x50/0x80 [ 25.153548] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.153568] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.153603] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.153643] kthread+0x337/0x6f0 [ 25.153677] ? trace_preempt_on+0x20/0xc0 [ 25.153737] ? __pfx_kthread+0x10/0x10 [ 25.153775] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.153816] ? calculate_sigpending+0x7b/0xa0 [ 25.153906] ? __pfx_kthread+0x10/0x10 [ 25.153945] ret_from_fork+0x116/0x1d0 [ 25.153981] ? __pfx_kthread+0x10/0x10 [ 25.154029] ret_from_fork_asm+0x1a/0x30 [ 25.154089] </TASK> [ 25.154103] [ 25.162358] Allocated by task 294: [ 25.162650] kasan_save_stack+0x45/0x70 [ 25.162950] kasan_save_track+0x18/0x40 [ 25.163150] kasan_save_alloc_info+0x3b/0x50 [ 25.163442] __kasan_kmalloc+0xb7/0xc0 [ 25.163696] __kmalloc_cache_noprof+0x189/0x420 [ 25.163993] kasan_atomics+0x95/0x310 [ 25.164278] kunit_try_run_case+0x1a5/0x480 [ 25.164482] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.164697] kthread+0x337/0x6f0 [ 25.164950] ret_from_fork+0x116/0x1d0 [ 25.165222] ret_from_fork_asm+0x1a/0x30 [ 25.165520] [ 25.165689] The buggy address belongs to the object at ffff888102c1c600 [ 25.165689] which belongs to the cache kmalloc-64 of size 64 [ 25.166254] The buggy address is located 0 bytes to the right of [ 25.166254] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.166717] [ 25.166861] The buggy address belongs to the physical page: [ 25.167081] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.167353] flags: 0x200000000000000(node=0|zone=2) [ 25.167713] page_type: f5(slab) [ 25.167993] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.168471] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.168962] page dumped because: kasan: bad access detected [ 25.169327] [ 25.169648] Memory state around the buggy address: [ 25.170952] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.171462] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.172477] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.172901] ^ [ 25.173176] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.173489] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.173860] ================================================================== [ 25.949224] ================================================================== [ 25.949593] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x218a/0x5450 [ 25.950279] Write of size 8 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.950819] [ 25.951046] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.951127] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.951154] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.951193] Call Trace: [ 25.951221] <TASK> [ 25.951251] dump_stack_lvl+0x73/0xb0 [ 25.951303] print_report+0xd1/0x650 [ 25.951345] ? __virt_addr_valid+0x1db/0x2d0 [ 25.951401] ? kasan_atomics_helper+0x218a/0x5450 [ 25.951444] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.951493] ? kasan_atomics_helper+0x218a/0x5450 [ 25.951535] kasan_report+0x141/0x180 [ 25.951579] ? kasan_atomics_helper+0x218a/0x5450 [ 25.951630] kasan_check_range+0x10c/0x1c0 [ 25.951675] __kasan_check_write+0x18/0x20 [ 25.951720] kasan_atomics_helper+0x218a/0x5450 [ 25.951764] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.951806] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.951849] ? trace_hardirqs_on+0x37/0xe0 [ 25.951890] ? kasan_atomics+0x152/0x310 [ 25.951940] kasan_atomics+0x1dc/0x310 [ 25.951982] ? __pfx_kasan_atomics+0x10/0x10 [ 25.952025] ? __pfx_kasan_atomics+0x10/0x10 [ 25.952075] kunit_try_run_case+0x1a5/0x480 [ 25.952120] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.952161] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.952204] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.952248] ? __kthread_parkme+0x82/0x180 [ 25.952286] ? preempt_count_sub+0x50/0x80 [ 25.952331] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.952387] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.952425] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.952459] kthread+0x337/0x6f0 [ 25.952487] ? trace_preempt_on+0x20/0xc0 [ 25.952523] ? __pfx_kthread+0x10/0x10 [ 25.952557] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.952594] ? calculate_sigpending+0x7b/0xa0 [ 25.952637] ? __pfx_kthread+0x10/0x10 [ 25.952678] ret_from_fork+0x116/0x1d0 [ 25.952715] ? __pfx_kthread+0x10/0x10 [ 25.952755] ret_from_fork_asm+0x1a/0x30 [ 25.952814] </TASK> [ 25.952844] [ 25.961914] Allocated by task 294: [ 25.962129] kasan_save_stack+0x45/0x70 [ 25.962590] kasan_save_track+0x18/0x40 [ 25.963958] kasan_save_alloc_info+0x3b/0x50 [ 25.964251] __kasan_kmalloc+0xb7/0xc0 [ 25.964414] __kmalloc_cache_noprof+0x189/0x420 [ 25.964584] kasan_atomics+0x95/0x310 [ 25.964732] kunit_try_run_case+0x1a5/0x480 [ 25.965973] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.966274] kthread+0x337/0x6f0 [ 25.966480] ret_from_fork+0x116/0x1d0 [ 25.966678] ret_from_fork_asm+0x1a/0x30 [ 25.967333] [ 25.967460] The buggy address belongs to the object at ffff888102c1c600 [ 25.967460] which belongs to the cache kmalloc-64 of size 64 [ 25.967801] The buggy address is located 0 bytes to the right of [ 25.967801] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.969278] [ 25.969775] The buggy address belongs to the physical page: [ 25.970181] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.970608] flags: 0x200000000000000(node=0|zone=2) [ 25.972573] page_type: f5(slab) [ 25.972744] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.972950] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.973560] page dumped because: kasan: bad access detected [ 25.973820] [ 25.974410] Memory state around the buggy address: [ 25.974678] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.975144] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.975440] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.975784] ^ [ 25.976429] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.976779] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.977310] ================================================================== [ 25.102590] ================================================================== [ 25.103178] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a36/0x5450 [ 25.103671] Read of size 4 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.103989] [ 25.104117] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.104209] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.104236] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.104275] Call Trace: [ 25.104304] <TASK> [ 25.104332] dump_stack_lvl+0x73/0xb0 [ 25.104397] print_report+0xd1/0x650 [ 25.104437] ? __virt_addr_valid+0x1db/0x2d0 [ 25.104475] ? kasan_atomics_helper+0x4a36/0x5450 [ 25.104514] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.104560] ? kasan_atomics_helper+0x4a36/0x5450 [ 25.104599] kasan_report+0x141/0x180 [ 25.104636] ? kasan_atomics_helper+0x4a36/0x5450 [ 25.104686] __asan_report_load4_noabort+0x18/0x20 [ 25.104729] kasan_atomics_helper+0x4a36/0x5450 [ 25.104773] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.104816] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.104874] ? trace_hardirqs_on+0x37/0xe0 [ 25.104915] ? kasan_atomics+0x152/0x310 [ 25.104966] kasan_atomics+0x1dc/0x310 [ 25.105010] ? __pfx_kasan_atomics+0x10/0x10 [ 25.105054] ? __pfx_kasan_atomics+0x10/0x10 [ 25.105106] kunit_try_run_case+0x1a5/0x480 [ 25.105153] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.105196] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.105239] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.105281] ? __kthread_parkme+0x82/0x180 [ 25.105317] ? preempt_count_sub+0x50/0x80 [ 25.105356] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.105412] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.105459] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.105505] kthread+0x337/0x6f0 [ 25.105544] ? trace_preempt_on+0x20/0xc0 [ 25.105587] ? __pfx_kthread+0x10/0x10 [ 25.105619] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.105640] ? calculate_sigpending+0x7b/0xa0 [ 25.105662] ? __pfx_kthread+0x10/0x10 [ 25.105680] ret_from_fork+0x116/0x1d0 [ 25.105699] ? __pfx_kthread+0x10/0x10 [ 25.105717] ret_from_fork_asm+0x1a/0x30 [ 25.105745] </TASK> [ 25.105763] [ 25.114582] Allocated by task 294: [ 25.114752] kasan_save_stack+0x45/0x70 [ 25.115102] kasan_save_track+0x18/0x40 [ 25.115400] kasan_save_alloc_info+0x3b/0x50 [ 25.115720] __kasan_kmalloc+0xb7/0xc0 [ 25.116033] __kmalloc_cache_noprof+0x189/0x420 [ 25.116367] kasan_atomics+0x95/0x310 [ 25.116590] kunit_try_run_case+0x1a5/0x480 [ 25.116922] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.117211] kthread+0x337/0x6f0 [ 25.117391] ret_from_fork+0x116/0x1d0 [ 25.117545] ret_from_fork_asm+0x1a/0x30 [ 25.117750] [ 25.117931] The buggy address belongs to the object at ffff888102c1c600 [ 25.117931] which belongs to the cache kmalloc-64 of size 64 [ 25.118535] The buggy address is located 0 bytes to the right of [ 25.118535] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.119243] [ 25.119402] The buggy address belongs to the physical page: [ 25.119731] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.120092] flags: 0x200000000000000(node=0|zone=2) [ 25.120338] page_type: f5(slab) [ 25.120497] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.120762] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.121051] page dumped because: kasan: bad access detected [ 25.121251] [ 25.121353] Memory state around the buggy address: [ 25.121665] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.122164] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.122676] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.123177] ^ [ 25.123514] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.124000] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.124425] ================================================================== [ 25.712159] ================================================================== [ 25.712530] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1ce1/0x5450 [ 25.712822] Write of size 8 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.713319] [ 25.713563] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.713675] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.713702] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.713753] Call Trace: [ 25.713782] <TASK> [ 25.713810] dump_stack_lvl+0x73/0xb0 [ 25.713896] print_report+0xd1/0x650 [ 25.713938] ? __virt_addr_valid+0x1db/0x2d0 [ 25.713978] ? kasan_atomics_helper+0x1ce1/0x5450 [ 25.714025] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.714071] ? kasan_atomics_helper+0x1ce1/0x5450 [ 25.714112] kasan_report+0x141/0x180 [ 25.714152] ? kasan_atomics_helper+0x1ce1/0x5450 [ 25.714242] kasan_check_range+0x10c/0x1c0 [ 25.714324] __kasan_check_write+0x18/0x20 [ 25.714414] kasan_atomics_helper+0x1ce1/0x5450 [ 25.714481] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.714539] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.714590] ? trace_hardirqs_on+0x37/0xe0 [ 25.714628] ? kasan_atomics+0x152/0x310 [ 25.714678] kasan_atomics+0x1dc/0x310 [ 25.714734] ? __pfx_kasan_atomics+0x10/0x10 [ 25.714778] ? __pfx_kasan_atomics+0x10/0x10 [ 25.714879] kunit_try_run_case+0x1a5/0x480 [ 25.714949] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.714998] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.715044] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.715085] ? __kthread_parkme+0x82/0x180 [ 25.715124] ? preempt_count_sub+0x50/0x80 [ 25.715192] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.715233] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.715292] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.715326] kthread+0x337/0x6f0 [ 25.715345] ? trace_preempt_on+0x20/0xc0 [ 25.715365] ? __pfx_kthread+0x10/0x10 [ 25.715401] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.715422] ? calculate_sigpending+0x7b/0xa0 [ 25.715444] ? __pfx_kthread+0x10/0x10 [ 25.715463] ret_from_fork+0x116/0x1d0 [ 25.715481] ? __pfx_kthread+0x10/0x10 [ 25.715499] ret_from_fork_asm+0x1a/0x30 [ 25.715526] </TASK> [ 25.715538] [ 25.724543] Allocated by task 294: [ 25.724700] kasan_save_stack+0x45/0x70 [ 25.724895] kasan_save_track+0x18/0x40 [ 25.725045] kasan_save_alloc_info+0x3b/0x50 [ 25.725208] __kasan_kmalloc+0xb7/0xc0 [ 25.725485] __kmalloc_cache_noprof+0x189/0x420 [ 25.725874] kasan_atomics+0x95/0x310 [ 25.726186] kunit_try_run_case+0x1a5/0x480 [ 25.726559] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.727032] kthread+0x337/0x6f0 [ 25.727338] ret_from_fork+0x116/0x1d0 [ 25.727625] ret_from_fork_asm+0x1a/0x30 [ 25.728016] [ 25.728173] The buggy address belongs to the object at ffff888102c1c600 [ 25.728173] which belongs to the cache kmalloc-64 of size 64 [ 25.728644] The buggy address is located 0 bytes to the right of [ 25.728644] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.729089] [ 25.729272] The buggy address belongs to the physical page: [ 25.729681] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.730317] flags: 0x200000000000000(node=0|zone=2) [ 25.730696] page_type: f5(slab) [ 25.731000] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.731439] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.731674] page dumped because: kasan: bad access detected [ 25.731882] [ 25.731968] Memory state around the buggy address: [ 25.732134] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.732568] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.733079] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.733542] ^ [ 25.733934] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.734583] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.734904] ================================================================== [ 25.079691] ================================================================== [ 25.080930] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xfa9/0x5450 [ 25.081340] Write of size 4 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.081909] [ 25.082100] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.082179] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.082199] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.082229] Call Trace: [ 25.082253] <TASK> [ 25.082277] dump_stack_lvl+0x73/0xb0 [ 25.082325] print_report+0xd1/0x650 [ 25.082407] ? __virt_addr_valid+0x1db/0x2d0 [ 25.082447] ? kasan_atomics_helper+0xfa9/0x5450 [ 25.082501] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.082548] ? kasan_atomics_helper+0xfa9/0x5450 [ 25.082587] kasan_report+0x141/0x180 [ 25.082642] ? kasan_atomics_helper+0xfa9/0x5450 [ 25.082690] kasan_check_range+0x10c/0x1c0 [ 25.082726] __kasan_check_write+0x18/0x20 [ 25.082766] kasan_atomics_helper+0xfa9/0x5450 [ 25.082806] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.082883] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.082930] ? trace_hardirqs_on+0x37/0xe0 [ 25.082970] ? kasan_atomics+0x152/0x310 [ 25.083034] kasan_atomics+0x1dc/0x310 [ 25.083070] ? __pfx_kasan_atomics+0x10/0x10 [ 25.083109] ? __pfx_kasan_atomics+0x10/0x10 [ 25.083159] kunit_try_run_case+0x1a5/0x480 [ 25.083203] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.083242] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.083299] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.083340] ? __kthread_parkme+0x82/0x180 [ 25.083389] ? preempt_count_sub+0x50/0x80 [ 25.083436] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.083478] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.083538] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.083580] kthread+0x337/0x6f0 [ 25.083617] ? trace_preempt_on+0x20/0xc0 [ 25.083659] ? __pfx_kthread+0x10/0x10 [ 25.083697] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.083750] ? calculate_sigpending+0x7b/0xa0 [ 25.083793] ? __pfx_kthread+0x10/0x10 [ 25.083863] ret_from_fork+0x116/0x1d0 [ 25.083894] ? __pfx_kthread+0x10/0x10 [ 25.083914] ret_from_fork_asm+0x1a/0x30 [ 25.083943] </TASK> [ 25.083956] [ 25.092072] Allocated by task 294: [ 25.092340] kasan_save_stack+0x45/0x70 [ 25.092649] kasan_save_track+0x18/0x40 [ 25.092964] kasan_save_alloc_info+0x3b/0x50 [ 25.093271] __kasan_kmalloc+0xb7/0xc0 [ 25.093472] __kmalloc_cache_noprof+0x189/0x420 [ 25.093794] kasan_atomics+0x95/0x310 [ 25.093973] kunit_try_run_case+0x1a5/0x480 [ 25.094154] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.094521] kthread+0x337/0x6f0 [ 25.094803] ret_from_fork+0x116/0x1d0 [ 25.095112] ret_from_fork_asm+0x1a/0x30 [ 25.095415] [ 25.095575] The buggy address belongs to the object at ffff888102c1c600 [ 25.095575] which belongs to the cache kmalloc-64 of size 64 [ 25.096181] The buggy address is located 0 bytes to the right of [ 25.096181] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.096655] [ 25.096784] The buggy address belongs to the physical page: [ 25.097183] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.097654] flags: 0x200000000000000(node=0|zone=2) [ 25.097918] page_type: f5(slab) [ 25.098089] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.098612] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.099002] page dumped because: kasan: bad access detected [ 25.099309] [ 25.099460] Memory state around the buggy address: [ 25.099740] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.100200] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.100599] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.100976] ^ [ 25.101243] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.101656] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.102035] ================================================================== [ 24.983301] ================================================================== [ 24.983851] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd47/0x5450 [ 24.984416] Write of size 4 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 24.984955] [ 24.985116] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 24.985215] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.985240] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.985274] Call Trace: [ 24.985299] <TASK> [ 24.985325] dump_stack_lvl+0x73/0xb0 [ 24.985393] print_report+0xd1/0x650 [ 24.985452] ? __virt_addr_valid+0x1db/0x2d0 [ 24.985492] ? kasan_atomics_helper+0xd47/0x5450 [ 24.985529] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.985576] ? kasan_atomics_helper+0xd47/0x5450 [ 24.985618] kasan_report+0x141/0x180 [ 24.985663] ? kasan_atomics_helper+0xd47/0x5450 [ 24.985713] kasan_check_range+0x10c/0x1c0 [ 24.985760] __kasan_check_write+0x18/0x20 [ 24.985804] kasan_atomics_helper+0xd47/0x5450 [ 24.985877] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.985924] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.985968] ? trace_hardirqs_on+0x37/0xe0 [ 24.986020] ? kasan_atomics+0x152/0x310 [ 24.986077] kasan_atomics+0x1dc/0x310 [ 24.986126] ? __pfx_kasan_atomics+0x10/0x10 [ 24.986173] ? __pfx_kasan_atomics+0x10/0x10 [ 24.986225] kunit_try_run_case+0x1a5/0x480 [ 24.986277] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.986323] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.986370] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.986425] ? __kthread_parkme+0x82/0x180 [ 24.986467] ? preempt_count_sub+0x50/0x80 [ 24.986510] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.986557] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.986605] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.986652] kthread+0x337/0x6f0 [ 24.986713] ? trace_preempt_on+0x20/0xc0 [ 24.986757] ? __pfx_kthread+0x10/0x10 [ 24.986793] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.986866] ? calculate_sigpending+0x7b/0xa0 [ 24.986914] ? __pfx_kthread+0x10/0x10 [ 24.986959] ret_from_fork+0x116/0x1d0 [ 24.986994] ? __pfx_kthread+0x10/0x10 [ 24.987044] ret_from_fork_asm+0x1a/0x30 [ 24.987096] </TASK> [ 24.987118] [ 24.995185] Allocated by task 294: [ 24.995480] kasan_save_stack+0x45/0x70 [ 24.995783] kasan_save_track+0x18/0x40 [ 24.996094] kasan_save_alloc_info+0x3b/0x50 [ 24.996451] __kasan_kmalloc+0xb7/0xc0 [ 24.996737] __kmalloc_cache_noprof+0x189/0x420 [ 24.996933] kasan_atomics+0x95/0x310 [ 24.997085] kunit_try_run_case+0x1a5/0x480 [ 24.997244] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.997437] kthread+0x337/0x6f0 [ 24.997572] ret_from_fork+0x116/0x1d0 [ 24.997714] ret_from_fork_asm+0x1a/0x30 [ 24.997978] [ 24.998149] The buggy address belongs to the object at ffff888102c1c600 [ 24.998149] which belongs to the cache kmalloc-64 of size 64 [ 24.998991] The buggy address is located 0 bytes to the right of [ 24.998991] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 24.999763] [ 24.999926] The buggy address belongs to the physical page: [ 25.000307] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.000594] flags: 0x200000000000000(node=0|zone=2) [ 25.000776] page_type: f5(slab) [ 25.000947] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.001179] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.001409] page dumped because: kasan: bad access detected [ 25.001695] [ 25.001861] Memory state around the buggy address: [ 25.002215] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.002666] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.003165] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.003631] ^ [ 25.004025] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.004655] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.004984] ================================================================== [ 24.441666] ================================================================== [ 24.442421] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4bbc/0x5450 [ 24.442904] Read of size 4 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 24.443391] [ 24.443595] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 24.443679] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.443703] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.443739] Call Trace: [ 24.443764] <TASK> [ 24.443797] dump_stack_lvl+0x73/0xb0 [ 24.443851] print_report+0xd1/0x650 [ 24.443883] ? __virt_addr_valid+0x1db/0x2d0 [ 24.443939] ? kasan_atomics_helper+0x4bbc/0x5450 [ 24.443969] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.443993] ? kasan_atomics_helper+0x4bbc/0x5450 [ 24.444025] kasan_report+0x141/0x180 [ 24.444047] ? kasan_atomics_helper+0x4bbc/0x5450 [ 24.444068] __asan_report_load4_noabort+0x18/0x20 [ 24.444098] kasan_atomics_helper+0x4bbc/0x5450 [ 24.444129] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.444156] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.444186] ? trace_hardirqs_on+0x37/0xe0 [ 24.444206] ? kasan_atomics+0x152/0x310 [ 24.444228] kasan_atomics+0x1dc/0x310 [ 24.444246] ? __pfx_kasan_atomics+0x10/0x10 [ 24.444265] ? __pfx_kasan_atomics+0x10/0x10 [ 24.444287] kunit_try_run_case+0x1a5/0x480 [ 24.444308] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.444327] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.444346] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.444365] ? __kthread_parkme+0x82/0x180 [ 24.444400] ? preempt_count_sub+0x50/0x80 [ 24.444422] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.444442] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.444462] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.444482] kthread+0x337/0x6f0 [ 24.444498] ? trace_preempt_on+0x20/0xc0 [ 24.444517] ? __pfx_kthread+0x10/0x10 [ 24.444535] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.444552] ? calculate_sigpending+0x7b/0xa0 [ 24.444573] ? __pfx_kthread+0x10/0x10 [ 24.444591] ret_from_fork+0x116/0x1d0 [ 24.444608] ? __pfx_kthread+0x10/0x10 [ 24.444625] ret_from_fork_asm+0x1a/0x30 [ 24.444653] </TASK> [ 24.444665] [ 24.457754] Allocated by task 294: [ 24.458019] kasan_save_stack+0x45/0x70 [ 24.458465] kasan_save_track+0x18/0x40 [ 24.458681] kasan_save_alloc_info+0x3b/0x50 [ 24.459420] __kasan_kmalloc+0xb7/0xc0 [ 24.459607] __kmalloc_cache_noprof+0x189/0x420 [ 24.460016] kasan_atomics+0x95/0x310 [ 24.460362] kunit_try_run_case+0x1a5/0x480 [ 24.460798] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.461078] kthread+0x337/0x6f0 [ 24.461200] ret_from_fork+0x116/0x1d0 [ 24.461596] ret_from_fork_asm+0x1a/0x30 [ 24.462005] [ 24.462359] The buggy address belongs to the object at ffff888102c1c600 [ 24.462359] which belongs to the cache kmalloc-64 of size 64 [ 24.462773] The buggy address is located 0 bytes to the right of [ 24.462773] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 24.463795] [ 24.464344] The buggy address belongs to the physical page: [ 24.464521] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 24.464993] flags: 0x200000000000000(node=0|zone=2) [ 24.465210] page_type: f5(slab) [ 24.465598] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.466040] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.466505] page dumped because: kasan: bad access detected [ 24.466838] [ 24.467140] Memory state around the buggy address: [ 24.467475] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.467744] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.468527] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.468908] ^ [ 24.469082] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.469510] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.469808] ================================================================== [ 25.055777] ================================================================== [ 25.056236] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf10/0x5450 [ 25.056764] Write of size 4 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.057311] [ 25.057499] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.057606] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.057647] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.057685] Call Trace: [ 25.057714] <TASK> [ 25.057742] dump_stack_lvl+0x73/0xb0 [ 25.057796] print_report+0xd1/0x650 [ 25.057891] ? __virt_addr_valid+0x1db/0x2d0 [ 25.057964] ? kasan_atomics_helper+0xf10/0x5450 [ 25.058004] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.058075] ? kasan_atomics_helper+0xf10/0x5450 [ 25.058117] kasan_report+0x141/0x180 [ 25.058162] ? kasan_atomics_helper+0xf10/0x5450 [ 25.058212] kasan_check_range+0x10c/0x1c0 [ 25.058251] __kasan_check_write+0x18/0x20 [ 25.058291] kasan_atomics_helper+0xf10/0x5450 [ 25.058358] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.058424] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.058473] ? trace_hardirqs_on+0x37/0xe0 [ 25.058514] ? kasan_atomics+0x152/0x310 [ 25.058589] kasan_atomics+0x1dc/0x310 [ 25.058632] ? __pfx_kasan_atomics+0x10/0x10 [ 25.058694] ? __pfx_kasan_atomics+0x10/0x10 [ 25.058735] kunit_try_run_case+0x1a5/0x480 [ 25.058762] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.058786] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.058807] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.058860] ? __kthread_parkme+0x82/0x180 [ 25.058886] ? preempt_count_sub+0x50/0x80 [ 25.058908] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.058930] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.058954] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.058976] kthread+0x337/0x6f0 [ 25.058995] ? trace_preempt_on+0x20/0xc0 [ 25.059016] ? __pfx_kthread+0x10/0x10 [ 25.059036] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.059056] ? calculate_sigpending+0x7b/0xa0 [ 25.059076] ? __pfx_kthread+0x10/0x10 [ 25.059095] ret_from_fork+0x116/0x1d0 [ 25.059112] ? __pfx_kthread+0x10/0x10 [ 25.059130] ret_from_fork_asm+0x1a/0x30 [ 25.059157] </TASK> [ 25.059169] [ 25.068258] Allocated by task 294: [ 25.068423] kasan_save_stack+0x45/0x70 [ 25.068588] kasan_save_track+0x18/0x40 [ 25.068736] kasan_save_alloc_info+0x3b/0x50 [ 25.068894] __kasan_kmalloc+0xb7/0xc0 [ 25.069040] __kmalloc_cache_noprof+0x189/0x420 [ 25.069203] kasan_atomics+0x95/0x310 [ 25.069522] kunit_try_run_case+0x1a5/0x480 [ 25.069910] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.070346] kthread+0x337/0x6f0 [ 25.070673] ret_from_fork+0x116/0x1d0 [ 25.071054] ret_from_fork_asm+0x1a/0x30 [ 25.071397] [ 25.071587] The buggy address belongs to the object at ffff888102c1c600 [ 25.071587] which belongs to the cache kmalloc-64 of size 64 [ 25.072550] The buggy address is located 0 bytes to the right of [ 25.072550] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.072919] [ 25.073010] The buggy address belongs to the physical page: [ 25.073409] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.073986] flags: 0x200000000000000(node=0|zone=2) [ 25.074212] page_type: f5(slab) [ 25.074353] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.074589] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.074808] page dumped because: kasan: bad access detected [ 25.075155] [ 25.075299] Memory state around the buggy address: [ 25.075724] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.076284] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.076827] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.077328] ^ [ 25.077654] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.078086] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.078729] ================================================================== [ 25.521778] ================================================================== [ 25.523338] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1818/0x5450 [ 25.523624] Write of size 8 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.523864] [ 25.524022] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.524096] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.524119] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.524155] Call Trace: [ 25.524183] <TASK> [ 25.524210] dump_stack_lvl+0x73/0xb0 [ 25.524264] print_report+0xd1/0x650 [ 25.524306] ? __virt_addr_valid+0x1db/0x2d0 [ 25.524348] ? kasan_atomics_helper+0x1818/0x5450 [ 25.524403] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.524452] ? kasan_atomics_helper+0x1818/0x5450 [ 25.524493] kasan_report+0x141/0x180 [ 25.524536] ? kasan_atomics_helper+0x1818/0x5450 [ 25.524585] kasan_check_range+0x10c/0x1c0 [ 25.524628] __kasan_check_write+0x18/0x20 [ 25.524672] kasan_atomics_helper+0x1818/0x5450 [ 25.524711] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.524748] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.524785] ? trace_hardirqs_on+0x37/0xe0 [ 25.524822] ? kasan_atomics+0x152/0x310 [ 25.524906] kasan_atomics+0x1dc/0x310 [ 25.524949] ? __pfx_kasan_atomics+0x10/0x10 [ 25.524990] ? __pfx_kasan_atomics+0x10/0x10 [ 25.525030] kunit_try_run_case+0x1a5/0x480 [ 25.525071] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.525110] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.525151] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.525194] ? __kthread_parkme+0x82/0x180 [ 25.525234] ? preempt_count_sub+0x50/0x80 [ 25.525279] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.525323] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.525369] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.525427] kthread+0x337/0x6f0 [ 25.525468] ? trace_preempt_on+0x20/0xc0 [ 25.525512] ? __pfx_kthread+0x10/0x10 [ 25.525553] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.525594] ? calculate_sigpending+0x7b/0xa0 [ 25.525638] ? __pfx_kthread+0x10/0x10 [ 25.525680] ret_from_fork+0x116/0x1d0 [ 25.525718] ? __pfx_kthread+0x10/0x10 [ 25.525759] ret_from_fork_asm+0x1a/0x30 [ 25.525819] </TASK> [ 25.525868] [ 25.533951] Allocated by task 294: [ 25.534169] kasan_save_stack+0x45/0x70 [ 25.534453] kasan_save_track+0x18/0x40 [ 25.534624] kasan_save_alloc_info+0x3b/0x50 [ 25.534786] __kasan_kmalloc+0xb7/0xc0 [ 25.534962] __kmalloc_cache_noprof+0x189/0x420 [ 25.535130] kasan_atomics+0x95/0x310 [ 25.535279] kunit_try_run_case+0x1a5/0x480 [ 25.535525] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.535897] kthread+0x337/0x6f0 [ 25.536147] ret_from_fork+0x116/0x1d0 [ 25.536434] ret_from_fork_asm+0x1a/0x30 [ 25.536724] [ 25.536888] The buggy address belongs to the object at ffff888102c1c600 [ 25.536888] which belongs to the cache kmalloc-64 of size 64 [ 25.537611] The buggy address is located 0 bytes to the right of [ 25.537611] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.538135] [ 25.538234] The buggy address belongs to the physical page: [ 25.538449] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.538943] flags: 0x200000000000000(node=0|zone=2) [ 25.539247] page_type: f5(slab) [ 25.539497] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.539732] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.539986] page dumped because: kasan: bad access detected [ 25.540193] [ 25.540278] Memory state around the buggy address: [ 25.540453] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.540669] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.540905] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.541117] ^ [ 25.541281] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.541671] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.542164] ================================================================== [ 24.471031] ================================================================== [ 24.472299] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4ba2/0x5450 [ 24.472741] Write of size 4 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 24.472957] [ 24.473068] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 24.473141] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.473160] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.473188] Call Trace: [ 24.473208] <TASK> [ 24.473228] dump_stack_lvl+0x73/0xb0 [ 24.473270] print_report+0xd1/0x650 [ 24.473299] ? __virt_addr_valid+0x1db/0x2d0 [ 24.473330] ? kasan_atomics_helper+0x4ba2/0x5450 [ 24.473357] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.473413] ? kasan_atomics_helper+0x4ba2/0x5450 [ 24.473443] kasan_report+0x141/0x180 [ 24.473474] ? kasan_atomics_helper+0x4ba2/0x5450 [ 24.473509] __asan_report_store4_noabort+0x1b/0x30 [ 24.474071] kasan_atomics_helper+0x4ba2/0x5450 [ 24.474272] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.474295] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.474318] ? trace_hardirqs_on+0x37/0xe0 [ 24.474338] ? kasan_atomics+0x152/0x310 [ 24.474362] kasan_atomics+0x1dc/0x310 [ 24.474401] ? __pfx_kasan_atomics+0x10/0x10 [ 24.474425] ? __pfx_kasan_atomics+0x10/0x10 [ 24.474449] kunit_try_run_case+0x1a5/0x480 [ 24.474472] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.474492] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.474512] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.474533] ? __kthread_parkme+0x82/0x180 [ 24.474552] ? preempt_count_sub+0x50/0x80 [ 24.474573] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.474594] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.474615] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.474637] kthread+0x337/0x6f0 [ 24.474654] ? trace_preempt_on+0x20/0xc0 [ 24.474674] ? __pfx_kthread+0x10/0x10 [ 24.474693] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.474712] ? calculate_sigpending+0x7b/0xa0 [ 24.474733] ? __pfx_kthread+0x10/0x10 [ 24.474752] ret_from_fork+0x116/0x1d0 [ 24.474771] ? __pfx_kthread+0x10/0x10 [ 24.474789] ret_from_fork_asm+0x1a/0x30 [ 24.474818] </TASK> [ 24.474831] [ 24.484640] Allocated by task 294: [ 24.485005] kasan_save_stack+0x45/0x70 [ 24.485307] kasan_save_track+0x18/0x40 [ 24.485593] kasan_save_alloc_info+0x3b/0x50 [ 24.486057] __kasan_kmalloc+0xb7/0xc0 [ 24.486791] __kmalloc_cache_noprof+0x189/0x420 [ 24.487375] kasan_atomics+0x95/0x310 [ 24.487682] kunit_try_run_case+0x1a5/0x480 [ 24.488033] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.488474] kthread+0x337/0x6f0 [ 24.488628] ret_from_fork+0x116/0x1d0 [ 24.488814] ret_from_fork_asm+0x1a/0x30 [ 24.489284] [ 24.489445] The buggy address belongs to the object at ffff888102c1c600 [ 24.489445] which belongs to the cache kmalloc-64 of size 64 [ 24.490640] The buggy address is located 0 bytes to the right of [ 24.490640] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 24.491546] [ 24.491683] The buggy address belongs to the physical page: [ 24.492001] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 24.492593] flags: 0x200000000000000(node=0|zone=2) [ 24.492884] page_type: f5(slab) [ 24.493243] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.493686] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.494107] page dumped because: kasan: bad access detected [ 24.494373] [ 24.495027] Memory state around the buggy address: [ 24.495449] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.495943] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.496446] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.496914] ^ [ 24.497361] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.497821] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.498372] ================================================================== [ 24.889095] ================================================================== [ 24.889411] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xac7/0x5450 [ 24.889947] Write of size 4 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 24.890267] [ 24.890398] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 24.890482] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.890509] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.890546] Call Trace: [ 24.890575] <TASK> [ 24.890603] dump_stack_lvl+0x73/0xb0 [ 24.890657] print_report+0xd1/0x650 [ 24.890701] ? __virt_addr_valid+0x1db/0x2d0 [ 24.890742] ? kasan_atomics_helper+0xac7/0x5450 [ 24.890780] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.890858] ? kasan_atomics_helper+0xac7/0x5450 [ 24.890904] kasan_report+0x141/0x180 [ 24.890948] ? kasan_atomics_helper+0xac7/0x5450 [ 24.890999] kasan_check_range+0x10c/0x1c0 [ 24.891045] __kasan_check_write+0x18/0x20 [ 24.891088] kasan_atomics_helper+0xac7/0x5450 [ 24.891131] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.891173] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.891217] ? trace_hardirqs_on+0x37/0xe0 [ 24.891257] ? kasan_atomics+0x152/0x310 [ 24.891307] kasan_atomics+0x1dc/0x310 [ 24.891351] ? __pfx_kasan_atomics+0x10/0x10 [ 24.891403] ? __pfx_kasan_atomics+0x10/0x10 [ 24.891468] kunit_try_run_case+0x1a5/0x480 [ 24.891510] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.891560] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.891598] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.891640] ? __kthread_parkme+0x82/0x180 [ 24.891689] ? preempt_count_sub+0x50/0x80 [ 24.891740] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.891778] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.891816] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.891884] kthread+0x337/0x6f0 [ 24.891918] ? trace_preempt_on+0x20/0xc0 [ 24.891957] ? __pfx_kthread+0x10/0x10 [ 24.892010] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.892051] ? calculate_sigpending+0x7b/0xa0 [ 24.892101] ? __pfx_kthread+0x10/0x10 [ 24.892135] ret_from_fork+0x116/0x1d0 [ 24.892171] ? __pfx_kthread+0x10/0x10 [ 24.892205] ret_from_fork_asm+0x1a/0x30 [ 24.892264] </TASK> [ 24.892288] [ 24.902058] Allocated by task 294: [ 24.902297] kasan_save_stack+0x45/0x70 [ 24.902522] kasan_save_track+0x18/0x40 [ 24.902702] kasan_save_alloc_info+0x3b/0x50 [ 24.902938] __kasan_kmalloc+0xb7/0xc0 [ 24.903136] __kmalloc_cache_noprof+0x189/0x420 [ 24.904183] kasan_atomics+0x95/0x310 [ 24.905660] kunit_try_run_case+0x1a5/0x480 [ 24.906022] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.906471] kthread+0x337/0x6f0 [ 24.906749] ret_from_fork+0x116/0x1d0 [ 24.907059] ret_from_fork_asm+0x1a/0x30 [ 24.907345] [ 24.907513] The buggy address belongs to the object at ffff888102c1c600 [ 24.907513] which belongs to the cache kmalloc-64 of size 64 [ 24.908043] The buggy address is located 0 bytes to the right of [ 24.908043] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 24.908502] [ 24.908637] The buggy address belongs to the physical page: [ 24.909027] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 24.909543] flags: 0x200000000000000(node=0|zone=2) [ 24.909907] page_type: f5(slab) [ 24.910171] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.910442] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.910990] page dumped because: kasan: bad access detected [ 24.911357] [ 24.911515] Memory state around the buggy address: [ 24.911779] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.912237] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.912613] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.913037] ^ [ 24.913334] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.913630] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.914108] ================================================================== [ 25.358946] ================================================================== [ 25.359472] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1467/0x5450 [ 25.359827] Write of size 8 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.360132] [ 25.360298] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.360392] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.360417] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.360453] Call Trace: [ 25.360479] <TASK> [ 25.360506] dump_stack_lvl+0x73/0xb0 [ 25.360560] print_report+0xd1/0x650 [ 25.360596] ? __virt_addr_valid+0x1db/0x2d0 [ 25.360637] ? kasan_atomics_helper+0x1467/0x5450 [ 25.360697] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.360742] ? kasan_atomics_helper+0x1467/0x5450 [ 25.360782] kasan_report+0x141/0x180 [ 25.360825] ? kasan_atomics_helper+0x1467/0x5450 [ 25.360888] kasan_check_range+0x10c/0x1c0 [ 25.360928] __kasan_check_write+0x18/0x20 [ 25.360963] kasan_atomics_helper+0x1467/0x5450 [ 25.361003] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.361040] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.361083] ? trace_hardirqs_on+0x37/0xe0 [ 25.361121] ? kasan_atomics+0x152/0x310 [ 25.361164] kasan_atomics+0x1dc/0x310 [ 25.361227] ? __pfx_kasan_atomics+0x10/0x10 [ 25.361266] ? __pfx_kasan_atomics+0x10/0x10 [ 25.361314] kunit_try_run_case+0x1a5/0x480 [ 25.361360] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.361413] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.361436] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.361457] ? __kthread_parkme+0x82/0x180 [ 25.361476] ? preempt_count_sub+0x50/0x80 [ 25.361497] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.361518] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.361538] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.361558] kthread+0x337/0x6f0 [ 25.361576] ? trace_preempt_on+0x20/0xc0 [ 25.361596] ? __pfx_kthread+0x10/0x10 [ 25.361613] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.361632] ? calculate_sigpending+0x7b/0xa0 [ 25.361652] ? __pfx_kthread+0x10/0x10 [ 25.361670] ret_from_fork+0x116/0x1d0 [ 25.361687] ? __pfx_kthread+0x10/0x10 [ 25.361706] ret_from_fork_asm+0x1a/0x30 [ 25.361733] </TASK> [ 25.361744] [ 25.369797] Allocated by task 294: [ 25.370080] kasan_save_stack+0x45/0x70 [ 25.370411] kasan_save_track+0x18/0x40 [ 25.370725] kasan_save_alloc_info+0x3b/0x50 [ 25.371154] __kasan_kmalloc+0xb7/0xc0 [ 25.371446] __kmalloc_cache_noprof+0x189/0x420 [ 25.371758] kasan_atomics+0x95/0x310 [ 25.372106] kunit_try_run_case+0x1a5/0x480 [ 25.372265] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.372460] kthread+0x337/0x6f0 [ 25.372599] ret_from_fork+0x116/0x1d0 [ 25.372741] ret_from_fork_asm+0x1a/0x30 [ 25.373092] [ 25.373233] The buggy address belongs to the object at ffff888102c1c600 [ 25.373233] which belongs to the cache kmalloc-64 of size 64 [ 25.374037] The