Date
June 24, 2025, 11:37 a.m.
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 29.065365] ================================================================== [ 29.066243] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 29.066982] Write of size 2 at addr ffff888102dcf977 by task kunit_try_catch/202 [ 29.067950] [ 29.068649] CPU: 0 UID: 0 PID: 202 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 29.068848] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.068887] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.068922] Call Trace: [ 29.068963] <TASK> [ 29.068995] dump_stack_lvl+0x73/0xb0 [ 29.069041] print_report+0xd1/0x650 [ 29.069122] ? __virt_addr_valid+0x1db/0x2d0 [ 29.069176] ? kmalloc_oob_memset_2+0x166/0x330 [ 29.069222] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.069278] ? kmalloc_oob_memset_2+0x166/0x330 [ 29.069325] kasan_report+0x141/0x180 [ 29.069373] ? kmalloc_oob_memset_2+0x166/0x330 [ 29.069426] kasan_check_range+0x10c/0x1c0 [ 29.069459] __asan_memset+0x27/0x50 [ 29.069491] kmalloc_oob_memset_2+0x166/0x330 [ 29.069520] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 29.069574] ? __schedule+0x10cc/0x2b60 [ 29.069608] ? __pfx_read_tsc+0x10/0x10 [ 29.069642] ? ktime_get_ts64+0x86/0x230 [ 29.069697] kunit_try_run_case+0x1a5/0x480 [ 29.069732] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.069761] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.069793] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.069824] ? __kthread_parkme+0x82/0x180 [ 29.069851] ? preempt_count_sub+0x50/0x80 [ 29.069881] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.069911] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.069941] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.069971] kthread+0x337/0x6f0 [ 29.069997] ? trace_preempt_on+0x20/0xc0 [ 29.070026] ? __pfx_kthread+0x10/0x10 [ 29.070052] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.070104] ? calculate_sigpending+0x7b/0xa0 [ 29.070156] ? __pfx_kthread+0x10/0x10 [ 29.070193] ret_from_fork+0x116/0x1d0 [ 29.070220] ? __pfx_kthread+0x10/0x10 [ 29.070247] ret_from_fork_asm+0x1a/0x30 [ 29.070288] </TASK> [ 29.070303] [ 29.087181] Allocated by task 202: [ 29.087591] kasan_save_stack+0x45/0x70 [ 29.088769] kasan_save_track+0x18/0x40 [ 29.089337] kasan_save_alloc_info+0x3b/0x50 [ 29.089898] __kasan_kmalloc+0xb7/0xc0 [ 29.090730] __kmalloc_cache_noprof+0x189/0x420 [ 29.091298] kmalloc_oob_memset_2+0xac/0x330 [ 29.092029] kunit_try_run_case+0x1a5/0x480 [ 29.092647] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.093124] kthread+0x337/0x6f0 [ 29.093399] ret_from_fork+0x116/0x1d0 [ 29.093773] ret_from_fork_asm+0x1a/0x30 [ 29.094073] [ 29.094303] The buggy address belongs to the object at ffff888102dcf900 [ 29.094303] which belongs to the cache kmalloc-128 of size 128 [ 29.095971] The buggy address is located 119 bytes inside of [ 29.095971] allocated 120-byte region [ffff888102dcf900, ffff888102dcf978) [ 29.097045] [ 29.097426] The buggy address belongs to the physical page: [ 29.097967] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102dcf [ 29.099041] flags: 0x200000000000000(node=0|zone=2) [ 29.099580] page_type: f5(slab) [ 29.099973] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.100974] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.101694] page dumped because: kasan: bad access detected [ 29.101992] [ 29.102529] Memory state around the buggy address: [ 29.103026] ffff888102dcf800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.103554] ffff888102dcf880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.104744] >ffff888102dcf900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.105039] ^ [ 29.106052] ffff888102dcf980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.106854] ffff888102dcfa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.107753] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 29.024802] ================================================================== [ 29.025675] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 29.026295] Write of size 128 at addr ffff888100aae700 by task kunit_try_catch/200 [ 29.026899] [ 29.027230] CPU: 1 UID: 0 PID: 200 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 29.027341] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.027372] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.027420] Call Trace: [ 29.027488] <TASK> [ 29.027560] dump_stack_lvl+0x73/0xb0 [ 29.027678] print_report+0xd1/0x650 [ 29.027761] ? __virt_addr_valid+0x1db/0x2d0 [ 29.027866] ? kmalloc_oob_in_memset+0x15f/0x320 [ 29.027945] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.028009] ? kmalloc_oob_in_memset+0x15f/0x320 [ 29.028068] kasan_report+0x141/0x180 [ 29.028161] ? kmalloc_oob_in_memset+0x15f/0x320 [ 29.028254] kasan_check_range+0x10c/0x1c0 [ 29.028313] __asan_memset+0x27/0x50 [ 29.028358] kmalloc_oob_in_memset+0x15f/0x320 [ 29.028389] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 29.028420] ? __schedule+0x10cc/0x2b60 [ 29.028453] ? __pfx_read_tsc+0x10/0x10 [ 29.028482] ? ktime_get_ts64+0x86/0x230 [ 29.028513] kunit_try_run_case+0x1a5/0x480 [ 29.028566] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.028597] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.028642] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.028693] ? __kthread_parkme+0x82/0x180 [ 29.028722] ? preempt_count_sub+0x50/0x80 [ 29.028752] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.028783] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.028814] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.028844] kthread+0x337/0x6f0 [ 29.028869] ? trace_preempt_on+0x20/0xc0 [ 29.028899] ? __pfx_kthread+0x10/0x10 [ 29.028926] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.028955] ? calculate_sigpending+0x7b/0xa0 [ 29.028985] ? __pfx_kthread+0x10/0x10 [ 29.029013] ret_from_fork+0x116/0x1d0 [ 29.029037] ? __pfx_kthread+0x10/0x10 [ 29.029063] ret_from_fork_asm+0x1a/0x30 [ 29.029102] </TASK> [ 29.029116] [ 29.042291] Allocated by task 200: [ 29.042686] kasan_save_stack+0x45/0x70 [ 29.043065] kasan_save_track+0x18/0x40 [ 29.043458] kasan_save_alloc_info+0x3b/0x50 [ 29.043938] __kasan_kmalloc+0xb7/0xc0 [ 29.044284] __kmalloc_cache_noprof+0x189/0x420 [ 29.044808] kmalloc_oob_in_memset+0xac/0x320 [ 29.045214] kunit_try_run_case+0x1a5/0x480 [ 29.045653] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.046104] kthread+0x337/0x6f0 [ 29.046462] ret_from_fork+0x116/0x1d0 [ 29.046963] ret_from_fork_asm+0x1a/0x30 [ 29.047223] [ 29.047350] The buggy address belongs to the object at ffff888100aae700 [ 29.047350] which belongs to the cache kmalloc-128 of size 128 [ 29.047908] The buggy address is located 0 bytes inside of [ 29.047908] allocated 120-byte region [ffff888100aae700, ffff888100aae778) [ 29.049144] [ 29.049414] The buggy address belongs to the physical page: [ 29.050009] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aae [ 29.050790] flags: 0x200000000000000(node=0|zone=2) [ 29.051327] page_type: f5(slab) [ 29.051736] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.052365] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.052992] page dumped because: kasan: bad access detected [ 29.053424] [ 29.053650] Memory state around the buggy address: [ 29.053959] ffff888100aae600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.054296] ffff888100aae680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.055632] >ffff888100aae700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.056165] ^ [ 29.056681] ffff888100aae780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.057367] ffff888100aae800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.058136] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 28.979776] ================================================================== [ 28.980839] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x47b/0x4c0 [ 28.981340] Read of size 16 at addr ffff8881022bd700 by task kunit_try_catch/198 [ 28.981975] [ 28.982159] CPU: 1 UID: 0 PID: 198 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 28.982297] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.982330] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.982376] Call Trace: [ 28.982405] <TASK> [ 28.982441] dump_stack_lvl+0x73/0xb0 [ 28.982509] print_report+0xd1/0x650 [ 28.982585] ? __virt_addr_valid+0x1db/0x2d0 [ 28.982645] ? kmalloc_uaf_16+0x47b/0x4c0 [ 28.982723] ? kasan_complete_mode_report_info+0x64/0x200 [ 28.982806] ? kmalloc_uaf_16+0x47b/0x4c0 [ 28.982859] kasan_report+0x141/0x180 [ 28.982917] ? kmalloc_uaf_16+0x47b/0x4c0 [ 28.982978] __asan_report_load16_noabort+0x18/0x20 [ 28.983037] kmalloc_uaf_16+0x47b/0x4c0 [ 28.983090] ? __pfx_kmalloc_uaf_16+0x10/0x10 [ 28.983174] ? __schedule+0x10cc/0x2b60 [ 28.983235] ? __pfx_read_tsc+0x10/0x10 [ 28.983290] ? ktime_get_ts64+0x86/0x230 [ 28.983374] kunit_try_run_case+0x1a5/0x480 [ 28.983443] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.983502] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.983587] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.983646] ? __kthread_parkme+0x82/0x180 [ 28.983695] ? preempt_count_sub+0x50/0x80 [ 28.983740] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.983773] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.983805] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.983847] kthread+0x337/0x6f0 [ 28.983873] ? trace_preempt_on+0x20/0xc0 [ 28.983904] ? __pfx_kthread+0x10/0x10 [ 28.983931] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.983960] ? calculate_sigpending+0x7b/0xa0 [ 28.983990] ? __pfx_kthread+0x10/0x10 [ 28.984017] ret_from_fork+0x116/0x1d0 [ 28.984043] ? __pfx_kthread+0x10/0x10 [ 28.984069] ret_from_fork_asm+0x1a/0x30 [ 28.984107] </TASK> [ 28.984121] [ 28.996581] Allocated by task 198: [ 28.996942] kasan_save_stack+0x45/0x70 [ 28.997423] kasan_save_track+0x18/0x40 [ 28.997749] kasan_save_alloc_info+0x3b/0x50 [ 28.998077] __kasan_kmalloc+0xb7/0xc0 [ 28.998381] __kmalloc_cache_noprof+0x189/0x420 [ 28.998873] kmalloc_uaf_16+0x15b/0x4c0 [ 28.999279] kunit_try_run_case+0x1a5/0x480 [ 28.999956] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.000479] kthread+0x337/0x6f0 [ 29.000861] ret_from_fork+0x116/0x1d0 [ 29.001242] ret_from_fork_asm+0x1a/0x30 [ 29.001774] [ 29.001973] Freed by task 198: [ 29.002222] kasan_save_stack+0x45/0x70 [ 29.002511] kasan_save_track+0x18/0x40 [ 29.002976] kasan_save_free_info+0x3f/0x60 [ 29.003441] __kasan_slab_free+0x56/0x70 [ 29.004034] kfree+0x222/0x3f0 [ 29.004325] kmalloc_uaf_16+0x1d6/0x4c0 [ 29.004819] kunit_try_run_case+0x1a5/0x480 [ 29.005310] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.005898] kthread+0x337/0x6f0 [ 29.006292] ret_from_fork+0x116/0x1d0 [ 29.006756] ret_from_fork_asm+0x1a/0x30 [ 29.007177] [ 29.007313] The buggy address belongs to the object at ffff8881022bd700 [ 29.007313] which belongs to the cache kmalloc-16 of size 16 [ 29.008407] The buggy address is located 0 bytes inside of [ 29.008407] freed 16-byte region [ffff8881022bd700, ffff8881022bd710) [ 29.009317] [ 29.009559] The buggy address belongs to the physical page: [ 29.009951] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022bd [ 29.010682] flags: 0x200000000000000(node=0|zone=2) [ 29.011208] page_type: f5(slab) [ 29.011622] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 29.012256] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.012902] page dumped because: kasan: bad access detected [ 29.013357] [ 29.013580] Memory state around the buggy address: [ 29.013967] ffff8881022bd600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.014488] ffff8881022bd680: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 29.014918] >ffff8881022bd700: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.015592] ^ [ 29.016139] ffff8881022bd780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.016797] ffff8881022bd800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.017254] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 28.936212] ================================================================== [ 28.936870] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 28.937485] Write of size 16 at addr ffff8881022bd6a0 by task kunit_try_catch/196 [ 28.938166] [ 28.938782] CPU: 1 UID: 0 PID: 196 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 28.939083] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.939119] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.939172] Call Trace: [ 28.939205] <TASK> [ 28.939247] dump_stack_lvl+0x73/0xb0 [ 28.939334] print_report+0xd1/0x650 [ 28.939395] ? __virt_addr_valid+0x1db/0x2d0 [ 28.939440] ? kmalloc_oob_16+0x452/0x4a0 [ 28.939470] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.939503] ? kmalloc_oob_16+0x452/0x4a0 [ 28.939531] kasan_report+0x141/0x180 [ 28.939595] ? kmalloc_oob_16+0x452/0x4a0 [ 28.939651] __asan_report_store16_noabort+0x1b/0x30 [ 28.939741] kmalloc_oob_16+0x452/0x4a0 [ 28.939771] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 28.939801] ? __schedule+0x10cc/0x2b60 [ 28.939847] ? __pfx_read_tsc+0x10/0x10 [ 28.939879] ? ktime_get_ts64+0x86/0x230 [ 28.939912] kunit_try_run_case+0x1a5/0x480 [ 28.939948] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.939977] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.940008] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.940040] ? __kthread_parkme+0x82/0x180 [ 28.940068] ? preempt_count_sub+0x50/0x80 [ 28.940123] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.940178] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.940215] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.940247] kthread+0x337/0x6f0 [ 28.940273] ? trace_preempt_on+0x20/0xc0 [ 28.940305] ? __pfx_kthread+0x10/0x10 [ 28.940332] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.940361] ? calculate_sigpending+0x7b/0xa0 [ 28.940392] ? __pfx_kthread+0x10/0x10 [ 28.940419] ret_from_fork+0x116/0x1d0 [ 28.940444] ? __pfx_kthread+0x10/0x10 [ 28.940470] ret_from_fork_asm+0x1a/0x30 [ 28.940510] </TASK> [ 28.940525] [ 28.956264] Allocated by task 196: [ 28.956571] kasan_save_stack+0x45/0x70 [ 28.957166] kasan_save_track+0x18/0x40 [ 28.957622] kasan_save_alloc_info+0x3b/0x50 [ 28.958247] __kasan_kmalloc+0xb7/0xc0 [ 28.958617] __kmalloc_cache_noprof+0x189/0x420 [ 28.959162] kmalloc_oob_16+0xa8/0x4a0 [ 28.959398] kunit_try_run_case+0x1a5/0x480 [ 28.959678] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.960092] kthread+0x337/0x6f0 [ 28.960634] ret_from_fork+0x116/0x1d0 [ 28.961026] ret_from_fork_asm+0x1a/0x30 [ 28.961316] [ 28.961449] The buggy address belongs to the object at ffff8881022bd6a0 [ 28.961449] which belongs to the cache kmalloc-16 of size 16 [ 28.963313] The buggy address is located 0 bytes inside of [ 28.963313] allocated 13-byte region [ffff8881022bd6a0, ffff8881022bd6ad) [ 28.964607] [ 28.964967] The buggy address belongs to the physical page: [ 28.965601] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022bd [ 28.966299] flags: 0x200000000000000(node=0|zone=2) [ 28.966777] page_type: f5(slab) [ 28.967036] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 28.967579] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.968081] page dumped because: kasan: bad access detected [ 28.968442] [ 28.968774] Memory state around the buggy address: [ 28.969254] ffff8881022bd580: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 28.969916] ffff8881022bd600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.970945] >ffff8881022bd680: fa fb fc fc 00 05 fc fc 00 00 fc fc fc fc fc fc [ 28.971595] ^ [ 28.972249] ffff8881022bd700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.973052] ffff8881022bd780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.973766] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 28.884210] ================================================================== [ 28.884749] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x53c/0x5e0 [ 28.885262] Read of size 1 at addr ffff888100386000 by task kunit_try_catch/194 [ 28.886114] [ 28.886681] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 28.886796] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.886827] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.886891] Call Trace: [ 28.886928] <TASK> [ 28.886964] dump_stack_lvl+0x73/0xb0 [ 28.887037] print_report+0xd1/0x650 [ 28.887109] ? __virt_addr_valid+0x1db/0x2d0 [ 28.887171] ? krealloc_uaf+0x53c/0x5e0 [ 28.887220] ? kasan_complete_mode_report_info+0x64/0x200 [ 28.887285] ? krealloc_uaf+0x53c/0x5e0 [ 28.887340] kasan_report+0x141/0x180 [ 28.887401] ? krealloc_uaf+0x53c/0x5e0 [ 28.887469] __asan_report_load1_noabort+0x18/0x20 [ 28.887535] krealloc_uaf+0x53c/0x5e0 [ 28.887613] ? __pfx_krealloc_uaf+0x10/0x10 [ 28.887660] ? finish_task_switch.isra.0+0x153/0x700 [ 28.887712] ? __switch_to+0x47/0xf50 [ 28.887777] ? __schedule+0x10cc/0x2b60 [ 28.887855] ? __pfx_read_tsc+0x10/0x10 [ 28.887915] ? ktime_get_ts64+0x86/0x230 [ 28.887980] kunit_try_run_case+0x1a5/0x480 [ 28.888048] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.888118] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.888193] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.888230] ? __kthread_parkme+0x82/0x180 [ 28.888259] ? preempt_count_sub+0x50/0x80 [ 28.888290] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.888322] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.888354] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.888385] kthread+0x337/0x6f0 [ 28.888410] ? trace_preempt_on+0x20/0xc0 [ 28.888441] ? __pfx_kthread+0x10/0x10 [ 28.888468] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.888497] ? calculate_sigpending+0x7b/0xa0 [ 28.888527] ? __pfx_kthread+0x10/0x10 [ 28.888575] ret_from_fork+0x116/0x1d0 [ 28.888601] ? __pfx_kthread+0x10/0x10 [ 28.888628] ret_from_fork_asm+0x1a/0x30 [ 28.888682] </TASK> [ 28.888697] [ 28.904664] Allocated by task 194: [ 28.905036] kasan_save_stack+0x45/0x70 [ 28.905473] kasan_save_track+0x18/0x40 [ 28.906032] kasan_save_alloc_info+0x3b/0x50 [ 28.906569] __kasan_kmalloc+0xb7/0xc0 [ 28.906868] __kmalloc_cache_noprof+0x189/0x420 [ 28.907203] krealloc_uaf+0xbb/0x5e0 [ 28.908020] kunit_try_run_case+0x1a5/0x480 [ 28.908619] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.909059] kthread+0x337/0x6f0 [ 28.909364] ret_from_fork+0x116/0x1d0 [ 28.909624] ret_from_fork_asm+0x1a/0x30 [ 28.909871] [ 28.909996] Freed by task 194: [ 28.910181] kasan_save_stack+0x45/0x70 [ 28.910608] kasan_save_track+0x18/0x40 [ 28.910973] kasan_save_free_info+0x3f/0x60 [ 28.911425] __kasan_slab_free+0x56/0x70 [ 28.912352] kfree+0x222/0x3f0 [ 28.912737] krealloc_uaf+0x13d/0x5e0 [ 28.913117] kunit_try_run_case+0x1a5/0x480 [ 28.913529] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.913936] kthread+0x337/0x6f0 [ 28.914305] ret_from_fork+0x116/0x1d0 [ 28.914683] ret_from_fork_asm+0x1a/0x30 [ 28.914979] [ 28.915168] The buggy address belongs to the object at ffff888100386000 [ 28.915168] which belongs to the cache kmalloc-256 of size 256 [ 28.915866] The buggy address is located 0 bytes inside of [ 28.915866] freed 256-byte region [ffff888100386000, ffff888100386100) [ 28.916624] [ 28.916769] The buggy address belongs to the physical page: [ 28.917044] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100386 [ 28.918183] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.918919] flags: 0x200000000000040(head|node=0|zone=2) [ 28.919399] page_type: f5(slab) [ 28.919791] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 28.920450] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.920984] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 28.921358] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.921735] head: 0200000000000001 ffffea000400e181 00000000ffffffff 00000000ffffffff [ 28.922362] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 28.923584] page dumped because: kasan: bad access detected [ 28.924504] [ 28.924745] Memory state around the buggy address: [ 28.925330] ffff888100385f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.925958] ffff888100385f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.926832] >ffff888100386000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.927402] ^ [ 28.927636] ffff888100386080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.928363] ffff888100386100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.929312] ================================================================== [ 28.834374] ================================================================== [ 28.835247] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x1b8/0x5e0 [ 28.836405] Read of size 1 at addr ffff888100386000 by task kunit_try_catch/194 [ 28.836887] [ 28.837076] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 28.837185] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.837217] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.837267] Call Trace: [ 28.837300] <TASK> [ 28.837343] dump_stack_lvl+0x73/0xb0 [ 28.837420] print_report+0xd1/0x650 [ 28.837474] ? __virt_addr_valid+0x1db/0x2d0 [ 28.837530] ? krealloc_uaf+0x1b8/0x5e0 [ 28.837601] ? kasan_complete_mode_report_info+0x64/0x200 [ 28.837662] ? krealloc_uaf+0x1b8/0x5e0 [ 28.837715] kasan_report+0x141/0x180 [ 28.837771] ? krealloc_uaf+0x1b8/0x5e0 [ 28.837831] ? krealloc_uaf+0x1b8/0x5e0 [ 28.837886] __kasan_check_byte+0x3d/0x50 [ 28.837938] krealloc_noprof+0x3f/0x340 [ 28.837997] ? stack_depot_save_flags+0x48b/0x840 [ 28.838062] krealloc_uaf+0x1b8/0x5e0 [ 28.838154] ? __pfx_krealloc_uaf+0x10/0x10 [ 28.838200] ? finish_task_switch.isra.0+0x153/0x700 [ 28.838257] ? __switch_to+0x47/0xf50 [ 28.838314] ? __schedule+0x10cc/0x2b60 [ 28.838372] ? __pfx_read_tsc+0x10/0x10 [ 28.838432] ? ktime_get_ts64+0x86/0x230 [ 28.838499] kunit_try_run_case+0x1a5/0x480 [ 28.838563] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.838596] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.838631] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.838678] ? __kthread_parkme+0x82/0x180 [ 28.838706] ? preempt_count_sub+0x50/0x80 [ 28.838737] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.838768] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.838799] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.838829] kthread+0x337/0x6f0 [ 28.838855] ? trace_preempt_on+0x20/0xc0 [ 28.838886] ? __pfx_kthread+0x10/0x10 [ 28.838914] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.838943] ? calculate_sigpending+0x7b/0xa0 [ 28.838974] ? __pfx_kthread+0x10/0x10 [ 28.839002] ret_from_fork+0x116/0x1d0 [ 28.839027] ? __pfx_kthread+0x10/0x10 [ 28.839059] ret_from_fork_asm+0x1a/0x30 [ 28.839126] </TASK> [ 28.839152] [ 28.857097] Allocated by task 194: [ 28.857466] kasan_save_stack+0x45/0x70 [ 28.857917] kasan_save_track+0x18/0x40 [ 28.858388] kasan_save_alloc_info+0x3b/0x50 [ 28.858873] __kasan_kmalloc+0xb7/0xc0 [ 28.859285] __kmalloc_cache_noprof+0x189/0x420 [ 28.859811] krealloc_uaf+0xbb/0x5e0 [ 28.860337] kunit_try_run_case+0x1a5/0x480 [ 28.860669] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.861181] kthread+0x337/0x6f0 [ 28.861538] ret_from_fork+0x116/0x1d0 [ 28.861813] ret_from_fork_asm+0x1a/0x30 [ 28.862212] [ 28.862414] Freed by task 194: [ 28.863179] kasan_save_stack+0x45/0x70 [ 28.863608] kasan_save_track+0x18/0x40 [ 28.863957] kasan_save_free_info+0x3f/0x60 [ 28.864570] __kasan_slab_free+0x56/0x70 [ 28.864876] kfree+0x222/0x3f0 [ 28.865333] krealloc_uaf+0x13d/0x5e0 [ 28.865728] kunit_try_run_case+0x1a5/0x480 [ 28.866474] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.867009] kthread+0x337/0x6f0 [ 28.867430] ret_from_fork+0x116/0x1d0 [ 28.867811] ret_from_fork_asm+0x1a/0x30 [ 28.868078] [ 28.868280] The buggy address belongs to the object at ffff888100386000 [ 28.868280] which belongs to the cache kmalloc-256 of size 256 [ 28.869358] The buggy address is located 0 bytes inside of [ 28.869358] freed 256-byte region [ffff888100386000, ffff888100386100) [ 28.870617] [ 28.870844] The buggy address belongs to the physical page: [ 28.871339] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100386 [ 28.872003] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.872782] flags: 0x200000000000040(head|node=0|zone=2) [ 28.873467] page_type: f5(slab) [ 28.873872] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 28.874783] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.875480] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 28.876183] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.876746] head: 0200000000000001 ffffea000400e181 00000000ffffffff 00000000ffffffff [ 28.877574] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 28.878203] page dumped because: kasan: bad access detected [ 28.878960] [ 28.879167] Memory state around the buggy address: [ 28.879425] ffff888100385f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.880062] ffff888100385f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.880499] >ffff888100386000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.881360] ^ [ 28.881932] ffff888100386080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.882523] ffff888100386100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.882891] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 28.718513] ================================================================== [ 28.719090] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 28.719516] Write of size 1 at addr ffff888102d660da by task kunit_try_catch/192 [ 28.720994] [ 28.721805] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 28.721878] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.721904] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.721953] Call Trace: [ 28.721992] <TASK> [ 28.722030] dump_stack_lvl+0x73/0xb0 [ 28.722139] print_report+0xd1/0x650 [ 28.722198] ? __virt_addr_valid+0x1db/0x2d0 [ 28.722251] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 28.722311] ? kasan_addr_to_slab+0x11/0xa0 [ 28.722359] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 28.722412] kasan_report+0x141/0x180 [ 28.722463] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 28.722504] __asan_report_store1_noabort+0x1b/0x30 [ 28.722538] krealloc_less_oob_helper+0xec6/0x11d0 [ 28.722594] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 28.722625] ? finish_task_switch.isra.0+0x153/0x700 [ 28.722670] ? __switch_to+0x47/0xf50 [ 28.722705] ? __schedule+0x10cc/0x2b60 [ 28.722739] ? __pfx_read_tsc+0x10/0x10 [ 28.722771] krealloc_large_less_oob+0x1c/0x30 [ 28.722801] kunit_try_run_case+0x1a5/0x480 [ 28.722833] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.722862] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.722892] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.722923] ? __kthread_parkme+0x82/0x180 [ 28.722949] ? preempt_count_sub+0x50/0x80 [ 28.722978] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.723008] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.723038] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.723087] kthread+0x337/0x6f0 [ 28.723132] ? trace_preempt_on+0x20/0xc0 [ 28.723174] ? __pfx_kthread+0x10/0x10 [ 28.723201] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.723232] ? calculate_sigpending+0x7b/0xa0 [ 28.723263] ? __pfx_kthread+0x10/0x10 [ 28.723290] ret_from_fork+0x116/0x1d0 [ 28.723316] ? __pfx_kthread+0x10/0x10 [ 28.723343] ret_from_fork_asm+0x1a/0x30 [ 28.723383] </TASK> [ 28.723397] [ 28.740847] The buggy address belongs to the physical page: [ 28.741688] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d64 [ 28.742687] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.743214] flags: 0x200000000000040(head|node=0|zone=2) [ 28.743639] page_type: f8(unknown) [ 28.744268] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.744804] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 28.745934] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.746613] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 28.747371] head: 0200000000000002 ffffea00040b5901 00000000ffffffff 00000000ffffffff [ 28.747893] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 28.748812] page dumped because: kasan: bad access detected [ 28.749524] [ 28.749696] Memory state around the buggy address: [ 28.750281] ffff888102d65f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.750854] ffff888102d66000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.751574] >ffff888102d66080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 28.752271] ^ [ 28.752726] ffff888102d66100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.753869] ffff888102d66180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.754437] ================================================================== [ 28.485969] ================================================================== [ 28.487170] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 28.487732] Write of size 1 at addr ffff888100385eea by task kunit_try_catch/188 [ 28.488262] [ 28.488603] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 28.488748] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.488806] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.488865] Call Trace: [ 28.488926] <TASK> [ 28.488982] dump_stack_lvl+0x73/0xb0 [ 28.489075] print_report+0xd1/0x650 [ 28.489171] ? __virt_addr_valid+0x1db/0x2d0 [ 28.489258] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 28.489336] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.489403] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 28.489519] kasan_report+0x141/0x180 [ 28.489599] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 28.489686] __asan_report_store1_noabort+0x1b/0x30 [ 28.489723] krealloc_less_oob_helper+0xe90/0x11d0 [ 28.489757] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 28.489788] ? finish_task_switch.isra.0+0x153/0x700 [ 28.489816] ? __switch_to+0x47/0xf50 [ 28.489849] ? __schedule+0x10cc/0x2b60 [ 28.489881] ? __pfx_read_tsc+0x10/0x10 [ 28.489913] krealloc_less_oob+0x1c/0x30 [ 28.489941] kunit_try_run_case+0x1a5/0x480 [ 28.489973] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.490002] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.490033] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.490063] ? __kthread_parkme+0x82/0x180 [ 28.490090] ? preempt_count_sub+0x50/0x80 [ 28.490119] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.490150] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.490180] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.490210] kthread+0x337/0x6f0 [ 28.490235] ? trace_preempt_on+0x20/0xc0 [ 28.490265] ? __pfx_kthread+0x10/0x10 [ 28.490291] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.490320] ? calculate_sigpending+0x7b/0xa0 [ 28.490351] ? __pfx_kthread+0x10/0x10 [ 28.490378] ret_from_fork+0x116/0x1d0 [ 28.490402] ? __pfx_kthread+0x10/0x10 [ 28.490429] ret_from_fork_asm+0x1a/0x30 [ 28.490467] </TASK> [ 28.490482] [ 28.505522] Allocated by task 188: [ 28.506083] kasan_save_stack+0x45/0x70 [ 28.506535] kasan_save_track+0x18/0x40 [ 28.507067] kasan_save_alloc_info+0x3b/0x50 [ 28.507578] __kasan_krealloc+0x190/0x1f0 [ 28.508105] krealloc_noprof+0xf3/0x340 [ 28.508570] krealloc_less_oob_helper+0x1aa/0x11d0 [ 28.509060] krealloc_less_oob+0x1c/0x30 [ 28.509315] kunit_try_run_case+0x1a5/0x480 [ 28.509710] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.510329] kthread+0x337/0x6f0 [ 28.510779] ret_from_fork+0x116/0x1d0 [ 28.511238] ret_from_fork_asm+0x1a/0x30 [ 28.511770] [ 28.512033] The buggy address belongs to the object at ffff888100385e00 [ 28.512033] which belongs to the cache kmalloc-256 of size 256 [ 28.512803] The buggy address is located 33 bytes to the right of [ 28.512803] allocated 201-byte region [ffff888100385e00, ffff888100385ec9) [ 28.514035] [ 28.514222] The buggy address belongs to the physical page: [ 28.514602] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100384 [ 28.515376] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.516098] flags: 0x200000000000040(head|node=0|zone=2) [ 28.516718] page_type: f5(slab) [ 28.517043] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 28.517698] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.518396] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 28.518965] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.519778] head: 0200000000000001 ffffea000400e101 00000000ffffffff 00000000ffffffff [ 28.520390] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 28.520991] page dumped because: kasan: bad access detected [ 28.521451] [ 28.521746] Memory state around the buggy address: [ 28.522166] ffff888100385d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.522728] ffff888100385e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.523394] >ffff888100385e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 28.524027] ^ [ 28.524483] ffff888100385f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.525137] ffff888100385f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.525701] ================================================================== [ 28.647794] ================================================================== [ 28.649292] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 28.649921] Write of size 1 at addr ffff888102d660c9 by task kunit_try_catch/192 [ 28.650995] [ 28.651317] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 28.651441] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.651472] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.651845] Call Trace: [ 28.651873] <TASK> [ 28.651896] dump_stack_lvl+0x73/0xb0 [ 28.651944] print_report+0xd1/0x650 [ 28.651977] ? __virt_addr_valid+0x1db/0x2d0 [ 28.652011] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 28.652042] ? kasan_addr_to_slab+0x11/0xa0 [ 28.652110] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 28.652163] kasan_report+0x141/0x180 [ 28.652213] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 28.652251] __asan_report_store1_noabort+0x1b/0x30 [ 28.652285] krealloc_less_oob_helper+0xd70/0x11d0 [ 28.652318] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 28.652349] ? finish_task_switch.isra.0+0x153/0x700 [ 28.652379] ? __switch_to+0x47/0xf50 [ 28.652414] ? __schedule+0x10cc/0x2b60 [ 28.652447] ? __pfx_read_tsc+0x10/0x10 [ 28.652479] krealloc_large_less_oob+0x1c/0x30 [ 28.652508] kunit_try_run_case+0x1a5/0x480 [ 28.652564] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.652596] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.652630] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.652674] ? __kthread_parkme+0x82/0x180 [ 28.652702] ? preempt_count_sub+0x50/0x80 [ 28.652732] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.652763] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.652793] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.652823] kthread+0x337/0x6f0 [ 28.652849] ? trace_preempt_on+0x20/0xc0 [ 28.652880] ? __pfx_kthread+0x10/0x10 [ 28.652907] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.652936] ? calculate_sigpending+0x7b/0xa0 [ 28.652967] ? __pfx_kthread+0x10/0x10 [ 28.652994] ret_from_fork+0x116/0x1d0 [ 28.653019] ? __pfx_kthread+0x10/0x10 [ 28.653045] ret_from_fork_asm+0x1a/0x30 [ 28.653113] </TASK> [ 28.653138] [ 28.669530] The buggy address belongs to the physical page: [ 28.670050] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d64 [ 28.670627] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.671263] flags: 0x200000000000040(head|node=0|zone=2) [ 28.671606] page_type: f8(unknown) [ 28.672304] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.673371] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 28.674015] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.674229] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 28.674417] head: 0200000000000002 ffffea00040b5901 00000000ffffffff 00000000ffffffff [ 28.674792] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 28.675539] page dumped because: kasan: bad access detected [ 28.676354] [ 28.676491] Memory state around the buggy address: [ 28.676800] ffff888102d65f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.677647] ffff888102d66000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.678348] >ffff888102d66080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 28.679084] ^ [ 28.679564] ffff888102d66100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.680207] ffff888102d66180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.680689] ================================================================== [ 28.793703] ================================================================== [ 28.794235] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 28.794969] Write of size 1 at addr ffff888102d660eb by task kunit_try_catch/192 [ 28.795568] [ 28.795803] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 28.795926] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.795955] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.796537] Call Trace: [ 28.796618] <TASK> [ 28.796672] dump_stack_lvl+0x73/0xb0 [ 28.796728] print_report+0xd1/0x650 [ 28.796760] ? __virt_addr_valid+0x1db/0x2d0 [ 28.796792] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 28.796821] ? kasan_addr_to_slab+0x11/0xa0 [ 28.796848] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 28.796878] kasan_report+0x141/0x180 [ 28.796906] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 28.796941] __asan_report_store1_noabort+0x1b/0x30 [ 28.796973] krealloc_less_oob_helper+0xd47/0x11d0 [ 28.797005] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 28.797035] ? finish_task_switch.isra.0+0x153/0x700 [ 28.797079] ? __switch_to+0x47/0xf50 [ 28.797135] ? __schedule+0x10cc/0x2b60 [ 28.797179] ? __pfx_read_tsc+0x10/0x10 [ 28.797213] krealloc_large_less_oob+0x1c/0x30 [ 28.797243] kunit_try_run_case+0x1a5/0x480 [ 28.797276] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.797305] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.797337] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.797368] ? __kthread_parkme+0x82/0x180 [ 28.797394] ? preempt_count_sub+0x50/0x80 [ 28.797423] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.797453] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.797483] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.797513] kthread+0x337/0x6f0 [ 28.797555] ? trace_preempt_on+0x20/0xc0 [ 28.797590] ? __pfx_kthread+0x10/0x10 [ 28.797617] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.797661] ? calculate_sigpending+0x7b/0xa0 [ 28.797693] ? __pfx_kthread+0x10/0x10 [ 28.797721] ret_from_fork+0x116/0x1d0 [ 28.797746] ? __pfx_kthread+0x10/0x10 [ 28.797773] ret_from_fork_asm+0x1a/0x30 [ 28.797811] </TASK> [ 28.797825] [ 28.813694] The buggy address belongs to the physical page: [ 28.814463] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d64 [ 28.815250] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.815899] flags: 0x200000000000040(head|node=0|zone=2) [ 28.816500] page_type: f8(unknown) [ 28.817082] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.817923] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 28.818483] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.819267] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 28.820261] head: 0200000000000002 ffffea00040b5901 00000000ffffffff 00000000ffffffff [ 28.820769] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 28.821442] page dumped because: kasan: bad access detected [ 28.821956] [ 28.822565] Memory state around the buggy address: [ 28.822820] ffff888102d65f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.823302] ffff888102d66000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.823784] >ffff888102d66080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 28.824656] ^ [ 28.825056] ffff888102d66100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.825523] ffff888102d66180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.826118] ================================================================== [ 28.446946] ================================================================== [ 28.447975] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 28.448609] Write of size 1 at addr ffff888100385eda by task kunit_try_catch/188 [ 28.449210] [ 28.449514] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 28.449689] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.449724] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.449773] Call Trace: [ 28.449806] <TASK> [ 28.449846] dump_stack_lvl+0x73/0xb0 [ 28.449915] print_report+0xd1/0x650 [ 28.449969] ? __virt_addr_valid+0x1db/0x2d0 [ 28.450027] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 28.450150] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.450252] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 28.450336] kasan_report+0x141/0x180 [ 28.450398] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 28.450469] __asan_report_store1_noabort+0x1b/0x30 [ 28.450524] krealloc_less_oob_helper+0xec6/0x11d0 [ 28.450581] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 28.450614] ? finish_task_switch.isra.0+0x153/0x700 [ 28.450657] ? __switch_to+0x47/0xf50 [ 28.450694] ? __schedule+0x10cc/0x2b60 [ 28.450729] ? __pfx_read_tsc+0x10/0x10 [ 28.450761] krealloc_less_oob+0x1c/0x30 [ 28.450789] kunit_try_run_case+0x1a5/0x480 [ 28.450820] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.450850] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.450881] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.450912] ? __kthread_parkme+0x82/0x180 [ 28.450938] ? preempt_count_sub+0x50/0x80 [ 28.450966] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.450997] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.451026] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.451057] kthread+0x337/0x6f0 [ 28.451082] ? trace_preempt_on+0x20/0xc0 [ 28.451112] ? __pfx_kthread+0x10/0x10 [ 28.451138] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.451167] ? calculate_sigpending+0x7b/0xa0 [ 28.451196] ? __pfx_kthread+0x10/0x10 [ 28.451223] ret_from_fork+0x116/0x1d0 [ 28.451248] ? __pfx_kthread+0x10/0x10 [ 28.451273] ret_from_fork_asm+0x1a/0x30 [ 28.451312] </TASK> [ 28.451325] [ 28.464664] Allocated by task 188: [ 28.465078] kasan_save_stack+0x45/0x70 [ 28.465417] kasan_save_track+0x18/0x40 [ 28.465682] kasan_save_alloc_info+0x3b/0x50 [ 28.466118] __kasan_krealloc+0x190/0x1f0 [ 28.466710] krealloc_noprof+0xf3/0x340 [ 28.467174] krealloc_less_oob_helper+0x1aa/0x11d0 [ 28.467744] krealloc_less_oob+0x1c/0x30 [ 28.468169] kunit_try_run_case+0x1a5/0x480 [ 28.468585] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.469018] kthread+0x337/0x6f0 [ 28.469247] ret_from_fork+0x116/0x1d0 [ 28.469475] ret_from_fork_asm+0x1a/0x30 [ 28.469928] [ 28.470123] The buggy address belongs to the object at ffff888100385e00 [ 28.470123] which belongs to the cache kmalloc-256 of size 256 [ 28.471284] The buggy address is located 17 bytes to the right of [ 28.471284] allocated 201-byte region [ffff888100385e00, ffff888100385ec9) [ 28.472148] [ 28.472295] The buggy address belongs to the physical page: [ 28.472586] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100384 [ 28.473458] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.474226] flags: 0x200000000000040(head|node=0|zone=2) [ 28.474741] page_type: f5(slab) [ 28.475023] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 28.475490] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.476447] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 28.477405] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.478241] head: 0200000000000001 ffffea000400e101 00000000ffffffff 00000000ffffffff [ 28.479049] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 28.479412] page dumped because: kasan: bad access detected [ 28.479772] [ 28.479971] Memory state around the buggy address: [ 28.480631] ffff888100385d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.481314] ffff888100385e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.481968] >ffff888100385e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 28.482661] ^ [ 