buggy address is located 0 bytes to the right of [ 25.374037] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.374596] [ 25.374697] The buggy address belongs to the physical page: [ 25.374874] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.375118] flags: 0x200000000000000(node=0|zone=2) [ 25.375299] page_type: f5(slab) [ 25.375546] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.376119] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.376620] page dumped because: kasan: bad access detected [ 25.377011] [ 25.377114] Memory state around the buggy address: [ 25.377358] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.377686] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.378243] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.378607] ^ [ 25.378786] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.379007] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.379219] ================================================================== [ 24.957861] ================================================================== [ 24.958412] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a84/0x5450 [ 24.958896] Read of size 4 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 24.959227] [ 24.959357] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 24.959446] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.959471] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.959505] Call Trace: [ 24.959533] <TASK> [ 24.959561] dump_stack_lvl+0x73/0xb0 [ 24.959614] print_report+0xd1/0x650 [ 24.959655] ? __virt_addr_valid+0x1db/0x2d0 [ 24.959698] ? kasan_atomics_helper+0x4a84/0x5450 [ 24.959738] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.959786] ? kasan_atomics_helper+0x4a84/0x5450 [ 24.959854] kasan_report+0x141/0x180 [ 24.959901] ? kasan_atomics_helper+0x4a84/0x5450 [ 24.959953] __asan_report_load4_noabort+0x18/0x20 [ 24.959997] kasan_atomics_helper+0x4a84/0x5450 [ 24.960041] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.960114] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.960162] ? trace_hardirqs_on+0x37/0xe0 [ 24.960203] ? kasan_atomics+0x152/0x310 [ 24.960254] kasan_atomics+0x1dc/0x310 [ 24.960297] ? __pfx_kasan_atomics+0x10/0x10 [ 24.960342] ? __pfx_kasan_atomics+0x10/0x10 [ 24.960402] kunit_try_run_case+0x1a5/0x480 [ 24.960441] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.960481] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.960523] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.960564] ? __kthread_parkme+0x82/0x180 [ 24.960605] ? preempt_count_sub+0x50/0x80 [ 24.960651] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.960697] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.960740] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.960783] kthread+0x337/0x6f0 [ 24.960821] ? trace_preempt_on+0x20/0xc0 [ 24.960897] ? __pfx_kthread+0x10/0x10 [ 24.960939] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.960980] ? calculate_sigpending+0x7b/0xa0 [ 24.961025] ? __pfx_kthread+0x10/0x10 [ 24.961068] ret_from_fork+0x116/0x1d0 [ 24.961105] ? __pfx_kthread+0x10/0x10 [ 24.961145] ret_from_fork_asm+0x1a/0x30 [ 24.961207] </TASK> [ 24.961231] [ 24.972913] Allocated by task 294: [ 24.973193] kasan_save_stack+0x45/0x70 [ 24.973499] kasan_save_track+0x18/0x40 [ 24.973776] kasan_save_alloc_info+0x3b/0x50 [ 24.974086] __kasan_kmalloc+0xb7/0xc0 [ 24.974443] __kmalloc_cache_noprof+0x189/0x420 [ 24.974773] kasan_atomics+0x95/0x310 [ 24.975026] kunit_try_run_case+0x1a5/0x480 [ 24.975189] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.975371] kthread+0x337/0x6f0 [ 24.975554] ret_from_fork+0x116/0x1d0 [ 24.975700] ret_from_fork_asm+0x1a/0x30 [ 24.975880] [ 24.976018] The buggy address belongs to the object at ffff888102c1c600 [ 24.976018] which belongs to the cache kmalloc-64 of size 64 [ 24.976789] The buggy address is located 0 bytes to the right of [ 24.976789] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 24.977623] [ 24.977784] The buggy address belongs to the physical page: [ 24.978193] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 24.978501] flags: 0x200000000000000(node=0|zone=2) [ 24.978681] page_type: f5(slab) [ 24.978818] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.979329] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.979858] page dumped because: kasan: bad access detected [ 24.980194] [ 24.980283] Memory state around the buggy address: [ 24.980461] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.980680] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.981148] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.981606] ^ [ 24.981956] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.982293] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.982531] ================================================================== [ 24.577315] ================================================================== [ 24.577611] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b54/0x5450 [ 24.578414] Read of size 4 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 24.578711] [ 24.579148] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 24.579210] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.579228] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.579259] Call Trace: [ 24.579285] <TASK> [ 24.579313] dump_stack_lvl+0x73/0xb0 [ 24.579459] print_report+0xd1/0x650 [ 24.579501] ? __virt_addr_valid+0x1db/0x2d0 [ 24.579542] ? kasan_atomics_helper+0x4b54/0x5450 [ 24.579582] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.579626] ? kasan_atomics_helper+0x4b54/0x5450 [ 24.579668] kasan_report+0x141/0x180 [ 24.579711] ? kasan_atomics_helper+0x4b54/0x5450 [ 24.579761] __asan_report_load4_noabort+0x18/0x20 [ 24.579799] kasan_atomics_helper+0x4b54/0x5450 [ 24.579824] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.579855] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.579878] ? trace_hardirqs_on+0x37/0xe0 [ 24.579897] ? kasan_atomics+0x152/0x310 [ 24.579920] kasan_atomics+0x1dc/0x310 [ 24.579939] ? __pfx_kasan_atomics+0x10/0x10 [ 24.579960] ? __pfx_kasan_atomics+0x10/0x10 [ 24.579982] kunit_try_run_case+0x1a5/0x480 [ 24.580004] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.580024] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.580044] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.580068] ? __kthread_parkme+0x82/0x180 [ 24.580094] ? preempt_count_sub+0x50/0x80 [ 24.580114] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.580135] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.580155] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.580176] kthread+0x337/0x6f0 [ 24.580193] ? trace_preempt_on+0x20/0xc0 [ 24.580212] ? __pfx_kthread+0x10/0x10 [ 24.580230] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.580249] ? calculate_sigpending+0x7b/0xa0 [ 24.580269] ? __pfx_kthread+0x10/0x10 [ 24.580288] ret_from_fork+0x116/0x1d0 [ 24.580306] ? __pfx_kthread+0x10/0x10 [ 24.580324] ret_from_fork_asm+0x1a/0x30 [ 24.580353] </TASK> [ 24.580365] [ 24.591107] Allocated by task 294: [ 24.591452] kasan_save_stack+0x45/0x70 [ 24.591825] kasan_save_track+0x18/0x40 [ 24.592145] kasan_save_alloc_info+0x3b/0x50 [ 24.592354] __kasan_kmalloc+0xb7/0xc0 [ 24.592493] __kmalloc_cache_noprof+0x189/0x420 [ 24.592964] kasan_atomics+0x95/0x310 [ 24.593346] kunit_try_run_case+0x1a5/0x480 [ 24.593619] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.594095] kthread+0x337/0x6f0 [ 24.594412] ret_from_fork+0x116/0x1d0 [ 24.594575] ret_from_fork_asm+0x1a/0x30 [ 24.594997] [ 24.595161] The buggy address belongs to the object at ffff888102c1c600 [ 24.595161] which belongs to the cache kmalloc-64 of size 64 [ 24.595898] The buggy address is located 0 bytes to the right of [ 24.595898] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 24.596692] [ 24.597112] The buggy address belongs to the physical page: [ 24.597472] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 24.597917] flags: 0x200000000000000(node=0|zone=2) [ 24.598288] page_type: f5(slab) [ 24.598687] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.599312] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.599607] page dumped because: kasan: bad access detected [ 24.599948] [ 24.600082] Memory state around the buggy address: [ 24.600483] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.600843] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.601372] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.601808] ^ [ 24.602309] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.602806] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.603213] ================================================================== [ 25.735754] ================================================================== [ 25.736104] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1d7a/0x5450 [ 25.736529] Write of size 8 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.736956] [ 25.737081] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.737166] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.737191] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.737230] Call Trace: [ 25.737259] <TASK> [ 25.737288] dump_stack_lvl+0x73/0xb0 [ 25.737342] print_report+0xd1/0x650 [ 25.737399] ? __virt_addr_valid+0x1db/0x2d0 [ 25.737437] ? kasan_atomics_helper+0x1d7a/0x5450 [ 25.737472] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.737514] ? kasan_atomics_helper+0x1d7a/0x5450 [ 25.737551] kasan_report+0x141/0x180 [ 25.737594] ? kasan_atomics_helper+0x1d7a/0x5450 [ 25.737644] kasan_check_range+0x10c/0x1c0 [ 25.737700] __kasan_check_write+0x18/0x20 [ 25.737739] kasan_atomics_helper+0x1d7a/0x5450 [ 25.737780] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.737821] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.737919] ? trace_hardirqs_on+0x37/0xe0 [ 25.737974] ? kasan_atomics+0x152/0x310 [ 25.738038] kasan_atomics+0x1dc/0x310 [ 25.738086] ? __pfx_kasan_atomics+0x10/0x10 [ 25.738135] ? __pfx_kasan_atomics+0x10/0x10 [ 25.738186] kunit_try_run_case+0x1a5/0x480 [ 25.738237] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.738282] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.738327] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.738387] ? __kthread_parkme+0x82/0x180 [ 25.738429] ? preempt_count_sub+0x50/0x80 [ 25.738469] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.738508] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.738553] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.738597] kthread+0x337/0x6f0 [ 25.738669] ? trace_preempt_on+0x20/0xc0 [ 25.738743] ? __pfx_kthread+0x10/0x10 [ 25.738819] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.738918] ? calculate_sigpending+0x7b/0xa0 [ 25.738982] ? __pfx_kthread+0x10/0x10 [ 25.739025] ret_from_fork+0x116/0x1d0 [ 25.739060] ? __pfx_kthread+0x10/0x10 [ 25.739099] ret_from_fork_asm+0x1a/0x30 [ 25.739157] </TASK> [ 25.739181] [ 25.752029] Allocated by task 294: [ 25.752418] kasan_save_stack+0x45/0x70 [ 25.752696] kasan_save_track+0x18/0x40 [ 25.753052] kasan_save_alloc_info+0x3b/0x50 [ 25.753417] __kasan_kmalloc+0xb7/0xc0 [ 25.753604] __kmalloc_cache_noprof+0x189/0x420 [ 25.753894] kasan_atomics+0x95/0x310 [ 25.754403] kunit_try_run_case+0x1a5/0x480 [ 25.754856] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.755240] kthread+0x337/0x6f0 [ 25.755513] ret_from_fork+0x116/0x1d0 [ 25.755693] ret_from_fork_asm+0x1a/0x30 [ 25.755985] [ 25.756124] The buggy address belongs to the object at ffff888102c1c600 [ 25.756124] which belongs to the cache kmalloc-64 of size 64 [ 25.756565] The buggy address is located 0 bytes to the right of [ 25.756565] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.757194] [ 25.757294] The buggy address belongs to the physical page: [ 25.757669] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.758262] flags: 0x200000000000000(node=0|zone=2) [ 25.758573] page_type: f5(slab) [ 25.758857] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.759153] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.759497] page dumped because: kasan: bad access detected [ 25.759853] [ 25.760044] Memory state around the buggy address: [ 25.760204] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.760480] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.760927] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.761280] ^ [ 25.761572] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.761988] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.762280] ================================================================== [ 24.550175] ================================================================== [ 24.550521] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df/0x5450 [ 24.551116] Read of size 4 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 24.551697] [ 24.551814] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 24.551893] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.551919] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.551956] Call Trace: [ 24.551981] <TASK> [ 24.552009] dump_stack_lvl+0x73/0xb0 [ 24.552062] print_report+0xd1/0x650 [ 24.552104] ? __virt_addr_valid+0x1db/0x2d0 [ 24.552137] ? kasan_atomics_helper+0x3df/0x5450 [ 24.552162] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.552193] ? kasan_atomics_helper+0x3df/0x5450 [ 24.552218] kasan_report+0x141/0x180 [ 24.552244] ? kasan_atomics_helper+0x3df/0x5450 [ 24.552281] kasan_check_range+0x10c/0x1c0 [ 24.552309] __kasan_check_read+0x15/0x20 [ 24.552330] kasan_atomics_helper+0x3df/0x5450 [ 24.552349] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.552368] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.552443] ? trace_hardirqs_on+0x37/0xe0 [ 24.552481] ? kasan_atomics+0x152/0x310 [ 24.552542] kasan_atomics+0x1dc/0x310 [ 24.552600] ? __pfx_kasan_atomics+0x10/0x10 [ 24.552658] ? __pfx_kasan_atomics+0x10/0x10 [ 24.552712] kunit_try_run_case+0x1a5/0x480 [ 24.552777] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.552866] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.552927] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.552974] ? __kthread_parkme+0x82/0x180 [ 24.553025] ? preempt_count_sub+0x50/0x80 [ 24.553049] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.553084] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.553106] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.553126] kthread+0x337/0x6f0 [ 24.553144] ? trace_preempt_on+0x20/0xc0 [ 24.553164] ? __pfx_kthread+0x10/0x10 [ 24.553182] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.553201] ? calculate_sigpending+0x7b/0xa0 [ 24.553222] ? __pfx_kthread+0x10/0x10 [ 24.553241] ret_from_fork+0x116/0x1d0 [ 24.553259] ? __pfx_kthread+0x10/0x10 [ 24.553277] ret_from_fork_asm+0x1a/0x30 [ 24.553305] </TASK> [ 24.553318] [ 24.564077] Allocated by task 294: [ 24.564315] kasan_save_stack+0x45/0x70 [ 24.564522] kasan_save_track+0x18/0x40 [ 24.564767] kasan_save_alloc_info+0x3b/0x50 [ 24.565013] __kasan_kmalloc+0xb7/0xc0 [ 24.565913] __kmalloc_cache_noprof+0x189/0x420 [ 24.566114] kasan_atomics+0x95/0x310 [ 24.566535] kunit_try_run_case+0x1a5/0x480 [ 24.566855] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.567374] kthread+0x337/0x6f0 [ 24.567779] ret_from_fork+0x116/0x1d0 [ 24.568107] ret_from_fork_asm+0x1a/0x30 [ 24.568341] [ 24.568443] The buggy address belongs to the object at ffff888102c1c600 [ 24.568443] which belongs to the cache kmalloc-64 of size 64 [ 24.569316] The buggy address is located 0 bytes to the right of [ 24.569316] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 24.569877] [ 24.569978] The buggy address belongs to the physical page: [ 24.570650] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 24.571322] flags: 0x200000000000000(node=0|zone=2) [ 24.571686] page_type: f5(slab) [ 24.571824] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.572208] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.572826] page dumped because: kasan: bad access detected [ 24.573205] [ 24.573310] Memory state around the buggy address: [ 24.573517] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.573783] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.574652] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.575244] ^ [ 24.575437] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.575840] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.576601] ================================================================== [ 24.655017] ================================================================== [ 24.655851] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x565/0x5450 [ 24.656328] Write of size 4 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 24.656774] [ 24.656961] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 24.657039] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.657063] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.657100] Call Trace: [ 24.657125] <TASK> [ 24.657150] dump_stack_lvl+0x73/0xb0 [ 24.657201] print_report+0xd1/0x650 [ 24.657241] ? __virt_addr_valid+0x1db/0x2d0 [ 24.657279] ? kasan_atomics_helper+0x565/0x5450 [ 24.657312] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.657354] ? kasan_atomics_helper+0x565/0x5450 [ 24.657404] kasan_report+0x141/0x180 [ 24.657442] ? kasan_atomics_helper+0x565/0x5450 [ 24.657486] kasan_check_range+0x10c/0x1c0 [ 24.657528] __kasan_check_write+0x18/0x20 [ 24.657568] kasan_atomics_helper+0x565/0x5450 [ 24.657612] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.657653] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.657698] ? trace_hardirqs_on+0x37/0xe0 [ 24.657738] ? kasan_atomics+0x152/0x310 [ 24.657776] kasan_atomics+0x1dc/0x310 [ 24.657814] ? __pfx_kasan_atomics+0x10/0x10 [ 24.657888] ? __pfx_kasan_atomics+0x10/0x10 [ 24.657935] kunit_try_run_case+0x1a5/0x480 [ 24.657984] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.658035] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.658088] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.658137] ? __kthread_parkme+0x82/0x180 [ 24.658180] ? preempt_count_sub+0x50/0x80 [ 24.658223] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.658261] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.658305] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.658350] kthread+0x337/0x6f0 [ 24.658403] ? trace_preempt_on+0x20/0xc0 [ 24.658447] ? __pfx_kthread+0x10/0x10 [ 24.658490] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.658533] ? calculate_sigpending+0x7b/0xa0 [ 24.658578] ? __pfx_kthread+0x10/0x10 [ 24.658620] ret_from_fork+0x116/0x1d0 [ 24.658660] ? __pfx_kthread+0x10/0x10 [ 24.658700] ret_from_fork_asm+0x1a/0x30 [ 24.658762] </TASK> [ 24.658787] [ 24.666910] Allocated by task 294: [ 24.667158] kasan_save_stack+0x45/0x70 [ 24.667924] kasan_save_track+0x18/0x40 [ 24.668249] kasan_save_alloc_info+0x3b/0x50 [ 24.668525] __kasan_kmalloc+0xb7/0xc0 [ 24.668694] __kmalloc_cache_noprof+0x189/0x420 [ 24.669420] kasan_atomics+0x95/0x310 [ 24.670828] kunit_try_run_case+0x1a5/0x480 [ 24.671198] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.671584] kthread+0x337/0x6f0 [ 24.671752] ret_from_fork+0x116/0x1d0 [ 24.672477] ret_from_fork_asm+0x1a/0x30 [ 24.673028] [ 24.673206] The buggy address belongs to the object at ffff888102c1c600 [ 24.673206] which belongs to the cache kmalloc-64 of size 64 [ 24.673656] The buggy address is located 0 bytes to the right of [ 24.673656] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 24.674713] [ 24.674957] The buggy address belongs to the physical page: [ 24.675231] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 24.675543] flags: 0x200000000000000(node=0|zone=2) [ 24.675753] page_type: f5(slab) [ 24.676273] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.676903] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.677114] page dumped because: kasan: bad access detected [ 24.677278] [ 24.677338] Memory state around the buggy address: [ 24.677449] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.677567] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.677677] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.677784] ^ [ 24.677928] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.678188] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.678590] ================================================================== [ 25.403975] ================================================================== [ 25.404639] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x151d/0x5450 [ 25.404907] Write of size 8 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.405859] [ 25.406449] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.406556] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.406580] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.406602] Call Trace: [ 25.406619] <TASK> [ 25.406636] dump_stack_lvl+0x73/0xb0 [ 25.406669] print_report+0xd1/0x650 [ 25.406691] ? __virt_addr_valid+0x1db/0x2d0 [ 25.406713] ? kasan_atomics_helper+0x151d/0x5450 [ 25.406733] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.406758] ? kasan_atomics_helper+0x151d/0x5450 [ 25.406778] kasan_report+0x141/0x180 [ 25.406799] ? kasan_atomics_helper+0x151d/0x5450 [ 25.406825] kasan_check_range+0x10c/0x1c0 [ 25.406862] __kasan_check_write+0x18/0x20 [ 25.406898] kasan_atomics_helper+0x151d/0x5450 [ 25.406937] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.406978] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.407020] ? trace_hardirqs_on+0x37/0xe0 [ 25.407080] ? kasan_atomics+0x152/0x310 [ 25.407129] kasan_atomics+0x1dc/0x310 [ 25.407166] ? __pfx_kasan_atomics+0x10/0x10 [ 25.407209] ? __pfx_kasan_atomics+0x10/0x10 [ 25.407259] kunit_try_run_case+0x1a5/0x480 [ 25.407302] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.407330] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.407350] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.407369] ? __kthread_parkme+0x82/0x180 [ 25.407406] ? preempt_count_sub+0x50/0x80 [ 25.407427] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.407448] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.407469] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.407489] kthread+0x337/0x6f0 [ 25.407506] ? trace_preempt_on+0x20/0xc0 [ 25.407525] ? __pfx_kthread+0x10/0x10 [ 25.407543] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.407561] ? calculate_sigpending+0x7b/0xa0 [ 25.407581] ? __pfx_kthread+0x10/0x10 [ 25.407599] ret_from_fork+0x116/0x1d0 [ 25.407616] ? __pfx_kthread+0x10/0x10 [ 25.407634] ret_from_fork_asm+0x1a/0x30 [ 25.407661] </TASK> [ 25.407672] [ 25.415610] Allocated by task 294: [ 25.415763] kasan_save_stack+0x45/0x70 [ 25.415925] kasan_save_track+0x18/0x40 [ 25.416216] kasan_save_alloc_info+0x3b/0x50 [ 25.416543] __kasan_kmalloc+0xb7/0xc0 [ 25.416821] __kmalloc_cache_noprof+0x189/0x420 [ 25.417141] kasan_atomics+0x95/0x310 [ 25.417496] kunit_try_run_case+0x1a5/0x480 [ 25.418651] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.419650] kthread+0x337/0x6f0 [ 25.420354] ret_from_fork+0x116/0x1d0 [ 25.420518] ret_from_fork_asm+0x1a/0x30 [ 25.420961] [ 25.421124] The buggy address belongs to the object at ffff888102c1c600 [ 25.421124] which belongs to the cache kmalloc-64 of size 64 [ 25.421760] The buggy address is located 0 bytes to the right of [ 25.421760] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.422725] [ 25.422968] The buggy address belongs to the physical page: [ 25.423215] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.423536] flags: 0x200000000000000(node=0|zone=2) [ 25.423748] page_type: f5(slab) [ 25.424281] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.424621] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.425305] page dumped because: kasan: bad access detected [ 25.425705] [ 25.425822] Memory state around the buggy address: [ 25.426346] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.426600] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.427076] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.427553] ^ [ 25.427886] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.428446] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.429305] ================================================================== [ 25.665931] ================================================================== [ 25.667266] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1c18/0x5450 [ 25.667677] Write of size 8 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.668261] [ 25.668751] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.668893] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.668913] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.668933] Call Trace: [ 25.668949] <TASK> [ 25.668965] dump_stack_lvl+0x73/0xb0 [ 25.668996] print_report+0xd1/0x650 [ 25.669016] ? __virt_addr_valid+0x1db/0x2d0 [ 25.669036] ? kasan_atomics_helper+0x1c18/0x5450 [ 25.669054] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.669076] ? kasan_atomics_helper+0x1c18/0x5450 [ 25.669095] kasan_report+0x141/0x180 [ 25.669114] ? kasan_atomics_helper+0x1c18/0x5450 [ 25.669137] kasan_check_range+0x10c/0x1c0 [ 25.669156] __kasan_check_write+0x18/0x20 [ 25.669176] kasan_atomics_helper+0x1c18/0x5450 [ 25.669196] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.669214] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.669235] ? trace_hardirqs_on+0x37/0xe0 [ 25.669253] ? kasan_atomics+0x152/0x310 [ 25.669275] kasan_atomics+0x1dc/0x310 [ 25.669295] ? __pfx_kasan_atomics+0x10/0x10 [ 25.669315] ? __pfx_kasan_atomics+0x10/0x10 [ 25.669338] kunit_try_run_case+0x1a5/0x480 [ 25.669360] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.669396] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.669418] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.669438] ? __kthread_parkme+0x82/0x180 [ 25.669456] ? preempt_count_sub+0x50/0x80 [ 25.669477] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.669498] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.669519] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.669540] kthread+0x337/0x6f0 [ 25.669557] ? trace_preempt_on+0x20/0xc0 [ 25.669576] ? __pfx_kthread+0x10/0x10 [ 25.669595] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.669613] ? calculate_sigpending+0x7b/0xa0 [ 25.669633] ? __pfx_kthread+0x10/0x10 [ 25.669652] ret_from_fork+0x116/0x1d0 [ 25.669669] ? __pfx_kthread+0x10/0x10 [ 25.669687] ret_from_fork_asm+0x1a/0x30 [ 25.669715] </TASK> [ 25.669726] [ 25.677793] Allocated by task 294: [ 25.678081] kasan_save_stack+0x45/0x70 [ 25.678410] kasan_save_track+0x18/0x40 [ 25.678808] kasan_save_alloc_info+0x3b/0x50 [ 25.679095] __kasan_kmalloc+0xb7/0xc0 [ 25.679241] __kmalloc_cache_noprof+0x189/0x420 [ 25.679423] kasan_atomics+0x95/0x310 [ 25.679572] kunit_try_run_case+0x1a5/0x480 [ 25.679772] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.680206] kthread+0x337/0x6f0 [ 25.680474] ret_from_fork+0x116/0x1d0 [ 25.680742] ret_from_fork_asm+0x1a/0x30 [ 25.681046] [ 25.681208] The buggy address belongs to the object at ffff888102c1c600 [ 25.681208] which belongs to the cache kmalloc-64 of size 64 [ 25.681676] The buggy address is located 0 bytes to the right of [ 25.681676] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.682597] [ 25.682787] The buggy address belongs to the physical page: [ 25.682974] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.683214] flags: 0x200000000000000(node=0|zone=2) [ 25.683412] page_type: f5(slab) [ 25.683648] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.684236] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.684733] page dumped because: kasan: bad access detected [ 25.685131] [ 25.685216] Memory state around the buggy address: [ 25.685391] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.685623] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.686112] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.686665] ^ [ 25.687039] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.687477] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.687693] ================================================================== [ 25.475628] ================================================================== [ 25.476358] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16e7/0x5450 [ 25.476902] Write of size 8 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.477375] [ 25.477561] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.477676] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.477704] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.477741] Call Trace: [ 25.477766] <TASK> [ 25.477809] dump_stack_lvl+0x73/0xb0 [ 25.477860] print_report+0xd1/0x650 [ 25.477899] ? __virt_addr_valid+0x1db/0x2d0 [ 25.477939] ? kasan_atomics_helper+0x16e7/0x5450 [ 25.477978] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.478037] ? kasan_atomics_helper+0x16e7/0x5450 [ 25.478084] kasan_report+0x141/0x180 [ 25.478130] ? kasan_atomics_helper+0x16e7/0x5450 [ 25.478186] kasan_check_range+0x10c/0x1c0 [ 25.478233] __kasan_check_write+0x18/0x20 [ 25.478277] kasan_atomics_helper+0x16e7/0x5450 [ 25.478325] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.478371] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.478435] ? trace_hardirqs_on+0x37/0xe0 [ 25.478480] ? kasan_atomics+0x152/0x310 [ 25.478527] kasan_atomics+0x1dc/0x310 [ 25.478570] ? __pfx_kasan_atomics+0x10/0x10 [ 25.478614] ? __pfx_kasan_atomics+0x10/0x10 [ 25.478665] kunit_try_run_case+0x1a5/0x480 [ 25.478717] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.478763] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.478810] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.478854] ? __kthread_parkme+0x82/0x180 [ 25.478919] ? preempt_count_sub+0x50/0x80 [ 25.478967] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.479016] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.479065] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.479111] kthread+0x337/0x6f0 [ 25.479151] ? trace_preempt_on+0x20/0xc0 [ 25.479194] ? __pfx_kthread+0x10/0x10 [ 25.479234] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.479277] ? calculate_sigpending+0x7b/0xa0 [ 25.479321] ? __pfx_kthread+0x10/0x10 [ 25.479364] ret_from_fork+0x116/0x1d0 [ 25.479424] ? __pfx_kthread+0x10/0x10 [ 25.479466] ret_from_fork_asm+0x1a/0x30 [ 25.479525] </TASK> [ 25.479549] [ 25.490655] Allocated by task 294: [ 25.490819] kasan_save_stack+0x45/0x70 [ 25.491009] kasan_save_track+0x18/0x40 [ 25.491158] kasan_save_alloc_info+0x3b/0x50 [ 25.491531] __kasan_kmalloc+0xb7/0xc0 [ 25.491888] __kmalloc_cache_noprof+0x189/0x420 [ 25.492240] kasan_atomics+0x95/0x310 [ 25.492525] kunit_try_run_case+0x1a5/0x480 [ 25.492909] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.493303] kthread+0x337/0x6f0 [ 25.493625] ret_from_fork+0x116/0x1d0 [ 25.493962] ret_from_fork_asm+0x1a/0x30 [ 25.494186] [ 25.494287] The buggy address belongs to the object at ffff888102c1c600 [ 25.494287] which belongs to the cache kmalloc-64 of size 64 [ 25.494796] The buggy address is located 0 bytes to the right of [ 25.494796] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.495498] [ 25.495645] The buggy address belongs to the physical page: [ 25.495821] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.496310] flags: 0x200000000000000(node=0|zone=2) [ 25.496509] page_type: f5(slab) [ 25.496648] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.497142] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.497458] page dumped because: kasan: bad access detected [ 25.497741] [ 25.497854] Memory state around the buggy address: [ 25.498195] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.498536] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.498968] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.499305] ^ [ 25.499486] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.499702] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.500191] ================================================================== [ 24.813872] ================================================================== [ 24.814308] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x8f9/0x5450 [ 24.814584] Write of size 4 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 24.815682] [ 24.815963] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 24.816047] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.816073] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.816105] Call Trace: [ 24.816216] <TASK> [ 24.816236] dump_stack_lvl+0x73/0xb0 [ 24.816270] print_report+0xd1/0x650 [ 24.816295] ? __virt_addr_valid+0x1db/0x2d0 [ 24.816327] ? kasan_atomics_helper+0x8f9/0x5450 [ 24.816346] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.816369] ? kasan_atomics_helper+0x8f9/0x5450 [ 24.816407] kasan_report+0x141/0x180 [ 24.816428] ? kasan_atomics_helper+0x8f9/0x5450 [ 24.816451] kasan_check_range+0x10c/0x1c0 [ 24.816471] __kasan_check_write+0x18/0x20 [ 24.816490] kasan_atomics_helper+0x8f9/0x5450 [ 24.816511] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.816530] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.816550] ? trace_hardirqs_on+0x37/0xe0 [ 24.816569] ? kasan_atomics+0x152/0x310 [ 24.816591] kasan_atomics+0x1dc/0x310 [ 24.816611] ? __pfx_kasan_atomics+0x10/0x10 [ 24.816630] ? __pfx_kasan_atomics+0x10/0x10 [ 24.816653] kunit_try_run_case+0x1a5/0x480 [ 24.816674] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.816693] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.816713] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.816733] ? __kthread_parkme+0x82/0x180 [ 24.816751] ? preempt_count_sub+0x50/0x80 [ 24.816772] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.816793] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.816812] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.816837] kthread+0x337/0x6f0 [ 24.816869] ? trace_preempt_on+0x20/0xc0 [ 24.816888] ? __pfx_kthread+0x10/0x10 [ 24.816906] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.816924] ? calculate_sigpending+0x7b/0xa0 [ 24.816944] ? __pfx_kthread+0x10/0x10 [ 24.816963] ret_from_fork+0x116/0x1d0 [ 24.816980] ? __pfx_kthread+0x10/0x10 [ 24.816998] ret_from_fork_asm+0x1a/0x30 [ 24.817026] </TASK> [ 24.817037] [ 24.828371] Allocated by task 294: [ 24.828585] kasan_save_stack+0x45/0x70 [ 24.828861] kasan_save_track+0x18/0x40 [ 24.829635] kasan_save_alloc_info+0x3b/0x50 [ 24.829846] __kasan_kmalloc+0xb7/0xc0 [ 24.830002] __kmalloc_cache_noprof+0x189/0x420 [ 24.830535] kasan_atomics+0x95/0x310 [ 24.830691] kunit_try_run_case+0x1a5/0x480 [ 24.831261] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.831610] kthread+0x337/0x6f0 [ 24.831973] ret_from_fork+0x116/0x1d0 [ 24.832129] ret_from_fork_asm+0x1a/0x30 [ 24.832512] [ 24.832675] The buggy address belongs to the object at ffff888102c1c600 [ 24.832675] which belongs to the cache kmalloc-64 of size 64 [ 24.833224] The buggy address is located 0 bytes to the right of [ 24.833224] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 24.833844] [ 24.833982] The buggy address belongs to the physical page: [ 24.834239] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 24.835076] flags: 0x200000000000000(node=0|zone=2) [ 24.835375] page_type: f5(slab) [ 24.835768] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.836286] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.836740] page dumped because: kasan: bad access detected [ 24.837130] [ 24.837214] Memory state around the buggy address: [ 24.837683] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.838079] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.838587] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.838962] ^ [ 24.839405] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.839674] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.840288] ================================================================== [ 25.833492] ================================================================== [ 25.833864] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f71/0x5450 [ 25.834523] Read of size 8 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.834971] [ 25.835147] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.835231] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.835256] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.835291] Call Trace: [ 25.835326] <TASK> [ 25.835353] dump_stack_lvl+0x73/0xb0 [ 25.835433] print_report+0xd1/0x650 [ 25.835474] ? __virt_addr_valid+0x1db/0x2d0 [ 25.835513] ? kasan_atomics_helper+0x4f71/0x5450 [ 25.835553] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.835594] ? kasan_atomics_helper+0x4f71/0x5450 [ 25.835635] kasan_report+0x141/0x180 [ 25.835675] ? kasan_atomics_helper+0x4f71/0x5450 [ 25.835725] __asan_report_load8_noabort+0x18/0x20 [ 25.835770] kasan_atomics_helper+0x4f71/0x5450 [ 25.835813] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.835861] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.835908] ? trace_hardirqs_on+0x37/0xe0 [ 25.835943] ? kasan_atomics+0x152/0x310 [ 25.836005] kasan_atomics+0x1dc/0x310 [ 25.836049] ? __pfx_kasan_atomics+0x10/0x10 [ 25.836091] ? __pfx_kasan_atomics+0x10/0x10 [ 25.836142] kunit_try_run_case+0x1a5/0x480 [ 25.836188] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.836231] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.836274] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.836317] ? __kthread_parkme+0x82/0x180 [ 25.836353] ? preempt_count_sub+0x50/0x80 [ 25.836412] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.836457] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.836511] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.836553] kthread+0x337/0x6f0 [ 25.836588] ? trace_preempt_on+0x20/0xc0 [ 25.836634] ? __pfx_kthread+0x10/0x10 [ 25.836674] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.836726] ? calculate_sigpending+0x7b/0xa0 [ 25.836769] ? __pfx_kthread+0x10/0x10 [ 25.836807] ret_from_fork+0x116/0x1d0 [ 25.836849] ? __pfx_kthread+0x10/0x10 [ 25.836898] ret_from_fork_asm+0x1a/0x30 [ 25.836953] </TASK> [ 25.836976] [ 25.845343] Allocated by task 294: [ 25.845629] kasan_save_stack+0x45/0x70 [ 25.845981] kasan_save_track+0x18/0x40 [ 25.846229] kasan_save_alloc_info+0x3b/0x50 [ 25.846469] __kasan_kmalloc+0xb7/0xc0 [ 25.846629] __kmalloc_cache_noprof+0x189/0x420 [ 25.846964] kasan_atomics+0x95/0x310 [ 25.847255] kunit_try_run_case+0x1a5/0x480 [ 25.847578] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.847863] kthread+0x337/0x6f0 [ 25.848158] ret_from_fork+0x116/0x1d0 [ 25.848309] ret_from_fork_asm+0x1a/0x30 [ 25.848572] [ 25.848720] The buggy address belongs to the object at ffff888102c1c600 [ 25.848720] which belongs to the cache kmalloc-64 of size 64 [ 25.849486] The buggy address is located 0 bytes to the right of [ 25.849486] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.850301] [ 25.850406] The buggy address belongs to the physical page: [ 25.850590] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.850841] flags: 0x200000000000000(node=0|zone=2) [ 25.851024] page_type: f5(slab) [ 25.851161] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.851418] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.851929] page dumped because: kasan: bad access detected [ 25.852291] [ 25.852443] Memory state around the buggy address: [ 25.852784] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.853279] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.853765] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.854282] ^ [ 25.854597] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.854839] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.855307] ================================================================== [ 24.629667] ================================================================== [ 24.630702] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b3a/0x5450 [ 24.631749] Write of size 4 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 24.632356] [ 24.632510] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 24.632593] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.632612] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.632646] Call Trace: [ 24.632672] <TASK> [ 24.632697] dump_stack_lvl+0x73/0xb0 [ 24.632749] print_report+0xd1/0x650 [ 24.632787] ? __virt_addr_valid+0x1db/0x2d0 [ 24.632821] ? kasan_atomics_helper+0x4b3a/0x5450 [ 24.632853] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.633200] ? kasan_atomics_helper+0x4b3a/0x5450 [ 24.633228] kasan_report+0x141/0x180 [ 24.633250] ? kasan_atomics_helper+0x4b3a/0x5450 [ 24.633283] __asan_report_store4_noabort+0x1b/0x30 [ 24.633339] kasan_atomics_helper+0x4b3a/0x5450 [ 24.633360] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.633397] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.633421] ? trace_hardirqs_on+0x37/0xe0 [ 24.633440] ? kasan_atomics+0x152/0x310 [ 24.633463] kasan_atomics+0x1dc/0x310 [ 24.633482] ? __pfx_kasan_atomics+0x10/0x10 [ 24.633502] ? __pfx_kasan_atomics+0x10/0x10 [ 24.633525] kunit_try_run_case+0x1a5/0x480 [ 24.633547] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.633566] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.633585] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.633605] ? __kthread_parkme+0x82/0x180 [ 24.633623] ? preempt_count_sub+0x50/0x80 [ 24.633644] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.633665] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.633685] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.633706] kthread+0x337/0x6f0 [ 24.633723] ? trace_preempt_on+0x20/0xc0 [ 24.633742] ? __pfx_kthread+0x10/0x10 [ 24.633760] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.633778] ? calculate_sigpending+0x7b/0xa0 [ 24.633798] ? __pfx_kthread+0x10/0x10 [ 24.633817] ret_from_fork+0x116/0x1d0 [ 24.633847] ? __pfx_kthread+0x10/0x10 [ 24.633868] ret_from_fork_asm+0x1a/0x30 [ 24.633896] </TASK> [ 24.633908] [ 24.644263] Allocated by task 294: [ 24.644526] kasan_save_stack+0x45/0x70 [ 24.644804] kasan_save_track+0x18/0x40 [ 24.645652] kasan_save_alloc_info+0x3b/0x50 [ 24.645932] __kasan_kmalloc+0xb7/0xc0 [ 24.646157] __kmalloc_cache_noprof+0x189/0x420 [ 24.646422] kasan_atomics+0x95/0x310 [ 24.646698] kunit_try_run_case+0x1a5/0x480 [ 24.646938] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.647564] kthread+0x337/0x6f0 [ 24.647720] ret_from_fork+0x116/0x1d0 [ 24.648001] ret_from_fork_asm+0x1a/0x30 [ 24.648209] [ 24.648306] The buggy address belongs to the object at ffff888102c1c600 [ 24.648306] which belongs to the cache kmalloc-64 of size 64 [ 24.648820] The buggy address is located 0 bytes to the right of [ 24.648820] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 24.649355] [ 24.649509] The buggy address belongs to the physical page: [ 24.649776] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 24.650033] flags: 0x200000000000000(node=0|zone=2) [ 24.650226] page_type: f5(slab) [ 24.650491] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.651009] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.651278] page dumped because: kasan: bad access detected [ 24.651640] [ 24.651783] Memory state around the buggy address: [ 24.652076] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.652409] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.652709] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.653074] ^ [ 24.653401] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.653669] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.653957] ================================================================== [ 25.905976] ================================================================== [ 25.906268] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x20c8/0x5450 [ 25.906547] Write of size 8 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.906795] [ 