28.483014] ffff888100385f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.483359] ffff888100385f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.483926] ================================================================== [ 28.400021] ================================================================== [ 28.401074] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 28.401814] Write of size 1 at addr ffff888100385ed0 by task kunit_try_catch/188 [ 28.402662] [ 28.403311] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 28.403461] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.403512] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.403577] Call Trace: [ 28.403611] <TASK> [ 28.403672] dump_stack_lvl+0x73/0xb0 [ 28.403723] print_report+0xd1/0x650 [ 28.403753] ? __virt_addr_valid+0x1db/0x2d0 [ 28.403785] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 28.403815] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.403860] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 28.403890] kasan_report+0x141/0x180 [ 28.403919] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 28.403954] __asan_report_store1_noabort+0x1b/0x30 [ 28.403985] krealloc_less_oob_helper+0xe23/0x11d0 [ 28.404018] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 28.404048] ? finish_task_switch.isra.0+0x153/0x700 [ 28.404089] ? __switch_to+0x47/0xf50 [ 28.404144] ? __schedule+0x10cc/0x2b60 [ 28.404197] ? __pfx_read_tsc+0x10/0x10 [ 28.404250] krealloc_less_oob+0x1c/0x30 [ 28.404300] kunit_try_run_case+0x1a5/0x480 [ 28.404354] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.404405] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.404460] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.404498] ? __kthread_parkme+0x82/0x180 [ 28.404527] ? preempt_count_sub+0x50/0x80 [ 28.404581] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.404614] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.404660] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.404693] kthread+0x337/0x6f0 [ 28.404720] ? trace_preempt_on+0x20/0xc0 [ 28.404751] ? __pfx_kthread+0x10/0x10 [ 28.404778] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.404808] ? calculate_sigpending+0x7b/0xa0 [ 28.404839] ? __pfx_kthread+0x10/0x10 [ 28.404866] ret_from_fork+0x116/0x1d0 [ 28.404891] ? __pfx_kthread+0x10/0x10 [ 28.404919] ret_from_fork_asm+0x1a/0x30 [ 28.404957] </TASK> [ 28.404971] [ 28.421814] Allocated by task 188: [ 28.422136] kasan_save_stack+0x45/0x70 [ 28.422457] kasan_save_track+0x18/0x40 [ 28.423208] kasan_save_alloc_info+0x3b/0x50 [ 28.423696] __kasan_krealloc+0x190/0x1f0 [ 28.424564] krealloc_noprof+0xf3/0x340 [ 28.425042] krealloc_less_oob_helper+0x1aa/0x11d0 [ 28.425527] krealloc_less_oob+0x1c/0x30 [ 28.426018] kunit_try_run_case+0x1a5/0x480 [ 28.426367] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.426694] kthread+0x337/0x6f0 [ 28.427249] ret_from_fork+0x116/0x1d0 [ 28.427862] ret_from_fork_asm+0x1a/0x30 [ 28.428512] [ 28.428966] The buggy address belongs to the object at ffff888100385e00 [ 28.428966] which belongs to the cache kmalloc-256 of size 256 [ 28.430113] The buggy address is located 7 bytes to the right of [ 28.430113] allocated 201-byte region [ffff888100385e00, ffff888100385ec9) [ 28.431054] [ 28.431436] The buggy address belongs to the physical page: [ 28.432023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100384 [ 28.433177] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.433783] flags: 0x200000000000040(head|node=0|zone=2) [ 28.434469] page_type: f5(slab) [ 28.434842] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 28.435564] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.436211] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 28.437279] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.437920] head: 0200000000000001 ffffea000400e101 00000000ffffffff 00000000ffffffff [ 28.438621] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 28.439189] page dumped because: kasan: bad access detected [ 28.439856] [ 28.440155] Memory state around the buggy address: [ 28.441004] ffff888100385d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.441600] ffff888100385e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.442225] >ffff888100385e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 28.442870] ^ [ 28.443476] ffff888100385f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.444208] ffff888100385f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.445011] ================================================================== [ 28.682047] ================================================================== [ 28.683026] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 28.683925] Write of size 1 at addr ffff888102d660d0 by task kunit_try_catch/192 [ 28.685429] [ 28.685765] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 28.685901] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.685928] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.685954] Call Trace: [ 28.685972] <TASK> [ 28.685994] dump_stack_lvl+0x73/0xb0 [ 28.686038] print_report+0xd1/0x650 [ 28.686219] ? __virt_addr_valid+0x1db/0x2d0 [ 28.686319] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 28.686452] ? kasan_addr_to_slab+0x11/0xa0 [ 28.686485] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 28.686516] kasan_report+0x141/0x180 [ 28.686566] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 28.686604] __asan_report_store1_noabort+0x1b/0x30 [ 28.686643] krealloc_less_oob_helper+0xe23/0x11d0 [ 28.686697] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 28.686731] ? finish_task_switch.isra.0+0x153/0x700 [ 28.686760] ? __switch_to+0x47/0xf50 [ 28.686793] ? __schedule+0x10cc/0x2b60 [ 28.686826] ? __pfx_read_tsc+0x10/0x10 [ 28.686859] krealloc_large_less_oob+0x1c/0x30 [ 28.686888] kunit_try_run_case+0x1a5/0x480 [ 28.686920] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.686949] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.686979] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.687009] ? __kthread_parkme+0x82/0x180 [ 28.687035] ? preempt_count_sub+0x50/0x80 [ 28.687075] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.687128] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.687179] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.687212] kthread+0x337/0x6f0 [ 28.687239] ? trace_preempt_on+0x20/0xc0 [ 28.687271] ? __pfx_kthread+0x10/0x10 [ 28.687298] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.687327] ? calculate_sigpending+0x7b/0xa0 [ 28.687358] ? __pfx_kthread+0x10/0x10 [ 28.687385] ret_from_fork+0x116/0x1d0 [ 28.687410] ? __pfx_kthread+0x10/0x10 [ 28.687437] ret_from_fork_asm+0x1a/0x30 [ 28.687475] </TASK> [ 28.687489] [ 28.703680] The buggy address belongs to the physical page: [ 28.704438] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d64 [ 28.705664] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.706211] flags: 0x200000000000040(head|node=0|zone=2) [ 28.706827] page_type: f8(unknown) [ 28.707215] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.707836] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 28.708670] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.709745] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 28.710467] head: 0200000000000002 ffffea00040b5901 00000000ffffffff 00000000ffffffff [ 28.711037] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 28.711777] page dumped because: kasan: bad access detected [ 28.712319] [ 28.712527] Memory state around the buggy address: [ 28.712955] ffff888102d65f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.714065] ffff888102d66000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.714777] >ffff888102d66080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 28.715467] ^ [ 28.715970] ffff888102d66100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.716665] ffff888102d66180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.717570] ================================================================== [ 28.353711] ================================================================== [ 28.354254] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 28.355578] Write of size 1 at addr ffff888100385ec9 by task kunit_try_catch/188 [ 28.356599] [ 28.356785] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 28.356894] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.356920] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.356946] Call Trace: [ 28.356963] <TASK> [ 28.356985] dump_stack_lvl+0x73/0xb0 [ 28.357030] print_report+0xd1/0x650 [ 28.357173] ? __virt_addr_valid+0x1db/0x2d0 [ 28.357281] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 28.357351] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.357430] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 28.357510] kasan_report+0x141/0x180 [ 28.357587] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 