25.906971] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.907061] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.907086] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.907127] Call Trace: [ 25.907154] <TASK> [ 25.907183] dump_stack_lvl+0x73/0xb0 [ 25.907235] print_report+0xd1/0x650 [ 25.907275] ? __virt_addr_valid+0x1db/0x2d0 [ 25.907318] ? kasan_atomics_helper+0x20c8/0x5450 [ 25.907358] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.908037] ? kasan_atomics_helper+0x20c8/0x5450 [ 25.908087] kasan_report+0x141/0x180 [ 25.908128] ? kasan_atomics_helper+0x20c8/0x5450 [ 25.908173] kasan_check_range+0x10c/0x1c0 [ 25.908211] __kasan_check_write+0x18/0x20 [ 25.908250] kasan_atomics_helper+0x20c8/0x5450 [ 25.908284] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.908321] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.908363] ? trace_hardirqs_on+0x37/0xe0 [ 25.908416] ? kasan_atomics+0x152/0x310 [ 25.908465] kasan_atomics+0x1dc/0x310 [ 25.908508] ? __pfx_kasan_atomics+0x10/0x10 [ 25.908552] ? __pfx_kasan_atomics+0x10/0x10 [ 25.908604] kunit_try_run_case+0x1a5/0x480 [ 25.908651] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.908694] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.908737] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.908781] ? __kthread_parkme+0x82/0x180 [ 25.908819] ? preempt_count_sub+0x50/0x80 [ 25.908863] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.908908] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.908954] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.908995] kthread+0x337/0x6f0 [ 25.909034] ? trace_preempt_on+0x20/0xc0 [ 25.909075] ? __pfx_kthread+0x10/0x10 [ 25.909116] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.909167] ? calculate_sigpending+0x7b/0xa0 [ 25.909205] ? __pfx_kthread+0x10/0x10 [ 25.909237] ret_from_fork+0x116/0x1d0 [ 25.909271] ? __pfx_kthread+0x10/0x10 [ 25.909307] ret_from_fork_asm+0x1a/0x30 [ 25.909352] </TASK> [ 25.909365] [ 25.918099] Allocated by task 294: [ 25.918286] kasan_save_stack+0x45/0x70 [ 25.918521] kasan_save_track+0x18/0x40 [ 25.918737] kasan_save_alloc_info+0x3b/0x50 [ 25.918991] __kasan_kmalloc+0xb7/0xc0 [ 25.919263] __kmalloc_cache_noprof+0x189/0x420 [ 25.919597] kasan_atomics+0x95/0x310 [ 25.919746] kunit_try_run_case+0x1a5/0x480 [ 25.919904] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.920115] kthread+0x337/0x6f0 [ 25.920252] ret_from_fork+0x116/0x1d0 [ 25.920426] ret_from_fork_asm+0x1a/0x30 [ 25.920781] [ 25.920942] The buggy address belongs to the object at ffff888102c1c600 [ 25.920942] which belongs to the cache kmalloc-64 of size 64 [ 25.921681] The buggy address is located 0 bytes to the right of [ 25.921681] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.922601] [ 25.922684] The buggy address belongs to the physical page: [ 25.922985] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.923289] flags: 0x200000000000000(node=0|zone=2) [ 25.923599] page_type: f5(slab) [ 25.923836] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.924354] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.924589] page dumped because: kasan: bad access detected [ 25.924915] [ 25.925038] Memory state around the buggy address: [ 25.925352] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.925793] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.926125] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.926565] ^ [ 25.926743] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.926972] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.927184] ================================================================== [ 25.978027] ================================================================== [ 25.978467] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fa5/0x5450 [ 25.978754] Read of size 8 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.979222] [ 25.980159] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.980254] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.980278] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.980437] Call Trace: [ 25.980473] <TASK> [ 25.980565] dump_stack_lvl+0x73/0xb0 [ 25.980607] print_report+0xd1/0x650 [ 25.980629] ? __virt_addr_valid+0x1db/0x2d0 [ 25.980649] ? kasan_atomics_helper+0x4fa5/0x5450 [ 25.980669] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.980691] ? kasan_atomics_helper+0x4fa5/0x5450 [ 25.980710] kasan_report+0x141/0x180 [ 25.980729] ? kasan_atomics_helper+0x4fa5/0x5450 [ 25.980752] __asan_report_load8_noabort+0x18/0x20 [ 25.980773] kasan_atomics_helper+0x4fa5/0x5450 [ 25.980793] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.980813] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.980855] ? trace_hardirqs_on+0x37/0xe0 [ 25.980875] ? kasan_atomics+0x152/0x310 [ 25.980898] kasan_atomics+0x1dc/0x310 [ 25.980917] ? __pfx_kasan_atomics+0x10/0x10 [ 25.980937] ? __pfx_kasan_atomics+0x10/0x10 [ 25.980959] kunit_try_run_case+0x1a5/0x480 [ 25.980980] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.981000] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.981019] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.981039] ? __kthread_parkme+0x82/0x180 [ 25.981056] ? preempt_count_sub+0x50/0x80 [ 25.981077] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.981098] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.981118] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.981138] kthread+0x337/0x6f0 [ 25.981156] ? trace_preempt_on+0x20/0xc0 [ 25.981176] ? __pfx_kthread+0x10/0x10 [ 25.981194] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.981213] ? calculate_sigpending+0x7b/0xa0 [ 25.981233] ? __pfx_kthread+0x10/0x10 [ 25.981252] ret_from_fork+0x116/0x1d0 [ 25.981269] ? __pfx_kthread+0x10/0x10 [ 25.981287] ret_from_fork_asm+0x1a/0x30 [ 25.981313] </TASK> [ 25.981324] [ 25.990760] Allocated by task 294: [ 25.990999] kasan_save_stack+0x45/0x70 [ 25.991363] kasan_save_track+0x18/0x40 [ 25.991696] kasan_save_alloc_info+0x3b/0x50 [ 25.991953] __kasan_kmalloc+0xb7/0xc0 [ 25.992102] __kmalloc_cache_noprof+0x189/0x420 [ 25.992268] kasan_atomics+0x95/0x310 [ 25.992457] kunit_try_run_case+0x1a5/0x480 [ 25.992752] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.993121] kthread+0x337/0x6f0 [ 25.993366] ret_from_fork+0x116/0x1d0 [ 25.993724] ret_from_fork_asm+0x1a/0x30 [ 25.994054] [ 25.994216] The buggy address belongs to the object at ffff888102c1c600 [ 25.994216] which belongs to the cache kmalloc-64 of size 64 [ 25.994592] The buggy address is located 0 bytes to the right of [ 25.994592] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.995101] [ 25.995262] The buggy address belongs to the physical page: [ 25.995719] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.996250] flags: 0x200000000000000(node=0|zone=2) [ 25.996609] page_type: f5(slab) [ 25.996899] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.997374] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.997765] page dumped because: kasan: bad access detected [ 25.998151] [ 25.998324] Memory state around the buggy address: [ 25.998627] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.999095] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.999336] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.999727] ^ [ 26.000183] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.000660] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.001069] ================================================================== [ 25.501024] ================================================================== [ 25.501346] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x177f/0x5450 [ 25.501805] Write of size 8 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.502139] [ 25.502319] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.502420] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.502451] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.502487] Call Trace: [ 25.502515] <TASK> [ 25.502544] dump_stack_lvl+0x73/0xb0 [ 25.502596] print_report+0xd1/0x650 [ 25.502636] ? __virt_addr_valid+0x1db/0x2d0 [ 25.502676] ? kasan_atomics_helper+0x177f/0x5450 [ 25.502713] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.502756] ? kasan_atomics_helper+0x177f/0x5450 [ 25.502792] kasan_report+0x141/0x180 [ 25.502865] ? kasan_atomics_helper+0x177f/0x5450 [ 25.502918] kasan_check_range+0x10c/0x1c0 [ 25.502962] __kasan_check_write+0x18/0x20 [ 25.502998] kasan_atomics_helper+0x177f/0x5450 [ 25.503034] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.503071] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.503111] ? trace_hardirqs_on+0x37/0xe0 [ 25.503150] ? kasan_atomics+0x152/0x310 [ 25.503196] kasan_atomics+0x1dc/0x310 [ 25.503239] ? __pfx_kasan_atomics+0x10/0x10 [ 25.503282] ? __pfx_kasan_atomics+0x10/0x10 [ 25.503327] kunit_try_run_case+0x1a5/0x480 [ 25.503370] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.503423] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.503461] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.503505] ? __kthread_parkme+0x82/0x180 [ 25.503545] ? preempt_count_sub+0x50/0x80 [ 25.503591] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.503637] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.503682] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.503722] kthread+0x337/0x6f0 [ 25.503752] ? trace_preempt_on+0x20/0xc0 [ 25.503786] ? __pfx_kthread+0x10/0x10 [ 25.503822] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.503890] ? calculate_sigpending+0x7b/0xa0 [ 25.503931] ? __pfx_kthread+0x10/0x10 [ 25.503970] ret_from_fork+0x116/0x1d0 [ 25.504004] ? __pfx_kthread+0x10/0x10 [ 25.504041] ret_from_fork_asm+0x1a/0x30 [ 25.504101] </TASK> [ 25.504126] [ 25.512037] Allocated by task 294: [ 25.512305] kasan_save_stack+0x45/0x70 [ 25.512590] kasan_save_track+0x18/0x40 [ 25.512875] kasan_save_alloc_info+0x3b/0x50 [ 25.513140] __kasan_kmalloc+0xb7/0xc0 [ 25.513345] __kmalloc_cache_noprof+0x189/0x420 [ 25.513641] kasan_atomics+0x95/0x310 [ 25.513788] kunit_try_run_case+0x1a5/0x480 [ 25.513976] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.514181] kthread+0x337/0x6f0 [ 25.514348] ret_from_fork+0x116/0x1d0 [ 25.514625] ret_from_fork_asm+0x1a/0x30 [ 25.514940] [ 25.515089] The buggy address belongs to the object at ffff888102c1c600 [ 25.515089] which belongs to the cache kmalloc-64 of size 64 [ 25.515852] The buggy address is located 0 bytes to the right of [ 25.515852] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.516321] [ 25.516480] The buggy address belongs to the physical page: [ 25.516717] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.517064] flags: 0x200000000000000(node=0|zone=2) [ 25.517247] page_type: f5(slab) [ 25.517480] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.517970] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.518341] page dumped because: kasan: bad access detected [ 25.518585] [ 25.518675] Memory state around the buggy address: [ 25.518863] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.519082] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.519298] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.519707] ^ [ 25.520044] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.520543] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.521028] ================================================================== [ 25.125258] ================================================================== [ 25.125854] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1079/0x5450 [ 25.126402] Write of size 4 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.126956] [ 25.127148] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.127230] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.127256] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.127292] Call Trace: [ 25.127331] <TASK> [ 25.127360] dump_stack_lvl+0x73/0xb0 [ 25.127440] print_report+0xd1/0x650 [ 25.127493] ? __virt_addr_valid+0x1db/0x2d0 [ 25.127546] ? kasan_atomics_helper+0x1079/0x5450 [ 25.127596] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.127652] ? kasan_atomics_helper+0x1079/0x5450 [ 25.127697] kasan_report+0x141/0x180 [ 25.127749] ? kasan_atomics_helper+0x1079/0x5450 [ 25.127808] kasan_check_range+0x10c/0x1c0 [ 25.127901] __kasan_check_write+0x18/0x20 [ 25.127947] kasan_atomics_helper+0x1079/0x5450 [ 25.127999] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.128051] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.128105] ? trace_hardirqs_on+0x37/0xe0 [ 25.128147] ? kasan_atomics+0x152/0x310 [ 25.128199] kasan_atomics+0x1dc/0x310 [ 25.128234] ? __pfx_kasan_atomics+0x10/0x10 [ 25.128270] ? __pfx_kasan_atomics+0x10/0x10 [ 25.128316] kunit_try_run_case+0x1a5/0x480 [ 25.128362] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.128415] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.128458] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.128503] ? __kthread_parkme+0x82/0x180 [ 25.128544] ? preempt_count_sub+0x50/0x80 [ 25.128590] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.128636] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.128682] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.128728] kthread+0x337/0x6f0 [ 25.128765] ? trace_preempt_on+0x20/0xc0 [ 25.128808] ? __pfx_kthread+0x10/0x10 [ 25.128879] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.128923] ? calculate_sigpending+0x7b/0xa0 [ 25.128968] ? __pfx_kthread+0x10/0x10 [ 25.129012] ret_from_fork+0x116/0x1d0 [ 25.129051] ? __pfx_kthread+0x10/0x10 [ 25.129092] ret_from_fork_asm+0x1a/0x30 [ 25.129153] </TASK> [ 25.129178] [ 25.137781] Allocated by task 294: [ 25.138128] kasan_save_stack+0x45/0x70 [ 25.138543] kasan_save_track+0x18/0x40 [ 25.138894] kasan_save_alloc_info+0x3b/0x50 [ 25.139191] __kasan_kmalloc+0xb7/0xc0 [ 25.139341] __kmalloc_cache_noprof+0x189/0x420 [ 25.139502] kasan_atomics+0x95/0x310 [ 25.139735] kunit_try_run_case+0x1a5/0x480 [ 25.140107] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.140565] kthread+0x337/0x6f0 [ 25.140908] ret_from_fork+0x116/0x1d0 [ 25.141244] ret_from_fork_asm+0x1a/0x30 [ 25.141551] [ 25.141709] The buggy address belongs to the object at ffff888102c1c600 [ 25.141709] which belongs to the cache kmalloc-64 of size 64 [ 25.142588] The buggy address is located 0 bytes to the right of [ 25.142588] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.143491] [ 25.143669] The buggy address belongs to the physical page: [ 25.144073] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.144654] flags: 0x200000000000000(node=0|zone=2) [ 25.144853] page_type: f5(slab) [ 25.145116] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.145643] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.146007] page dumped because: kasan: bad access detected [ 25.146200] [ 25.146281] Memory state around the buggy address: [ 25.146433] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.146971] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.147488] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.148027] ^ [ 25.148468] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.149049] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.149553] ================================================================== [ 25.312091] ================================================================== [ 25.312867] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x13b5/0x5450 [ 25.313364] Read of size 8 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.313769] [ 25.313933] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.314027] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.314054] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.314093] Call Trace: [ 25.314121] <TASK> [ 25.314168] dump_stack_lvl+0x73/0xb0 [ 25.314226] print_report+0xd1/0x650 [ 25.314266] ? __virt_addr_valid+0x1db/0x2d0 [ 25.314305] ? kasan_atomics_helper+0x13b5/0x5450 [ 25.314340] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.314401] ? kasan_atomics_helper+0x13b5/0x5450 [ 25.314463] kasan_report+0x141/0x180 [ 25.314504] ? kasan_atomics_helper+0x13b5/0x5450 [ 25.314554] kasan_check_range+0x10c/0x1c0 [ 25.314593] __kasan_check_read+0x15/0x20 [ 25.314634] kasan_atomics_helper+0x13b5/0x5450 [ 25.314676] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.314721] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.314784] ? trace_hardirqs_on+0x37/0xe0 [ 25.314825] ? kasan_atomics+0x152/0x310 [ 25.314869] kasan_atomics+0x1dc/0x310 [ 25.314909] ? __pfx_kasan_atomics+0x10/0x10 [ 25.314948] ? __pfx_kasan_atomics+0x10/0x10 [ 25.314997] kunit_try_run_case+0x1a5/0x480 [ 25.315044] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.315088] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.315126] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.315165] ? __kthread_parkme+0x82/0x180 [ 25.315204] ? preempt_count_sub+0x50/0x80 [ 25.315248] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.315313] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.315362] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.315418] kthread+0x337/0x6f0 [ 25.315458] ? trace_preempt_on+0x20/0xc0 [ 25.315498] ? __pfx_kthread+0x10/0x10 [ 25.315518] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.315537] ? calculate_sigpending+0x7b/0xa0 [ 25.315559] ? __pfx_kthread+0x10/0x10 [ 25.315578] ret_from_fork+0x116/0x1d0 [ 25.315596] ? __pfx_kthread+0x10/0x10 [ 25.315614] ret_from_fork_asm+0x1a/0x30 [ 25.315642] </TASK> [ 25.315653] [ 25.324010] Allocated by task 294: [ 25.324373] kasan_save_stack+0x45/0x70 [ 25.324686] kasan_save_track+0x18/0x40 [ 25.325507] kasan_save_alloc_info+0x3b/0x50 [ 25.325728] __kasan_kmalloc+0xb7/0xc0 [ 25.326175] __kmalloc_cache_noprof+0x189/0x420 [ 25.326430] kasan_atomics+0x95/0x310 [ 25.326579] kunit_try_run_case+0x1a5/0x480 [ 25.326740] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.326922] kthread+0x337/0x6f0 [ 25.327060] ret_from_fork+0x116/0x1d0 [ 25.327319] ret_from_fork_asm+0x1a/0x30 [ 25.327619] [ 25.327766] The buggy address belongs to the object at ffff888102c1c600 [ 25.327766] which belongs to the cache kmalloc-64 of size 64 [ 25.328527] The buggy address is located 0 bytes to the right of [ 25.328527] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.329503] [ 25.329641] The buggy address belongs to the physical page: [ 25.329833] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.330321] flags: 0x200000000000000(node=0|zone=2) [ 25.330578] page_type: f5(slab) [ 25.330829] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.331101] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.331328] page dumped because: kasan: bad access detected [ 25.331703] [ 25.331841] Memory state around the buggy address: [ 25.332266] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.332665] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.333224] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.333534] ^ [ 25.333762] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.334182] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.334429] ================================================================== [ 24.914778] ================================================================== [ 24.915245] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xb6a/0x5450 [ 24.915631] Write of size 4 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 24.916050] [ 24.916217] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 24.916300] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.916327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.916364] Call Trace: [ 24.916447] <TASK> [ 24.916493] dump_stack_lvl+0x73/0xb0 [ 24.916546] print_report+0xd1/0x650 [ 24.916599] ? __virt_addr_valid+0x1db/0x2d0 [ 24.916633] ? kasan_atomics_helper+0xb6a/0x5450 [ 24.916668] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.916707] ? kasan_atomics_helper+0xb6a/0x5450 [ 24.916745] kasan_report+0x141/0x180 [ 24.916801] ? kasan_atomics_helper+0xb6a/0x5450 [ 24.916874] kasan_check_range+0x10c/0x1c0 [ 24.916919] __kasan_check_write+0x18/0x20 [ 24.916962] kasan_atomics_helper+0xb6a/0x5450 [ 24.917004] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.917045] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.917090] ? trace_hardirqs_on+0x37/0xe0 [ 24.917130] ? kasan_atomics+0x152/0x310 [ 24.917180] kasan_atomics+0x1dc/0x310 [ 24.917223] ? __pfx_kasan_atomics+0x10/0x10 [ 24.917267] ? __pfx_kasan_atomics+0x10/0x10 [ 24.917312] kunit_try_run_case+0x1a5/0x480 [ 24.917358] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.917414] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.917458] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.917502] ? __kthread_parkme+0x82/0x180 [ 24.917541] ? preempt_count_sub+0x50/0x80 [ 24.917586] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.917627] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.917650] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.917672] kthread+0x337/0x6f0 [ 24.917689] ? trace_preempt_on+0x20/0xc0 [ 24.917709] ? __pfx_kthread+0x10/0x10 [ 24.917727] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.917745] ? calculate_sigpending+0x7b/0xa0 [ 24.917769] ? __pfx_kthread+0x10/0x10 [ 24.917803] ret_from_fork+0x116/0x1d0 [ 24.917861] ? __pfx_kthread+0x10/0x10 [ 24.917893] ret_from_fork_asm+0x1a/0x30 [ 24.917947] </TASK> [ 24.917968] [ 24.926314] Allocated by task 294: [ 24.926638] kasan_save_stack+0x45/0x70 [ 24.927003] kasan_save_track+0x18/0x40 [ 24.927288] kasan_save_alloc_info+0x3b/0x50 [ 24.927589] __kasan_kmalloc+0xb7/0xc0 [ 24.927880] __kmalloc_cache_noprof+0x189/0x420 [ 24.928126] kasan_atomics+0x95/0x310 [ 24.928281] kunit_try_run_case+0x1a5/0x480 [ 24.928536] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.928955] kthread+0x337/0x6f0 [ 24.929210] ret_from_fork+0x116/0x1d0 [ 24.929486] ret_from_fork_asm+0x1a/0x30 [ 24.929742] [ 24.929918] The buggy address belongs to the object at ffff888102c1c600 [ 24.929918] which belongs to the cache kmalloc-64 of size 64 [ 24.930311] The buggy address is located 0 bytes to the right of [ 24.930311] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 24.931172] [ 24.931324] The buggy address belongs to the physical page: [ 24.931531] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 24.931920] flags: 0x200000000000000(node=0|zone=2) [ 24.932237] page_type: f5(slab) [ 24.932514] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.932905] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.933201] page dumped because: kasan: bad access detected [ 24.933396] [ 24.933552] Memory state around the buggy address: [ 24.933907] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.934372] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.935242] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.935482] ^ [ 24.935646] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.935862] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.936074] ================================================================== [ 25.429805] ================================================================== [ 25.430527] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b6/0x5450 [ 25.431410] Write of size 8 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.431709] [ 25.431867] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.431946] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.431960] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.431980] Call Trace: [ 25.431995] <TASK> [ 25.432011] dump_stack_lvl+0x73/0xb0 [ 25.432042] print_report+0xd1/0x650 [ 25.432062] ? __virt_addr_valid+0x1db/0x2d0 [ 25.432083] ? kasan_atomics_helper+0x15b6/0x5450 [ 25.432117] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.432140] ? kasan_atomics_helper+0x15b6/0x5450 [ 25.432159] kasan_report+0x141/0x180 [ 25.432178] ? kasan_atomics_helper+0x15b6/0x5450 [ 25.432201] kasan_check_range+0x10c/0x1c0 [ 25.432221] __kasan_check_write+0x18/0x20 [ 25.432241] kasan_atomics_helper+0x15b6/0x5450 [ 25.432261] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.432279] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.432300] ? trace_hardirqs_on+0x37/0xe0 [ 25.432319] ? kasan_atomics+0x152/0x310 [ 25.432341] kasan_atomics+0x1dc/0x310 [ 25.432360] ? __pfx_kasan_atomics+0x10/0x10 [ 25.432398] ? __pfx_kasan_atomics+0x10/0x10 [ 25.432728] kunit_try_run_case+0x1a5/0x480 [ 25.432756] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.432777] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.432798] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.432818] ? __kthread_parkme+0x82/0x180 [ 25.432859] ? preempt_count_sub+0x50/0x80 [ 25.432880] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.432901] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.432923] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.432944] kthread+0x337/0x6f0 [ 25.432962] ? trace_preempt_on+0x20/0xc0 [ 25.432982] ? __pfx_kthread+0x10/0x10 [ 25.433000] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.433018] ? calculate_sigpending+0x7b/0xa0 [ 25.433039] ? __pfx_kthread+0x10/0x10 [ 25.433057] ret_from_fork+0x116/0x1d0 [ 25.433074] ? __pfx_kthread+0x10/0x10 [ 25.433093] ret_from_fork_asm+0x1a/0x30 [ 25.433120] </TASK> [ 25.433132] [ 25.441741] Allocated by task 294: [ 25.442027] kasan_save_stack+0x45/0x70 [ 25.442342] kasan_save_track+0x18/0x40 [ 25.442654] kasan_save_alloc_info+0x3b/0x50 [ 25.443066] __kasan_kmalloc+0xb7/0xc0 [ 25.443309] __kmalloc_cache_noprof+0x189/0x420 [ 25.443615] kasan_atomics+0x95/0x310 [ 25.443886] kunit_try_run_case+0x1a5/0x480 [ 25.444059] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.444246] kthread+0x337/0x6f0 [ 25.444396] ret_from_fork+0x116/0x1d0 [ 25.444540] ret_from_fork_asm+0x1a/0x30 [ 25.444690] [ 25.444843] The buggy address belongs to the object at ffff888102c1c600 [ 25.444843] which belongs to the cache kmalloc-64 of size 64 [ 25.445831] The buggy address is located 0 bytes to the right of [ 25.445831] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.446899] [ 25.446988] The buggy address belongs to the physical page: [ 25.447161] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.447410] flags: 0x200000000000000(node=0|zone=2) [ 25.447588] page_type: f5(slab) [ 25.447723] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.448204] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.448728] page dumped because: kasan: bad access detected [ 25.449201] [ 25.449335] Memory state around the buggy address: [ 25.449676] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.451165] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.451659] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.452219] ^ [ 25.452589] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.453097] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.453815] ================================================================== [ 25.335125] ================================================================== [ 25.335820] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4eae/0x5450 [ 25.336086] Read of size 8 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.336313] [ 25.336448] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.336520] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.336547] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.336584] Call Trace: [ 25.336612] <TASK> [ 25.336640] dump_stack_lvl+0x73/0xb0 [ 25.336691] print_report+0xd1/0x650 [ 25.336733] ? __virt_addr_valid+0x1db/0x2d0 [ 25.336776] ? kasan_atomics_helper+0x4eae/0x5450 [ 25.336815] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.336856] ? kasan_atomics_helper+0x4eae/0x5450 [ 25.336897] kasan_report+0x141/0x180 [ 25.336987] ? kasan_atomics_helper+0x4eae/0x5450 [ 25.337041] __asan_report_load8_noabort+0x18/0x20 [ 25.337086] kasan_atomics_helper+0x4eae/0x5450 [ 25.337154] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.337189] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.337227] ? trace_hardirqs_on+0x37/0xe0 [ 25.337263] ? kasan_atomics+0x152/0x310 [ 25.337313] kasan_atomics+0x1dc/0x310 [ 25.337357] ? __pfx_kasan_atomics+0x10/0x10 [ 25.337423] ? __pfx_kasan_atomics+0x10/0x10 [ 25.337476] kunit_try_run_case+0x1a5/0x480 [ 25.337524] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.337564] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.337606] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.337649] ? __kthread_parkme+0x82/0x180 [ 25.337689] ? preempt_count_sub+0x50/0x80 [ 25.337734] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.337781] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.337825] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.337868] kthread+0x337/0x6f0 [ 25.337906] ? trace_preempt_on+0x20/0xc0 [ 25.337947] ? __pfx_kthread+0x10/0x10 [ 25.337988] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.338042] ? calculate_sigpending+0x7b/0xa0 [ 25.338090] ? __pfx_kthread+0x10/0x10 [ 25.338138] ret_from_fork+0x116/0x1d0 [ 25.338180] ? __pfx_kthread+0x10/0x10 [ 25.338225] ret_from_fork_asm+0x1a/0x30 [ 25.338291] </TASK> [ 25.338319] [ 25.345932] Allocated by task 294: [ 25.346106] kasan_save_stack+0x45/0x70 [ 25.346286] kasan_save_track+0x18/0x40 [ 25.346588] kasan_save_alloc_info+0x3b/0x50 [ 25.346919] __kasan_kmalloc+0xb7/0xc0 [ 25.347211] __kmalloc_cache_noprof+0x189/0x420 [ 25.347658] kasan_atomics+0x95/0x310 [ 25.347964] kunit_try_run_case+0x1a5/0x480 [ 25.348269] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.348642] kthread+0x337/0x6f0 [ 25.348891] ret_from_fork+0x116/0x1d0 [ 25.349144] ret_from_fork_asm+0x1a/0x30 [ 25.349441] [ 25.349591] The buggy address belongs to the object at ffff888102c1c600 [ 25.349591] which belongs to the cache kmalloc-64 of size 64 [ 25.350055] The buggy address is located 0 bytes to the right of [ 25.350055] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.350440] [ 25.350538] The buggy address belongs to the physical page: [ 25.350729] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.350981] flags: 0x200000000000000(node=0|zone=2) [ 25.351156] page_type: f5(slab) [ 25.351336] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.351837] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.352485] page dumped because: kasan: bad access detected [ 25.352845] [ 25.353003] Memory state around the buggy address: [ 25.353335] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.353805] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.354302] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.354714] ^ [ 25.355012] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.356189] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.356626] ================================================================== [ 24.936759] ================================================================== [ 24.937302] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xc70/0x5450 [ 24.937786] Write of size 4 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 24.938208] [ 24.938353] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 24.938449] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.938476] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.938514] Call Trace: [ 24.938543] <TASK> [ 24.938572] dump_stack_lvl+0x73/0xb0 [ 24.938626] print_report+0xd1/0x650 [ 24.938670] ? __virt_addr_valid+0x1db/0x2d0 [ 24.938710] ? kasan_atomics_helper+0xc70/0x5450 [ 24.938750] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.938796] ? kasan_atomics_helper+0xc70/0x5450 [ 24.938868] kasan_report+0x141/0x180 [ 24.938914] ? kasan_atomics_helper+0xc70/0x5450 [ 24.938965] kasan_check_range+0x10c/0x1c0 [ 24.939009] __kasan_check_write+0x18/0x20 [ 24.939052] kasan_atomics_helper+0xc70/0x5450 [ 24.939092] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.939132] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.939178] ? trace_hardirqs_on+0x37/0xe0 [ 24.939218] ? kasan_atomics+0x152/0x310 [ 24.939266] kasan_atomics+0x1dc/0x310 [ 24.939310] ? __pfx_kasan_atomics+0x10/0x10 [ 24.939354] ? __pfx_kasan_atomics+0x10/0x10 [ 24.939416] kunit_try_run_case+0x1a5/0x480 [ 24.939465] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.939508] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.939550] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.939595] ? __kthread_parkme+0x82/0x180 [ 24.939635] ? preempt_count_sub+0x50/0x80 [ 24.939681] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.939726] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.939771] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.939815] kthread+0x337/0x6f0 [ 24.939879] ? trace_preempt_on+0x20/0xc0 [ 24.939923] ? __pfx_kthread+0x10/0x10 [ 24.939965] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.940006] ? calculate_sigpending+0x7b/0xa0 [ 24.940052] ? __pfx_kthread+0x10/0x10 [ 24.940125] ret_from_fork+0x116/0x1d0 [ 24.940163] ? __pfx_kthread+0x10/0x10 [ 24.940203] ret_from_fork_asm+0x1a/0x30 [ 24.940265] </TASK> [ 24.940288] [ 24.947869] Allocated by task 294: [ 24.948142] kasan_save_stack+0x45/0x70 [ 24.948444] kasan_save_track+0x18/0x40 [ 24.948722] kasan_save_alloc_info+0x3b/0x50 [ 24.949016] __kasan_kmalloc+0xb7/0xc0 [ 24.949283] __kmalloc_cache_noprof+0x189/0x420 [ 24.949527] kasan_atomics+0x95/0x310 [ 24.949758] kunit_try_run_case+0x1a5/0x480 [ 24.949998] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.950234] kthread+0x337/0x6f0 [ 24.950395] ret_from_fork+0x116/0x1d0 [ 24.950678] ret_from_fork_asm+0x1a/0x30 [ 24.950998] [ 24.951125] The buggy address belongs to the object at ffff888102c1c600 [ 24.951125] which belongs to the cache kmalloc-64 of size 64 [ 24.951776] The buggy address is located 0 bytes to the right of [ 24.951776] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 24.952154] [ 24.952245] The buggy address belongs to the physical page: [ 24.952435] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 24.952678] flags: 0x200000000000000(node=0|zone=2) [ 24.952879] page_type: f5(slab) [ 24.953016] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.953249] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.953593] page dumped because: kasan: bad access detected [ 24.953967] [ 24.954129] Memory state around the buggy address: [ 24.954484] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.954989] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.955455] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.955923] ^ [ 24.956228] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.956670] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.957103] ================================================================== [ 25.262406] ================================================================== [ 25.262976] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12e6/0x5450 [ 25.263473] Write of size 4 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.263948] [ 25.264113] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.264187] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.264200] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.264220] Call Trace: [ 25.264234] <TASK> [ 25.264249] dump_stack_lvl+0x73/0xb0 [ 25.264275] print_report+0xd1/0x650 [ 25.264295] ? __virt_addr_valid+0x1db/0x2d0 [ 25.264315] ? kasan_atomics_helper+0x12e6/0x5450 [ 25.264333] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.264356] ? kasan_atomics_helper+0x12e6/0x5450 [ 25.264421] kasan_report+0x141/0x180 [ 25.264461] ? kasan_atomics_helper+0x12e6/0x5450 [ 25.264500] kasan_check_range+0x10c/0x1c0 [ 25.264534] __kasan_check_write+0x18/0x20 [ 25.264572] kasan_atomics_helper+0x12e6/0x5450 [ 25.264611] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.264649] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.264692] ? trace_hardirqs_on+0x37/0xe0 [ 25.264731] ? kasan_atomics+0x152/0x310 [ 25.264780] kasan_atomics+0x1dc/0x310 [ 25.264823] ? __pfx_kasan_atomics+0x10/0x10 [ 25.264880] ? __pfx_kasan_atomics+0x10/0x10 [ 25.264931] kunit_try_run_case+0x1a5/0x480 [ 25.264980] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.265021] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.265064] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.265108] ? __kthread_parkme+0x82/0x180 [ 25.265148] ? preempt_count_sub+0x50/0x80 [ 25.265192] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.265238] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.265285] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.265330] kthread+0x337/0x6f0 [ 25.265369] ? trace_preempt_on+0x20/0xc0 [ 25.265427] ? __pfx_kthread+0x10/0x10 [ 25.265467] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.265509] ? calculate_sigpending+0x7b/0xa0 [ 25.265554] ? __pfx_kthread+0x10/0x10 [ 25.265597] ret_from_fork+0x116/0x1d0 [ 25.265636] ? __pfx_kthread+0x10/0x10 [ 25.265678] ret_from_fork_asm+0x1a/0x30 [ 25.265738] </TASK> [ 25.265762] [ 25.277354] Allocated by task 294: [ 25.277660] kasan_save_stack+0x45/0x70 [ 25.278048] kasan_save_track+0x18/0x40 [ 25.278407] kasan_save_alloc_info+0x3b/0x50 [ 25.278773] __kasan_kmalloc+0xb7/0xc0 [ 25.279087] __kmalloc_cache_noprof+0x189/0x420 [ 25.279364] kasan_atomics+0x95/0x310 [ 25.279533] kunit_try_run_case+0x1a5/0x480 [ 25.279760] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.280060] kthread+0x337/0x6f0 [ 25.280249] ret_from_fork+0x116/0x1d0 [ 25.280409] ret_from_fork_asm+0x1a/0x30 [ 25.280663] [ 25.280806] The buggy address belongs to the object at ffff888102c1c600 [ 25.280806] which belongs to the cache kmalloc-64 of size 64 [ 25.281310] The buggy address is located 0 bytes to the right of [ 25.281310] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.281714] [ 25.281890] The buggy address belongs to the physical page: [ 25.282255] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.282570] flags: 0x200000000000000(node=0|zone=2) [ 25.282923] page_type: f5(slab) [ 25.283071] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.283565] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.283933] page dumped because: kasan: bad access detected [ 25.284205] [ 25.284292] Memory state around the buggy address: [ 25.284559] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.284920] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.285290] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.285506] ^ [ 25.285796] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.286191] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.286539] ================================================================== [ 25.856285] ================================================================== [ 25.856807] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x2006/0x5450 [ 25.857312] Write of size 8 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.857609] [ 25.857792] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.857872] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.857897] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.857931] Call Trace: [ 25.857965] <TASK> [ 25.857995] dump_stack_lvl+0x73/0xb0 [ 25.858073] print_report+0xd1/0x650 [ 25.858121] ? __virt_addr_valid+0x1db/0x2d0 [ 25.858168] ? kasan_atomics_helper+0x2006/0x5450 [ 25.858211] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.858261] ? kasan_atomics_helper+0x2006/0x5450 [ 25.858303] kasan_report+0x141/0x180 [ 25.858349] ? kasan_atomics_helper+0x2006/0x5450 [ 25.858415] kasan_check_range+0x10c/0x1c0 [ 25.858459] __kasan_check_write+0x18/0x20 [ 25.858504] kasan_atomics_helper+0x2006/0x5450 [ 25.858551] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.858597] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.858645] ? trace_hardirqs_on+0x37/0xe0 [ 25.858686] ? kasan_atomics+0x152/0x310 [ 25.858739] kasan_atomics+0x1dc/0x310 [ 25.858785] ? __pfx_kasan_atomics+0x10/0x10 [ 25.858831] ? __pfx_kasan_atomics+0x10/0x10 [ 25.858900] kunit_try_run_case+0x1a5/0x480 [ 25.858949] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.859013] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.859071] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.859115] ? __kthread_parkme+0x82/0x180 [ 25.859156] ? preempt_count_sub+0x50/0x80 [ 25.859202] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.859246] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.859290] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.859334] kthread+0x337/0x6f0 [ 25.859373] ? trace_preempt_on+0x20/0xc0 [ 25.859428] ? __pfx_kthread+0x10/0x10 [ 25.859470] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.859509] ? calculate_sigpending+0x7b/0xa0 [ 25.859554] ? __pfx_kthread+0x10/0x10 [ 25.859595] ret_from_fork+0x116/0x1d0 [ 25.859633] ? __pfx_kthread+0x10/0x10 [ 25.859672] ret_from_fork_asm+0x1a/0x30 [ 25.859733] </TASK> [ 25.859757] [ 25.868613] Allocated by task 294: [ 25.868834] kasan_save_stack+0x45/0x70 [ 25.869082] kasan_save_track+0x18/0x40 [ 25.869251] kasan_save_alloc_info+0x3b/0x50 [ 25.871541] __kasan_kmalloc+0xb7/0xc0 [ 25.871912] __kmalloc_cache_noprof+0x189/0x420 [ 25.872260] kasan_atomics+0x95/0x310 [ 25.872559] kunit_try_run_case+0x1a5/0x480 [ 25.873192] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.873784] kthread+0x337/0x6f0 [ 25.874394] ret_from_fork+0x116/0x1d0 [ 25.874577] ret_from_fork_asm+0x1a/0x30 [ 25.874741] [ 25.874829] The buggy address belongs to the object at ffff888102c1c600 [ 25.874829] which belongs to the cache kmalloc-64 of size 64 [ 25.875475] The buggy address is located 0 bytes to the right of [ 25.875475] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.876087] [ 25.876265] The buggy address belongs to the physical page: [ 25.876562] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.876939] flags: 0x200000000000000(node=0|zone=2) [ 25.877157] page_type: f5(slab) [ 25.877407] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.877725] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.877945] page dumped because: kasan: bad access detected [ 25.878136] [ 25.878223] Memory state around the buggy address: [ 25.878397] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.878619] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.879115] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.879588] ^ [ 25.879941] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.880450] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.880889] ================================================================== [ 26.027336] ================================================================== [ 26.027566] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5115/0x5450 [ 26.027844] Read of size 8 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 26.028711] [ 26.029442] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 26.029502] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.029516] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.029535] Call Trace: [ 26.029550] <TASK> [ 26.029566] dump_stack_lvl+0x73/0xb0 [ 26.029597] print_report+0xd1/0x650 [ 26.029618] ? __virt_addr_valid+0x1db/0x2d0 [ 26.029638] ? kasan_atomics_helper+0x5115/0x5450 [ 26.029657] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.029679] ? kasan_atomics_helper+0x5115/0x5450 [ 26.029698] kasan_report+0x141/0x180 [ 26.029717] ? kasan_atomics_helper+0x5115/0x5450 [ 26.029739] __asan_report_load8_noabort+0x18/0x20 [ 26.029760] kasan_atomics_helper+0x5115/0x5450 [ 26.029779] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.029800] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.029820] ? trace_hardirqs_on+0x37/0xe0 [ 26.029976] ? kasan_atomics+0x152/0x310 [ 26.030048] kasan_atomics+0x1dc/0x310 [ 26.030120] ? __pfx_kasan_atomics+0x10/0x10 [ 26.030166] ? __pfx_kasan_atomics+0x10/0x10 [ 26.030213] kunit_try_run_case+0x1a5/0x480 [ 26.030252] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.030291] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.030329] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.030368] ? __kthread_parkme+0x82/0x180 [ 26.030421] ? preempt_count_sub+0x50/0x80 [ 26.030462] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.030497] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.030532] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.030572] kthread+0x337/0x6f0 [ 26.030608] ? trace_preempt_on+0x20/0xc0 [ 26.030651] ? __pfx_kthread+0x10/0x10 [ 26.030689] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.030719] ? calculate_sigpending+0x7b/0xa0 [ 26.030742] ? __pfx_kthread+0x10/0x10 [ 26.030760] ret_from_fork+0x116/0x1d0 [ 26.030778] ? __pfx_kthread+0x10/0x10 [ 26.030796] ret_from_fork_asm+0x1a/0x30 [ 26.030824] </TASK> [ 26.030867] [ 26.040878] Allocated by task 294: [ 26.041210] kasan_save_stack+0x45/0x70 [ 26.041555] kasan_save_track+0x18/0x40 [ 26.041887] kasan_save_alloc_info+0x3b/0x50 [ 26.042205] __kasan_kmalloc+0xb7/0xc0 [ 26.042428] __kmalloc_cache_noprof+0x189/0x420 [ 26.042752] kasan_atomics+0x95/0x310 [ 26.043070] kunit_try_run_case+0x1a5/0x480 [ 26.043351] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.043636] kthread+0x337/0x6f0 [ 26.043937] ret_from_fork+0x116/0x1d0 [ 26.044252] ret_from_fork_asm+0x1a/0x30 [ 26.044475] [ 26.044639] The buggy address belongs to the object at ffff888102c1c600 [ 26.044639] which belongs to the cache kmalloc-64 of size 64 [ 26.045297] The buggy address is located 0 bytes to the right of [ 26.045297] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 26.045978] [ 26.046234] The buggy address belongs to the physical page: [ 26.046728] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 26.047371] flags: 0x200000000000000(node=0|zone=2) [ 26.047680] page_type: f5(slab) [ 26.047875] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.048262] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.048662] page dumped because: kasan: bad access detected [ 26.049030] [ 26.049179] Memory state around the buggy address: [ 26.049431] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.049901] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.050197] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.050589] ^ [ 26.050930] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.051197] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.051667] ================================================================== [ 25.927762] ================================================================== [ 25.928014] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fb2/0x5450 [ 25.928250] Read of size 8 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.928611] [ 25.928778] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.928858] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.928884] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.928923] Call Trace: [ 25.928950] <TASK> [ 25.928974] dump_stack_lvl+0x73/0xb0 [ 25.929029] print_report+0xd1/0x650 [ 25.929070] ? __virt_addr_valid+0x1db/0x2d0 [ 25.929110] ? kasan_atomics_helper+0x4fb2/0x5450 [ 25.929150] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.929198] ? kasan_atomics_helper+0x4fb2/0x5450 [ 25.929240] kasan_report+0x141/0x180 [ 25.929284] ? kasan_atomics_helper+0x4fb2/0x5450 [ 25.929335] __asan_report_load8_noabort+0x18/0x20 [ 25.929395] kasan_atomics_helper+0x4fb2/0x5450 [ 25.929441] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.929484] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.929529] ? trace_hardirqs_on+0x37/0xe0 [ 25.929567] ? kasan_atomics+0x152/0x310 [ 25.929617] kasan_atomics+0x1dc/0x310 [ 25.929660] ? __pfx_kasan_atomics+0x10/0x10 [ 25.929702] ? __pfx_kasan_atomics+0x10/0x10 [ 25.929751] kunit_try_run_case+0x1a5/0x480 [ 25.929798] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.929855] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.929895] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.929939] ? __kthread_parkme+0x82/0x180 [ 25.929979] ? preempt_count_sub+0x50/0x80 [ 25.930034] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.930114] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.930164] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.930213] kthread+0x337/0x6f0 [ 25.930253] ? trace_preempt_on+0x20/0xc0 [ 25.930296] ? __pfx_kthread+0x10/0x10 [ 25.930340] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.930398] ? calculate_sigpending+0x7b/0xa0 [ 25.930447] ? __pfx_kthread+0x10/0x10 [ 25.930493] ret_from_fork+0x116/0x1d0 [ 25.930534] ? __pfx_kthread+0x10/0x10 [ 25.930578] ret_from_fork_asm+0x1a/0x30 [ 25.930643] </TASK> [ 25.930669] [ 25.939631] Allocated by task 294: [ 25.939861] kasan_save_stack+0x45/0x70 [ 25.940022] kasan_save_track+0x18/0x40 [ 25.940199] kasan_save_alloc_info+0x3b/0x50 [ 25.940360] __kasan_kmalloc+0xb7/0xc0 [ 25.940728] __kmalloc_cache_noprof+0x189/0x420 [ 25.941110] kasan_atomics+0x95/0x310 [ 25.941392] kunit_try_run_case+0x1a5/0x480 [ 25.941672] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.942090] kthread+0x337/0x6f0 [ 25.942260] ret_from_fork+0x116/0x1d0 [ 25.942534] ret_from_fork_asm+0x1a/0x30 [ 25.942699] [ 25.942795] The buggy address belongs to the object at ffff888102c1c600 [ 25.942795] which belongs to the cache kmalloc-64 of size 64 [ 25.943542] The buggy address is located 0 bytes to the right of [ 25.943542] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.944033] [ 25.944179] The buggy address belongs to the physical page: [ 25.944541] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.944949] flags: 0x200000000000000(node=0|zone=2) [ 25.945128] page_type: f5(slab) [ 25.945266] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.945667] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.946278] page dumped because: kasan: bad access detected [ 25.946545] [ 25.946669] Memory state around the buggy address: [ 25.946979] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.947287] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.947605] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.947921] ^ [ 25.948135] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.948358] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.948582] ================================================================== [ 24.604022] ================================================================== [ 24.604961] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a0/0x5450 [ 24.605124] Write of size 4 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 24.605245] [ 24.605300] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 24.605341] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.605353] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.605371] Call Trace: [ 24.605408] <TASK> [ 24.605424] dump_stack_lvl+0x73/0xb0 [ 24.605450] print_report+0xd1/0x650 [ 24.605469] ? __virt_addr_valid+0x1db/0x2d0 [ 24.605490] ? kasan_atomics_helper+0x4a0/0x5450 [ 24.605507] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.605529] ? kasan_atomics_helper+0x4a0/0x5450 [ 24.605548] kasan_report+0x141/0x180 [ 24.605567] ? kasan_atomics_helper+0x4a0/0x5450 [ 24.605589] kasan_check_range+0x10c/0x1c0 [ 24.605609] __kasan_check_write+0x18/0x20 [ 24.605629] kasan_atomics_helper+0x4a0/0x5450 [ 24.605648] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.605667] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.605688] ? trace_hardirqs_on+0x37/0xe0 [ 24.605706] ? kasan_atomics+0x152/0x310 [ 24.605728] kasan_atomics+0x1dc/0x310 [ 24.605747] ? __pfx_kasan_atomics+0x10/0x10 [ 24.605767] ? __pfx_kasan_atomics+0x10/0x10 [ 24.605790] kunit_try_run_case+0x1a5/0x480 [ 24.605810] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.605835] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.605867] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.605901] ? __kthread_parkme+0x82/0x180 [ 24.605935] ? preempt_count_sub+0x50/0x80 [ 24.605975] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.606347] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.606459] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.606536] kthread+0x337/0x6f0 [ 24.606575] ? trace_preempt_on+0x20/0xc0 [ 24.606788] ? __pfx_kthread+0x10/0x10 [ 24.606852] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.606879] ? calculate_sigpending+0x7b/0xa0 [ 24.606901] ? __pfx_kthread+0x10/0x10 [ 24.606920] ret_from_fork+0x116/0x1d0 [ 24.606939] ? __pfx_kthread+0x10/0x10 [ 24.606957] ret_from_fork_asm+0x1a/0x30 [ 24.606985] </TASK> [ 24.606996] [ 24.617627] Allocated by task 294: [ 24.617783] kasan_save_stack+0x45/0x70 [ 24.618292] kasan_save_track+0x18/0x40 [ 24.618905] kasan_save_alloc_info+0x3b/0x50 [ 24.619245] __kasan_kmalloc+0xb7/0xc0 [ 24.619433] __kmalloc_cache_noprof+0x189/0x420 [ 24.619603] kasan_atomics+0x95/0x310 [ 24.619753] kunit_try_run_case+0x1a5/0x480 [ 24.619941] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.620228] kthread+0x337/0x6f0 [ 24.620499] ret_from_fork+0x116/0x1d0 [ 24.620755] ret_from_fork_asm+0x1a/0x30 [ 24.620937] [ 24.621093] The buggy address belongs to the object at ffff888102c1c600 [ 24.621093] which belongs to the cache kmalloc-64 of size 64 [ 24.621841] The buggy address is located 0 bytes to the right of [ 24.621841] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 24.622496] [ 24.622726] The buggy address belongs to the physical page: [ 24.623227] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 24.623751] flags: 0x200000000000000(node=0|zone=2) [ 24.624623] page_type: f5(slab) [ 24.624903] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.625450] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.625822] page dumped because: kasan: bad access detected [ 24.626200] [ 24.626410] Memory state around the buggy address: [ 24.626615] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.627045] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.627433] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.627771] ^ [ 24.627986] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.628213] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.628573] ================================================================== [ 25.379848] ================================================================== [ 25.380427] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x50d4/0x5450 [ 25.380946] Write of size 8 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.381429] [ 25.381598] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.381683] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.381711] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.381749] Call Trace: [ 25.381776] <TASK> [ 25.381804] dump_stack_lvl+0x73/0xb0 [ 25.381856] print_report+0xd1/0x650 [ 25.381899] ? __virt_addr_valid+0x1db/0x2d0 [ 25.381938] ? kasan_atomics_helper+0x50d4/0x5450 [ 25.381977] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.382032] ? kasan_atomics_helper+0x50d4/0x5450 [ 25.382080] kasan_report+0x141/0x180 [ 25.382146] ? kasan_atomics_helper+0x50d4/0x5450 [ 25.382194] __asan_report_store8_noabort+0x1b/0x30 [ 25.382245] kasan_atomics_helper+0x50d4/0x5450 [ 25.382288] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.382328] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.382390] ? trace_hardirqs_on+0x37/0xe0 [ 25.382436] ? kasan_atomics+0x152/0x310 [ 25.382490] kasan_atomics+0x1dc/0x310 [ 25.382538] ? __pfx_kasan_atomics+0x10/0x10 [ 25.382585] ? __pfx_kasan_atomics+0x10/0x10 [ 25.382641] kunit_try_run_case+0x1a5/0x480 [ 25.382692] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.382737] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.382784] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.382829] ? __kthread_parkme+0x82/0x180 [ 25.382869] ? preempt_count_sub+0x50/0x80 [ 25.382934] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.382979] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.383022] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.383067] kthread+0x337/0x6f0 [ 25.383105] ? trace_preempt_on+0x20/0xc0 [ 25.383148] ? __pfx_kthread+0x10/0x10 [ 25.383187] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.383228] ? calculate_sigpending+0x7b/0xa0 [ 25.383271] ? __pfx_kthread+0x10/0x10 [ 25.383314] ret_from_fork+0x116/0x1d0 [ 25.383351] ? __pfx_kthread+0x10/0x10 [ 25.383404] ret_from_fork_asm+0x1a/0x30 [ 25.383466] </TASK> [ 25.383490] [ 25.392934] Allocated by task 294: [ 25.393092] kasan_save_stack+0x45/0x70 [ 25.393253] kasan_save_track+0x18/0x40 [ 25.394101] kasan_save_alloc_info+0x3b/0x50 [ 25.394328] __kasan_kmalloc+0xb7/0xc0 [ 25.394506] __kmalloc_cache_noprof+0x189/0x420 [ 25.394692] kasan_atomics+0x95/0x310 [ 25.394850] kunit_try_run_case+0x1a5/0x480 [ 25.395057] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.395281] kthread+0x337/0x6f0 [ 25.395440] ret_from_fork+0x116/0x1d0 [ 25.395603] ret_from_fork_asm+0x1a/0x30 [ 25.395780] [ 25.396637] The buggy address belongs to the object at ffff888102c1c600 [ 25.396637] which belongs to the cache kmalloc-64 of size 64 [ 25.397014] The buggy address is located 0 bytes to the right of [ 25.397014] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.398006] [ 25.398158] The buggy address belongs to the physical page: [ 25.398394] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.398609] flags: 0x200000000000000(node=0|zone=2) [ 25.399131] page_type: f5(slab) [ 25.399321] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.399718] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.400195] page dumped because: kasan: bad access detected [ 25.400395] [ 25.400483] Memory state around the buggy address: [ 25.400672] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.401371] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.401728] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.402560] ^ [ 25.402822] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.403124] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.403416] ================================================================== [ 24.841145] ================================================================== [ 24.841927] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x992/0x5450 [ 24.842633] Write of size 4 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 24.843108] [ 24.843235] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 24.843331] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.843356] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.843409] Call Trace: [ 24.843437] <TASK> [ 24.843463] dump_stack_lvl+0x73/0xb0 [ 24.843517] print_report+0xd1/0x650 [ 24.843555] ? __virt_addr_valid+0x1db/0x2d0 [ 24.843582] ? kasan_atomics_helper+0x992/0x5450 [ 24.843601] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.843630] ? kasan_atomics_helper+0x992/0x5450 [ 24.843649] kasan_report+0x141/0x180 [ 24.843669] ? kasan_atomics_helper+0x992/0x5450 [ 24.843691] kasan_check_range+0x10c/0x1c0 [ 24.843711] __kasan_check_write+0x18/0x20 [ 24.843745] kasan_atomics_helper+0x992/0x5450 [ 24.843767] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.843787] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.843807] ? trace_hardirqs_on+0x37/0xe0 [ 24.843826] ? kasan_atomics+0x152/0x310 [ 24.843860] kasan_atomics+0x1dc/0x310 [ 24.843879] ? __pfx_kasan_atomics+0x10/0x10 [ 24.843900] ? __pfx_kasan_atomics+0x10/0x10 [ 24.843922] kunit_try_run_case+0x1a5/0x480 [ 24.843944] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.843963] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.843983] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.844003] ? __kthread_parkme+0x82/0x180 [ 24.844021] ? preempt_count_sub+0x50/0x80 [ 24.844041] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.844062] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.844083] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.844103] kthread+0x337/0x6f0 [ 24.844121] ? trace_preempt_on+0x20/0xc0 [ 24.844140] ? __pfx_kthread+0x10/0x10 [ 24.844158] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.844177] ? calculate_sigpending+0x7b/0xa0 [ 24.844196] ? __pfx_kthread+0x10/0x10 [ 24.844216] ret_from_fork+0x116/0x1d0 [ 24.844233] ? __pfx_kthread+0x10/0x10 [ 24.844251] ret_from_fork_asm+0x1a/0x30 [ 24.844278] </TASK> [ 24.844290] [ 24.854953] Allocated by task 294: [ 24.855112] kasan_save_stack+0x45/0x70 [ 24.855275] kasan_save_track+0x18/0x40 [ 24.855434] kasan_save_alloc_info+0x3b/0x50 [ 24.855593] __kasan_kmalloc+0xb7/0xc0 [ 24.855870] __kmalloc_cache_noprof+0x189/0x420 [ 24.856211] kasan_atomics+0x95/0x310 [ 24.856489] kunit_try_run_case+0x1a5/0x480 [ 24.856777] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.857170] kthread+0x337/0x6f0 [ 24.857417] ret_from_fork+0x116/0x1d0 [ 24.857657] ret_from_fork_asm+0x1a/0x30 [ 24.857978] [ 24.858092] The buggy address belongs to the object at ffff888102c1c600 [ 24.858092] which belongs to the cache kmalloc-64 of size 64 [ 24.858563] The buggy address is located 0 bytes to the right of [ 24.858563] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 24.859391] [ 24.859490] The buggy address belongs to the physical page: [ 24.859667] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 24.860163] flags: 0x200000000000000(node=0|zone=2) [ 24.860536] page_type: f5(slab) [ 24.860778] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.861206] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.861513] page dumped because: kasan: bad access detected [ 24.861935] [ 24.862081] Memory state around the buggy address: [ 24.862286] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.862539] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.862769] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.863018] ^ [ 24.863347] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.863816] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.864296] ================================================================== [ 25.027334] ================================================================== [ 25.028137] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe78/0x5450 [ 25.029579] Write of size 4 at addr ffff888102c1c630 by task kunit_try_catch/294 [ 25.030153] [ 25.030606] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 25.030672] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.030686] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.030706] Call Trace: [ 25.030722] <TASK> [ 25.030738] dump_stack_lvl+0x73/0xb0 [ 25.030771] print_report+0xd1/0x650 [ 25.030791] ? __virt_addr_valid+0x1db/0x2d0 [ 25.030812] ? kasan_atomics_helper+0xe78/0x5450 [ 25.030835] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.030913] ? kasan_atomics_helper+0xe78/0x5450 [ 25.030955] kasan_report+0x141/0x180 [ 25.030998] ? kasan_atomics_helper+0xe78/0x5450 [ 25.031047] kasan_check_range+0x10c/0x1c0 [ 25.031092] __kasan_check_write+0x18/0x20 [ 25.031136] kasan_atomics_helper+0xe78/0x5450 [ 25.031177] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.031239] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.031600] ? trace_hardirqs_on+0x37/0xe0 [ 25.031652] ? kasan_atomics+0x152/0x310 [ 25.031702] kasan_atomics+0x1dc/0x310 [ 25.031746] ? __pfx_kasan_atomics+0x10/0x10 [ 25.031788] ? __pfx_kasan_atomics+0x10/0x10 [ 25.031847] kunit_try_run_case+0x1a5/0x480 [ 25.031897] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.031936] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.032009] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.032073] ? __kthread_parkme+0x82/0x180 [ 25.032118] ? preempt_count_sub+0x50/0x80 [ 25.032166] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.032213] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.032260] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.032304] kthread+0x337/0x6f0 [ 25.032342] ? trace_preempt_on+0x20/0xc0 [ 25.032399] ? __pfx_kthread+0x10/0x10 [ 25.032441] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.032482] ? calculate_sigpending+0x7b/0xa0 [ 25.032507] ? __pfx_kthread+0x10/0x10 [ 25.032527] ret_from_fork+0x116/0x1d0 [ 25.032545] ? __pfx_kthread+0x10/0x10 [ 25.032564] ret_from_fork_asm+0x1a/0x30 [ 25.032591] </TASK> [ 25.032603] [ 25.044024] Allocated by task 294: [ 25.044173] kasan_save_stack+0x45/0x70 [ 25.044496] kasan_save_track+0x18/0x40 [ 25.044724] kasan_save_alloc_info+0x3b/0x50 [ 25.045501] __kasan_kmalloc+0xb7/0xc0 [ 25.045699] __kmalloc_cache_noprof+0x189/0x420 [ 25.046079] kasan_atomics+0x95/0x310 [ 25.046271] kunit_try_run_case+0x1a5/0x480 [ 25.046503] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.046726] kthread+0x337/0x6f0 [ 25.047481] ret_from_fork+0x116/0x1d0 [ 25.047654] ret_from_fork_asm+0x1a/0x30 [ 25.047813] [ 25.047971] The buggy address belongs to the object at ffff888102c1c600 [ 25.047971] which belongs to the cache kmalloc-64 of size 64 [ 25.048481] The buggy address is located 0 bytes to the right of [ 25.048481] allocated 48-byte region [ffff888102c1c600, ffff888102c1c630) [ 25.049115] [ 25.049323] The buggy address belongs to the physical page: [ 25.049692] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 25.050245] flags: 0x200000000000000(node=0|zone=2) [ 25.050525] page_type: f5(slab) [ 25.050867] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.051190] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.051435] page dumped because: kasan: bad access detected [ 25.051784] [ 25.051984] Memory state around the buggy address: [ 25.052373] ffff888102c1c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.052911] ffff888102c1c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.053304] >ffff888102c1c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.053663] ^ [ 25.053956] ffff888102c1c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.054555] ffff888102c1c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.054910] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 24.227104] ================================================================== [ 24.227702] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 24.228435] Write of size 8 at addr ffff888101bb7fa8 by task kunit_try_catch/290 [ 24.228710] [ 24.228869] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 24.228946] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.228964] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.228987] Call Trace: [ 24.229005] <TASK> [ 24.229023] dump_stack_lvl+0x73/0xb0 [ 24.229052] print_report+0xd1/0x650 [ 24.229070] ? __virt_addr_valid+0x1db/0x2d0 [ 24.229091] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 24.229127] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.229170] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 24.229215] kasan_report+0x141/0x180 [ 24.229254] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 24.229305] kasan_check_range+0x10c/0x1c0 [ 24.229336] __kasan_check_write+0x18/0x20 [ 24.229364] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 24.229415] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.229450] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.229480] ? trace_hardirqs_on+0x37/0xe0 [ 24.229510] ? kasan_bitops_generic+0x92/0x1c0 [ 24.229546] kasan_bitops_generic+0x121/0x1c0 [ 24.229577] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.229620] ? __pfx_read_tsc+0x10/0x10 [ 24.229651] ? ktime_get_ts64+0x86/0x230 [ 24.229701] kunit_try_run_case+0x1a5/0x480 [ 24.229743] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.229781] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.229821] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.229854] ? __kthread_parkme+0x82/0x180 [ 24.229886] ? preempt_count_sub+0x50/0x80 [ 24.229927] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.229969] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.230018] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.230095] kthread+0x337/0x6f0 [ 24.230131] ? trace_preempt_on+0x20/0xc0 [ 24.230160] ? __pfx_kthread+0x10/0x10 [ 24.230189] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.230218] ? calculate_sigpending+0x7b/0xa0 [ 24.230247] ? __pfx_kthread+0x10/0x10 [ 24.230274] ret_from_fork+0x116/0x1d0 [ 24.230302] ? __pfx_kthread+0x10/0x10 [ 24.230329] ret_from_fork_asm+0x1a/0x30 [ 24.230398] </TASK> [ 24.230418] [ 24.239462] Allocated by task 290: [ 24.239698] kasan_save_stack+0x45/0x70 [ 24.239945] kasan_save_track+0x18/0x40 [ 24.240276] kasan_save_alloc_info+0x3b/0x50 [ 24.240521] __kasan_kmalloc+0xb7/0xc0 [ 24.240790] __kmalloc_cache_noprof+0x189/0x420 [ 24.241055] kasan_bitops_generic+0x92/0x1c0 [ 24.241280] kunit_try_run_case+0x1a5/0x480 [ 24.241534] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.241717] kthread+0x337/0x6f0 [ 24.241859] ret_from_fork+0x116/0x1d0 [ 24.242135] ret_from_fork_asm+0x1a/0x30 [ 24.242444] [ 24.242605] The buggy address belongs to the object at ffff888101bb7fa0 [ 24.242605] which belongs to the cache kmalloc-16 of size 16 [ 24.243473] The buggy address is located 8 bytes inside of [ 24.243473] allocated 9-byte region [ffff888101bb7fa0, ffff888101bb7fa9) [ 24.243817] [ 24.243902] The buggy address belongs to the physical page: [ 24.244249] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101bb7 [ 24.244794] flags: 0x200000000000000(node=0|zone=2) [ 24.245178] page_type: f5(slab) [ 24.245351] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.245596] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.245880] page dumped because: kasan: bad access detected [ 24.246277] [ 24.246467] Memory state around the buggy address: [ 24.246828] ffff888101bb7e80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.247220] ffff888101bb7f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.247448] >ffff888101bb7f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.247650] ^ [ 24.247803] ffff888101bb8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.248257] ffff888101bb8080: 00 fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 24.248755] ================================================================== [ 24.353668] ================================================================== [ 24.354118] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 24.354447] Write of size 8 at addr ffff888101bb7fa8 by task kunit_try_catch/290 [ 24.354689] [ 24.354798] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 24.354912] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.354939] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.354978] Call Trace: [ 24.355005] <TASK> [ 24.355034] dump_stack_lvl+0x73/0xb0 [ 24.355082] print_report+0xd1/0x650 [ 24.355121] ? __virt_addr_valid+0x1db/0x2d0 [ 24.355160] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 24.355206] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.355250] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 24.355297] kasan_report+0x141/0x180 [ 24.355336] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 24.355396] kasan_check_range+0x10c/0x1c0 [ 24.355432] __kasan_check_write+0x18/0x20 [ 24.355463] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 24.355502] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.355544] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.355579] ? trace_hardirqs_on+0x37/0xe0 [ 24.355608] ? kasan_bitops_generic+0x92/0x1c0 [ 24.355651] kasan_bitops_generic+0x121/0x1c0 [ 24.355689] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.355731] ? __pfx_read_tsc+0x10/0x10 [ 24.355767] ? ktime_get_ts64+0x86/0x230 [ 24.355810] kunit_try_run_case+0x1a5/0x480 [ 24.355887] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.355927] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.355967] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.356008] ? __kthread_parkme+0x82/0x180 [ 24.356045] ? preempt_count_sub+0x50/0x80 [ 24.356088] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.356130] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.356164] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.356196] kthread+0x337/0x6f0 [ 24.356224] ? trace_preempt_on+0x20/0xc0 [ 24.356259] ? __pfx_kthread+0x10/0x10 [ 24.356290] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.356327] ? calculate_sigpending+0x7b/0xa0 [ 24.356366] ? __pfx_kthread+0x10/0x10 [ 24.356419] ret_from_fork+0x116/0x1d0 [ 24.356455] ? __pfx_kthread+0x10/0x10 [ 24.356493] ret_from_fork_asm+0x1a/0x30 [ 24.356552] </TASK> [ 24.356573] [ 24.366048] Allocated by task 290: [ 24.366273] kasan_save_stack+0x45/0x70 [ 24.366452] kasan_save_track+0x18/0x40 [ 24.366610] kasan_save_alloc_info+0x3b/0x50 [ 24.366936] __kasan_kmalloc+0xb7/0xc0 [ 24.367183] __kmalloc_cache_noprof+0x189/0x420 [ 24.367501] kasan_bitops_generic+0x92/0x1c0 [ 24.367680] kunit_try_run_case+0x1a5/0x480 [ 24.367980] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.368185] kthread+0x337/0x6f0 [ 24.368427] ret_from_fork+0x116/0x1d0 [ 24.368619] ret_from_fork_asm+0x1a/0x30 [ 24.368794] [ 24.368906] The buggy address belongs to the object at ffff888101bb7fa0 [ 24.368906] which belongs to the cache kmalloc-16 of size 16 [ 24.369492] The buggy address is located 8 bytes inside of [ 24.369492] allocated 9-byte region [ffff888101bb7fa0, ffff888101bb7fa9) [ 24.370105] [ 24.370205] The buggy address belongs to the physical page: [ 24.370395] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101bb7 [ 24.370634] flags: 0x200000000000000(node=0|zone=2) [ 24.370810] page_type: f5(slab) [ 24.370974] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.371395] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.371819] page dumped because: kasan: bad access detected [ 24.372173] [ 24.372301] Memory state around the buggy address: [ 24.372601] ffff888101bb7e80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.373057] ffff888101bb7f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.373477] >ffff888101bb7f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.373817] ^ [ 24.374082] ffff888101bb8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.374308] ffff888101bb8080: 00 fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 24.374776] ================================================================== [ 24.196522] ================================================================== [ 24.196881] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 24.197706] Write of size 8 at addr ffff888101bb7fa8 by task kunit_try_catch/290 [ 24.198262] [ 24.198396] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 24.198479] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.198615] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.198675] Call Trace: [ 24.198702] <TASK> [ 24.198862] dump_stack_lvl+0x73/0xb0 [ 24.198924] print_report+0xd1/0x650 [ 24.198966] ? __virt_addr_valid+0x1db/0x2d0 [ 24.199002] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 24.199079] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.199133] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 24.199178] kasan_report+0x141/0x180 [ 24.199212] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 24.199262] kasan_check_range+0x10c/0x1c0 [ 24.199541] __kasan_check_write+0x18/0x20 [ 24.199751] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 24.199792] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.199817] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.199855] ? trace_hardirqs_on+0x37/0xe0 [ 24.199876] ? kasan_bitops_generic+0x92/0x1c0 [ 24.199900] kasan_bitops_generic+0x121/0x1c0 [ 24.199919] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.199940] ? __pfx_read_tsc+0x10/0x10 [ 24.199957] ? ktime_get_ts64+0x86/0x230 [ 24.199978] kunit_try_run_case+0x1a5/0x480 [ 24.199998] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.200018] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.200037] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.200087] ? __kthread_parkme+0x82/0x180 [ 24.200117] ? preempt_count_sub+0x50/0x80 [ 24.200147] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.200179] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.200207] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.200228] kthread+0x337/0x6f0 [ 24.200244] ? trace_preempt_on+0x20/0xc0 [ 24.200264] ? __pfx_kthread+0x10/0x10 [ 24.200282] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.200299] ? calculate_sigpending+0x7b/0xa0 [ 24.200319] ? __pfx_kthread+0x10/0x10 [ 24.200337] ret_from_fork+0x116/0x1d0 [ 24.200353] ? __pfx_kthread+0x10/0x10 [ 24.200370] ret_from_fork_asm+0x1a/0x30 [ 24.200416] </TASK> [ 24.200427] [ 24.212200] Allocated by task 290: [ 24.212350] kasan_save_stack+0x45/0x70 [ 24.212666] kasan_save_track+0x18/0x40 [ 24.213009] kasan_save_alloc_info+0x3b/0x50 [ 24.213456] __kasan_kmalloc+0xb7/0xc0 [ 24.214139] __kmalloc_cache_noprof+0x189/0x420 [ 24.214570] kasan_bitops_generic+0x92/0x1c0 [ 24.214747] kunit_try_run_case+0x1a5/0x480 [ 24.214916] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.215103] kthread+0x337/0x6f0 [ 24.215234] ret_from_fork+0x116/0x1d0 [ 24.215387] ret_from_fork_asm+0x1a/0x30 [ 24.215672] [ 24.215810] The buggy address belongs to the object at ffff888101bb7fa0 [ 24.215810] which belongs to the cache kmalloc-16 of size 16 [ 24.216563] The buggy address is located 8 bytes inside of [ 24.216563] allocated 9-byte region [ffff888101bb7fa0, ffff888101bb7fa9) [ 24.218030] [ 24.218326] The buggy address belongs to the physical page: [ 24.218772] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101bb7 [ 24.219341] flags: 0x200000000000000(node=0|zone=2) [ 24.219765] page_type: f5(slab) [ 24.220241] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.220628] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.221487] page dumped because: kasan: bad access detected [ 24.221775] [ 24.221965] Memory state around the buggy address: [ 24.222594] ffff888101bb7e80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.223168] ffff888101bb7f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.223403] >ffff888101bb7f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.223910] ^ [ 24.224350] ffff888101bb8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.225051] ffff888101bb8080: 00 fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 24.225615] ================================================================== [ 24.303623] ================================================================== [ 24.304710] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 24.305264] Write of size 8 at addr ffff888101bb7fa8 by task kunit_try_catch/290 [ 24.305679] [ 24.305919] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 24.306029] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.306056] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.306096] Call Trace: [ 24.306123] <TASK> [ 24.306153] dump_stack_lvl+0x73/0xb0 [ 24.306206] print_report+0xd1/0x650 [ 24.306243] ? __virt_addr_valid+0x1db/0x2d0 [ 24.306283] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 24.306367] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.306447] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 24.306498] kasan_report+0x141/0x180 [ 24.306542] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 24.306601] kasan_check_range+0x10c/0x1c0 [ 24.306647] __kasan_check_write+0x18/0x20 [ 24.306684] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 24.306714] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.306739] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.306762] ? trace_hardirqs_on+0x37/0xe0 [ 24.306782] ? kasan_bitops_generic+0x92/0x1c0 [ 24.306805] kasan_bitops_generic+0x121/0x1c0 [ 24.306837] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.306878] ? __pfx_read_tsc+0x10/0x10 [ 24.306897] ? ktime_get_ts64+0x86/0x230 [ 24.306920] kunit_try_run_case+0x1a5/0x480 [ 24.306943] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.306961] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.306979] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.306999] ? __kthread_parkme+0x82/0x180 [ 24.307016] ? preempt_count_sub+0x50/0x80 [ 24.307035] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.307055] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.307074] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.307093] kthread+0x337/0x6f0 [ 24.307110] ? trace_preempt_on+0x20/0xc0 [ 24.307128] ? __pfx_kthread+0x10/0x10 [ 24.307145] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.307163] ? calculate_sigpending+0x7b/0xa0 [ 24.307182] ? __pfx_kthread+0x10/0x10 [ 24.307200] ret_from_fork+0x116/0x1d0 [ 24.307216] ? __pfx_kthread+0x10/0x10 [ 24.307233] ret_from_fork_asm+0x1a/0x30 [ 24.307260] </TASK> [ 24.307271] [ 24.319107] Allocated by task 290: [ 24.319281] kasan_save_stack+0x45/0x70 [ 24.319475] kasan_save_track+0x18/0x40 [ 24.319642] kasan_save_alloc_info+0x3b/0x50 [ 24.319828] __kasan_kmalloc+0xb7/0xc0 [ 24.320625] __kmalloc_cache_noprof+0x189/0x420 [ 24.320787] kasan_bitops_generic+0x92/0x1c0 [ 24.321012] kunit_try_run_case+0x1a5/0x480 [ 24.321246] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.321496] kthread+0x337/0x6f0 [ 24.321684] ret_from_fork+0x116/0x1d0 [ 24.321904] ret_from_fork_asm+0x1a/0x30 [ 24.322131] [ 24.322277] The buggy address belongs to the object at ffff888101bb7fa0 [ 24.322277] which belongs to the cache kmalloc-16 of size 16 [ 24.322778] The buggy address is located 8 bytes inside of [ 24.322778] allocated 9-byte region [ffff888101bb7fa0, ffff888101bb7fa9) [ 24.323179] [ 24.323356] The buggy address belongs to the physical page: [ 24.323797] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101bb7 [ 24.324400] flags: 0x200000000000000(node=0|zone=2) [ 24.324791] page_type: f5(slab) [ 24.325096] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.325602] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.326085] page dumped because: kasan: bad access detected [ 24.326316] [ 24.326494] Memory state around the buggy address: [ 24.326857] ffff888101bb7e80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.327097] ffff888101bb7f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.327613] >ffff888101bb7f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.328144] ^ [ 24.328420] ffff888101bb8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.328793] ffff888101bb8080: 00 fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 24.329296] ================================================================== [ 24.404673] ================================================================== [ 24.405646] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 24.406466] Read of size 8 at addr ffff888101bb7fa8 by task kunit_try_catch/290 [ 24.406829] [ 24.407473] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 24.407667] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.407681] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.407698] Call Trace: [ 24.407712] <TASK> [ 24.407727] dump_stack_lvl+0x73/0xb0 [ 24.407756] print_report+0xd1/0x650 [ 24.407775] ? __virt_addr_valid+0x1db/0x2d0 [ 24.407793] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 24.407816] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.407858] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 24.407882] kasan_report+0x141/0x180 [ 24.407900] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 24.407926] __asan_report_load8_noabort+0x18/0x20 [ 24.407946] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 24.407968] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.407991] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.408011] ? trace_hardirqs_on+0x37/0xe0 [ 24.408029] ? kasan_bitops_generic+0x92/0x1c0 [ 24.408051] kasan_bitops_generic+0x121/0x1c0 [ 24.408070] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.408091] ? __pfx_read_tsc+0x10/0x10 [ 24.408108] ? ktime_get_ts64+0x86/0x230 [ 24.408128] kunit_try_run_case+0x1a5/0x480 [ 24.408149] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.408167] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.408185] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.408204] ? __kthread_parkme+0x82/0x180 [ 24.408221] ? preempt_count_sub+0x50/0x80 [ 24.408240] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.408260] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.408279] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.408298] kthread+0x337/0x6f0 [ 24.408314] ? trace_preempt_on+0x20/0xc0 [ 24.408332] ? __pfx_kthread+0x10/0x10 [ 24.408349] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.408367] ? calculate_sigpending+0x7b/0xa0 [ 24.408404] ? __pfx_kthread+0x10/0x10 [ 24.408424] ret_from_fork+0x116/0x1d0 [ 24.408440] ? __pfx_kthread+0x10/0x10 [ 24.408457] ret_from_fork_asm+0x1a/0x30 [ 24.408484] </TASK> [ 24.408495] [ 24.420305] Allocated by task 290: [ 24.420563] kasan_save_stack+0x45/0x70 [ 24.420836] kasan_save_track+0x18/0x40 [ 24.421534] kasan_save_alloc_info+0x3b/0x50 [ 24.421705] __kasan_kmalloc+0xb7/0xc0 [ 24.422206] __kmalloc_cache_noprof+0x189/0x420 [ 24.422586] kasan_bitops_generic+0x92/0x1c0 [ 24.423096] kunit_try_run_case+0x1a5/0x480 [ 24.423330] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.423570] kthread+0x337/0x6f0 [ 24.423788] ret_from_fork+0x116/0x1d0 [ 24.424285] ret_from_fork_asm+0x1a/0x30 [ 24.424605] [ 24.424756] The buggy address belongs to the object at ffff888101bb7fa0 [ 24.424756] which belongs to the cache kmalloc-16 of size 16 [ 24.425594] The buggy address is located 8 bytes inside of [ 24.425594] allocated 9-byte region [ffff888101bb7fa0, ffff888101bb7fa9) [ 24.426561] [ 24.426698] The buggy address belongs to the physical page: [ 24.426996] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101bb7 [ 24.427641] flags: 0x200000000000000(node=0|zone=2) [ 24.428029] page_type: f5(slab) [ 24.428176] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.428581] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.429268] page dumped because: kasan: bad access detected [ 24.429513] [ 24.429613] Memory state around the buggy address: [ 24.430034] ffff888101bb7e80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.430588] ffff888101bb7f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.431142] >ffff888101bb7f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.431621] ^ [ 24.431757] ffff888101bb8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.432346] ffff888101bb8080: 00 fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 24.432682] ================================================================== [ 24.249529] ================================================================== [ 24.249857] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 24.250476] Write of size 8 at addr ffff888101bb7fa8 by task kunit_try_catch/290 [ 24.250817] [ 24.250998] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 24.251097] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.251126] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.251158] Call Trace: [ 24.251195] <TASK> [ 24.251222] dump_stack_lvl+0x73/0xb0 [ 24.251274] print_report+0xd1/0x650 [ 24.251314] ? __virt_addr_valid+0x1db/0x2d0 [ 24.251352] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 24.251408] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.251451] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 24.251492] kasan_report+0x141/0x180 [ 24.251528] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 24.251587] kasan_check_range+0x10c/0x1c0 [ 24.251629] __kasan_check_write+0x18/0x20 [ 24.251687] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 24.251731] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.251793] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.251834] ? trace_hardirqs_on+0x37/0xe0 [ 24.251876] ? kasan_bitops_generic+0x92/0x1c0 [ 24.251922] kasan_bitops_generic+0x121/0x1c0 [ 24.251967] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.252010] ? __pfx_read_tsc+0x10/0x10 [ 24.252066] ? ktime_get_ts64+0x86/0x230 [ 24.252109] kunit_try_run_case+0x1a5/0x480 [ 24.252167] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.252206] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.252247] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.252284] ? __kthread_parkme+0x82/0x180 [ 24.252318] ? preempt_count_sub+0x50/0x80 [ 24.252357] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.252421] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.252476] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.252509] kthread+0x337/0x6f0 [ 24.252528] ? trace_preempt_on+0x20/0xc0 [ 24.252548] ? __pfx_kthread+0x10/0x10 [ 24.252566] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.252584] ? calculate_sigpending+0x7b/0xa0 [ 24.252604] ? __pfx_kthread+0x10/0x10 [ 24.252622] ret_from_fork+0x116/0x1d0 [ 24.252639] ? __pfx_kthread+0x10/0x10 [ 24.252656] ret_from_fork_asm+0x1a/0x30 [ 24.252683] </TASK> [ 24.252694] [ 24.262109] Allocated by task 290: [ 24.262423] kasan_save_stack+0x45/0x70 [ 24.262717] kasan_save_track+0x18/0x40 [ 24.263046] kasan_save_alloc_info+0x3b/0x50 [ 24.263227] __kasan_kmalloc+0xb7/0xc0 [ 24.263373] __kmalloc_cache_noprof+0x189/0x420 [ 24.263644] kasan_bitops_generic+0x92/0x1c0 [ 24.263946] kunit_try_run_case+0x1a5/0x480 [ 24.264287] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.264562] kthread+0x337/0x6f0 [ 24.264676] ret_from_fork+0x116/0x1d0 [ 24.264922] ret_from_fork_asm+0x1a/0x30 [ 24.265312] [ 24.265468] The buggy address belongs to the object at ffff888101bb7fa0 [ 24.265468] which belongs to the cache kmalloc-16 of size 16 [ 24.266173] The buggy address is located 8 bytes inside of [ 24.266173] allocated 9-byte region [ffff888101bb7fa0, ffff888101bb7fa9) [ 24.266765] [ 24.266968] The buggy address belongs to the physical page: [ 24.267261] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101bb7 [ 24.267630] flags: 0x200000000000000(node=0|zone=2) [ 24.267853] page_type: f5(slab) [ 24.268149] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.268406] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.268629] page dumped because: kasan: bad access detected [ 24.268800] [ 24.268881] Memory state around the buggy address: [ 24.269039] ffff888101bb7e80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.269252] ffff888101bb7f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.269621] >ffff888101bb7f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.270182] ^ [ 24.270536] ffff888101bb8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.271083] ffff888101bb8080: 00 fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 24.271547] ================================================================== [ 24.329917] ================================================================== [ 24.330357] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 24.330715] Write of size 8 at addr ffff888101bb7fa8 by task kunit_try_catch/290 [ 24.331259] [ 24.331452] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 24.331535] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.331559] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.331594] Call Trace: [ 24.331620] <TASK> [ 24.331647] dump_stack_lvl+0x73/0xb0 [ 24.331698] print_report+0xd1/0x650 [ 24.331730] ? __virt_addr_valid+0x1db/0x2d0 [ 24.331764] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 24.331803] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.331902] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 24.331960] kasan_report+0x141/0x180 [ 24.332002] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 24.332075] kasan_check_range+0x10c/0x1c0 [ 24.332117] __kasan_check_write+0x18/0x20 [ 24.332170] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 24.332215] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.332286] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.332343] ? trace_hardirqs_on+0x37/0xe0 [ 24.332396] ? kasan_bitops_generic+0x92/0x1c0 [ 24.332441] kasan_bitops_generic+0x121/0x1c0 [ 24.332474] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.332496] ? __pfx_read_tsc+0x10/0x10 [ 24.332515] ? ktime_get_ts64+0x86/0x230 [ 24.332535] kunit_try_run_case+0x1a5/0x480 [ 24.332556] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.332574] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.332593] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.332621] ? __kthread_parkme+0x82/0x180 [ 24.332651] ? preempt_count_sub+0x50/0x80 [ 24.332691] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.332731] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.332771] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.332809] kthread+0x337/0x6f0 [ 24.332875] ? trace_preempt_on+0x20/0xc0 [ 24.332913] ? __pfx_kthread+0x10/0x10 [ 24.332964] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.333005] ? calculate_sigpending+0x7b/0xa0 [ 24.333047] ? __pfx_kthread+0x10/0x10 [ 24.333088] ret_from_fork+0x116/0x1d0 [ 24.333122] ? __pfx_kthread+0x10/0x10 [ 24.333144] ret_from_fork_asm+0x1a/0x30 [ 24.333171] </TASK> [ 24.333183] [ 24.342654] Allocated by task 290: [ 24.342967] kasan_save_stack+0x45/0x70 [ 24.343262] kasan_save_track+0x18/0x40 [ 24.343471] kasan_save_alloc_info+0x3b/0x50 [ 24.343710] __kasan_kmalloc+0xb7/0xc0 [ 24.343983] __kmalloc_cache_noprof+0x189/0x420 [ 24.344274] kasan_bitops_generic+0x92/0x1c0 [ 24.344572] kunit_try_run_case+0x1a5/0x480 [ 24.344847] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.345168] kthread+0x337/0x6f0 [ 24.345440] ret_from_fork+0x116/0x1d0 [ 24.345630] ret_from_fork_asm+0x1a/0x30 [ 24.345768] [ 24.345950] The buggy address belongs to the object at ffff888101bb7fa0 [ 24.345950] which belongs to the cache kmalloc-16 of size 16 [ 24.346488] The buggy address is located 8 bytes inside of [ 24.346488] allocated 9-byte region [ffff888101bb7fa0, ffff888101bb7fa9) [ 24.346888] [ 24.346982] The buggy address belongs to the physical page: [ 24.347164] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101bb7 [ 24.347422] flags: 0x200000000000000(node=0|zone=2) [ 24.347769] page_type: f5(slab) [ 24.348048] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.348558] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.349056] page dumped because: kasan: bad access detected [ 24.349452] [ 24.349602] Memory state around the buggy address: [ 24.349951] ffff888101bb7e80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.350435] ffff888101bb7f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.350805] >ffff888101bb7f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.351172] ^ [ 24.351371] ffff888101bb8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.352874] ffff888101bb8080: 00 fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 24.353100] ================================================================== [ 24.274220] ================================================================== [ 24.274535] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 24.275645] Write of size 8 at addr ffff888101bb7fa8 by task kunit_try_catch/290 [ 24.275898] [ 24.276002] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 24.276081] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.276105] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.276140] Call Trace: [ 24.276165] <TASK> [ 24.276193] dump_stack_lvl+0x73/0xb0 [ 24.276244] print_report+0xd1/0x650 [ 24.276285] ? __virt_addr_valid+0x1db/0x2d0 [ 24.276326] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 24.276372] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.276432] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 24.276480] kasan_report+0x141/0x180 [ 24.276520] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 24.276576] kasan_check_range+0x10c/0x1c0 [ 24.276620] __kasan_check_write+0x18/0x20 [ 24.276660] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 24.276708] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.276756] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.276799] ? trace_hardirqs_on+0x37/0xe0 [ 24.276837] ? kasan_bitops_generic+0x92/0x1c0 [ 24.276886] kasan_bitops_generic+0x121/0x1c0 [ 24.276928] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.276971] ? __pfx_read_tsc+0x10/0x10 [ 24.277008] ? ktime_get_ts64+0x86/0x230 [ 24.277051] kunit_try_run_case+0x1a5/0x480 [ 24.277093] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.277134] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.277173] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.277215] ? __kthread_parkme+0x82/0x180 [ 24.277253] ? preempt_count_sub+0x50/0x80 [ 24.277291] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.277324] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.277361] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.277414] kthread+0x337/0x6f0 [ 24.277450] ? trace_preempt_on+0x20/0xc0 [ 24.277491] ? __pfx_kthread+0x10/0x10 [ 24.277530] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.277566] ? calculate_sigpending+0x7b/0xa0 [ 24.277608] ? __pfx_kthread+0x10/0x10 [ 24.277650] ret_from_fork+0x116/0x1d0 [ 24.277676] ? __pfx_kthread+0x10/0x10 [ 24.277720] ret_from_fork_asm+0x1a/0x30 [ 24.277790] </TASK> [ 24.277815] [ 24.291495] Allocated by task 290: [ 24.291650] kasan_save_stack+0x45/0x70 [ 24.292020] kasan_save_track+0x18/0x40 [ 24.292362] kasan_save_alloc_info+0x3b/0x50 [ 24.292726] __kasan_kmalloc+0xb7/0xc0 [ 24.293083] __kmalloc_cache_noprof+0x189/0x420 [ 24.293398] kasan_bitops_generic+0x92/0x1c0 [ 24.293715] kunit_try_run_case+0x1a5/0x480 [ 24.294018] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.294455] kthread+0x337/0x6f0 [ 24.294737] ret_from_fork+0x116/0x1d0 [ 24.294937] ret_from_fork_asm+0x1a/0x30 [ 24.295097] [ 24.295182] The buggy address belongs to the object at ffff888101bb7fa0 [ 24.295182] which belongs to the cache kmalloc-16 of size 16 [ 24.296170] The buggy address is located 8 bytes inside of [ 24.296170] allocated 9-byte region [ffff888101bb7fa0, ffff888101bb7fa9) [ 24.297021] [ 24.297171] The buggy address belongs to the physical page: [ 24.297348] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101bb7 [ 24.297947] flags: 0x200000000000000(node=0|zone=2) [ 24.298419] page_type: f5(slab) [ 24.298614] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.298927] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.299473] page dumped because: kasan: bad access detected [ 24.299858] [ 24.300033] Memory state around the buggy address: [ 24.300224] ffff888101bb7e80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.300457] ffff888101bb7f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.301064] >ffff888101bb7f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.301557] ^ [ 24.301944] ffff888101bb8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.302186] ffff888101bb8080: 00 fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 24.302558] ================================================================== [ 24.375692] ================================================================== [ 24.376040] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 24.376434] Read of size 8 at addr ffff888101bb7fa8 by task kunit_try_catch/290 [ 24.376654] [ 24.376758] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 24.376861] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.376887] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.376923] Call Trace: [ 24.376951] <TASK> [ 24.376979] dump_stack_lvl+0x73/0xb0 [ 24.377029] print_report+0xd1/0x650 [ 24.377068] ? __virt_addr_valid+0x1db/0x2d0 [ 24.377109] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 24.377155] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.377200] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 24.377248] kasan_report+0x141/0x180 [ 24.377281] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 24.377323] kasan_check_range+0x10c/0x1c0 [ 24.377356] __kasan_check_read+0x15/0x20 [ 24.377402] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 24.377443] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.377489] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.377530] ? trace_hardirqs_on+0x37/0xe0 [ 24.377568] ? kasan_bitops_generic+0x92/0x1c0 [ 24.377616] kasan_bitops_generic+0x121/0x1c0 [ 24.377658] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.377701] ? __pfx_read_tsc+0x10/0x10 [ 24.377739] ? ktime_get_ts64+0x86/0x230 [ 24.377784] kunit_try_run_case+0x1a5/0x480 [ 24.377857] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.377900] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.377941] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.377985] ? __kthread_parkme+0x82/0x180 [ 24.378033] ? preempt_count_sub+0x50/0x80 [ 24.378081] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.378129] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.378174] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.378220] kthread+0x337/0x6f0 [ 24.378259] ? trace_preempt_on+0x20/0xc0 [ 24.378303] ? __pfx_kthread+0x10/0x10 [ 24.378344] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.378397] ? calculate_sigpending+0x7b/0xa0 [ 24.378441] ? __pfx_kthread+0x10/0x10 [ 24.378473] ret_from_fork+0x116/0x1d0 [ 24.378502] ? __pfx_kthread+0x10/0x10 [ 24.378534] ret_from_fork_asm+0x1a/0x30 [ 24.378591] </TASK> [ 24.378612] [ 24.391567] Allocated by task 290: [ 24.391751] kasan_save_stack+0x45/0x70 [ 24.391890] kasan_save_track+0x18/0x40 [ 24.392528] kasan_save_alloc_info+0x3b/0x50 [ 24.392692] __kasan_kmalloc+0xb7/0xc0 [ 24.393231] __kmalloc_cache_noprof+0x189/0x420 [ 24.393496] kasan_bitops_generic+0x92/0x1c0 [ 24.394056] kunit_try_run_case+0x1a5/0x480 [ 24.394222] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.394793] kthread+0x337/0x6f0 [ 24.395247] ret_from_fork+0x116/0x1d0 [ 24.395442] ret_from_fork_asm+0x1a/0x30 [ 24.395622] [ 24.395716] The buggy address belongs to the object at ffff888101bb7fa0 [ 24.395716] which belongs to the cache kmalloc-16 of size 16 [ 24.396704] The buggy address is located 8 bytes inside of [ 24.396704] allocated 9-byte region [ffff888101bb7fa0, ffff888101bb7fa9) [ 24.397442] [ 24.397588] The buggy address belongs to the physical page: [ 24.398261] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101bb7 [ 24.398562] flags: 0x200000000000000(node=0|zone=2) [ 24.398879] page_type: f5(slab) [ 24.399196] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.399511] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.399797] page dumped because: kasan: bad access detected [ 24.400764] [ 24.400892] Memory state around the buggy address: [ 24.401072] ffff888101bb7e80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.401334] ffff888101bb7f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.401864] >ffff888101bb7f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.402270] ^ [ 24.402523] ffff888101bb8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.402861] ffff888101bb8080: 00 fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 24.403715] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 24.163860] ================================================================== [ 24.164438] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 24.165145] Write of size 8 at addr ffff888101bb7fa8 by task kunit_try_catch/290 [ 24.166280] [ 24.166558] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 24.166648] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.166671] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.166710] Call Trace: [ 24.166735] <TASK> [ 24.166758] dump_stack_lvl+0x73/0xb0 [ 24.166812] print_report+0xd1/0x650 [ 24.166925] ? __virt_addr_valid+0x1db/0x2d0 [ 24.166972] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 24.167013] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.167051] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 24.167095] kasan_report+0x141/0x180 [ 24.167128] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 24.167165] kasan_check_range+0x10c/0x1c0 [ 24.167194] __kasan_check_write+0x18/0x20 [ 24.167222] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 24.167254] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 24.167277] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.167297] ? trace_hardirqs_on+0x37/0xe0 [ 24.167315] ? kasan_bitops_generic+0x92/0x1c0 [ 24.167337] kasan_bitops_generic+0x116/0x1c0 [ 24.167356] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.167391] ? __pfx_read_tsc+0x10/0x10 [ 24.167413] ? ktime_get_ts64+0x86/0x230 [ 24.167434] kunit_try_run_case+0x1a5/0x480 [ 24.167455] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.167473] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.167492] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.167511] ? __kthread_parkme+0x82/0x180 [ 24.167528] ? preempt_count_sub+0x50/0x80 [ 24.167547] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.167567] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.167587] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.167607] kthread+0x337/0x6f0 [ 24.167623] ? trace_preempt_on+0x20/0xc0 [ 24.167641] ? __pfx_kthread+0x10/0x10 [ 24.167658] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.167676] ? calculate_sigpending+0x7b/0xa0 [ 24.167696] ? __pfx_kthread+0x10/0x10 [ 24.167714] ret_from_fork+0x116/0x1d0 [ 24.167729] ? __pfx_kthread+0x10/0x10 [ 24.167746] ret_from_fork_asm+0x1a/0x30 [ 24.167773] </TASK> [ 24.167783] [ 24.181546] Allocated by task 290: [ 24.182388] kasan_save_stack+0x45/0x70 [ 24.182559] kasan_save_track+0x18/0x40 [ 24.183214] kasan_save_alloc_info+0x3b/0x50 [ 24.183392] __kasan_kmalloc+0xb7/0xc0 [ 24.184048] __kmalloc_cache_noprof+0x189/0x420 [ 24.184219] kasan_bitops_generic+0x92/0x1c0 [ 24.184579] kunit_try_run_case+0x1a5/0x480 [ 24.184811] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.185546] kthread+0x337/0x6f0 [ 24.185707] ret_from_fork+0x116/0x1d0 [ 24.185961] ret_from_fork_asm+0x1a/0x30 [ 24.186119] [ 24.186641] The buggy address belongs to the object at ffff888101bb7fa0 [ 24.186641] which belongs to the cache kmalloc-16 of size 16 [ 24.187914] The buggy address is located 8 bytes inside of [ 24.187914] allocated 9-byte region [ffff888101bb7fa0, ffff888101bb7fa9) [ 24.188325] [ 24.188822] The buggy address belongs to the physical page: [ 24.189030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101bb7 [ 24.189518] flags: 0x200000000000000(node=0|zone=2) [ 24.189780] page_type: f5(slab) [ 24.190451] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.190885] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.191126] page dumped because: kasan: bad access detected [ 24.191792] [ 24.191970] Memory state around the buggy address: [ 24.192542] ffff888101bb7e80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.192907] ffff888101bb7f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.193351] >ffff888101bb7f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.193915] ^ [ 24.194181] ffff888101bb8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.194827] ffff888101bb8080: 00 fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 24.195375] ================================================================== [ 23.958481] ================================================================== [ 23.958984] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 23.959753] Write of size 8 at addr ffff888101bb7fa8 by task kunit_try_catch/290 [ 23.960459] [ 23.960623] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 23.960707] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.960727] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.960899] Call Trace: [ 23.960931] <TASK> [ 23.960960] dump_stack_lvl+0x73/0xb0 [ 23.961016] print_report+0xd1/0x650 [ 23.961050] ? __virt_addr_valid+0x1db/0x2d0 [ 23.961097] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 23.961151] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.961291] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 23.961324] kasan_report+0x141/0x180 [ 23.961345] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 23.961372] kasan_check_range+0x10c/0x1c0 [ 23.961421] __kasan_check_write+0x18/0x20 [ 23.961453] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 23.961493] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 23.961532] ? __kmalloc_cache_noprof+0x189/0x420 [ 23.961576] ? trace_hardirqs_on+0x37/0xe0 [ 23.961610] ? kasan_bitops_generic+0x92/0x1c0 [ 23.961672] kasan_bitops_generic+0x116/0x1c0 [ 23.961708] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 23.961748] ? __pfx_read_tsc+0x10/0x10 [ 23.961784] ? ktime_get_ts64+0x86/0x230 [ 23.961822] kunit_try_run_case+0x1a5/0x480 [ 23.961868] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.961904] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.961956] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.961994] ? __kthread_parkme+0x82/0x180 [ 23.962032] ? preempt_count_sub+0x50/0x80 [ 23.962055] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.962085] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.962120] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.962149] kthread+0x337/0x6f0 [ 23.962175] ? trace_preempt_on+0x20/0xc0 [ 23.962204] ? __pfx_kthread+0x10/0x10 [ 23.962230] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.962257] ? calculate_sigpending+0x7b/0xa0 [ 23.962290] ? __pfx_kthread+0x10/0x10 [ 23.962319] ret_from_fork+0x116/0x1d0 [ 23.962345] ? __pfx_kthread+0x10/0x10 [ 23.962372] ret_from_fork_asm+0x1a/0x30 [ 23.962433] </TASK> [ 23.962445] [ 23.973914] Allocated by task 290: [ 23.974244] kasan_save_stack+0x45/0x70 [ 23.974517] kasan_save_track+0x18/0x40 [ 23.974906] kasan_save_alloc_info+0x3b/0x50 [ 23.975214] __kasan_kmalloc+0xb7/0xc0 [ 23.975502] __kmalloc_cache_noprof+0x189/0x420 [ 23.975820] kasan_bitops_generic+0x92/0x1c0 [ 23.976122] kunit_try_run_case+0x1a5/0x480 [ 23.976863] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.977984] kthread+0x337/0x6f0 [ 23.978301] ret_from_fork+0x116/0x1d0 [ 23.978614] ret_from_fork_asm+0x1a/0x30 [ 23.978957] [ 23.979217] The buggy address belongs to the object at ffff888101bb7fa0 [ 23.979217] which belongs to the cache kmalloc-16 of size 16 [ 23.979798] The buggy address is located 8 bytes inside of [ 23.979798] allocated 9-byte region [ffff888101bb7fa0, ffff888101bb7fa9) [ 23.980781] [ 23.980998] The buggy address belongs to the physical page: [ 23.981351] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101bb7 [ 23.982228] flags: 0x200000000000000(node=0|zone=2) [ 23.982637] page_type: f5(slab) [ 23.982940] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 23.983532] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.984040] page dumped because: kasan: bad access detected [ 23.984276] [ 23.984401] Memory state around the buggy address: [ 23.984570] ffff888101bb7e80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 23.985212] ffff888101bb7f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.985691] >ffff888101bb7f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 23.986441] ^ [ 23.986773] ffff888101bb8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.987237] ffff888101bb8080: 00 fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 23.987625] ================================================================== [ 24.105682] ================================================================== [ 24.106167] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 24.106826] Write of size 8 at addr ffff888101bb7fa8 by task kunit_try_catch/290 [ 24.107476] [ 24.107693] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 24.107776] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.107801] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.107832] Call Trace: [ 24.107854] <TASK> [ 24.107875] dump_stack_lvl+0x73/0xb0 [ 24.107925] print_report+0xd1/0x650 [ 24.107959] ? __virt_addr_valid+0x1db/0x2d0 [ 24.107993] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 24.108034] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.108075] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 24.108279] kasan_report+0x141/0x180 [ 24.108316] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 24.108367] kasan_check_range+0x10c/0x1c0 [ 24.108423] __kasan_check_write+0x18/0x20 [ 24.108461] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 24.108507] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 24.108551] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.108592] ? trace_hardirqs_on+0x37/0xe0 [ 24.108629] ? kasan_bitops_generic+0x92/0x1c0 [ 24.108675] kasan_bitops_generic+0x116/0x1c0 [ 24.108709] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.108743] ? __pfx_read_tsc+0x10/0x10 [ 24.108776] ? ktime_get_ts64+0x86/0x230 [ 24.108812] kunit_try_run_case+0x1a5/0x480 [ 24.108849] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.108887] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.108927] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.108968] ? __kthread_parkme+0x82/0x180 [ 24.109003] ? preempt_count_sub+0x50/0x80 [ 24.109046] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.109088] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.109129] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.109171] kthread+0x337/0x6f0 [ 24.109205] ? trace_preempt_on+0x20/0xc0 [ 24.109246] ? __pfx_kthread+0x10/0x10 [ 24.109282] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.109320] ? calculate_sigpending+0x7b/0xa0 [ 24.109486] ? __pfx_kthread+0x10/0x10 [ 24.109514] ret_from_fork+0x116/0x1d0 [ 24.109536] ? __pfx_kthread+0x10/0x10 [ 24.109559] ret_from_fork_asm+0x1a/0x30 [ 24.109595] </TASK> [ 24.109609] [ 24.120914] Allocated by task 290: [ 24.122007] kasan_save_stack+0x45/0x70 [ 24.122330] kasan_save_track+0x18/0x40 [ 24.122477] kasan_save_alloc_info+0x3b/0x50 [ 24.122732] __kasan_kmalloc+0xb7/0xc0 [ 24.123348] __kmalloc_cache_noprof+0x189/0x420 [ 24.123667] kasan_bitops_generic+0x92/0x1c0 [ 24.123853] kunit_try_run_case+0x1a5/0x480 [ 24.124604] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.124796] kthread+0x337/0x6f0 [ 24.124986] ret_from_fork+0x116/0x1d0 [ 24.125518] ret_from_fork_asm+0x1a/0x30 [ 24.125792] [ 24.125902] The buggy address belongs to the object at ffff888101bb7fa0 [ 24.125902] which belongs to the cache kmalloc-16 of size 16 [ 24.126805] The buggy address is located 8 bytes inside of [ 24.126805] allocated 9-byte region [ffff888101bb7fa0, ffff888101bb7fa9) [ 24.127540] [ 24.127676] The buggy address belongs to the physical page: [ 24.128068] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101bb7 [ 24.128855] flags: 0x200000000000000(node=0|zone=2) [ 24.129221] page_type: f5(slab) [ 24.129504] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.129923] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.130236] page dumped because: kasan: bad access detected [ 24.130591] [ 24.130727] Memory state around the buggy address: [ 24.131030] ffff888101bb7e80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.131395] ffff888101bb7f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.131809] >ffff888101bb7f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.132069] ^ [ 24.132364] ffff888101bb8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.132809] ffff888101bb8080: 00 fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 24.133127] ================================================================== [ 24.074611] ================================================================== [ 24.075582] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 24.076134] Write of size 8 at addr ffff888101bb7fa8 by task kunit_try_catch/290 [ 24.077049] [ 24.077301] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 24.077399] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.077424] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.077462] Call Trace: [ 24.077488] <TASK> [ 24.077512] dump_stack_lvl+0x73/0xb0 [ 24.077566] print_report+0xd1/0x650 [ 24.077603] ? __virt_addr_valid+0x1db/0x2d0 [ 24.077635] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 24.077671] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.077710] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 24.077745] kasan_report+0x141/0x180 [ 24.078217] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 24.078286] kasan_check_range+0x10c/0x1c0 [ 24.078331] __kasan_check_write+0x18/0x20 [ 24.078394] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 24.078443] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 24.078492] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.078535] ? trace_hardirqs_on+0x37/0xe0 [ 24.078569] ? kasan_bitops_generic+0x92/0x1c0 [ 24.078618] kasan_bitops_generic+0x116/0x1c0 [ 24.078661] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.078715] ? __pfx_read_tsc+0x10/0x10 [ 24.078768] ? ktime_get_ts64+0x86/0x230 [ 24.078814] kunit_try_run_case+0x1a5/0x480 [ 24.078854] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.078893] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.078930] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.078976] ? __kthread_parkme+0x82/0x180 [ 24.079025] ? preempt_count_sub+0x50/0x80 [ 24.079067] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.079257] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.079303] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.079334] kthread+0x337/0x6f0 [ 24.079357] ? trace_preempt_on+0x20/0xc0 [ 24.079396] ? __pfx_kthread+0x10/0x10 [ 24.079422] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.079447] ? calculate_sigpending+0x7b/0xa0 [ 24.079479] ? __pfx_kthread+0x10/0x10 [ 24.079510] ret_from_fork+0x116/0x1d0 [ 24.079543] ? __pfx_kthread+0x10/0x10 [ 24.079576] ret_from_fork_asm+0x1a/0x30 [ 24.079635] </TASK> [ 24.079656] [ 24.092637] Allocated by task 290: [ 24.092759] kasan_save_stack+0x45/0x70 [ 24.093043] kasan_save_track+0x18/0x40 [ 24.093401] kasan_save_alloc_info+0x3b/0x50 [ 24.094423] __kasan_kmalloc+0xb7/0xc0 [ 24.094665] __kmalloc_cache_noprof+0x189/0x420 [ 24.094824] kasan_bitops_generic+0x92/0x1c0 [ 24.095108] kunit_try_run_case+0x1a5/0x480 [ 24.095401] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.095705] kthread+0x337/0x6f0 [ 24.095947] ret_from_fork+0x116/0x1d0 [ 24.096703] ret_from_fork_asm+0x1a/0x30 [ 24.096957] [ 24.097065] The buggy address belongs to the object at ffff888101bb7fa0 [ 24.097065] which belongs to the cache kmalloc-16 of size 16 [ 24.097643] The buggy address is located 8 bytes inside of [ 24.097643] allocated 9-byte region [ffff888101bb7fa0, ffff888101bb7fa9) [ 24.098767] [ 24.098859] The buggy address belongs to the physical page: [ 24.099585] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101bb7 [ 24.099997] flags: 0x200000000000000(node=0|zone=2) [ 24.100242] page_type: f5(slab) [ 24.100559] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.101117] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.101486] page dumped because: kasan: bad access detected [ 24.101759] [ 24.101879] Memory state around the buggy address: [ 24.102184] ffff888101bb7e80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.102531] ffff888101bb7f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.103035] >ffff888101bb7f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.103352] ^ [ 24.104044] ffff888101bb8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.104509] ffff888101bb8080: 00 fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 24.104835] ================================================================== [ 24.134956] ================================================================== [ 24.135411] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 24.135736] Write of size 8 at addr ffff888101bb7fa8 by task kunit_try_catch/290 [ 24.136169] [ 24.136489] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 24.136591] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.136616] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.136651] Call Trace: [ 24.136676] <TASK> [ 24.136704] dump_stack_lvl+0x73/0xb0 [ 24.136759] print_report+0xd1/0x650 [ 24.136800] ? __virt_addr_valid+0x1db/0x2d0 [ 24.136838] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 24.136880] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.136925] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 24.136968] kasan_report+0x141/0x180 [ 24.137009] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 24.137062] kasan_check_range+0x10c/0x1c0 [ 24.137098] __kasan_check_write+0x18/0x20 [ 24.137134] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 24.137171] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 24.137209] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.137903] ? trace_hardirqs_on+0x37/0xe0 [ 24.137951] ? kasan_bitops_generic+0x92/0x1c0 [ 24.137977] kasan_bitops_generic+0x116/0x1c0 [ 24.137999] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.138033] ? __pfx_read_tsc+0x10/0x10 [ 24.138055] ? ktime_get_ts64+0x86/0x230 [ 24.138099] kunit_try_run_case+0x1a5/0x480 [ 24.138135] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.138163] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.138193] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.138224] ? __kthread_parkme+0x82/0x180 [ 24.138252] ? preempt_count_sub+0x50/0x80 [ 24.138285] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.138307] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.138329] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.138351] kthread+0x337/0x6f0 [ 24.138368] ? trace_preempt_on+0x20/0xc0 [ 24.138410] ? __pfx_kthread+0x10/0x10 [ 24.138429] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.138449] ? calculate_sigpending+0x7b/0xa0 [ 24.138471] ? __pfx_kthread+0x10/0x10 [ 24.138490] ret_from_fork+0x116/0x1d0 [ 24.138507] ? __pfx_kthread+0x10/0x10 [ 24.138526] ret_from_fork_asm+0x1a/0x30 [ 24.138556] </TASK> [ 24.138567] [ 24.148975] Allocated by task 290: [ 24.149619] kasan_save_stack+0x45/0x70 [ 24.150008] kasan_save_track+0x18/0x40 [ 24.150317] kasan_save_alloc_info+0x3b/0x50 [ 24.150592] __kasan_kmalloc+0xb7/0xc0 [ 24.150919] __kmalloc_cache_noprof+0x189/0x420 [ 24.151477] kasan_bitops_generic+0x92/0x1c0 [ 24.151874] kunit_try_run_case+0x1a5/0x480 [ 24.152355] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.152717] kthread+0x337/0x6f0 [ 24.152872] ret_from_fork+0x116/0x1d0 [ 24.153017] ret_from_fork_asm+0x1a/0x30 [ 24.153168] [ 24.153252] The buggy address belongs to the object at ffff888101bb7fa0 [ 24.153252] which belongs to the cache kmalloc-16 of size 16 [ 24.154698] The buggy address is located 8 bytes inside of [ 24.154698] allocated 9-byte region [ffff888101bb7fa0, ffff888101bb7fa9) [ 24.155772] [ 24.156011] The buggy address belongs to the physical page: [ 24.156512] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101bb7 [ 24.156900] flags: 0x200000000000000(node=0|zone=2) [ 24.157674] page_type: f5(slab) [ 24.157869] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.158454] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.159020] page dumped because: kasan: bad access detected [ 24.159566] [ 24.159704] Memory state around the buggy address: [ 24.160028] ffff888101bb7e80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.160686] ffff888101bb7f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.161482] >ffff888101bb7f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.161911] ^ [ 24.162100] ffff888101bb8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.162605] ffff888101bb8080: 00 fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 24.163133] ================================================================== [ 23.988711] ================================================================== [ 23.989208] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 23.989563] Write of size 8 at addr ffff888101bb7fa8 by task kunit_try_catch/290 [ 23.989969] [ 23.990080] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 23.990165] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.990189] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.990224] Call Trace: [ 23.990251] <TASK> [ 23.990278] dump_stack_lvl+0x73/0xb0 [ 23.990328] print_report+0xd1/0x650 [ 23.990368] ? __virt_addr_valid+0x1db/0x2d0 [ 23.990652] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 23.990700] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.990746] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 23.990791] kasan_report+0x141/0x180 [ 23.990841] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 23.990898] kasan_check_range+0x10c/0x1c0 [ 23.990942] __kasan_check_write+0x18/0x20 [ 23.990983] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 23.991029] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 23.991077] ? __kmalloc_cache_noprof+0x189/0x420 [ 23.991120] ? trace_hardirqs_on+0x37/0xe0 [ 23.991159] ? kasan_bitops_generic+0x92/0x1c0 [ 23.991198] kasan_bitops_generic+0x116/0x1c0 [ 23.991227] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 23.991248] ? __pfx_read_tsc+0x10/0x10 [ 23.991266] ? ktime_get_ts64+0x86/0x230 [ 23.991287] kunit_try_run_case+0x1a5/0x480 [ 23.991308] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.991326] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.991345] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.991365] ? __kthread_parkme+0x82/0x180 [ 23.991399] ? preempt_count_sub+0x50/0x80 [ 23.991420] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.991441] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.991460] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.991480] kthread+0x337/0x6f0 [ 23.991496] ? trace_preempt_on+0x20/0xc0 [ 23.991514] ? __pfx_kthread+0x10/0x10 [ 23.991531] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.991549] ? calculate_sigpending+0x7b/0xa0 [ 23.991568] ? __pfx_kthread+0x10/0x10 [ 23.991586] ret_from_fork+0x116/0x1d0 [ 23.991602] ? __pfx_kthread+0x10/0x10 [ 23.991619] ret_from_fork_asm+0x1a/0x30 [ 23.991645] </TASK> [ 23.991656] [ 24.003324] Allocated by task 290: [ 24.003629] kasan_save_stack+0x45/0x70 [ 24.003884] kasan_save_track+0x18/0x40 [ 24.004033] kasan_save_alloc_info+0x3b/0x50 [ 24.004970] __kasan_kmalloc+0xb7/0xc0 [ 24.005409] __kmalloc_cache_noprof+0x189/0x420 [ 24.005781] kasan_bitops_generic+0x92/0x1c0 [ 24.006333] kunit_try_run_case+0x1a5/0x480 [ 24.006645] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.006880] kthread+0x337/0x6f0 [ 24.007292] ret_from_fork+0x116/0x1d0 [ 24.007600] ret_from_fork_asm+0x1a/0x30 [ 24.007934] [ 24.008375] The buggy address belongs to the object at ffff888101bb7fa0 [ 24.008375] which belongs to the cache kmalloc-16 of size 16 [ 24.008941] The buggy address is located 8 bytes inside of [ 24.008941] allocated 9-byte region [ffff888101bb7fa0, ffff888101bb7fa9) [ 24.009863] [ 24.010040] The buggy address belongs to the physical page: [ 24.010589] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101bb7 [ 24.011037] flags: 0x200000000000000(node=0|zone=2) [ 24.011576] page_type: f5(slab) [ 24.011743] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.012552] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.012954] page dumped because: kasan: bad access detected [ 24.013282] [ 24.013445] Memory state around the buggy address: [ 24.013708] ffff888101bb7e80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.014417] ffff888101bb7f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.014887] >ffff888101bb7f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.015449] ^ [ 24.015725] ffff888101bb8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.016321] ffff888101bb8080: 00 fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 24.016729] ================================================================== [ 24.046742] ================================================================== [ 24.047299] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 24.047580] Write of size 8 at addr ffff888101bb7fa8 by task kunit_try_catch/290 [ 24.048240] [ 24.048429] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 24.048504] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.048525] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.048560] Call Trace: [ 24.048586] <TASK> [ 24.048612] dump_stack_lvl+0x73/0xb0 [ 24.048665] print_report+0xd1/0x650 [ 24.048705] ? __virt_addr_valid+0x1db/0x2d0 [ 24.048741] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 24.048914] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.048969] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 24.049017] kasan_report+0x141/0x180 [ 24.049059] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 24.049107] kasan_check_range+0x10c/0x1c0 [ 24.049149] __kasan_check_write+0x18/0x20 [ 24.049199] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 24.049240] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 24.049275] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.049307] ? trace_hardirqs_on+0x37/0xe0 [ 24.049340] ? kasan_bitops_generic+0x92/0x1c0 [ 24.049398] kasan_bitops_generic+0x116/0x1c0 [ 24.049774] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.049864] ? __pfx_read_tsc+0x10/0x10 [ 24.049901] ? ktime_get_ts64+0x86/0x230 [ 24.049949] kunit_try_run_case+0x1a5/0x480 [ 24.050014] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.050057] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.050106] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.050145] ? __kthread_parkme+0x82/0x180 [ 24.050181] ? preempt_count_sub+0x50/0x80 [ 24.050222] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.050489] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.050544] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.050587] kthread+0x337/0x6f0 [ 24.050641] ? trace_preempt_on+0x20/0xc0 [ 24.050682] ? __pfx_kthread+0x10/0x10 [ 24.050720] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.050759] ? calculate_sigpending+0x7b/0xa0 [ 24.050798] ? __pfx_kthread+0x10/0x10 [ 24.050844] ret_from_fork+0x116/0x1d0 [ 24.050881] ? __pfx_kthread+0x10/0x10 [ 24.050935] ret_from_fork_asm+0x1a/0x30 [ 24.050977] </TASK> [ 24.050990] [ 24.061587] Allocated by task 290: [ 24.061850] kasan_save_stack+0x45/0x70 [ 24.062193] kasan_save_track+0x18/0x40 [ 24.062471] kasan_save_alloc_info+0x3b/0x50 [ 24.062773] __kasan_kmalloc+0xb7/0xc0 [ 24.063251] __kmalloc_cache_noprof+0x189/0x420 [ 24.063438] kasan_bitops_generic+0x92/0x1c0 [ 24.063691] kunit_try_run_case+0x1a5/0x480 [ 24.063999] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.064276] kthread+0x337/0x6f0 [ 24.064976] ret_from_fork+0x116/0x1d0 [ 24.065171] ret_from_fork_asm+0x1a/0x30 [ 24.065320] [ 24.065442] The buggy address belongs to the object at ffff888101bb7fa0 [ 24.065442] which belongs to the cache kmalloc-16 of size 16 [ 24.066149] The buggy address is located 8 bytes inside of [ 24.066149] allocated 9-byte region [ffff888101bb7fa0, ffff888101bb7fa9) [ 24.066774] [ 24.066937] The buggy address belongs to the physical page: [ 24.067395] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101bb7 [ 24.067848] flags: 0x200000000000000(node=0|zone=2) [ 24.068570] page_type: f5(slab) [ 24.068770] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.069451] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.070052] page dumped because: kasan: bad access detected [ 24.070574] [ 24.070682] Memory state around the buggy address: [ 24.070853] ffff888101bb7e80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.071424] ffff888101bb7f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.072038] >ffff888101bb7f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.072757] ^ [ 24.073013] ffff888101bb8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.073559] ffff888101bb8080: 00 fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 24.074001] ================================================================== [ 24.017508] ================================================================== [ 24.017780] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 24.018606] Write of size 8 at addr ffff888101bb7fa8 by task kunit_try_catch/290 [ 24.019041] [ 24.019361] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 24.019469] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.019493] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.019542] Call Trace: [ 24.019568] <TASK> [ 24.019592] dump_stack_lvl+0x73/0xb0 [ 24.019652] print_report+0xd1/0x650 [ 24.019705] ? __virt_addr_valid+0x1db/0x2d0 [ 24.019742] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 24.019783] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.019823] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 24.019897] kasan_report+0x141/0x180 [ 24.019956] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 24.020007] kasan_check_range+0x10c/0x1c0 [ 24.020061] __kasan_check_write+0x18/0x20 [ 24.020420] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 24.020468] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 24.020516] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.020557] ? trace_hardirqs_on+0x37/0xe0 [ 24.020608] ? kasan_bitops_generic+0x92/0x1c0 [ 24.020653] kasan_bitops_generic+0x116/0x1c0 [ 24.020696] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.020747] ? __pfx_read_tsc+0x10/0x10 [ 24.020788] ? ktime_get_ts64+0x86/0x230 [ 24.020860] kunit_try_run_case+0x1a5/0x480 [ 24.020893] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.020913] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.020932] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.020952] ? __kthread_parkme+0x82/0x180 [ 24.020970] ? preempt_count_sub+0x50/0x80 [ 24.020989] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.021008] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.021028] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.021047] kthread+0x337/0x6f0 [ 24.021064] ? trace_preempt_on+0x20/0xc0 [ 24.021107] ? __pfx_kthread+0x10/0x10 [ 24.021125] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.021143] ? calculate_sigpending+0x7b/0xa0 [ 24.021162] ? __pfx_kthread+0x10/0x10 [ 24.021180] ret_from_fork+0x116/0x1d0 [ 24.021196] ? __pfx_kthread+0x10/0x10 [ 24.021213] ret_from_fork_asm+0x1a/0x30 [ 24.021240] </TASK> [ 24.021250] [ 24.033707] Allocated by task 290: [ 24.033854] kasan_save_stack+0x45/0x70 [ 24.034163] kasan_save_track+0x18/0x40 [ 24.034484] kasan_save_alloc_info+0x3b/0x50 [ 24.035147] __kasan_kmalloc+0xb7/0xc0 [ 24.035468] __kmalloc_cache_noprof+0x189/0x420 [ 24.035807] kasan_bitops_generic+0x92/0x1c0 [ 24.036026] kunit_try_run_case+0x1a5/0x480 [ 24.036326] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.036678] kthread+0x337/0x6f0 [ 24.036834] ret_from_fork+0x116/0x1d0 [ 24.037334] ret_from_fork_asm+0x1a/0x30 [ 24.037660] [ 24.037996] The buggy address belongs to the object at ffff888101bb7fa0 [ 24.037996] which belongs to the cache kmalloc-16 of size 16 [ 24.038806] The buggy address is located 8 bytes inside of [ 24.038806] allocated 9-byte region [ffff888101bb7fa0, ffff888101bb7fa9) [ 24.039409] [ 24.039682] The buggy address belongs to the physical page: [ 24.039971] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101bb7 [ 24.040295] flags: 0x200000000000000(node=0|zone=2) [ 24.040795] page_type: f5(slab) [ 24.041061] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.041329] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.042040] page dumped because: kasan: bad access detected [ 24.042660] [ 24.042826] Memory state around the buggy address: [ 24.043122] ffff888101bb7e80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.043339] ffff888101bb7f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.043925] >ffff888101bb7f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.044529] ^ [ 24.044692] ffff888101bb8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.045493] ffff888101bb8080: 00 fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 24.045908] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 23.923610] ================================================================== [ 23.924545] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80 [ 23.925083] Read of size 1 at addr ffff8881023cba90 by task kunit_try_catch/288 [ 23.925652] [ 23.925853] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 23.925942] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.925965] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.926023] Call Trace: [ 23.926051] <TASK> [ 23.926079] dump_stack_lvl+0x73/0xb0 [ 23.926132] print_report+0xd1/0x650 [ 23.926172] ? __virt_addr_valid+0x1db/0x2d0 [ 23.926311] ? strnlen+0x73/0x80 [ 23.926351] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.926413] ? strnlen+0x73/0x80 [ 23.926514] kasan_report+0x141/0x180 [ 23.926561] ? strnlen+0x73/0x80 [ 23.926611] __asan_report_load1_noabort+0x18/0x20 [ 23.926654] strnlen+0x73/0x80 [ 23.926707] kasan_strings+0x615/0xe80 [ 23.926758] ? trace_hardirqs_on+0x37/0xe0 [ 23.926801] ? __pfx_kasan_strings+0x10/0x10 [ 23.926837] ? finish_task_switch.isra.0+0x153/0x700 [ 23.926874] ? __switch_to+0x47/0xf50 [ 23.926926] ? __schedule+0x10cc/0x2b60 [ 23.926969] ? __pfx_read_tsc+0x10/0x10 [ 23.927025] ? ktime_get_ts64+0x86/0x230 [ 23.927070] kunit_try_run_case+0x1a5/0x480 [ 23.927232] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.927285] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.927326] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.927362] ? __kthread_parkme+0x82/0x180 [ 23.927414] ? preempt_count_sub+0x50/0x80 [ 23.927466] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.927507] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.927544] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.927582] kthread+0x337/0x6f0 [ 23.927614] ? trace_preempt_on+0x20/0xc0 [ 23.927659] ? __pfx_kthread+0x10/0x10 [ 23.927695] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.927747] ? calculate_sigpending+0x7b/0xa0 [ 23.927789] ? __pfx_kthread+0x10/0x10 [ 23.927826] ret_from_fork+0x116/0x1d0 [ 23.927854] ? __pfx_kthread+0x10/0x10 [ 23.927895] ret_from_fork_asm+0x1a/0x30 [ 23.927959] </TASK> [ 23.927982] [ 23.939479] Allocated by task 288: [ 23.939694] kasan_save_stack+0x45/0x70 [ 23.939978] kasan_save_track+0x18/0x40 [ 23.940217] kasan_save_alloc_info+0x3b/0x50 [ 23.940395] __kasan_kmalloc+0xb7/0xc0 [ 23.940672] __kmalloc_cache_noprof+0x189/0x420 [ 23.940997] kasan_strings+0xc0/0xe80 [ 23.941282] kunit_try_run_case+0x1a5/0x480 [ 23.941541] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.941830] kthread+0x337/0x6f0 [ 23.941970] ret_from_fork+0x116/0x1d0 [ 23.942127] ret_from_fork_asm+0x1a/0x30 [ 23.942420] [ 23.942580] Freed by task 288: [ 23.942825] kasan_save_stack+0x45/0x70 [ 23.943205] kasan_save_track+0x18/0x40 [ 23.943406] kasan_save_free_info+0x3f/0x60 [ 23.943566] __kasan_slab_free+0x56/0x70 [ 23.943713] kfree+0x222/0x3f0 [ 23.943927] kasan_strings+0x2aa/0xe80 [ 23.944304] kunit_try_run_case+0x1a5/0x480 [ 23.944630] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.945063] kthread+0x337/0x6f0 [ 23.945218] ret_from_fork+0x116/0x1d0 [ 23.945364] ret_from_fork_asm+0x1a/0x30 [ 23.945526] [ 23.945611] The buggy address belongs to the object at ffff8881023cba80 [ 23.945611] which belongs to the cache kmalloc-32 of size 32 [ 23.945933] The buggy address is located 16 bytes inside of [ 23.945933] freed 32-byte region [ffff8881023cba80, ffff8881023cbaa0) [ 23.946730] [ 23.946943] The buggy address belongs to the physical page: [ 23.947321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1023cb [ 23.947651] flags: 0x200000000000000(node=0|zone=2) [ 23.947829] page_type: f5(slab) [ 23.948059] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 23.948569] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 23.948959] page dumped because: kasan: bad access detected [ 23.949273] [ 23.949360] Memory state around the buggy address: [ 23.949536] ffff8881023cb980: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 23.949885] ffff8881023cba00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 23.950426] >ffff8881023cba80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 23.950963] ^ [ 23.951120] ffff8881023cbb00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 23.951524] ffff8881023cbb80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 23.951863] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strlen
[ 23.896511] ================================================================== [ 23.896869] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 23.897606] Read of size 1 at addr ffff8881023cba90 by task kunit_try_catch/288 [ 23.898065] [ 23.898221] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 23.898309] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.898324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.898347] Call Trace: [ 23.898361] <TASK> [ 23.898393] dump_stack_lvl+0x73/0xb0 [ 23.898445] print_report+0xd1/0x650 [ 23.898482] ? __virt_addr_valid+0x1db/0x2d0 [ 23.898524] ? strlen+0x8f/0xb0 [ 23.898563] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.898610] ? strlen+0x8f/0xb0 [ 23.898653] kasan_report+0x141/0x180 [ 23.898696] ? strlen+0x8f/0xb0 [ 23.898747] __asan_report_load1_noabort+0x18/0x20 [ 23.898790] strlen+0x8f/0xb0 [ 23.898829] kasan_strings+0x57b/0xe80 [ 23.898910] ? trace_hardirqs_on+0x37/0xe0 [ 23.898950] ? __pfx_kasan_strings+0x10/0x10 [ 23.898986] ? finish_task_switch.isra.0+0x153/0x700 [ 23.899050] ? __switch_to+0x47/0xf50 [ 23.899096] ? __schedule+0x10cc/0x2b60 [ 23.899129] ? __pfx_read_tsc+0x10/0x10 [ 23.899166] ? ktime_get_ts64+0x86/0x230 [ 23.899209] kunit_try_run_case+0x1a5/0x480 [ 23.899254] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.899295] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.899365] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.899421] ? __kthread_parkme+0x82/0x180 [ 23.899458] ? preempt_count_sub+0x50/0x80 [ 23.899487] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.899510] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.899531] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.899551] kthread+0x337/0x6f0 [ 23.899568] ? trace_preempt_on+0x20/0xc0 [ 23.899587] ? __pfx_kthread+0x10/0x10 [ 23.899605] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.899623] ? calculate_sigpending+0x7b/0xa0 [ 23.899644] ? __pfx_kthread+0x10/0x10 [ 23.899662] ret_from_fork+0x116/0x1d0 [ 23.899678] ? __pfx_kthread+0x10/0x10 [ 23.899695] ret_from_fork_asm+0x1a/0x30 [ 23.899723] </TASK> [ 23.899733] [ 23.909414] Allocated by task 288: [ 23.909695] kasan_save_stack+0x45/0x70 [ 23.910042] kasan_save_track+0x18/0x40 [ 23.910294] kasan_save_alloc_info+0x3b/0x50 [ 23.910586] __kasan_kmalloc+0xb7/0xc0 [ 23.910835] __kmalloc_cache_noprof+0x189/0x420 [ 23.911034] kasan_strings+0xc0/0xe80 [ 23.911301] kunit_try_run_case+0x1a5/0x480 [ 23.911566] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.911859] kthread+0x337/0x6f0 [ 23.912076] ret_from_fork+0x116/0x1d0 [ 23.912333] ret_from_fork_asm+0x1a/0x30 [ 23.912496] [ 23.912579] Freed by task 288: [ 23.912699] kasan_save_stack+0x45/0x70 [ 23.912842] kasan_save_track+0x18/0x40 [ 23.913136] kasan_save_free_info+0x3f/0x60 [ 23.913453] __kasan_slab_free+0x56/0x70 [ 23.913746] kfree+0x222/0x3f0 [ 23.914042] kasan_strings+0x2aa/0xe80 [ 23.914333] kunit_try_run_case+0x1a5/0x480 [ 23.914586] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.914771] kthread+0x337/0x6f0 [ 23.914897] ret_from_fork+0x116/0x1d0 [ 23.915125] ret_from_fork_asm+0x1a/0x30 [ 23.915495] [ 23.915646] The buggy address belongs to the object at ffff8881023cba80 [ 23.915646] which belongs to the cache kmalloc-32 of size 32 [ 23.916495] The buggy address is located 16 bytes inside of [ 23.916495] freed 32-byte region [ffff8881023cba80, ffff8881023cbaa0) [ 23.916864] [ 23.917007] The buggy address belongs to the physical page: [ 23.917413] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1023cb [ 23.917936] flags: 0x200000000000000(node=0|zone=2) [ 23.918139] page_type: f5(slab) [ 23.918280] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 23.918525] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 23.918849] page dumped because: kasan: bad access detected [ 23.919212] [ 23.919369] Memory state around the buggy address: [ 23.919859] ffff8881023cb980: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 23.920361] ffff8881023cba00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 23.920646] >ffff8881023cba80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 23.921165] ^ [ 23.921309] ffff8881023cbb00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 23.921533] ffff8881023cbb80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 23.922043] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 23.865713] ================================================================== [ 23.866471] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80 [ 23.866770] Read of size 1 at addr ffff8881023cba90 by task kunit_try_catch/288 [ 23.867025] [ 23.867183] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 23.867263] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.867286] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.867322] Call Trace: [ 23.867348] <TASK> [ 23.867374] dump_stack_lvl+0x73/0xb0 [ 23.867443] print_report+0xd1/0x650 [ 23.867613] ? __virt_addr_valid+0x1db/0x2d0 [ 23.867660] ? kasan_strings+0xcbc/0xe80 [ 23.867700] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.867746] ? kasan_strings+0xcbc/0xe80 [ 23.867785] kasan_report+0x141/0x180 [ 23.867826] ? kasan_strings+0xcbc/0xe80 [ 23.867877] __asan_report_load1_noabort+0x18/0x20 [ 23.867911] kasan_strings+0xcbc/0xe80 [ 23.867940] ? trace_hardirqs_on+0x37/0xe0 [ 23.867976] ? __pfx_kasan_strings+0x10/0x10 [ 23.868033] ? finish_task_switch.isra.0+0x153/0x700 [ 23.868070] ? __switch_to+0x47/0xf50 [ 23.868116] ? __schedule+0x10cc/0x2b60 [ 23.868156] ? __pfx_read_tsc+0x10/0x10 [ 23.868194] ? ktime_get_ts64+0x86/0x230 [ 23.868237] kunit_try_run_case+0x1a5/0x480 [ 23.868281] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.868321] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.868361] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.868419] ? __kthread_parkme+0x82/0x180 [ 23.868460] ? preempt_count_sub+0x50/0x80 [ 23.868503] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.868550] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.868593] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.868634] kthread+0x337/0x6f0 [ 23.868670] ? trace_preempt_on+0x20/0xc0 [ 23.868711] ? __pfx_kthread+0x10/0x10 [ 23.868749] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.868785] ? calculate_sigpending+0x7b/0xa0 [ 23.868824] ? __pfx_kthread+0x10/0x10 [ 23.868856] ret_from_fork+0x116/0x1d0 [ 23.868884] ? __pfx_kthread+0x10/0x10 [ 23.868940] ret_from_fork_asm+0x1a/0x30 [ 23.868995] </TASK> [ 23.869015] [ 23.879391] Allocated by task 288: [ 23.879659] kasan_save_stack+0x45/0x70 [ 23.880105] kasan_save_track+0x18/0x40 [ 23.880974] kasan_save_alloc_info+0x3b/0x50 [ 23.881149] __kasan_kmalloc+0xb7/0xc0 [ 23.881512] __kmalloc_cache_noprof+0x189/0x420 [ 23.881884] kasan_strings+0xc0/0xe80 [ 23.882229] kunit_try_run_case+0x1a5/0x480 [ 23.882647] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.882821] kthread+0x337/0x6f0 [ 23.883256] ret_from_fork+0x116/0x1d0 [ 23.883538] ret_from_fork_asm+0x1a/0x30 [ 23.883986] [ 23.884079] Freed by task 288: [ 23.884184] kasan_save_stack+0x45/0x70 [ 23.884624] kasan_save_track+0x18/0x40 [ 23.885173] kasan_save_free_info+0x3f/0x60 [ 23.885410] __kasan_slab_free+0x56/0x70 [ 23.885548] kfree+0x222/0x3f0 [ 23.886102] kasan_strings+0x2aa/0xe80 [ 23.886395] kunit_try_run_case+0x1a5/0x480 [ 23.886608] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.887113] kthread+0x337/0x6f0 [ 23.887371] ret_from_fork+0x116/0x1d0 [ 23.887561] ret_from_fork_asm+0x1a/0x30 [ 23.887734] [ 23.887819] The buggy address belongs to the object at ffff8881023cba80 [ 23.887819] which belongs to the cache kmalloc-32 of size 32 [ 23.888265] The buggy address is located 16 bytes inside of [ 23.888265] freed 32-byte region [ffff8881023cba80, ffff8881023cbaa0) [ 23.888746] [ 23.889284] The buggy address belongs to the physical page: [ 23.889583] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1023cb [ 23.889834] flags: 0x200000000000000(node=0|zone=2) [ 23.890018] page_type: f5(slab) [ 23.890622] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 23.891282] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 23.891596] page dumped because: kasan: bad access detected [ 23.891821] [ 23.892228] Memory state around the buggy address: [ 23.892727] ffff8881023cb980: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 23.893535] ffff8881023cba00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 23.893833] >ffff8881023cba80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 23.894422] ^ [ 23.894795] ffff8881023cbb00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 23.895198] ffff8881023cbb80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 23.895407] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 23.837650] ================================================================== [ 23.838805] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0 [ 23.839315] Read of size 1 at addr ffff8881023cba90 by task kunit_try_catch/288 [ 23.839695] [ 23.839818] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 23.839905] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.839923] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.839952] Call Trace: [ 23.839973] <TASK> [ 23.839996] dump_stack_lvl+0x73/0xb0 [ 23.840045] print_report+0xd1/0x650 [ 23.840114] ? __virt_addr_valid+0x1db/0x2d0 [ 23.840146] ? strcmp+0xb0/0xc0 [ 23.840176] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.840213] ? strcmp+0xb0/0xc0 [ 23.840243] kasan_report+0x141/0x180 [ 23.840333] ? strcmp+0xb0/0xc0 [ 23.840390] __asan_report_load1_noabort+0x18/0x20 [ 23.840447] strcmp+0xb0/0xc0 [ 23.840487] kasan_strings+0x431/0xe80 [ 23.840515] ? trace_hardirqs_on+0x37/0xe0 [ 23.840551] ? __pfx_kasan_strings+0x10/0x10 [ 23.840584] ? finish_task_switch.isra.0+0x153/0x700 [ 23.840619] ? __switch_to+0x47/0xf50 [ 23.840662] ? __schedule+0x10cc/0x2b60 [ 23.840702] ? __pfx_read_tsc+0x10/0x10 [ 23.840739] ? ktime_get_ts64+0x86/0x230 [ 23.840797] kunit_try_run_case+0x1a5/0x480 [ 23.840868] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.840907] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.840941] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.840962] ? __kthread_parkme+0x82/0x180 [ 23.840989] ? preempt_count_sub+0x50/0x80 [ 23.841021] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.841055] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.841093] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.841150] kthread+0x337/0x6f0 [ 23.841183] ? trace_preempt_on+0x20/0xc0 [ 23.841221] ? __pfx_kthread+0x10/0x10 [ 23.841256] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.841291] ? calculate_sigpending+0x7b/0xa0 [ 23.841333] ? __pfx_kthread+0x10/0x10 [ 23.841400] ret_from_fork+0x116/0x1d0 [ 23.841434] ? __pfx_kthread+0x10/0x10 [ 23.841466] ret_from_fork_asm+0x1a/0x30 [ 23.841517] </TASK> [ 23.841539] [ 23.851829] Allocated by task 288: [ 23.852120] kasan_save_stack+0x45/0x70 [ 23.852308] kasan_save_track+0x18/0x40 [ 23.852516] kasan_save_alloc_info+0x3b/0x50 [ 23.852710] __kasan_kmalloc+0xb7/0xc0 [ 23.852868] __kmalloc_cache_noprof+0x189/0x420 [ 23.853062] kasan_strings+0xc0/0xe80 [ 23.853309] kunit_try_run_case+0x1a5/0x480 [ 23.853623] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.854039] kthread+0x337/0x6f0 [ 23.854306] ret_from_fork+0x116/0x1d0 [ 23.854551] ret_from_fork_asm+0x1a/0x30 [ 23.854718] [ 23.854806] Freed by task 288: [ 23.855041] kasan_save_stack+0x45/0x70 [ 23.855314] kasan_save_track+0x18/0x40 [ 23.855613] kasan_save_free_info+0x3f/0x60 [ 23.855921] __kasan_slab_free+0x56/0x70 [ 23.856084] kfree+0x222/0x3f0 [ 23.856217] kasan_strings+0x2aa/0xe80 [ 23.856368] kunit_try_run_case+0x1a5/0x480 [ 23.856694] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.857160] kthread+0x337/0x6f0 [ 23.857419] ret_from_fork+0x116/0x1d0 [ 23.857609] ret_from_fork_asm+0x1a/0x30 [ 23.857791] [ 23.857881] The buggy address belongs to the object at ffff8881023cba80 [ 23.857881] which belongs to the cache kmalloc-32 of size 32 [ 23.858280] The buggy address is located 16 bytes inside of [ 23.858280] freed 32-byte region [ffff8881023cba80, ffff8881023cbaa0) [ 23.859091] [ 23.859248] The buggy address belongs to the physical page: [ 23.859631] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1023cb [ 23.860291] flags: 0x200000000000000(node=0|zone=2) [ 23.860641] page_type: f5(slab) [ 23.860780] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 23.861373] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 23.861730] page dumped because: kasan: bad access detected [ 23.861912] [ 23.862071] Memory state around the buggy address: [ 23.862449] ffff8881023cb980: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 23.862781] ffff8881023cba00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 23.863253] >ffff8881023cba80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 23.863635] ^ [ 23.863891] ffff8881023cbb00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 23.864191] ffff8881023cbb80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 23.864585] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 23.800314] ================================================================== [ 23.800737] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 23.801174] Read of size 1 at addr ffff8881023cb9d8 by task kunit_try_catch/286 [ 23.801781] [ 23.802001] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 23.802500] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.802571] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.802607] Call Trace: [ 23.802624] <TASK> [ 23.802643] dump_stack_lvl+0x73/0xb0 [ 23.802679] print_report+0xd1/0x650 [ 23.802701] ? __virt_addr_valid+0x1db/0x2d0 [ 23.802723] ? memcmp+0x1b4/0x1d0 [ 23.802744] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.802769] ? memcmp+0x1b4/0x1d0 [ 23.802789] kasan_report+0x141/0x180 [ 23.802810] ? memcmp+0x1b4/0x1d0 [ 23.802840] __asan_report_load1_noabort+0x18/0x20 [ 23.802874] memcmp+0x1b4/0x1d0 [ 23.802912] kasan_memcmp+0x18f/0x390 [ 23.802947] ? trace_hardirqs_on+0x37/0xe0 [ 23.802992] ? __pfx_kasan_memcmp+0x10/0x10 [ 23.803030] ? finish_task_switch.isra.0+0x153/0x700 [ 23.803071] ? __switch_to+0x47/0xf50 [ 23.803152] ? __pfx_read_tsc+0x10/0x10 [ 23.803186] ? ktime_get_ts64+0x86/0x230 [ 23.803223] kunit_try_run_case+0x1a5/0x480 [ 23.803248] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.803269] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.803288] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.803308] ? __kthread_parkme+0x82/0x180 [ 23.803325] ? preempt_count_sub+0x50/0x80 [ 23.803345] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.803365] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.803406] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.803429] kthread+0x337/0x6f0 [ 23.803446] ? trace_preempt_on+0x20/0xc0 [ 23.803466] ? __pfx_kthread+0x10/0x10 [ 23.803484] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.803501] ? calculate_sigpending+0x7b/0xa0 [ 23.803523] ? __pfx_kthread+0x10/0x10 [ 23.803541] ret_from_fork+0x116/0x1d0 [ 23.803557] ? __pfx_kthread+0x10/0x10 [ 23.803575] ret_from_fork_asm+0x1a/0x30 [ 23.803603] </TASK> [ 23.803614] [ 23.816703] Allocated by task 286: [ 23.817435] kasan_save_stack+0x45/0x70 [ 23.817832] kasan_save_track+0x18/0x40 [ 23.817992] kasan_save_alloc_info+0x3b/0x50 [ 23.818420] __kasan_kmalloc+0xb7/0xc0 [ 23.818722] __kmalloc_cache_noprof+0x189/0x420 [ 23.818973] kasan_memcmp+0xb7/0x390 [ 23.819727] kunit_try_run_case+0x1a5/0x480 [ 23.819914] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.820248] kthread+0x337/0x6f0 [ 23.820533] ret_from_fork+0x116/0x1d0 [ 23.820666] ret_from_fork_asm+0x1a/0x30 [ 23.820836] [ 23.821547] The buggy address belongs to the object at ffff8881023cb9c0 [ 23.821547] which belongs to the cache kmalloc-32 of size 32 [ 23.821901] The buggy address is located 0 bytes to the right of [ 23.821901] allocated 24-byte region [ffff8881023cb9c0, ffff8881023cb9d8) [ 23.822586] [ 23.822684] The buggy address belongs to the physical page: [ 23.823081] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1023cb [ 23.824211] flags: 0x200000000000000(node=0|zone=2) [ 23.824640] page_type: f5(slab) [ 23.824899] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 23.825482] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 23.825644] page dumped because: kasan: bad access detected [ 23.825738] [ 23.825778] Memory state around the buggy address: [ 23.826631] ffff8881023cb880: fa fb fb fb fc fc fc fc 00 00 07 fc fc fc fc fc [ 23.827060] ffff8881023cb900: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 23.827371] >ffff8881023cb980: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 23.827856] ^ [ 23.828040] ffff8881023cba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.828903] ffff8881023cba80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.829217] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 23.766317] ================================================================== [ 23.766849] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 23.767951] Read of size 1 at addr ffff8881039afc4a by task kunit_try_catch/282 [ 23.768747] [ 23.768880] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 23.769102] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.769119] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.769147] Call Trace: [ 23.769161] <TASK> [ 23.769179] dump_stack_lvl+0x73/0xb0 [ 23.769226] print_report+0xd1/0x650 [ 23.769246] ? __virt_addr_valid+0x1db/0x2d0 [ 23.769267] ? kasan_alloca_oob_right+0x329/0x390 [ 23.769286] ? kasan_addr_to_slab+0x11/0xa0 [ 23.769303] ? kasan_alloca_oob_right+0x329/0x390 [ 23.769322] kasan_report+0x141/0x180 [ 23.769340] ? kasan_alloca_oob_right+0x329/0x390 [ 23.769362] __asan_report_load1_noabort+0x18/0x20 [ 23.769577] kasan_alloca_oob_right+0x329/0x390 [ 23.769610] ? __kasan_check_write+0x18/0x20 [ 23.769634] ? __pfx_sched_clock_cpu+0x10/0x10 [ 23.769654] ? finish_task_switch.isra.0+0x153/0x700 [ 23.769673] ? rwsem_down_write_slowpath+0x2ce/0x1150 [ 23.769695] ? trace_hardirqs_on+0x37/0xe0 [ 23.769716] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 23.769737] ? __schedule+0x10cc/0x2b60 [ 23.769755] ? __pfx_read_tsc+0x10/0x10 [ 23.769773] ? ktime_get_ts64+0x86/0x230 [ 23.769794] kunit_try_run_case+0x1a5/0x480 [ 23.769815] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.769837] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.769863] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.769881] ? __kthread_parkme+0x82/0x180 [ 23.769899] ? preempt_count_sub+0x50/0x80 [ 23.769918] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.769938] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.769958] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.769977] kthread+0x337/0x6f0 [ 23.769995] ? trace_preempt_on+0x20/0xc0 [ 23.770025] ? __pfx_kthread+0x10/0x10 [ 23.770048] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.770078] ? calculate_sigpending+0x7b/0xa0 [ 23.770145] ? __pfx_kthread+0x10/0x10 [ 23.770175] ret_from_fork+0x116/0x1d0 [ 23.770195] ? __pfx_kthread+0x10/0x10 [ 23.770215] ret_from_fork_asm+0x1a/0x30 [ 23.770246] </TASK> [ 23.770257] [ 23.782340] The buggy address belongs to stack of task kunit_try_catch/282 [ 23.782804] [ 23.782980] The buggy address belongs to the physical page: [ 23.783350] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039af [ 23.783606] flags: 0x200000000000000(node=0|zone=2) [ 23.784207] raw: 0200000000000000 ffffea00040e6bc8 ffffea00040e6bc8 0000000000000000 [ 23.784742] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 23.785344] page dumped because: kasan: bad access detected [ 23.785590] [ 23.785680] Memory state around the buggy address: [ 23.786041] ffff8881039afb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.786537] ffff8881039afb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.787038] >ffff8881039afc00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 23.787812] ^ [ 23.788391] ffff8881039afc80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 23.788795] ffff8881039afd00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 23.789302] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 23.736810] ================================================================== [ 23.737554] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x320/0x380 [ 23.738209] Read of size 1 at addr ffff888103a87c3f by task kunit_try_catch/280 [ 23.738541] [ 23.738937] CPU: 0 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 23.739203] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.739264] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.739295] Call Trace: [ 23.739317] <TASK> [ 23.739339] dump_stack_lvl+0x73/0xb0 [ 23.739406] print_report+0xd1/0x650 [ 23.739440] ? __virt_addr_valid+0x1db/0x2d0 [ 23.739473] ? kasan_alloca_oob_left+0x320/0x380 [ 23.739502] ? kasan_addr_to_slab+0x11/0xa0 [ 23.739531] ? kasan_alloca_oob_left+0x320/0x380 [ 23.739562] kasan_report+0x141/0x180 [ 23.739592] ? kasan_alloca_oob_left+0x320/0x380 [ 23.739629] __asan_report_load1_noabort+0x18/0x20 [ 23.739666] kasan_alloca_oob_left+0x320/0x380 [ 23.739699] ? __kasan_check_write+0x18/0x20 [ 23.739739] ? __pfx_sched_clock_cpu+0x10/0x10 [ 23.739778] ? finish_task_switch.isra.0+0x153/0x700 [ 23.739819] ? rwsem_down_write_slowpath+0x2ce/0x1150 [ 23.739879] ? trace_hardirqs_on+0x37/0xe0 [ 23.739903] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 23.739925] ? __schedule+0x10cc/0x2b60 [ 23.739943] ? __pfx_read_tsc+0x10/0x10 [ 23.739962] ? ktime_get_ts64+0x86/0x230 [ 23.739983] kunit_try_run_case+0x1a5/0x480 [ 23.740005] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.740025] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.740044] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.740074] ? __kthread_parkme+0x82/0x180 [ 23.740128] ? preempt_count_sub+0x50/0x80 [ 23.740162] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.740196] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.740220] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.740243] kthread+0x337/0x6f0 [ 23.740261] ? trace_preempt_on+0x20/0xc0 [ 23.740280] ? __pfx_kthread+0x10/0x10 [ 23.740298] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.740316] ? calculate_sigpending+0x7b/0xa0 [ 23.740337] ? __pfx_kthread+0x10/0x10 [ 23.740356] ret_from_fork+0x116/0x1d0 [ 23.740372] ? __pfx_kthread+0x10/0x10 [ 23.740411] ret_from_fork_asm+0x1a/0x30 [ 23.740438] </TASK> [ 23.740450] [ 23.752844] The buggy address belongs to stack of task kunit_try_catch/280 [ 23.753135] [ 23.753229] The buggy address belongs to the physical page: [ 23.753479] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a87 [ 23.753793] flags: 0x200000000000000(node=0|zone=2) [ 23.754890] raw: 0200000000000000 ffffea00040ea1c8 ffffea00040ea1c8 0000000000000000 [ 23.755154] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 23.755374] page dumped because: kasan: bad access detected [ 23.755540] [ 23.755612] Memory state around the buggy address: [ 23.756411] ffff888103a87b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.756716] ffff888103a87b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.757692] >ffff888103a87c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 23.757984] ^ [ 23.758277] ffff888103a87c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 23.758791] ffff888103a87d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 23.759599] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 23.706640] ================================================================== [ 23.707077] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2b5/0x300 [ 23.707709] Read of size 1 at addr ffff888103a5fd02 by task kunit_try_catch/278 [ 23.708406] [ 23.708569] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 23.708651] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.708667] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.708686] Call Trace: [ 23.708700] <TASK> [ 23.708715] dump_stack_lvl+0x73/0xb0 [ 23.708745] print_report+0xd1/0x650 [ 23.708765] ? __virt_addr_valid+0x1db/0x2d0 [ 23.708787] ? kasan_stack_oob+0x2b5/0x300 [ 23.708815] ? kasan_addr_to_slab+0x11/0xa0 [ 23.709075] ? kasan_stack_oob+0x2b5/0x300 [ 23.709114] kasan_report+0x141/0x180 [ 23.709145] ? kasan_stack_oob+0x2b5/0x300 [ 23.709179] __asan_report_load1_noabort+0x18/0x20 [ 23.709200] kasan_stack_oob+0x2b5/0x300 [ 23.709217] ? __pfx_kasan_stack_oob+0x10/0x10 [ 23.709233] ? finish_task_switch.isra.0+0x153/0x700 [ 23.709251] ? __switch_to+0x47/0xf50 [ 23.709275] ? __schedule+0x10cc/0x2b60 [ 23.709294] ? __pfx_read_tsc+0x10/0x10 [ 23.709311] ? ktime_get_ts64+0x86/0x230 [ 23.709331] kunit_try_run_case+0x1a5/0x480 [ 23.709351] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.709369] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.709410] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.709430] ? __kthread_parkme+0x82/0x180 [ 23.709449] ? preempt_count_sub+0x50/0x80 [ 23.709469] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.709489] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.709509] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.709529] kthread+0x337/0x6f0 [ 23.709545] ? trace_preempt_on+0x20/0xc0 [ 23.709564] ? __pfx_kthread+0x10/0x10 [ 23.709582] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.709599] ? calculate_sigpending+0x7b/0xa0 [ 23.709618] ? __pfx_kthread+0x10/0x10 [ 23.709636] ret_from_fork+0x116/0x1d0 [ 23.709652] ? __pfx_kthread+0x10/0x10 [ 23.709668] ret_from_fork_asm+0x1a/0x30 [ 23.709694] </TASK> [ 23.709706] [ 23.721672] The buggy address belongs to stack of task kunit_try_catch/278 [ 23.722797] and is located at offset 138 in frame: [ 23.723108] kasan_stack_oob+0x0/0x300 [ 23.723557] [ 23.723955] This frame has 4 objects: [ 23.724459] [48, 49) '__assertion' [ 23.724529] [64, 72) 'array' [ 23.724685] [96, 112) '__assertion' [ 23.724864] [128, 138) 'stack_array' [ 23.725156] [ 23.725487] The buggy address belongs to the physical page: [ 23.725794] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a5f [ 23.726720] flags: 0x200000000000000(node=0|zone=2) [ 23.727230] raw: 0200000000000000 ffffea00040e97c8 ffffea00040e97c8 0000000000000000 [ 23.727562] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 23.728430] page dumped because: kasan: bad access detected [ 23.728731] [ 23.728788] Memory state around the buggy address: [ 23.728921] ffff888103a5fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 23.729347] ffff888103a5fc80: f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 [ 23.729655] >ffff888103a5fd00: 02 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 23.730330] ^ [ 23.730511] ffff888103a5fd80: f1 f1 f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 [ 23.730984] ffff888103a5fe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.731496] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 23.677579] ================================================================== [ 23.678466] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x286/0x2d0 [ 23.678906] Read of size 1 at addr ffffffffbbc82ecd by task kunit_try_catch/274 [ 23.679621] [ 23.679817] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 23.679880] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.679893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.679912] Call Trace: [ 23.679926] <TASK> [ 23.679942] dump_stack_lvl+0x73/0xb0 [ 23.679972] print_report+0xd1/0x650 [ 23.679992] ? __virt_addr_valid+0x1db/0x2d0 [ 23.680012] ? kasan_global_oob_right+0x286/0x2d0 [ 23.680030] ? kasan_addr_to_slab+0x11/0xa0 [ 23.680051] ? kasan_global_oob_right+0x286/0x2d0 [ 23.680079] kasan_report+0x141/0x180 [ 23.680108] ? kasan_global_oob_right+0x286/0x2d0 [ 23.680143] __asan_report_load1_noabort+0x18/0x20 [ 23.680174] kasan_global_oob_right+0x286/0x2d0 [ 23.680203] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 23.680225] ? __schedule+0x10cc/0x2b60 [ 23.680245] ? __pfx_read_tsc+0x10/0x10 [ 23.680264] ? ktime_get_ts64+0x86/0x230 [ 23.680285] kunit_try_run_case+0x1a5/0x480 [ 23.680307] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.680327] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.680346] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.680366] ? __kthread_parkme+0x82/0x180 [ 23.680404] ? preempt_count_sub+0x50/0x80 [ 23.680438] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.680474] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.680511] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.680544] kthread+0x337/0x6f0 [ 23.680768] ? trace_preempt_on+0x20/0xc0 [ 23.680861] ? __pfx_kthread+0x10/0x10 [ 23.680924] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.680967] ? calculate_sigpending+0x7b/0xa0 [ 23.681010] ? __pfx_kthread+0x10/0x10 [ 23.681043] ret_from_fork+0x116/0x1d0 [ 23.681082] ? __pfx_kthread+0x10/0x10 [ 23.681113] ret_from_fork_asm+0x1a/0x30 [ 23.681153] </TASK> [ 23.681170] [ 23.690998] The buggy address belongs to the variable: [ 23.691694] global_array+0xd/0x40 [ 23.692024] [ 23.692418] The buggy address belongs to the physical page: [ 23.692798] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14682 [ 23.693320] flags: 0x100000000002000(reserved|node=0|zone=1) [ 23.693699] raw: 0100000000002000 ffffea000051a088 ffffea000051a088 0000000000000000 [ 23.694105] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 23.694535] page dumped because: kasan: bad access detected [ 23.694849] [ 23.694955] Memory state around the buggy address: [ 23.695115] ffffffffbbc82d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.695859] ffffffffbbc82e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.696399] >ffffffffbbc82e80: 00 00 00 00 00 00 00 00 00 02 f9 f9 f9 f9 f9 f9 [ 23.696672] ^ [ 23.697062] ffffffffbbc82f00: 00 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 [ 23.697660] ffffffffbbc82f80: 02 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 [ 23.698259] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 23.619565] ================================================================== [ 23.620189] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 23.620741] Free of addr ffff888102c14501 by task kunit_try_catch/270 [ 23.620996] [ 23.621467] CPU: 1 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 23.621555] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.621579] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.621613] Call Trace: [ 23.621637] <TASK> [ 23.621663] dump_stack_lvl+0x73/0xb0 [ 23.621715] print_report+0xd1/0x650 [ 23.621750] ? __virt_addr_valid+0x1db/0x2d0 [ 23.621786] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.621841] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 23.621889] kasan_report_invalid_free+0x10a/0x130 [ 23.621932] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 23.621980] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 23.622033] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 23.622077] check_slab_allocation+0x11f/0x130 [ 23.622114] __kasan_mempool_poison_object+0x91/0x1d0 [ 23.622150] mempool_free+0x2ec/0x380 [ 23.622195] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 23.622241] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 23.622293] ? __pfx_sched_clock_cpu+0x10/0x10 [ 23.622334] ? finish_task_switch.isra.0+0x153/0x700 [ 23.622416] mempool_kmalloc_invalid_free+0xed/0x140 [ 23.622457] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 23.622489] ? __pfx_mempool_kmalloc+0x10/0x10 [ 23.622510] ? __pfx_mempool_kfree+0x10/0x10 [ 23.622535] ? __pfx_read_tsc+0x10/0x10 [ 23.622555] ? ktime_get_ts64+0x86/0x230 [ 23.622577] kunit_try_run_case+0x1a5/0x480 [ 23.622599] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.622619] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.622640] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.622661] ? __kthread_parkme+0x82/0x180 [ 23.622680] ? preempt_count_sub+0x50/0x80 [ 23.622701] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.622722] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.622743] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.622765] kthread+0x337/0x6f0 [ 23.622782] ? trace_preempt_on+0x20/0xc0 [ 23.622803] ? __pfx_kthread+0x10/0x10 [ 23.622822] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.622870] ? calculate_sigpending+0x7b/0xa0 [ 23.622894] ? __pfx_kthread+0x10/0x10 [ 23.622914] ret_from_fork+0x116/0x1d0 [ 23.622931] ? __pfx_kthread+0x10/0x10 [ 23.622950] ret_from_fork_asm+0x1a/0x30 [ 23.622977] </TASK> [ 23.622988] [ 23.634834] Allocated by task 270: [ 23.635036] kasan_save_stack+0x45/0x70 [ 23.635247] kasan_save_track+0x18/0x40 [ 23.635403] kasan_save_alloc_info+0x3b/0x50 [ 23.635695] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 23.636064] remove_element+0x11e/0x190 [ 23.636210] mempool_alloc_preallocated+0x4d/0x90 [ 23.636666] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 23.637214] mempool_kmalloc_invalid_free+0xed/0x140 [ 23.637481] kunit_try_run_case+0x1a5/0x480 [ 23.637662] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.637991] kthread+0x337/0x6f0 [ 23.638145] ret_from_fork+0x116/0x1d0 [ 23.638514] ret_from_fork_asm+0x1a/0x30 [ 23.638802] [ 23.639085] The buggy address belongs to the object at ffff888102c14500 [ 23.639085] which belongs to the cache kmalloc-128 of size 128 [ 23.639564] The buggy address is located 1 bytes inside of [ 23.639564] 128-byte region [ffff888102c14500, ffff888102c14580) [ 23.639951] [ 23.640233] The buggy address belongs to the physical page: [ 23.641053] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c14 [ 23.641493] flags: 0x200000000000000(node=0|zone=2) [ 23.641681] page_type: f5(slab) [ 23.641815] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.642301] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.642734] page dumped because: kasan: bad access detected [ 23.643190] [ 23.643343] Memory state around the buggy address: [ 23.643541] ffff888102c14400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.643757] ffff888102c14480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.644344] >ffff888102c14500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.644814] ^ [ 23.644959] ffff888102c14580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.645168] ffff888102c14600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.645391] ================================================================== [ 23.650024] ================================================================== [ 23.650499] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 23.651077] Free of addr ffff888103a94001 by task kunit_try_catch/272 [ 23.651314] [ 23.651572] CPU: 0 UID: 0 PID: 272 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 23.651654] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.651677] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.651712] Call Trace: [ 23.651735] <TASK> [ 23.651761] dump_stack_lvl+0x73/0xb0 [ 23.651813] print_report+0xd1/0x650 [ 23.651843] ? __virt_addr_valid+0x1db/0x2d0 [ 23.651884] ? kasan_addr_to_slab+0x11/0xa0 [ 23.651917] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 23.651961] kasan_report_invalid_free+0x10a/0x130 [ 23.652011] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 23.652052] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 23.652088] __kasan_mempool_poison_object+0x102/0x1d0 [ 23.652126] mempool_free+0x2ec/0x380 [ 23.652171] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 23.652214] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 23.652261] ? __kasan_check_write+0x18/0x20 [ 23.652302] ? __pfx_sched_clock_cpu+0x10/0x10 [ 23.652342] ? finish_task_switch.isra.0+0x153/0x700 [ 23.652412] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 23.652458] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 23.652496] ? __pfx_mempool_kmalloc+0x10/0x10 [ 23.652525] ? __pfx_mempool_kfree+0x10/0x10 [ 23.652559] ? __pfx_read_tsc+0x10/0x10 [ 23.652589] ? ktime_get_ts64+0x86/0x230 [ 23.652623] kunit_try_run_case+0x1a5/0x480 [ 23.652663] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.652698] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.652730] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.652761] ? __kthread_parkme+0x82/0x180 [ 23.652789] ? preempt_count_sub+0x50/0x80 [ 23.652823] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.652855] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.652888] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.652926] kthread+0x337/0x6f0 [ 23.652957] ? trace_preempt_on+0x20/0xc0 [ 23.652995] ? __pfx_kthread+0x10/0x10 [ 23.653024] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.653056] ? calculate_sigpending+0x7b/0xa0 [ 23.653093] ? __pfx_kthread+0x10/0x10 [ 23.653123] ret_from_fork+0x116/0x1d0 [ 23.653147] ? __pfx_kthread+0x10/0x10 [ 23.653174] ret_from_fork_asm+0x1a/0x30 [ 23.653215] </TASK> [ 23.653231] [ 23.663682] The buggy address belongs to the physical page: [ 23.664000] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a94 [ 23.664505] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.664851] flags: 0x200000000000040(head|node=0|zone=2) [ 23.665400] page_type: f8(unknown) [ 23.665605] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.665943] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.666191] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.666708] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.667049] head: 0200000000000002 ffffea00040ea501 00000000ffffffff 00000000ffffffff [ 23.667283] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.667639] page dumped because: kasan: bad access detected [ 23.667817] [ 23.667898] Memory state around the buggy address: [ 23.668055] ffff888103a93f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.668516] ffff888103a93f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.669219] >ffff888103a94000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.669694] ^ [ 23.669958] ffff888103a94080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.670629] ffff888103a94100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.671222] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 23.563952] ================================================================== [ 23.564655] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 23.565582] Free of addr ffff88810381c000 by task kunit_try_catch/266 [ 23.566100] [ 23.566222] CPU: 1 UID: 0 PID: 266 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 23.566306] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.566324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.566354] Call Trace: [ 23.566375] <TASK> [ 23.566413] dump_stack_lvl+0x73/0xb0 [ 23.566457] print_report+0xd1/0x650 [ 23.566488] ? __virt_addr_valid+0x1db/0x2d0 [ 23.566520] ? kasan_addr_to_slab+0x11/0xa0 [ 23.566548] ? mempool_double_free_helper+0x184/0x370 [ 23.566579] kasan_report_invalid_free+0x10a/0x130 [ 23.566609] ? mempool_double_free_helper+0x184/0x370 [ 23.566646] ? mempool_double_free_helper+0x184/0x370 [ 23.566671] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 23.566698] mempool_free+0x2ec/0x380 [ 23.566728] mempool_double_free_helper+0x184/0x370 [ 23.566753] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 23.566780] ? __kasan_check_write+0x18/0x20 [ 23.566808] ? __pfx_sched_clock_cpu+0x10/0x10 [ 23.566834] ? finish_task_switch.isra.0+0x153/0x700 [ 23.566861] mempool_kmalloc_large_double_free+0xed/0x140 [ 23.566881] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 23.566903] ? __pfx_mempool_kmalloc+0x10/0x10 [ 23.566921] ? __pfx_mempool_kfree+0x10/0x10 [ 23.566941] ? __pfx_read_tsc+0x10/0x10 [ 23.566959] ? ktime_get_ts64+0x86/0x230 [ 23.566979] kunit_try_run_case+0x1a5/0x480 [ 23.566998] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.567017] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.567035] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.567054] ? __kthread_parkme+0x82/0x180 [ 23.567074] ? preempt_count_sub+0x50/0x80 [ 23.567107] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.567138] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.567159] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.567178] kthread+0x337/0x6f0 [ 23.567194] ? trace_preempt_on+0x20/0xc0 [ 23.567213] ? __pfx_kthread+0x10/0x10 [ 23.567231] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.567248] ? calculate_sigpending+0x7b/0xa0 [ 23.567268] ? __pfx_kthread+0x10/0x10 [ 23.567286] ret_from_fork+0x116/0x1d0 [ 23.567301] ? __pfx_kthread+0x10/0x10 [ 23.567318] ret_from_fork_asm+0x1a/0x30 [ 23.567344] </TASK> [ 23.567355] [ 23.577567] The buggy address belongs to the physical page: [ 23.577909] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10381c [ 23.578294] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.578541] flags: 0x200000000000040(head|node=0|zone=2) [ 23.578733] page_type: f8(unknown) [ 23.578896] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.579190] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.579588] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.580228] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.580640] head: 0200000000000002 ffffea00040e0701 00000000ffffffff 00000000ffffffff [ 23.580900] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.581563] page dumped because: kasan: bad access detected [ 23.581747] [ 23.581870] Memory state around the buggy address: [ 23.582328] ffff88810381bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.582597] ffff88810381bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.583043] >ffff88810381c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.583622] ^ [ 23.583769] ffff88810381c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.583982] ffff88810381c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.584348] ================================================================== [ 23.594114] ================================================================== [ 23.594499] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 23.594886] Free of addr ffff888103a94000 by task kunit_try_catch/268 [ 23.595090] [ 23.595472] CPU: 0 UID: 0 PID: 268 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 23.595556] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.595578] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.595613] Call Trace: [ 23.595637] <TASK> [ 23.596100] dump_stack_lvl+0x73/0xb0 [ 23.596173] print_report+0xd1/0x650 [ 23.596210] ? __virt_addr_valid+0x1db/0x2d0 [ 23.596245] ? kasan_addr_to_slab+0x11/0xa0 [ 23.596276] ? mempool_double_free_helper+0x184/0x370 [ 23.596315] kasan_report_invalid_free+0x10a/0x130 [ 23.596357] ? mempool_double_free_helper+0x184/0x370 [ 23.596414] ? mempool_double_free_helper+0x184/0x370 [ 23.596757] __kasan_mempool_poison_pages+0x115/0x130 [ 23.596791] mempool_free+0x290/0x380 [ 23.596818] mempool_double_free_helper+0x184/0x370 [ 23.596854] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 23.596881] ? __pfx_sched_clock_cpu+0x10/0x10 [ 23.596900] ? finish_task_switch.isra.0+0x153/0x700 [ 23.596923] mempool_page_alloc_double_free+0xe8/0x140 [ 23.596945] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 23.596969] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 23.596989] ? __pfx_mempool_free_pages+0x10/0x10 [ 23.597011] ? __pfx_read_tsc+0x10/0x10 [ 23.597030] ? ktime_get_ts64+0x86/0x230 [ 23.597052] kunit_try_run_case+0x1a5/0x480 [ 23.597088] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.597142] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.597180] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.597204] ? __kthread_parkme+0x82/0x180 [ 23.597223] ? preempt_count_sub+0x50/0x80 [ 23.597243] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.597264] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.597285] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.597308] kthread+0x337/0x6f0 [ 23.597324] ? trace_preempt_on+0x20/0xc0 [ 23.597344] ? __pfx_kthread+0x10/0x10 [ 23.597361] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.597396] ? calculate_sigpending+0x7b/0xa0 [ 23.597419] ? __pfx_kthread+0x10/0x10 [ 23.597439] ret_from_fork+0x116/0x1d0 [ 23.597454] ? __pfx_kthread+0x10/0x10 [ 23.597472] ret_from_fork_asm+0x1a/0x30 [ 23.597505] </TASK> [ 23.597516] [ 23.606888] The buggy address belongs to the physical page: [ 23.607430] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a94 [ 23.607851] flags: 0x200000000000000(node=0|zone=2) [ 23.608213] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 23.608689] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 23.609325] page dumped because: kasan: bad access detected [ 23.609692] [ 23.609828] Memory state around the buggy address: [ 23.610190] ffff888103a93f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.610645] ffff888103a93f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.610931] >ffff888103a94000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.611154] ^ [ 23.611280] ffff888103a94080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.611805] ffff888103a94100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.612421] ================================================================== [ 23.522576] ================================================================== [ 23.523013] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 23.523695] Free of addr ffff8881023acd00 by task kunit_try_catch/264 [ 23.523958] [ 23.524112] CPU: 0 UID: 0 PID: 264 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 23.524344] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.524370] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.524420] Call Trace: [ 23.524444] <TASK> [ 23.524476] dump_stack_lvl+0x73/0xb0 [ 23.524535] print_report+0xd1/0x650 [ 23.524575] ? __virt_addr_valid+0x1db/0x2d0 [ 23.524622] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.524667] ? mempool_double_free_helper+0x184/0x370 [ 23.524711] kasan_report_invalid_free+0x10a/0x130 [ 23.524755] ? mempool_double_free_helper+0x184/0x370 [ 23.524801] ? mempool_double_free_helper+0x184/0x370 [ 23.524838] ? mempool_double_free_helper+0x184/0x370 [ 23.524906] check_slab_allocation+0x101/0x130 [ 23.524928] __kasan_mempool_poison_object+0x91/0x1d0 [ 23.524950] mempool_free+0x2ec/0x380 [ 23.524974] mempool_double_free_helper+0x184/0x370 [ 23.524995] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 23.525017] ? __kasan_check_write+0x18/0x20 [ 23.525038] ? __pfx_sched_clock_cpu+0x10/0x10 [ 23.525056] ? irqentry_exit+0x2a/0x60 [ 23.525167] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 23.525197] mempool_kmalloc_double_free+0xed/0x140 [ 23.525219] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 23.525242] ? __pfx_mempool_kmalloc+0x10/0x10 [ 23.525262] ? __pfx_mempool_kfree+0x10/0x10 [ 23.525283] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 23.525306] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 23.525328] kunit_try_run_case+0x1a5/0x480 [ 23.525350] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.525370] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.525409] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.525434] ? __kthread_parkme+0x82/0x180 [ 23.525460] ? preempt_count_sub+0x50/0x80 [ 23.525480] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.525501] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.525521] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.525542] kthread+0x337/0x6f0 [ 23.525558] ? trace_preempt_on+0x20/0xc0 [ 23.525578] ? __pfx_kthread+0x10/0x10 [ 23.525596] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.525614] ? calculate_sigpending+0x7b/0xa0 [ 23.525636] ? __pfx_kthread+0x10/0x10 [ 23.525655] ret_from_fork+0x116/0x1d0 [ 23.525672] ? __pfx_kthread+0x10/0x10 [ 23.525689] ret_from_fork_asm+0x1a/0x30 [ 23.525717] </TASK> [ 23.525729] [ 23.539884] Allocated by task 264: [ 23.540346] kasan_save_stack+0x45/0x70 [ 23.540617] kasan_save_track+0x18/0x40 [ 23.541363] kasan_save_alloc_info+0x3b/0x50 [ 23.541871] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 23.542313] remove_element+0x11e/0x190 [ 23.542593] mempool_alloc_preallocated+0x4d/0x90 [ 23.543073] mempool_double_free_helper+0x8a/0x370 [ 23.543435] mempool_kmalloc_double_free+0xed/0x140 [ 23.543769] kunit_try_run_case+0x1a5/0x480 [ 23.544179] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.544373] kthread+0x337/0x6f0 [ 23.544514] ret_from_fork+0x116/0x1d0 [ 23.544656] ret_from_fork_asm+0x1a/0x30 [ 23.544937] [ 23.545535] Freed by task 264: [ 23.545700] kasan_save_stack+0x45/0x70 [ 23.546024] kasan_save_track+0x18/0x40 [ 23.546419] kasan_save_free_info+0x3f/0x60 [ 23.546612] __kasan_mempool_poison_object+0x131/0x1d0 [ 23.546793] mempool_free+0x2ec/0x380 [ 23.546920] mempool_double_free_helper+0x109/0x370 [ 23.547053] mempool_kmalloc_double_free+0xed/0x140 [ 23.547202] kunit_try_run_case+0x1a5/0x480 [ 23.547347] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.547937] kthread+0x337/0x6f0 [ 23.548169] ret_from_fork+0x116/0x1d0 [ 23.548488] ret_from_fork_asm+0x1a/0x30 [ 23.548770] [ 23.548849] The buggy address belongs to the object at ffff8881023acd00 [ 23.548849] which belongs to the cache kmalloc-128 of size 128 [ 23.550133] The buggy address is located 0 bytes inside of [ 23.550133] 128-byte region [ffff8881023acd00, ffff8881023acd80) [ 23.550470] [ 23.550563] The buggy address belongs to the physical page: [ 23.550793] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1023ac [ 23.551093] flags: 0x200000000000000(node=0|zone=2) [ 23.551292] page_type: f5(slab) [ 23.551444] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.552051] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.552695] page dumped because: kasan: bad access detected [ 23.553764] [ 23.554797] Memory state around the buggy address: [ 23.555004] ffff8881023acc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.555212] ffff8881023acc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.555591] >ffff8881023acd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.556109] ^ [ 23.556624] ffff8881023acd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.557015] ffff8881023ace00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.557423] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 23.499100] ================================================================== [ 23.499475] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 23.500071] Read of size 1 at addr ffff888103818000 by task kunit_try_catch/262 [ 23.500422] [ 23.500597] CPU: 1 UID: 0 PID: 262 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 23.500688] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.500710] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.500745] Call Trace: [ 23.500770] <TASK> [ 23.500797] dump_stack_lvl+0x73/0xb0 [ 23.500862] print_report+0xd1/0x650 [ 23.500896] ? __virt_addr_valid+0x1db/0x2d0 [ 23.500936] ? mempool_uaf_helper+0x392/0x400 [ 23.500972] ? kasan_addr_to_slab+0x11/0xa0 [ 23.501004] ? mempool_uaf_helper+0x392/0x400 [ 23.501039] kasan_report+0x141/0x180 [ 23.501075] ? mempool_uaf_helper+0x392/0x400 [ 23.501120] __asan_report_load1_noabort+0x18/0x20 [ 23.501156] mempool_uaf_helper+0x392/0x400 [ 23.501214] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 23.501256] ? __pfx_sched_clock_cpu+0x10/0x10 [ 23.501297] ? finish_task_switch.isra.0+0x153/0x700 [ 23.501343] mempool_page_alloc_uaf+0xed/0x140 [ 23.501399] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 23.501445] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 23.501487] ? __pfx_mempool_free_pages+0x10/0x10 [ 23.501532] ? __pfx_read_tsc+0x10/0x10 [ 23.501570] ? ktime_get_ts64+0x86/0x230 [ 23.501608] kunit_try_run_case+0x1a5/0x480 [ 23.501637] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.501656] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.501675] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.501695] ? __kthread_parkme+0x82/0x180 [ 23.501712] ? preempt_count_sub+0x50/0x80 [ 23.501732] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.501751] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.501770] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.501790] kthread+0x337/0x6f0 [ 23.501807] ? trace_preempt_on+0x20/0xc0 [ 23.501828] ? __pfx_kthread+0x10/0x10 [ 23.501855] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.501874] ? calculate_sigpending+0x7b/0xa0 [ 23.501894] ? __pfx_kthread+0x10/0x10 [ 23.501913] ret_from_fork+0x116/0x1d0 [ 23.501929] ? __pfx_kthread+0x10/0x10 [ 23.501946] ret_from_fork_asm+0x1a/0x30 [ 23.501972] </TASK> [ 23.501984] [ 23.511118] The buggy address belongs to the physical page: [ 23.511608] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88810381e600 pfn:0x103818 [ 23.512146] flags: 0x200000000000000(node=0|zone=2) [ 23.512350] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 23.512775] raw: ffff88810381e600 0000000000000000 00000001ffffffff 0000000000000000 [ 23.513240] page dumped because: kasan: bad access detected [ 23.513556] [ 23.513665] Memory state around the buggy address: [ 23.514066] ffff888103817f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.514485] ffff888103817f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.514763] >ffff888103818000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.515000] ^ [ 23.515271] ffff888103818080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.515830] ffff888103818100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.516514] ================================================================== [ 23.427703] ================================================================== [ 23.428624] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 23.429280] Read of size 1 at addr ffff888103818000 by task kunit_try_catch/258 [ 23.430135] [ 23.430348] CPU: 1 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 23.430476] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.430503] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.430555] Call Trace: [ 23.430784] <TASK> [ 23.430819] dump_stack_lvl+0x73/0xb0 [ 23.430869] print_report+0xd1/0x650 [ 23.430892] ? __virt_addr_valid+0x1db/0x2d0 [ 23.430916] ? mempool_uaf_helper+0x392/0x400 [ 23.430936] ? kasan_addr_to_slab+0x11/0xa0 [ 23.430955] ? mempool_uaf_helper+0x392/0x400 [ 23.430974] kasan_report+0x141/0x180 [ 23.430994] ? mempool_uaf_helper+0x392/0x400 [ 23.431017] __asan_report_load1_noabort+0x18/0x20 [ 23.431037] mempool_uaf_helper+0x392/0x400 [ 23.431056] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 23.431092] ? __kasan_check_write+0x18/0x20 [ 23.431122] ? __pfx_sched_clock_cpu+0x10/0x10 [ 23.431151] ? finish_task_switch.isra.0+0x153/0x700 [ 23.431189] mempool_kmalloc_large_uaf+0xef/0x140 [ 23.431211] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 23.431232] ? __pfx_mempool_kmalloc+0x10/0x10 [ 23.431252] ? __pfx_mempool_kfree+0x10/0x10 [ 23.431273] ? __pfx_read_tsc+0x10/0x10 [ 23.431292] ? ktime_get_ts64+0x86/0x230 [ 23.431314] kunit_try_run_case+0x1a5/0x480 [ 23.431335] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.431353] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.431372] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.431412] ? __kthread_parkme+0x82/0x180 [ 23.431430] ? preempt_count_sub+0x50/0x80 [ 23.431449] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.431469] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.431489] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.431509] kthread+0x337/0x6f0 [ 23.431525] ? trace_preempt_on+0x20/0xc0 [ 23.431545] ? __pfx_kthread+0x10/0x10 [ 23.431563] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.431580] ? calculate_sigpending+0x7b/0xa0 [ 23.431601] ? __pfx_kthread+0x10/0x10 [ 23.431619] ret_from_fork+0x116/0x1d0 [ 23.431635] ? __pfx_kthread+0x10/0x10 [ 23.431652] ret_from_fork_asm+0x1a/0x30 [ 23.431680] </TASK> [ 23.431691] [ 23.444938] The buggy address belongs to the physical page: [ 23.445499] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88810381e600 pfn:0x103818 [ 23.446319] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.446630] flags: 0x200000000000040(head|node=0|zone=2) [ 23.447036] page_type: f8(unknown) [ 23.447493] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.447977] raw: ffff88810381e600 0000000000000000 00000000f8000000 0000000000000000 [ 23.448524] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.448669] head: ffff88810381e600 0000000000000000 00000000f8000000 0000000000000000 [ 23.448789] head: 0200000000000002 ffffea00040e0601 00000000ffffffff 00000000ffffffff [ 23.449010] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.449471] page dumped because: kasan: bad access detected [ 23.449670] [ 23.449785] Memory state around the buggy address: [ 23.450123] ffff888103817f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.450347] ffff888103817f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.451339] >ffff888103818000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.451891] ^ [ 23.452277] ffff888103818080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.452703] ffff888103818100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.453324] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 23.384514] ================================================================== [ 23.384935] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 23.385477] Read of size 1 at addr ffff8881023ac900 by task kunit_try_catch/256 [ 23.386125] [ 23.386342] CPU: 0 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 23.386451] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.386478] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.386519] Call Trace: [ 23.386544] <TASK> [ 23.386573] dump_stack_lvl+0x73/0xb0 [ 23.386637] print_report+0xd1/0x650 [ 23.386677] ? __virt_addr_valid+0x1db/0x2d0 [ 23.386727] ? mempool_uaf_helper+0x392/0x400 [ 23.386771] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.386807] ? mempool_uaf_helper+0x392/0x400 [ 23.386832] kasan_report+0x141/0x180 [ 23.386864] ? mempool_uaf_helper+0x392/0x400 [ 23.386889] __asan_report_load1_noabort+0x18/0x20 [ 23.386913] mempool_uaf_helper+0x392/0x400 [ 23.386935] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 23.386970] ? __kasan_check_write+0x18/0x20 [ 23.387007] ? __pfx_sched_clock_cpu+0x10/0x10 [ 23.387050] ? finish_task_switch.isra.0+0x153/0x700 [ 23.387095] mempool_kmalloc_uaf+0xef/0x140 [ 23.387134] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 23.387179] ? __pfx_mempool_kmalloc+0x10/0x10 [ 23.387219] ? __pfx_mempool_kfree+0x10/0x10 [ 23.387261] ? __pfx_read_tsc+0x10/0x10 [ 23.387299] ? ktime_get_ts64+0x86/0x230 [ 23.387346] kunit_try_run_case+0x1a5/0x480 [ 23.388019] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.388074] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.388112] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.388142] ? __kthread_parkme+0x82/0x180 [ 23.388173] ? preempt_count_sub+0x50/0x80 [ 23.388205] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.388238] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.388272] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.388304] kthread+0x337/0x6f0 [ 23.388332] ? trace_preempt_on+0x20/0xc0 [ 23.388367] ? __pfx_kthread+0x10/0x10 [ 23.388413] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.388437] ? calculate_sigpending+0x7b/0xa0 [ 23.388459] ? __pfx_kthread+0x10/0x10 [ 23.388478] ret_from_fork+0x116/0x1d0 [ 23.388495] ? __pfx_kthread+0x10/0x10 [ 23.388513] ret_from_fork_asm+0x1a/0x30 [ 23.388542] </TASK> [ 23.388553] [ 23.403306] Allocated by task 256: [ 23.403498] kasan_save_stack+0x45/0x70 [ 23.403692] kasan_save_track+0x18/0x40 [ 23.404479] kasan_save_alloc_info+0x3b/0x50 [ 23.404672] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 23.404976] remove_element+0x11e/0x190 [ 23.405365] mempool_alloc_preallocated+0x4d/0x90 [ 23.406080] mempool_uaf_helper+0x96/0x400 [ 23.406282] mempool_kmalloc_uaf+0xef/0x140 [ 23.406569] kunit_try_run_case+0x1a5/0x480 [ 23.407112] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.407586] kthread+0x337/0x6f0 [ 23.407769] ret_from_fork+0x116/0x1d0 [ 23.408528] ret_from_fork_asm+0x1a/0x30 [ 23.408754] [ 23.409084] Freed by task 256: [ 23.409469] kasan_save_stack+0x45/0x70 [ 23.409698] kasan_save_track+0x18/0x40 [ 23.410179] kasan_save_free_info+0x3f/0x60 [ 23.410431] __kasan_mempool_poison_object+0x131/0x1d0 [ 23.410656] mempool_free+0x2ec/0x380 [ 23.410829] mempool_uaf_helper+0x11a/0x400 [ 23.411592] mempool_kmalloc_uaf+0xef/0x140 [ 23.411778] kunit_try_run_case+0x1a5/0x480 [ 23.412615] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.412810] kthread+0x337/0x6f0 [ 23.413389] ret_from_fork+0x116/0x1d0 [ 23.413606] ret_from_fork_asm+0x1a/0x30 [ 23.413738] [ 23.413816] The buggy address belongs to the object at ffff8881023ac900 [ 23.413816] which belongs to the cache kmalloc-128 of size 128 [ 23.414396] The buggy address is located 0 bytes inside of [ 23.414396] freed 128-byte region [ffff8881023ac900, ffff8881023ac980) [ 23.415174] [ 23.416252] The buggy address belongs to the physical page: [ 23.416499] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1023ac [ 23.416718] flags: 0x200000000000000(node=0|zone=2) [ 23.417113] page_type: f5(slab) [ 23.417644] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.418088] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.418619] page dumped because: kasan: bad access detected [ 23.419022] [ 23.419102] Memory state around the buggy address: [ 23.419679] ffff8881023ac800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.419970] ffff8881023ac880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.420517] >ffff8881023ac900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.420803] ^ [ 23.421563] ffff8881023ac980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.421850] ffff8881023aca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.422413] ================================================================== [ 23.458944] ================================================================== [ 23.459821] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 23.460188] Read of size 1 at addr ffff888102c1c240 by task kunit_try_catch/260 [ 23.460689] [ 23.460830] CPU: 1 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 23.460919] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.460940] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.460972] Call Trace: [ 23.460994] <TASK> [ 23.461021] dump_stack_lvl+0x73/0xb0 [ 23.461071] print_report+0xd1/0x650 [ 23.461207] ? __virt_addr_valid+0x1db/0x2d0 [ 23.461244] ? mempool_uaf_helper+0x392/0x400 [ 23.461278] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.461317] ? mempool_uaf_helper+0x392/0x400 [ 23.461349] kasan_report+0x141/0x180 [ 23.461398] ? mempool_uaf_helper+0x392/0x400 [ 23.461442] __asan_report_load1_noabort+0x18/0x20 [ 23.461481] mempool_uaf_helper+0x392/0x400 [ 23.461521] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 23.461566] ? __pfx_sched_clock_cpu+0x10/0x10 [ 23.461604] ? finish_task_switch.isra.0+0x153/0x700 [ 23.461653] mempool_slab_uaf+0xea/0x140 [ 23.461690] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 23.461731] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 23.461766] ? __pfx_mempool_free_slab+0x10/0x10 [ 23.461802] ? __pfx_read_tsc+0x10/0x10 [ 23.461833] ? ktime_get_ts64+0x86/0x230 [ 23.461881] kunit_try_run_case+0x1a5/0x480 [ 23.461921] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.461958] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.461989] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.462018] ? __kthread_parkme+0x82/0x180 [ 23.462041] ? preempt_count_sub+0x50/0x80 [ 23.462063] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.462097] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.462130] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.462162] kthread+0x337/0x6f0 [ 23.462190] ? trace_preempt_on+0x20/0xc0 [ 23.462214] ? __pfx_kthread+0x10/0x10 [ 23.462234] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.462252] ? calculate_sigpending+0x7b/0xa0 [ 23.462271] ? __pfx_kthread+0x10/0x10 [ 23.462289] ret_from_fork+0x116/0x1d0 [ 23.462305] ? __pfx_kthread+0x10/0x10 [ 23.462322] ret_from_fork_asm+0x1a/0x30 [ 23.462351] </TASK> [ 23.462364] [ 23.471562] Allocated by task 260: [ 23.471715] kasan_save_stack+0x45/0x70 [ 23.471873] kasan_save_track+0x18/0x40 [ 23.472015] kasan_save_alloc_info+0x3b/0x50 [ 23.472173] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 23.472348] remove_element+0x11e/0x190 [ 23.472624] mempool_alloc_preallocated+0x4d/0x90 [ 23.472943] mempool_uaf_helper+0x96/0x400 [ 23.473236] mempool_slab_uaf+0xea/0x140 [ 23.473639] kunit_try_run_case+0x1a5/0x480 [ 23.474031] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.474585] kthread+0x337/0x6f0 [ 23.474901] ret_from_fork+0x116/0x1d0 [ 23.475353] ret_from_fork_asm+0x1a/0x30 [ 23.475693] [ 23.475841] Freed by task 260: [ 23.476670] kasan_save_stack+0x45/0x70 [ 23.476931] kasan_save_track+0x18/0x40 [ 23.477182] kasan_save_free_info+0x3f/0x60 [ 23.477343] __kasan_mempool_poison_object+0x131/0x1d0 [ 23.477721] mempool_free+0x2ec/0x380 [ 23.478213] mempool_uaf_helper+0x11a/0x400 [ 23.478574] mempool_slab_uaf+0xea/0x140 [ 23.478905] kunit_try_run_case+0x1a5/0x480 [ 23.479265] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.479649] kthread+0x337/0x6f0 [ 23.479897] ret_from_fork+0x116/0x1d0 [ 23.480073] ret_from_fork_asm+0x1a/0x30 [ 23.480225] [ 23.480372] The buggy address belongs to the object at ffff888102c1c240 [ 23.480372] which belongs to the cache test_cache of size 123 [ 23.481481] The buggy address is located 0 bytes inside of [ 23.481481] freed 123-byte region [ffff888102c1c240, ffff888102c1c2bb) [ 23.482565] [ 23.482787] The buggy address belongs to the physical page: [ 23.483018] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c1c [ 23.483741] flags: 0x200000000000000(node=0|zone=2) [ 23.483941] page_type: f5(slab) [ 23.484080] raw: 0200000000000000 ffff888102c11280 dead000000000122 0000000000000000 [ 23.484313] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 23.484546] page dumped because: kasan: bad access detected [ 23.484719] [ 23.484800] Memory state around the buggy address: [ 23.484960] ffff888102c1c100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.485332] ffff888102c1c180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.486247] >ffff888102c1c200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 23.486787] ^ [ 23.487284] ffff888102c1c280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.487763] ffff888102c1c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.488648] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 23.346876] ================================================================== [ 23.347334] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 23.347848] Read of size 1 at addr ffff888102c182bb by task kunit_try_catch/254 [ 23.348338] [ 23.348556] CPU: 1 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 23.348647] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.348670] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.348700] Call Trace: [ 23.348720] <TASK> [ 23.348744] dump_stack_lvl+0x73/0xb0 [ 23.348792] print_report+0xd1/0x650 [ 23.348822] ? __virt_addr_valid+0x1db/0x2d0 [ 23.348854] ? mempool_oob_right_helper+0x318/0x380 [ 23.348887] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.348925] ? mempool_oob_right_helper+0x318/0x380 [ 23.349011] kasan_report+0x141/0x180 [ 23.349066] ? mempool_oob_right_helper+0x318/0x380 [ 23.349107] __asan_report_load1_noabort+0x18/0x20 [ 23.349143] mempool_oob_right_helper+0x318/0x380 [ 23.349182] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 23.349227] ? __pfx_sched_clock_cpu+0x10/0x10 [ 23.349266] ? irqentry_exit+0x2a/0x60 [ 23.349304] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 23.349340] mempool_slab_oob_right+0xed/0x140 [ 23.349371] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 23.349424] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 23.349460] ? __pfx_mempool_free_slab+0x10/0x10 [ 23.349497] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 23.349537] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 23.349619] kunit_try_run_case+0x1a5/0x480 [ 23.349662] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.349695] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.349732] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.349774] ? __kthread_parkme+0x82/0x180 [ 23.349810] ? preempt_count_sub+0x50/0x80 [ 23.349875] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.349914] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.349952] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.349992] kthread+0x337/0x6f0 [ 23.350022] ? trace_preempt_on+0x20/0xc0 [ 23.350077] ? __pfx_kthread+0x10/0x10 [ 23.350115] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.350145] ? calculate_sigpending+0x7b/0xa0 [ 23.350182] ? __pfx_kthread+0x10/0x10 [ 23.350209] ret_from_fork+0x116/0x1d0 [ 23.350228] ? __pfx_kthread+0x10/0x10 [ 23.350245] ret_from_fork_asm+0x1a/0x30 [ 23.350272] </TASK> [ 23.350285] [ 23.360565] Allocated by task 254: [ 23.360809] kasan_save_stack+0x45/0x70 [ 23.361172] kasan_save_track+0x18/0x40 [ 23.361637] kasan_save_alloc_info+0x3b/0x50 [ 23.361978] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 23.362430] remove_element+0x11e/0x190 [ 23.362751] mempool_alloc_preallocated+0x4d/0x90 [ 23.363039] mempool_oob_right_helper+0x8a/0x380 [ 23.363205] mempool_slab_oob_right+0xed/0x140 [ 23.363363] kunit_try_run_case+0x1a5/0x480 [ 23.363673] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.364241] kthread+0x337/0x6f0 [ 23.364527] ret_from_fork+0x116/0x1d0 [ 23.364807] ret_from_fork_asm+0x1a/0x30 [ 23.365267] [ 23.365433] The buggy address belongs to the object at ffff888102c18240 [ 23.365433] which belongs to the cache test_cache of size 123 [ 23.366226] The buggy address is located 0 bytes to the right of [ 23.366226] allocated 123-byte region [ffff888102c18240, ffff888102c182bb) [ 23.366634] [ 23.366733] The buggy address belongs to the physical page: [ 23.366920] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c18 [ 23.367435] flags: 0x200000000000000(node=0|zone=2) [ 23.367832] page_type: f5(slab) [ 23.368343] raw: 0200000000000000 ffff888102c11140 dead000000000122 0000000000000000 [ 23.368885] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 23.369327] page dumped because: kasan: bad access detected [ 23.369521] [ 23.369603] Memory state around the buggy address: [ 23.369766] ffff888102c18180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.369975] ffff888102c18200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 23.370254] >ffff888102c18280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 23.370916] ^ [ 23.371291] ffff888102c18300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.371891] ffff888102c18380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.372359] ================================================================== [ 23.313753] ================================================================== [ 23.314415] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 23.314920] Read of size 1 at addr ffff888103a92001 by task kunit_try_catch/252 [ 23.315790] [ 23.316001] CPU: 0 UID: 0 PID: 252 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 23.316094] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.316115] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.316156] Call Trace: [ 23.316183] <TASK> [ 23.316411] dump_stack_lvl+0x73/0xb0 [ 23.316495] print_report+0xd1/0x650 [ 23.316533] ? __virt_addr_valid+0x1db/0x2d0 [ 23.316571] ? mempool_oob_right_helper+0x318/0x380 [ 23.316607] ? kasan_addr_to_slab+0x11/0xa0 [ 23.316641] ? mempool_oob_right_helper+0x318/0x380 [ 23.316681] kasan_report+0x141/0x180 [ 23.316724] ? mempool_oob_right_helper+0x318/0x380 [ 23.316777] __asan_report_load1_noabort+0x18/0x20 [ 23.316805] mempool_oob_right_helper+0x318/0x380 [ 23.316828] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 23.316875] ? update_load_avg+0x1be/0x21b0 [ 23.316903] ? dequeue_entities+0x27e/0x1740 [ 23.316927] ? finish_task_switch.isra.0+0x153/0x700 [ 23.316950] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 23.316973] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 23.316997] ? __pfx_mempool_kmalloc+0x10/0x10 [ 23.317021] ? __pfx_mempool_kfree+0x10/0x10 [ 23.317043] ? __pfx_read_tsc+0x10/0x10 [ 23.317064] ? ktime_get_ts64+0x86/0x230 [ 23.317101] kunit_try_run_case+0x1a5/0x480 [ 23.317138] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.317170] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.317200] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.317221] ? __kthread_parkme+0x82/0x180 [ 23.317242] ? preempt_count_sub+0x50/0x80 [ 23.317262] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.317283] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.317305] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.317327] kthread+0x337/0x6f0 [ 23.317344] ? trace_preempt_on+0x20/0xc0 [ 23.317366] ? __pfx_kthread+0x10/0x10 [ 23.317402] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.317423] ? calculate_sigpending+0x7b/0xa0 [ 23.317448] ? __pfx_kthread+0x10/0x10 [ 23.317468] ret_from_fork+0x116/0x1d0 [ 23.317485] ? __pfx_kthread+0x10/0x10 [ 23.317504] ret_from_fork_asm+0x1a/0x30 [ 23.317534] </TASK> [ 23.317546] [ 23.330491] The buggy address belongs to the physical page: [ 23.330754] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a90 [ 23.331459] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.331931] flags: 0x200000000000040(head|node=0|zone=2) [ 23.332818] page_type: f8(unknown) [ 23.333089] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.333685] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.334215] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.335070] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.335608] head: 0200000000000002 ffffea00040ea401 00000000ffffffff 00000000ffffffff [ 23.336651] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.336978] page dumped because: kasan: bad access detected [ 23.337316] [ 23.337472] Memory state around the buggy address: [ 23.337656] ffff888103a91f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.338176] ffff888103a91f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.338677] >ffff888103a92000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.339230] ^ [ 23.339506] ffff888103a92080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.339990] ffff888103a92100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.340246] ================================================================== [ 23.281857] ================================================================== [ 23.282300] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 23.283177] Read of size 1 at addr ffff888102c14173 by task kunit_try_catch/250 [ 23.283408] [ 23.283538] CPU: 1 UID: 0 PID: 250 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 23.283633] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.283654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.283713] Call Trace: [ 23.283740] <TASK> [ 23.283784] dump_stack_lvl+0x73/0xb0 [ 23.283860] print_report+0xd1/0x650 [ 23.283905] ? __virt_addr_valid+0x1db/0x2d0 [ 23.283952] ? mempool_oob_right_helper+0x318/0x380 [ 23.283995] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.284040] ? mempool_oob_right_helper+0x318/0x380 [ 23.284083] kasan_report+0x141/0x180 [ 23.284121] ? mempool_oob_right_helper+0x318/0x380 [ 23.284173] __asan_report_load1_noabort+0x18/0x20 [ 23.284205] mempool_oob_right_helper+0x318/0x380 [ 23.284253] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 23.284278] ? __pfx_sched_clock_cpu+0x10/0x10 [ 23.284297] ? irqentry_exit+0x2a/0x60 [ 23.284317] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 23.284338] mempool_kmalloc_oob_right+0xf2/0x150 [ 23.284358] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 23.284395] ? __pfx_mempool_kmalloc+0x10/0x10 [ 23.284420] ? __pfx_mempool_kfree+0x10/0x10 [ 23.284440] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 23.284462] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 23.284483] kunit_try_run_case+0x1a5/0x480 [ 23.284507] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.284525] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.284545] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.284564] ? __kthread_parkme+0x82/0x180 [ 23.284583] ? preempt_count_sub+0x50/0x80 [ 23.284603] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.284624] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.284643] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.284663] kthread+0x337/0x6f0 [ 23.284679] ? trace_preempt_on+0x20/0xc0 [ 23.284700] ? __pfx_kthread+0x10/0x10 [ 23.284717] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.284735] ? calculate_sigpending+0x7b/0xa0 [ 23.284756] ? __pfx_kthread+0x10/0x10 [ 23.284773] ret_from_fork+0x116/0x1d0 [ 23.284791] ? __pfx_kthread+0x10/0x10 [ 23.284808] ret_from_fork_asm+0x1a/0x30 [ 23.284847] </TASK> [ 23.284860] [ 23.297117] Allocated by task 250: [ 23.297277] kasan_save_stack+0x45/0x70 [ 23.297464] kasan_save_track+0x18/0x40 [ 23.297633] kasan_save_alloc_info+0x3b/0x50 [ 23.297815] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 23.298548] remove_element+0x11e/0x190 [ 23.298747] mempool_alloc_preallocated+0x4d/0x90 [ 23.298928] mempool_oob_right_helper+0x8a/0x380 [ 23.299146] mempool_kmalloc_oob_right+0xf2/0x150 [ 23.299348] kunit_try_run_case+0x1a5/0x480 [ 23.299488] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.299662] kthread+0x337/0x6f0 [ 23.299845] ret_from_fork+0x116/0x1d0 [ 23.300206] ret_from_fork_asm+0x1a/0x30 [ 23.300499] [ 23.300634] The buggy address belongs to the object at ffff888102c14100 [ 23.300634] which belongs to the cache kmalloc-128 of size 128 [ 23.302164] The buggy address is located 0 bytes to the right of [ 23.302164] allocated 115-byte region [ffff888102c14100, ffff888102c14173) [ 23.302649] [ 23.302801] The buggy address belongs to the physical page: [ 23.303085] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c14 [ 23.303506] flags: 0x200000000000000(node=0|zone=2) [ 23.304164] page_type: f5(slab) [ 23.304307] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.304582] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.304710] page dumped because: kasan: bad access detected [ 23.304799] [ 23.305165] Memory state around the buggy address: [ 23.305400] ffff888102c14000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.305811] ffff888102c14080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.306552] >ffff888102c14100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.306801] ^ [ 23.307292] ffff888102c14180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.307589] ffff888102c14200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.308468] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 22.700514] ================================================================== [ 22.700944] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x1bf/0x380 [ 22.701325] Read of size 1 at addr ffff888101ba5dc0 by task kunit_try_catch/244 [ 22.702171] [ 22.702374] CPU: 1 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 22.702488] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.702515] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.702561] Call Trace: [ 22.702959] <TASK> [ 22.703005] dump_stack_lvl+0x73/0xb0 [ 22.703080] print_report+0xd1/0x650 [ 22.703125] ? __virt_addr_valid+0x1db/0x2d0 [ 22.703164] ? kmem_cache_double_destroy+0x1bf/0x380 [ 22.703190] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.703212] ? kmem_cache_double_destroy+0x1bf/0x380 [ 22.703232] kasan_report+0x141/0x180 [ 22.703252] ? kmem_cache_double_destroy+0x1bf/0x380 [ 22.703274] ? kmem_cache_double_destroy+0x1bf/0x380 [ 22.703294] __kasan_check_byte+0x3d/0x50 [ 22.703311] kmem_cache_destroy+0x25/0x1d0 [ 22.703335] kmem_cache_double_destroy+0x1bf/0x380 [ 22.703356] ? __pfx_kmem_cache_double_destroy+0x10/0x10 [ 22.703399] ? finish_task_switch.isra.0+0x153/0x700 [ 22.703430] ? __switch_to+0x47/0xf50 [ 22.703467] ? __pfx_read_tsc+0x10/0x10 [ 22.703497] ? ktime_get_ts64+0x86/0x230 [ 22.703529] kunit_try_run_case+0x1a5/0x480 [ 22.703563] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.703591] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.703620] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.703650] ? __kthread_parkme+0x82/0x180 [ 22.703679] ? preempt_count_sub+0x50/0x80 [ 22.703710] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.703741] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.703769] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.703789] kthread+0x337/0x6f0 [ 22.703805] ? trace_preempt_on+0x20/0xc0 [ 22.703827] ? __pfx_kthread+0x10/0x10 [ 22.703853] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.703873] ? calculate_sigpending+0x7b/0xa0 [ 22.703894] ? __pfx_kthread+0x10/0x10 [ 22.703912] ret_from_fork+0x116/0x1d0 [ 22.703928] ? __pfx_kthread+0x10/0x10 [ 22.703946] ret_from_fork_asm+0x1a/0x30 [ 22.703973] </TASK> [ 22.703985] [ 22.715592] Allocated by task 244: [ 22.715839] kasan_save_stack+0x45/0x70 [ 22.716548] kasan_save_track+0x18/0x40 [ 22.716915] kasan_save_alloc_info+0x3b/0x50 [ 22.717096] __kasan_slab_alloc+0x91/0xa0 [ 22.717525] kmem_cache_alloc_noprof+0x123/0x3f0 [ 22.717843] __kmem_cache_create_args+0x169/0x240 [ 22.718170] kmem_cache_double_destroy+0xd5/0x380 [ 22.718513] kunit_try_run_case+0x1a5/0x480 [ 22.718696] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.719364] kthread+0x337/0x6f0 [ 22.719816] ret_from_fork+0x116/0x1d0 [ 22.719958] ret_from_fork_asm+0x1a/0x30 [ 22.720504] [ 22.720690] Freed by task 244: [ 22.720938] kasan_save_stack+0x45/0x70 [ 22.721307] kasan_save_track+0x18/0x40 [ 22.721478] kasan_save_free_info+0x3f/0x60 [ 22.721733] __kasan_slab_free+0x56/0x70 [ 22.722332] kmem_cache_free+0x249/0x420 [ 22.722611] slab_kmem_cache_release+0x2e/0x40 [ 22.722784] kmem_cache_release+0x16/0x20 [ 22.723367] kobject_put+0x181/0x450 [ 22.723673] sysfs_slab_release+0x16/0x20 [ 22.724363] kmem_cache_destroy+0xf0/0x1d0 [ 22.724669] kmem_cache_double_destroy+0x14e/0x380 [ 22.724915] kunit_try_run_case+0x1a5/0x480 [ 22.725468] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.725958] kthread+0x337/0x6f0 [ 22.726427] ret_from_fork+0x116/0x1d0 [ 22.726777] ret_from_fork_asm+0x1a/0x30 [ 22.727218] [ 22.727401] The buggy address belongs to the object at ffff888101ba5dc0 [ 22.727401] which belongs to the cache kmem_cache of size 208 [ 22.728164] The buggy address is located 0 bytes inside of [ 22.728164] freed 208-byte region [ffff888101ba5dc0, ffff888101ba5e90) [ 22.728688] [ 22.728826] The buggy address belongs to the physical page: [ 22.729056] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101ba5 [ 22.729973] flags: 0x200000000000000(node=0|zone=2) [ 22.730217] page_type: f5(slab) [ 22.730536] raw: 0200000000000000 ffff888100041000 dead000000000100 dead000000000122 [ 22.731107] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 22.731336] page dumped because: kasan: bad access detected [ 22.731695] [ 22.731833] Memory state around the buggy address: [ 22.732298] ffff888101ba5c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.732565] ffff888101ba5d00: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 22.732982] >ffff888101ba5d80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 22.733318] ^ [ 22.733976] ffff888101ba5e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.734484] ffff888101ba5e80: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.734892] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 22.631525] ================================================================== [ 22.631953] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x3e3/0x510 [ 22.632960] Read of size 1 at addr ffff8881023c7000 by task kunit_try_catch/242 [ 22.633519] [ 22.633800] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 22.633884] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.633898] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.633921] Call Trace: [ 22.633937] <TASK> [ 22.633957] dump_stack_lvl+0x73/0xb0 [ 22.633994] print_report+0xd1/0x650 [ 22.634025] ? __virt_addr_valid+0x1db/0x2d0 [ 22.634053] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 22.634078] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.634473] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 22.634513] kasan_report+0x141/0x180 [ 22.634542] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 22.634567] __asan_report_load1_noabort+0x18/0x20 [ 22.634589] kmem_cache_rcu_uaf+0x3e3/0x510 [ 22.634609] ? __pfx_kmem_cache_rcu_uaf+0x10/0x10 [ 22.634628] ? finish_task_switch.isra.0+0x153/0x700 [ 22.634650] ? __switch_to+0x47/0xf50 [ 22.634676] ? __pfx_read_tsc+0x10/0x10 [ 22.634695] ? ktime_get_ts64+0x86/0x230 [ 22.634718] kunit_try_run_case+0x1a5/0x480 [ 22.634741] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.634760] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.634780] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.634800] ? __kthread_parkme+0x82/0x180 [ 22.634818] ? preempt_count_sub+0x50/0x80 [ 22.634869] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.634895] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.634916] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.634937] kthread+0x337/0x6f0 [ 22.634954] ? trace_preempt_on+0x20/0xc0 [ 22.634975] ? __pfx_kthread+0x10/0x10 [ 22.634993] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.635011] ? calculate_sigpending+0x7b/0xa0 [ 22.635033] ? __pfx_kthread+0x10/0x10 [ 22.635051] ret_from_fork+0x116/0x1d0 [ 22.635068] ? __pfx_kthread+0x10/0x10 [ 22.635116] ret_from_fork_asm+0x1a/0x30 [ 22.635166] </TASK> [ 22.635182] [ 22.645464] Allocated by task 242: [ 22.645735] kasan_save_stack+0x45/0x70 [ 22.646030] kasan_save_track+0x18/0x40 [ 22.646759] kasan_save_alloc_info+0x3b/0x50 [ 22.647309] __kasan_slab_alloc+0x91/0xa0 [ 22.647608] kmem_cache_alloc_noprof+0x123/0x3f0 [ 22.647944] kmem_cache_rcu_uaf+0x155/0x510 [ 22.648179] kunit_try_run_case+0x1a5/0x480 [ 22.648338] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.648858] kthread+0x337/0x6f0 [ 22.649251] ret_from_fork+0x116/0x1d0 [ 22.649588] ret_from_fork_asm+0x1a/0x30 [ 22.649885] [ 22.650052] Freed by task 0: [ 22.650594] kasan_save_stack+0x45/0x70 [ 22.650930] kasan_save_track+0x18/0x40 [ 22.651301] kasan_save_free_info+0x3f/0x60 [ 22.651629] __kasan_slab_free+0x56/0x70 [ 22.651939] slab_free_after_rcu_debug+0xe4/0x310 [ 22.652437] rcu_core+0x66f/0x1c40 [ 22.652667] rcu_core_si+0x12/0x20 [ 22.652812] handle_softirqs+0x209/0x730 [ 22.652993] __irq_exit_rcu+0xc9/0x110 [ 22.653359] irq_exit_rcu+0x12/0x20 [ 22.653629] sysvec_apic_timer_interrupt+0x81/0x90 [ 22.653977] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 22.654764] [ 22.654955] Last potentially related work creation: [ 22.655268] kasan_save_stack+0x45/0x70 [ 22.655675] kasan_record_aux_stack+0xb2/0xc0 [ 22.656037] kmem_cache_free+0x131/0x420 [ 22.656512] kmem_cache_rcu_uaf+0x194/0x510 [ 22.656727] kunit_try_run_case+0x1a5/0x480 [ 22.656977] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.657499] kthread+0x337/0x6f0 [ 22.657697] ret_from_fork+0x116/0x1d0 [ 22.657922] ret_from_fork_asm+0x1a/0x30 [ 22.658606] [ 22.658791] The buggy address belongs to the object at ffff8881023c7000 [ 22.658791] which belongs to the cache test_cache of size 200 [ 22.659576] The buggy address is located 0 bytes inside of [ 22.659576] freed 200-byte region [ffff8881023c7000, ffff8881023c70c8) [ 22.660346] [ 22.660553] The buggy address belongs to the physical page: [ 22.660942] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1023c7 [ 22.661478] flags: 0x200000000000000(node=0|zone=2) [ 22.661887] page_type: f5(slab) [ 22.662617] raw: 0200000000000000 ffff8881023c4000 dead000000000122 0000000000000000 [ 22.663197] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 22.663571] page dumped because: kasan: bad access detected [ 22.663817] [ 22.663951] Memory state around the buggy address: [ 22.664562] ffff8881023c6f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.664815] ffff8881023c6f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.665578] >ffff8881023c7000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.666429] ^ [ 22.666678] ffff8881023c7080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 22.666921] ffff8881023c7100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.667373] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 22.570766] ================================================================== [ 22.571920] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 22.572490] Free of addr ffff888102c0f001 by task kunit_try_catch/240 [ 22.573061] [ 22.573410] CPU: 1 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 22.573504] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.573524] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.573559] Call Trace: [ 22.573585] <TASK> [ 22.573620] dump_stack_lvl+0x73/0xb0 [ 22.573683] print_report+0xd1/0x650 [ 22.573721] ? __virt_addr_valid+0x1db/0x2d0 [ 22.573760] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.573781] ? kmem_cache_invalid_free+0x1d8/0x460 [ 22.573802] kasan_report_invalid_free+0x10a/0x130 [ 22.573822] ? kmem_cache_invalid_free+0x1d8/0x460 [ 22.573866] ? kmem_cache_invalid_free+0x1d8/0x460 [ 22.573890] check_slab_allocation+0x11f/0x130 [ 22.573909] __kasan_slab_pre_free+0x28/0x40 [ 22.573926] kmem_cache_free+0xed/0x420 [ 22.573943] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 22.573963] ? kmem_cache_invalid_free+0x1d8/0x460 [ 22.573985] kmem_cache_invalid_free+0x1d8/0x460 [ 22.574006] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 22.574038] ? finish_task_switch.isra.0+0x153/0x700 [ 22.574059] ? __switch_to+0x47/0xf50 [ 22.574116] ? __pfx_read_tsc+0x10/0x10 [ 22.574158] ? ktime_get_ts64+0x86/0x230 [ 22.574199] kunit_try_run_case+0x1a5/0x480 [ 22.574236] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.574269] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.574304] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.574336] ? __kthread_parkme+0x82/0x180 [ 22.574366] ? preempt_count_sub+0x50/0x80 [ 22.574418] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.574453] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.574487] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.574520] kthread+0x337/0x6f0 [ 22.574542] ? trace_preempt_on+0x20/0xc0 [ 22.574566] ? __pfx_kthread+0x10/0x10 [ 22.574584] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.574603] ? calculate_sigpending+0x7b/0xa0 [ 22.574625] ? __pfx_kthread+0x10/0x10 [ 22.574644] ret_from_fork+0x116/0x1d0 [ 22.574662] ? __pfx_kthread+0x10/0x10 [ 22.574680] ret_from_fork_asm+0x1a/0x30 [ 22.574709] </TASK> [ 22.574722] [ 22.586750] Allocated by task 240: [ 22.587063] kasan_save_stack+0x45/0x70 [ 22.587611] kasan_save_track+0x18/0x40 [ 22.587901] kasan_save_alloc_info+0x3b/0x50 [ 22.588318] __kasan_slab_alloc+0x91/0xa0 [ 22.588576] kmem_cache_alloc_noprof+0x123/0x3f0 [ 22.588868] kmem_cache_invalid_free+0x157/0x460 [ 22.589475] kunit_try_run_case+0x1a5/0x480 [ 22.589724] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.590204] kthread+0x337/0x6f0 [ 22.590366] ret_from_fork+0x116/0x1d0 [ 22.590518] ret_from_fork_asm+0x1a/0x30 [ 22.590660] [ 22.590742] The buggy address belongs to the object at ffff888102c0f000 [ 22.590742] which belongs to the cache test_cache of size 200 [ 22.591653] The buggy address is located 1 bytes inside of [ 22.591653] 200-byte region [ffff888102c0f000, ffff888102c0f0c8) [ 22.592255] [ 22.592428] The buggy address belongs to the physical page: [ 22.593107] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c0f [ 22.593644] flags: 0x200000000000000(node=0|zone=2) [ 22.594040] page_type: f5(slab) [ 22.594692] raw: 0200000000000000 ffff888101ba5c80 dead000000000122 0000000000000000 [ 22.595065] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 22.595693] page dumped because: kasan: bad access detected [ 22.596064] [ 22.596501] Memory state around the buggy address: [ 22.596746] ffff888102c0ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.597435] ffff888102c0ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.598153] >ffff888102c0f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.598469] ^ [ 22.598725] ffff888102c0f080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 22.599947] ffff888102c0f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.600354] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 21.257190] ================================================================== [ 21.257695] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 21.258127] Read of size 1 at addr ffff888103a20000 by task kunit_try_catch/183 [ 21.258728] [ 21.259124] CPU: 0 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 21.259212] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.259234] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.259263] Call Trace: [ 21.259284] <TASK> [ 21.259308] dump_stack_lvl+0x73/0xb0 [ 21.259353] print_report+0xd1/0x650 [ 21.259401] ? __virt_addr_valid+0x1db/0x2d0 [ 21.259424] ? page_alloc_uaf+0x356/0x3d0 [ 21.259443] ? kasan_addr_to_slab+0x11/0xa0 [ 21.259460] ? page_alloc_uaf+0x356/0x3d0 [ 21.259478] kasan_report+0x141/0x180 [ 21.259497] ? page_alloc_uaf+0x356/0x3d0 [ 21.259519] __asan_report_load1_noabort+0x18/0x20 [ 21.259539] page_alloc_uaf+0x356/0x3d0 [ 21.259557] ? __pfx_page_alloc_uaf+0x10/0x10 [ 21.259577] ? __schedule+0x10cc/0x2b60 [ 21.259595] ? __pfx_read_tsc+0x10/0x10 [ 21.259613] ? ktime_get_ts64+0x86/0x230 [ 21.259634] kunit_try_run_case+0x1a5/0x480 [ 21.259655] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.259675] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.259693] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.259712] ? __kthread_parkme+0x82/0x180 [ 21.259729] ? preempt_count_sub+0x50/0x80 [ 21.259749] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.259769] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.259789] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.259809] kthread+0x337/0x6f0 [ 21.259825] ? trace_preempt_on+0x20/0xc0 [ 21.259855] ? __pfx_kthread+0x10/0x10 [ 21.259872] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.259889] ? calculate_sigpending+0x7b/0xa0 [ 21.259910] ? __pfx_kthread+0x10/0x10 [ 21.259928] ret_from_fork+0x116/0x1d0 [ 21.259943] ? __pfx_kthread+0x10/0x10 [ 21.259961] ret_from_fork_asm+0x1a/0x30 [ 21.259988] </TASK> [ 21.259998] [ 21.270777] The buggy address belongs to the physical page: [ 21.271170] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a20 [ 21.271426] flags: 0x200000000000000(node=0|zone=2) [ 21.272729] page_type: f0(buddy) [ 21.273080] raw: 0200000000000000 ffff88817fffb4a8 ffff88817fffb4a8 0000000000000000 [ 21.273325] raw: 0000000000000000 0000000000000005 00000000f0000000 0000000000000000 [ 21.273991] page dumped because: kasan: bad access detected [ 21.274207] [ 21.274802] Memory state around the buggy address: [ 21.275182] ffff888103a1ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.275763] ffff888103a1ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.276440] >ffff888103a20000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.276936] ^ [ 21.277185] ffff888103a20080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.277876] ffff888103a20100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.278551] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-kfree
[ 21.224074] ================================================================== [ 21.224886] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 21.225339] Free of addr ffff888102990001 by task kunit_try_catch/179 [ 21.225577] [ 21.225758] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 21.225872] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.225894] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.225925] Call Trace: [ 21.225949] <TASK> [ 21.225974] dump_stack_lvl+0x73/0xb0 [ 21.226038] print_report+0xd1/0x650 [ 21.226218] ? __virt_addr_valid+0x1db/0x2d0 [ 21.226265] ? kasan_addr_to_slab+0x11/0xa0 [ 21.226296] ? kfree+0x274/0x3f0 [ 21.226356] kasan_report_invalid_free+0x10a/0x130 [ 21.226412] ? kfree+0x274/0x3f0 [ 21.226450] ? kfree+0x274/0x3f0 [ 21.226482] __kasan_kfree_large+0x86/0xd0 [ 21.226512] free_large_kmalloc+0x52/0x110 [ 21.226548] kfree+0x274/0x3f0 [ 21.226591] kmalloc_large_invalid_free+0x120/0x2b0 [ 21.226622] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 21.226643] ? __schedule+0x10cc/0x2b60 [ 21.226661] ? __pfx_read_tsc+0x10/0x10 [ 21.226679] ? ktime_get_ts64+0x86/0x230 [ 21.226699] kunit_try_run_case+0x1a5/0x480 [ 21.226719] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.226737] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.226755] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.226773] ? __kthread_parkme+0x82/0x180 [ 21.226790] ? preempt_count_sub+0x50/0x80 [ 21.226809] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.226873] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.226916] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.226955] kthread+0x337/0x6f0 [ 21.226975] ? trace_preempt_on+0x20/0xc0 [ 21.226995] ? __pfx_kthread+0x10/0x10 [ 21.227012] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.227029] ? calculate_sigpending+0x7b/0xa0 [ 21.227047] ? __pfx_kthread+0x10/0x10 [ 21.227065] ret_from_fork+0x116/0x1d0 [ 21.227080] ? __pfx_kthread+0x10/0x10 [ 21.227366] ret_from_fork_asm+0x1a/0x30 [ 21.227418] </TASK> [ 21.227431] [ 21.239081] The buggy address belongs to the physical page: [ 21.239929] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102990 [ 21.240286] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.240643] flags: 0x200000000000040(head|node=0|zone=2) [ 21.240886] page_type: f8(unknown) [ 21.241491] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.241853] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.242328] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.242939] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.243559] head: 0200000000000002 ffffea00040a6401 00000000ffffffff 00000000ffffffff [ 21.244045] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.244750] page dumped because: kasan: bad access detected [ 21.245107] [ 21.245226] Memory state around the buggy address: [ 21.245540] ffff88810298ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.245858] ffff88810298ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.246212] >ffff888102990000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.246556] ^ [ 21.246789] ffff888102990080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.247145] ffff888102990100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.247758] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 21.198748] ================================================================== [ 21.199709] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f1/0x340 [ 21.200605] Read of size 1 at addr ffff888102990000 by task kunit_try_catch/177 [ 21.201527] [ 21.201837] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 21.201894] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.201905] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.201924] Call Trace: [ 21.201943] <TASK> [ 21.201968] dump_stack_lvl+0x73/0xb0 [ 21.202032] print_report+0xd1/0x650 [ 21.202073] ? __virt_addr_valid+0x1db/0x2d0 [ 21.202122] ? kmalloc_large_uaf+0x2f1/0x340 [ 21.202285] ? kasan_addr_to_slab+0x11/0xa0 [ 21.202308] ? kmalloc_large_uaf+0x2f1/0x340 [ 21.202328] kasan_report+0x141/0x180 [ 21.202348] ? kmalloc_large_uaf+0x2f1/0x340 [ 21.202370] __asan_report_load1_noabort+0x18/0x20 [ 21.202424] kmalloc_large_uaf+0x2f1/0x340 [ 21.202454] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 21.202483] ? __schedule+0x10cc/0x2b60 [ 21.202518] ? __pfx_read_tsc+0x10/0x10 [ 21.202539] ? ktime_get_ts64+0x86/0x230 [ 21.202563] kunit_try_run_case+0x1a5/0x480 [ 21.202586] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.202605] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.202625] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.202645] ? __kthread_parkme+0x82/0x180 [ 21.202664] ? preempt_count_sub+0x50/0x80 [ 21.202685] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.202706] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.202726] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.202747] kthread+0x337/0x6f0 [ 21.202765] ? trace_preempt_on+0x20/0xc0 [ 21.202785] ? __pfx_kthread+0x10/0x10 [ 21.202804] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.202822] ? calculate_sigpending+0x7b/0xa0 [ 21.202857] ? __pfx_kthread+0x10/0x10 [ 21.202876] ret_from_fork+0x116/0x1d0 [ 21.202891] ? __pfx_kthread+0x10/0x10 [ 21.202908] ret_from_fork_asm+0x1a/0x30 [ 21.202934] </TASK> [ 21.202945] [ 21.213873] The buggy address belongs to the physical page: [ 21.214239] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102990 [ 21.214847] flags: 0x200000000000000(node=0|zone=2) [ 21.215402] raw: 0200000000000000 ffffea00040a6508 ffff88815b139fc0 0000000000000000 [ 21.215816] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 21.216581] page dumped because: kasan: bad access detected [ 21.216992] [ 21.217328] Memory state around the buggy address: [ 21.217628] ffff88810298ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.218284] ffff88810298ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.218683] >ffff888102990000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.219194] ^ [ 21.219492] ffff888102990080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.219863] ffff888102990100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.220579] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 21.172030] ================================================================== [ 21.172552] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 21.173145] Write of size 1 at addr ffff88810282e00a by task kunit_try_catch/175 [ 21.173403] [ 21.173516] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 21.173995] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.174025] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.174048] Call Trace: [ 21.174064] <TASK> [ 21.174081] dump_stack_lvl+0x73/0xb0 [ 21.174114] print_report+0xd1/0x650 [ 21.174134] ? __virt_addr_valid+0x1db/0x2d0 [ 21.174155] ? kmalloc_large_oob_right+0x2e9/0x330 [ 21.174173] ? kasan_addr_to_slab+0x11/0xa0 [ 21.174190] ? kmalloc_large_oob_right+0x2e9/0x330 [ 21.174209] kasan_report+0x141/0x180 [ 21.174227] ? kmalloc_large_oob_right+0x2e9/0x330 [ 21.174251] __asan_report_store1_noabort+0x1b/0x30 [ 21.174273] kmalloc_large_oob_right+0x2e9/0x330 [ 21.174293] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 21.174314] ? __schedule+0x10cc/0x2b60 [ 21.174334] ? __pfx_read_tsc+0x10/0x10 [ 21.174353] ? ktime_get_ts64+0x86/0x230 [ 21.174375] kunit_try_run_case+0x1a5/0x480 [ 21.174431] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.174471] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.174511] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.174554] ? __kthread_parkme+0x82/0x180 [ 21.174594] ? preempt_count_sub+0x50/0x80 [ 21.174629] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.174652] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.174675] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.174697] kthread+0x337/0x6f0 [ 21.174714] ? trace_preempt_on+0x20/0xc0 [ 21.174735] ? __pfx_kthread+0x10/0x10 [ 21.174754] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.174773] ? calculate_sigpending+0x7b/0xa0 [ 21.174794] ? __pfx_kthread+0x10/0x10 [ 21.174814] ret_from_fork+0x116/0x1d0 [ 21.174835] ? __pfx_kthread+0x10/0x10 [ 21.174875] ret_from_fork_asm+0x1a/0x30 [ 21.174906] </TASK> [ 21.174917] [ 21.183994] The buggy address belongs to the physical page: [ 21.185252] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10282c [ 21.185686] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.186202] flags: 0x200000000000040(head|node=0|zone=2) [ 21.186634] page_type: f8(unknown) [ 21.186767] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.187335] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.187943] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.188481] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.188949] head: 0200000000000002 ffffea00040a0b01 00000000ffffffff 00000000ffffffff [ 21.189469] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.190117] page dumped because: kasan: bad access detected [ 21.190509] [ 21.190609] Memory state around the buggy address: [ 21.190919] ffff88810282df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.191636] ffff88810282df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.192176] >ffff88810282e000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.192433] ^ [ 21.192685] ffff88810282e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.193422] ffff88810282e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.193717] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 21.144102] ================================================================== [ 21.144543] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 21.145149] Write of size 1 at addr ffff8881039c9f00 by task kunit_try_catch/173 [ 21.145570] [ 21.145768] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 21.145847] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.146239] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.146272] Call Trace: [ 21.146288] <TASK> [ 21.146306] dump_stack_lvl+0x73/0xb0 [ 21.146343] print_report+0xd1/0x650 [ 21.146364] ? __virt_addr_valid+0x1db/0x2d0 [ 21.146405] ? kmalloc_big_oob_right+0x316/0x370 [ 21.146427] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.146451] ? kmalloc_big_oob_right+0x316/0x370 [ 21.146472] kasan_report+0x141/0x180 [ 21.146492] ? kmalloc_big_oob_right+0x316/0x370 [ 21.146516] __asan_report_store1_noabort+0x1b/0x30 [ 21.146539] kmalloc_big_oob_right+0x316/0x370 [ 21.146560] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 21.146581] ? __schedule+0x10cc/0x2b60 [ 21.146601] ? __pfx_read_tsc+0x10/0x10 [ 21.146622] ? ktime_get_ts64+0x86/0x230 [ 21.146646] kunit_try_run_case+0x1a5/0x480 [ 21.146670] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.146691] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.146711] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.146732] ? __kthread_parkme+0x82/0x180 [ 21.146751] ? preempt_count_sub+0x50/0x80 [ 21.146773] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.146795] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.146816] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.146864] kthread+0x337/0x6f0 [ 21.146884] ? trace_preempt_on+0x20/0xc0 [ 21.146907] ? __pfx_kthread+0x10/0x10 [ 21.146925] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.146944] ? calculate_sigpending+0x7b/0xa0 [ 21.146966] ? __pfx_kthread+0x10/0x10 [ 21.146986] ret_from_fork+0x116/0x1d0 [ 21.147003] ? __pfx_kthread+0x10/0x10 [ 21.147021] ret_from_fork_asm+0x1a/0x30 [ 21.147051] </TASK> [ 21.147063] [ 21.155301] Allocated by task 173: [ 21.155573] kasan_save_stack+0x45/0x70 [ 21.155734] kasan_save_track+0x18/0x40 [ 21.156074] kasan_save_alloc_info+0x3b/0x50 [ 21.156409] __kasan_kmalloc+0xb7/0xc0 [ 21.156691] __kmalloc_cache_noprof+0x189/0x420 [ 21.157072] kmalloc_big_oob_right+0xa9/0x370 [ 21.157310] kunit_try_run_case+0x1a5/0x480 [ 21.157558] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.157974] kthread+0x337/0x6f0 [ 21.158283] ret_from_fork+0x116/0x1d0 [ 21.158618] ret_from_fork_asm+0x1a/0x30 [ 21.158956] [ 21.159134] The buggy address belongs to the object at ffff8881039c8000 [ 21.159134] which belongs to the cache kmalloc-8k of size 8192 [ 21.159730] The buggy address is located 0 bytes to the right of [ 21.159730] allocated 7936-byte region [ffff8881039c8000, ffff8881039c9f00) [ 21.160444] [ 21.160637] The buggy address belongs to the physical page: [ 21.160958] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039c8 [ 21.161335] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.161747] flags: 0x200000000000040(head|node=0|zone=2) [ 21.162110] page_type: f5(slab) [ 21.162398] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 21.162874] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 21.163288] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 21.163634] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 21.163957] head: 0200000000000003 ffffea00040e7201 00000000ffffffff 00000000ffffffff [ 21.164358] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 21.164729] page dumped because: kasan: bad access detected [ 21.165112] [ 21.165260] Memory state around the buggy address: [ 21.165539] ffff8881039c9e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.165804] ffff8881039c9e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.166330] >ffff8881039c9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.166789] ^ [ 21.166973] ffff8881039c9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.167413] ffff8881039ca000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.167646] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 21.111456] ================================================================== [ 21.112490] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 21.113189] Write of size 1 at addr ffff8881023ac278 by task kunit_try_catch/171 [ 21.113843] [ 21.114206] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 21.114306] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.114328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.114359] Call Trace: [ 21.114398] <TASK> [ 21.114433] dump_stack_lvl+0x73/0xb0 [ 21.114503] print_report+0xd1/0x650 [ 21.114545] ? __virt_addr_valid+0x1db/0x2d0 [ 21.114572] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 21.114595] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.114619] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 21.114642] kasan_report+0x141/0x180 [ 21.114663] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 21.114690] __asan_report_store1_noabort+0x1b/0x30 [ 21.114712] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 21.114735] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 21.114759] ? __schedule+0x10cc/0x2b60 [ 21.114779] ? __pfx_read_tsc+0x10/0x10 [ 21.114798] ? ktime_get_ts64+0x86/0x230 [ 21.114821] kunit_try_run_case+0x1a5/0x480 [ 21.114864] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.114885] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.114906] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.114926] ? __kthread_parkme+0x82/0x180 [ 21.114945] ? preempt_count_sub+0x50/0x80 [ 21.114967] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.114987] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.115007] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.115026] kthread+0x337/0x6f0 [ 21.115043] ? trace_preempt_on+0x20/0xc0 [ 21.115063] ? __pfx_kthread+0x10/0x10 [ 21.115088] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.115115] ? calculate_sigpending+0x7b/0xa0 [ 21.115144] ? __pfx_kthread+0x10/0x10 [ 21.115172] ret_from_fork+0x116/0x1d0 [ 21.115198] ? __pfx_kthread+0x10/0x10 [ 21.115221] ret_from_fork_asm+0x1a/0x30 [ 21.115248] </TASK> [ 21.115259] [ 21.125773] Allocated by task 171: [ 21.126214] kasan_save_stack+0x45/0x70 [ 21.126591] kasan_save_track+0x18/0x40 [ 21.126963] kasan_save_alloc_info+0x3b/0x50 [ 21.127414] __kasan_kmalloc+0xb7/0xc0 [ 21.127793] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 21.128259] kmalloc_track_caller_oob_right+0x19a/0x520 [ 21.128730] kunit_try_run_case+0x1a5/0x480 [ 21.129421] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.129787] kthread+0x337/0x6f0 [ 21.130223] ret_from_fork+0x116/0x1d0 [ 21.130643] ret_from_fork_asm+0x1a/0x30 [ 21.130864] [ 21.131105] The buggy address belongs to the object at ffff8881023ac200 [ 21.131105] which belongs to the cache kmalloc-128 of size 128 [ 21.131653] The buggy address is located 0 bytes to the right of [ 21.131653] allocated 120-byte region [ffff8881023ac200, ffff8881023ac278) [ 21.132200] [ 21.132298] The buggy address belongs to the physical page: [ 21.132661] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1023ac [ 21.133084] flags: 0x200000000000000(node=0|zone=2) [ 21.133339] page_type: f5(slab) [ 21.133993] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 21.134742] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.135055] page dumped because: kasan: bad access detected [ 21.135587] [ 21.135736] Memory state around the buggy address: [ 21.135992] ffff8881023ac100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.136533] ffff8881023ac180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.136887] >ffff8881023ac200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.137563] ^ [ 21.138144] ffff8881023ac280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.138777] ffff8881023ac300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.139373] ================================================================== [ 21.083735] ================================================================== [ 21.084141] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 21.084651] Write of size 1 at addr ffff8881023ac178 by task kunit_try_catch/171 [ 21.085558] [ 21.085790] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 21.085873] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.085896] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.085931] Call Trace: [ 21.085950] <TASK> [ 21.085967] dump_stack_lvl+0x73/0xb0 [ 21.085998] print_report+0xd1/0x650 [ 21.086031] ? __virt_addr_valid+0x1db/0x2d0 [ 21.086055] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 21.086230] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.086284] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 21.086322] kasan_report+0x141/0x180 [ 21.086358] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 21.086469] __asan_report_store1_noabort+0x1b/0x30 [ 21.086513] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 21.086558] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 21.086584] ? __schedule+0x10cc/0x2b60 [ 21.086605] ? __pfx_read_tsc+0x10/0x10 [ 21.086626] ? ktime_get_ts64+0x86/0x230 [ 21.086649] kunit_try_run_case+0x1a5/0x480 [ 21.086672] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.086693] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.086714] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.086735] ? __kthread_parkme+0x82/0x180 [ 21.086754] ? preempt_count_sub+0x50/0x80 [ 21.086776] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.086799] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.086820] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.086859] kthread+0x337/0x6f0 [ 21.086880] ? trace_preempt_on+0x20/0xc0 [ 21.086902] ? __pfx_kthread+0x10/0x10 [ 21.086921] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.086941] ? calculate_sigpending+0x7b/0xa0 [ 21.086964] ? __pfx_kthread+0x10/0x10 [ 21.086984] ret_from_fork+0x116/0x1d0 [ 21.086999] ? __pfx_kthread+0x10/0x10 [ 21.087017] ret_from_fork_asm+0x1a/0x30 [ 21.087044] </TASK> [ 21.087056] [ 21.097417] Allocated by task 171: [ 21.097570] kasan_save_stack+0x45/0x70 [ 21.097720] kasan_save_track+0x18/0x40 [ 21.098188] kasan_save_alloc_info+0x3b/0x50 [ 21.098578] __kasan_kmalloc+0xb7/0xc0 [ 21.098968] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 21.099536] kmalloc_track_caller_oob_right+0x99/0x520 [ 21.099977] kunit_try_run_case+0x1a5/0x480 [ 21.100583] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.100962] kthread+0x337/0x6f0 [ 21.101193] ret_from_fork+0x116/0x1d0 [ 21.101476] ret_from_fork_asm+0x1a/0x30 [ 21.101645] [ 21.101731] The buggy address belongs to the object at ffff8881023ac100 [ 21.101731] which belongs to the cache kmalloc-128 of size 128 [ 21.102882] The buggy address is located 0 bytes to the right of [ 21.102882] allocated 120-byte region [ffff8881023ac100, ffff8881023ac178) [ 21.103675] [ 21.103825] The buggy address belongs to the physical page: [ 21.104320] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1023ac [ 21.104861] flags: 0x200000000000000(node=0|zone=2) [ 21.105372] page_type: f5(slab) [ 21.105643] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 21.106293] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.106696] page dumped because: kasan: bad access detected [ 21.106981] [ 21.107336] Memory state around the buggy address: [ 21.107544] ffff8881023ac000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.108009] ffff8881023ac080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.108630] >ffff8881023ac100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.109012] ^ [ 21.109506] ffff8881023ac180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.109916] ffff8881023ac200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.110461] ==================================================================
Failure - log-parser-boot - exception-warning-libmathint_log-at-intlog10
------------[ cut here ]------------ [ 120.562940] WARNING: lib/math/int_log.c:120 at intlog10+0x2a/0x40, CPU#0: kunit_try_catch/687 [ 120.563464] Modules linked in: [ 120.563745] CPU: 0 UID: 0 PID: 687 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 120.564312] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 120.565461] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 120.566472] RIP: 0010:intlog10+0x2a/0x40 [ 120.566700] Code: f3 0f 1e fa 0f 1f 44 00 00 85 ff 74 1c 55 48 89 e5 e8 ca fe ff ff 5d 89 c0 48 69 c0 a1 26 88 26 48 c1 e8 1f e9 87 5c 8a 02 90 <0f> 0b 90 31 c0 e9 7c 5c 8a 02 66 2e 0f 1f 84 00 00 00 00 00 66 90 [ 120.567440] RSP: 0000:ffff88810c137cb0 EFLAGS: 00010246 [ 120.567733] RAX: 0000000000000000 RBX: ffff88810039fae8 RCX: 1ffff11021826fb4 [ 120.568072] RDX: 1ffffffff735314c RSI: 1ffff11021826fb3 RDI: 0000000000000000 [ 120.568334] RBP: ffff88810c137d60 R08: 0000000000000000 R09: ffffed1020458e40 [ 120.568986] R10: ffff8881022c7207 R11: 0000000000000000 R12: 1ffff11021826f97 [ 120.569575] R13: ffffffffb9a98a60 R14: 0000000000000000 R15: ffff88810c137d38 [ 120.570026] FS: 0000000000000000(0000) GS:ffff88819f455000(0000) knlGS:0000000000000000 [ 120.570384] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 120.570777] CR2: dffffc0000000000 CR3: 00000000132bc000 CR4: 00000000000006f0 [ 120.571106] DR0: ffffffffbbc71480 DR1: ffffffffbbc71481 DR2: ffffffffbbc71482 [ 120.571520] DR3: ffffffffbbc71483 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 120.571746] Call Trace: [ 120.571961] <TASK> [ 120.572237] ? intlog10_test+0xf2/0x220 [ 120.572563] ? __pfx_intlog10_test+0x10/0x10 [ 120.572740] ? __pfx_intlog10_test+0x10/0x10 [ 120.573069] kunit_try_run_case+0x1a5/0x480 [ 120.573464] ? __pfx_kunit_try_run_case+0x10/0x10 [ 120.573719] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 120.573943] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 120.574335] ? __kthread_parkme+0x82/0x180 [ 120.574555] ? preempt_count_sub+0x50/0x80 [ 120.574934] ? __pfx_kunit_try_run_case+0x10/0x10 [ 120.575316] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 120.575556] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 120.575763] kthread+0x337/0x6f0 [ 120.575942] ? trace_preempt_on+0x20/0xc0 [ 120.576356] ? __pfx_kthread+0x10/0x10 [ 120.576657] ? _raw_spin_unlock_irq+0x47/0x80 [ 120.576988] ? calculate_sigpending+0x7b/0xa0 [ 120.577422] ? __pfx_kthread+0x10/0x10 [ 120.577652] ret_from_fork+0x116/0x1d0 [ 120.577845] ? __pfx_kthread+0x10/0x10 [ 120.578214] ret_from_fork_asm+0x1a/0x30 [ 120.578565] </TASK> [ 120.578752] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-warning-libmathint_log-at-intlog2
------------[ cut here ]------------ [ 120.511265] WARNING: lib/math/int_log.c:63 at intlog2+0xdf/0x110, CPU#0: kunit_try_catch/669 [ 120.512724] Modules linked in: [ 120.513520] CPU: 0 UID: 0 PID: 669 Comm: kunit_try_catch Tainted: G B D N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 120.514219] Tainted: [B]=BAD_PAGE, [D]=DIE, [N]=TEST [ 120.514448] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 120.514882] RIP: 0010:intlog2+0xdf/0x110 [ 120.515369] Code: a9 b9 c1 e0 18 48 83 c4 08 89 d1 c1 e2 08 29 cb 01 d0 0f b7 db 41 0f af dc c1 eb 0f 01 d8 5b 41 5c 41 5d 5d c3 cc cc cc cc 90 <0f> 0b 90 31 c0 c3 cc cc cc cc 89 45 e4 e8 af f8 55 ff 8b 45 e4 eb [ 120.516009] RSP: 0000:ffff88810bf9fcb0 EFLAGS: 00010246 [ 120.516715] RAX: 0000000000000000 RBX: ffff88810039fae8 RCX: 1ffff110217f3fb4 [ 120.517013] RDX: 1ffffffff73531a0 RSI: 1ffff110217f3fb3 RDI: 0000000000000000 [ 120.517435] RBP: ffff88810bf9fd60 R08: 0000000000000000 R09: ffffed1020145140 [ 120.517916] R10: ffff888100a28a07 R11: 0000000000000000 R12: 1ffff110217f3f97 [ 120.518482] R13: ffffffffb9a98d00 R14: 0000000000000000 R15: ffff88810bf9fd38 [ 120.519086] FS: 0000000000000000(0000) GS:ffff88819f455000(0000) knlGS:0000000000000000 [ 120.519572] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 120.520404] CR2: dffffc0000000000 CR3: 00000000132bc000 CR4: 00000000000006f0 [ 120.520734] DR0: ffffffffbbc71480 DR1: ffffffffbbc71481 DR2: ffffffffbbc71482 [ 120.521230] DR3: ffffffffbbc71483 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 120.522194] Call Trace: [ 120.522356] <TASK> [ 120.522460] ? intlog2_test+0xf2/0x220 [ 120.522630] ? __pfx_intlog2_test+0x10/0x10 [ 120.522784] ? __schedule+0x10cc/0x2b60 [ 120.522932] ? __pfx_read_tsc+0x10/0x10 [ 120.523402] ? ktime_get_ts64+0x86/0x230 [ 120.523768] kunit_try_run_case+0x1a5/0x480 [ 120.524043] ? __pfx_kunit_try_run_case+0x10/0x10 [ 120.524358] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 120.524518] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 120.524673] ? __kthread_parkme+0x82/0x180 [ 120.524810] ? preempt_count_sub+0x50/0x80 [ 120.524979] ? __pfx_kunit_try_run_case+0x10/0x10 [ 120.525148] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 120.525514] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 120.526570] kthread+0x337/0x6f0 [ 120.526933] ? trace_preempt_on+0x20/0xc0 [ 120.527235] ? __pfx_kthread+0x10/0x10 [ 120.527685] ? _raw_spin_unlock_irq+0x47/0x80 [ 120.528165] ? calculate_sigpending+0x7b/0xa0 [ 120.528404] ? __pfx_kthread+0x10/0x10 [ 120.528917] ret_from_fork+0x116/0x1d0 [ 120.529676] ? __pfx_kthread+0x10/0x10 [ 120.530058] ret_from_fork_asm+0x1a/0x30 [ 120.530278] </TASK> [ 120.530736] ---[ end trace 0000000000000000 ]---
Failure - kunit - drm_test_sysfb_build_fourcc_list_drm_sysfb_modeset_test
<8>[ 323.214882] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_sysfb_build_fourcc_list_drm_sysfb_modeset_test RESULT=fail>
Failure - kunit - drm_test_sysfb_build_fourcc_list_drm_test_sysfb_build_fourcc_list
<8>[ 323.087891] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_sysfb_build_fourcc_list_drm_test_sysfb_build_fourcc_list RESULT=fail>
Failure - kunit - drm_test_sysfb_build_fourcc_list_randomformats
<8>[ 322.960778] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_sysfb_build_fourcc_list_randomformats RESULT=fail>