28.357674] __asan_report_store1_noabort+0x1b/0x30 [ 28.357740] krealloc_less_oob_helper+0xd70/0x11d0 [ 28.357797] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 28.357845] ? finish_task_switch.isra.0+0x153/0x700 [ 28.357898] ? __switch_to+0x47/0xf50 [ 28.357954] ? __schedule+0x10cc/0x2b60 [ 28.358015] ? __pfx_read_tsc+0x10/0x10 [ 28.358076] krealloc_less_oob+0x1c/0x30 [ 28.358125] kunit_try_run_case+0x1a5/0x480 [ 28.358181] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.358234] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.358286] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.358340] ? __kthread_parkme+0x82/0x180 [ 28.358388] ? preempt_count_sub+0x50/0x80 [ 28.358443] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.358506] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.358581] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.358642] kthread+0x337/0x6f0 [ 28.358688] ? trace_preempt_on+0x20/0xc0 [ 28.358737] ? __pfx_kthread+0x10/0x10 [ 28.358781] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.358833] ? calculate_sigpending+0x7b/0xa0 [ 28.358889] ? __pfx_kthread+0x10/0x10 [ 28.358940] ret_from_fork+0x116/0x1d0 [ 28.358987] ? __pfx_kthread+0x10/0x10 [ 28.359033] ret_from_fork_asm+0x1a/0x30 [ 28.359102] </TASK> [ 28.359128] [ 28.376593] Allocated by task 188: [ 28.376998] kasan_save_stack+0x45/0x70 [ 28.377431] kasan_save_track+0x18/0x40 [ 28.377970] kasan_save_alloc_info+0x3b/0x50 [ 28.378249] __kasan_krealloc+0x190/0x1f0 [ 28.378644] krealloc_noprof+0xf3/0x340 [ 28.379061] krealloc_less_oob_helper+0x1aa/0x11d0 [ 28.379727] krealloc_less_oob+0x1c/0x30 [ 28.380623] kunit_try_run_case+0x1a5/0x480 [ 28.381229] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.381619] kthread+0x337/0x6f0 [ 28.382070] ret_from_fork+0x116/0x1d0 [ 28.382356] ret_from_fork_asm+0x1a/0x30 [ 28.382976] [ 28.383188] The buggy address belongs to the object at ffff888100385e00 [ 28.383188] which belongs to the cache kmalloc-256 of size 256 [ 28.384159] The buggy address is located 0 bytes to the right of [ 28.384159] allocated 201-byte region [ffff888100385e00, ffff888100385ec9) [ 28.385368] [ 28.385602] The buggy address belongs to the physical page: [ 28.386355] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100384 [ 28.386935] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.387313] flags: 0x200000000000040(head|node=0|zone=2) [ 28.387868] page_type: f5(slab) [ 28.388180] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 28.388738] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.389190] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 28.389883] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.390771] head: 0200000000000001 ffffea000400e101 00000000ffffffff 00000000ffffffff [ 28.391339] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 28.392538] page dumped because: kasan: bad access detected [ 28.392853] [ 28.393050] Memory state around the buggy address: [ 28.393431] ffff888100385d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.394053] ffff888100385e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.394438] >ffff888100385e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 28.395105] ^ [ 28.396581] ffff888100385f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.397156] ffff888100385f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.397941] ================================================================== [ 28.527876] ================================================================== [ 28.528236] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 28.528718] Write of size 1 at addr ffff888100385eeb by task kunit_try_catch/188 [ 28.529329] [ 28.529684] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 28.529832] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.529884] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.529950] Call Trace: [ 28.529991] <TASK> [ 28.530045] dump_stack_lvl+0x73/0xb0 [ 28.530123] print_report+0xd1/0x650 [ 28.530181] ? __virt_addr_valid+0x1db/0x2d0 [ 28.530255] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 28.530335] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.530406] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 28.530467] kasan_report+0x141/0x180 [ 28.530515] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 28.530574] __asan_report_store1_noabort+0x1b/0x30 [ 28.530609] krealloc_less_oob_helper+0xd47/0x11d0 [ 28.530666] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 28.530699] ? finish_task_switch.isra.0+0x153/0x700 [ 28.530729] ? __switch_to+0x47/0xf50 [ 28.530763] ? __schedule+0x10cc/0x2b60 [ 28.530796] ? __pfx_read_tsc+0x10/0x10 [ 28.530828] krealloc_less_oob+0x1c/0x30 [ 28.530856] kunit_try_run_case+0x1a5/0x480 [ 28.530889] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.530919] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.530950] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.530981] ? __kthread_parkme+0x82/0x180 [ 28.531007] ? preempt_count_sub+0x50/0x80 [ 28.531036] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.531067] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.531097] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.531127] kthread+0x337/0x6f0 [ 28.531153] ? trace_preempt_on+0x20/0xc0 [ 28.531183] ? __pfx_kthread+0x10/0x10 [ 28.531209] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.531238] ? calculate_sigpending+0x7b/0xa0 [ 28.531270] ? __pfx_kthread+0x10/0x10 [ 28.531297] ret_from_fork+0x116/0x1d0 [ 28.531322] ? __pfx_kthread+0x10/0x10 [ 28.531349] ret_from_fork_asm+0x1a/0x30 [ 28.531388] </TASK> [ 28.531401] [ 28.544061] Allocated by task 188: [ 28.544458] kasan_save_stack+0x45/0x70 [ 28.544947] kasan_save_track+0x18/0x40 [ 28.545355] kasan_save_alloc_info+0x3b/0x50 [ 28.545835] __kasan_krealloc+0x190/0x1f0 [ 28.546237] krealloc_noprof+0xf3/0x340 [ 28.546531] krealloc_less_oob_helper+0x1aa/0x11d0 [ 28.546993] krealloc_less_oob+0x1c/0x30 [ 28.547244] kunit_try_run_case+0x1a5/0x480 [ 28.547499] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.548066] kthread+0x337/0x6f0 [ 28.548517] ret_from_fork+0x116/0x1d0 [ 28.549128] ret_from_fork_asm+0x1a/0x30 [ 28.549582] [ 28.549811] The buggy address belongs to the object at ffff888100385e00 [ 28.549811] which belongs to the cache kmalloc-256 of size 256 [ 28.550656] The buggy address is located 34 bytes to the right of [ 28.550656] allocated 201-byte region [ffff888100385e00, ffff888100385ec9) [ 28.551583] [ 28.551853] The buggy address belongs to the physical page: [ 28.552353] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100384 [ 28.552938] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.553562] flags: 0x200000000000040(head|node=0|zone=2) [ 28.553965] page_type: f5(slab) [ 28.554248] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 28.554631] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.554993] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 28.555355] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.556041] head: 0200000000000001 ffffea000400e101 00000000ffffffff 00000000ffffffff [ 28.556778] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 28.557856] page dumped because: kasan: bad access detected [ 28.558351] [ 28.558560] Memory state around the buggy address: [ 28.559018] ffff888100385d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.559603] ffff888100385e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.560063] >ffff888100385e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 28.560406] ^ [ 28.560909] ffff888100385f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.561601] ffff888100385f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.562258] ================================================================== [ 28.755391] ================================================================== [ 28.755924] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 28.756841] Write of size 1 at addr ffff888102d660ea by task kunit_try_catch/192 [ 28.757982] [ 28.758353] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 28.758474] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.758502] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.758560] Call Trace: [ 28.758600] <TASK> [ 28.758690] dump_stack_lvl+0x73/0xb0 [ 28.758775] print_report+0xd1/0x650 [ 28.758832] ? __virt_addr_valid+0x1db/0x2d0 [ 28.758894] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 28.758983] ? kasan_addr_to_slab+0x11/0xa0 [ 28.759178] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 28.759270] kasan_report+0x141/0x180 [ 28.759329] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 28.759402] __asan_report_store1_noabort+0x1b/0x30 [ 28.759470] krealloc_less_oob_helper+0xe90/0x11d0 [ 28.759556] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 28.759606] ? finish_task_switch.isra.0+0x153/0x700 [ 28.759657] ? __switch_to+0x47/0xf50 [ 28.759696] ? __schedule+0x10cc/0x2b60 [ 28.759731] ? __pfx_read_tsc+0x10/0x10 [ 28.759765] krealloc_large_less_oob+0x1c/0x30 [ 28.759795] kunit_try_run_case+0x1a5/0x480 [ 28.759839] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.759869] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.759903] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.759934] ? __kthread_parkme+0x82/0x180 [ 28.759961] ? preempt_count_sub+0x50/0x80 [ 28.759990] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.760020] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.760053] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.760108] kthread+0x337/0x6f0 [ 28.760152] ? trace_preempt_on+0x20/0xc0 [ 28.760193] ? __pfx_kthread+0x10/0x10 [ 28.760221] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.760251] ? calculate_sigpending+0x7b/0xa0 [ 28.760282] ? __pfx_kthread+0x10/0x10 [ 28.760309] ret_from_fork+0x116/0x1d0 [ 28.760335] ? __pfx_kthread+0x10/0x10 [ 28.760361] ret_from_fork_asm+0x1a/0x30 [ 28.760401] </TASK> [ 28.760414] [ 28.777608] The buggy address belongs to the physical page: [ 28.778090] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d64 [ 28.778852] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.780003] flags: 0x200000000000040(head|node=0|zone=2) [ 28.780729] page_type: f8(unknown) [ 28.781247] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.781898] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 28.782622] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.783612] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 28.784413] head: 0200000000000002 ffffea00040b5901 00000000ffffffff 00000000ffffffff [ 28.785401] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 28.786214] page dumped because: kasan: bad access detected [ 28.786641] [ 28.786789] Memory state around the buggy address: [ 28.787597] ffff888102d65f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.788453] ffff888102d66000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.789092] >ffff888102d66080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 28.789682] ^ [ 28.790798] ffff888102d66100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.791447] ffff888102d66180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.792463] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 28.607424] ================================================================== [ 28.608006] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 28.609061] Write of size 1 at addr ffff8881029fa0f0 by task kunit_try_catch/190 [ 28.609918] [ 28.610116] CPU: 1 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 28.610221] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.610251] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.610293] Call Trace: [ 28.610319] <TASK> [ 28.610353] dump_stack_lvl+0x73/0xb0 [ 28.610420] print_report+0xd1/0x650 [ 28.610472] ? __virt_addr_valid+0x1db/0x2d0 [ 28.610531] ? krealloc_more_oob_helper+0x7eb/0x930 [ 28.610609] ? kasan_addr_to_slab+0x11/0xa0 [ 28.610660] ? krealloc_more_oob_helper+0x7eb/0x930 [ 28.610714] kasan_report+0x141/0x180 [ 28.610768] ? krealloc_more_oob_helper+0x7eb/0x930 [ 28.610835] __asan_report_store1_noabort+0x1b/0x30 [ 28.610902] krealloc_more_oob_helper+0x7eb/0x930 [ 28.610961] ? __schedule+0x10cc/0x2b60 [ 28.611014] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 28.611047] ? finish_task_switch.isra.0+0x153/0x700 [ 28.611121] ? __switch_to+0x47/0xf50 [ 28.611183] ? __schedule+0x10cc/0x2b60 [ 28.611217] ? __pfx_read_tsc+0x10/0x10 [ 28.611253] krealloc_large_more_oob+0x1c/0x30 [ 28.611284] kunit_try_run_case+0x1a5/0x480 [ 28.611316] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.611345] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.611376] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.611407] ? __kthread_parkme+0x82/0x180 [ 28.611433] ? preempt_count_sub+0x50/0x80 [ 28.611462] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.611492] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.611522] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.611576] kthread+0x337/0x6f0 [ 28.611603] ? trace_preempt_on+0x20/0xc0 [ 28.611649] ? __pfx_kthread+0x10/0x10 [ 28.611699] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.611729] ? calculate_sigpending+0x7b/0xa0 [ 28.611759] ? __pfx_kthread+0x10/0x10 [ 28.611786] ret_from_fork+0x116/0x1d0 [ 28.611811] ? __pfx_kthread+0x10/0x10 [ 28.611848] ret_from_fork_asm+0x1a/0x30 [ 28.611887] </TASK> [ 28.611901] [ 28.630089] The buggy address belongs to the physical page: [ 28.630646] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029f8 [ 28.631374] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.632334] flags: 0x200000000000040(head|node=0|zone=2) [ 28.632884] page_type: f8(unknown) [ 28.633440] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.634496] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 28.635030] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.635737] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 28.636279] head: 0200000000000002 ffffea00040a7e01 00000000ffffffff 00000000ffffffff [ 28.637071] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 28.637776] page dumped because: kasan: bad access detected [ 28.637981] [ 28.638050] Memory state around the buggy address: [ 28.638184] ffff8881029f9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.638364] ffff8881029fa000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.638559] >ffff8881029fa080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 28.639866] ^ [ 28.640450] ffff8881029fa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.641276] ffff8881029fa180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.641931] ================================================================== [ 28.260722] ================================================================== [ 28.261421] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 28.262464] Write of size 1 at addr ffff888102c282eb by task kunit_try_catch/186 [ 28.263513] [ 28.263770] CPU: 1 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 28.263904] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.263956] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.264006] Call Trace: [ 28.264056] <TASK> [ 28.264107] dump_stack_lvl+0x73/0xb0 [ 28.264230] print_report+0xd1/0x650 [ 28.264291] ? __virt_addr_valid+0x1db/0x2d0 [ 28.264345] ? krealloc_more_oob_helper+0x821/0x930 [ 28.264377] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.264411] ? krealloc_more_oob_helper+0x821/0x930 [ 28.264443] kasan_report+0x141/0x180 [ 28.264472] ? krealloc_more_oob_helper+0x821/0x930 [ 28.264507] __asan_report_store1_noabort+0x1b/0x30 [ 28.264538] krealloc_more_oob_helper+0x821/0x930 [ 28.264590] ? __schedule+0x10cc/0x2b60 [ 28.264623] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 28.264674] ? finish_task_switch.isra.0+0x153/0x700 [ 28.264706] ? __switch_to+0x47/0xf50 [ 28.264740] ? __schedule+0x10cc/0x2b60 [ 28.264769] ? __pfx_read_tsc+0x10/0x10 [ 28.264802] krealloc_more_oob+0x1c/0x30 [ 28.264830] kunit_try_run_case+0x1a5/0x480 [ 28.264864] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.264893] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.264923] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.264954] ? __kthread_parkme+0x82/0x180 [ 28.264980] ? preempt_count_sub+0x50/0x80 [ 28.265009] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.265039] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.265087] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.265140] kthread+0x337/0x6f0 [ 28.265183] ? trace_preempt_on+0x20/0xc0 [ 28.265234] ? __pfx_kthread+0x10/0x10 [ 28.265279] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.265329] ? calculate_sigpending+0x7b/0xa0 [ 28.265392] ? __pfx_kthread+0x10/0x10 [ 28.265449] ret_from_fork+0x116/0x1d0 [ 28.265495] ? __pfx_kthread+0x10/0x10 [ 28.265533] ret_from_fork_asm+0x1a/0x30 [ 28.265596] </TASK> [ 28.265611] [ 28.280119] Allocated by task 186: [ 28.280638] kasan_save_stack+0x45/0x70 [ 28.281076] kasan_save_track+0x18/0x40 [ 28.281334] kasan_save_alloc_info+0x3b/0x50 [ 28.281657] __kasan_krealloc+0x190/0x1f0 [ 28.282049] krealloc_noprof+0xf3/0x340 [ 28.282451] krealloc_more_oob_helper+0x1a9/0x930 [ 28.283209] krealloc_more_oob+0x1c/0x30 [ 28.283468] kunit_try_run_case+0x1a5/0x480 [ 28.283739] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.284041] kthread+0x337/0x6f0 [ 28.284524] ret_from_fork+0x116/0x1d0 [ 28.284968] ret_from_fork_asm+0x1a/0x30 [ 28.285481] [ 28.285720] The buggy address belongs to the object at ffff888102c28200 [ 28.285720] which belongs to the cache kmalloc-256 of size 256 [ 28.287151] The buggy address is located 0 bytes to the right of [ 28.287151] allocated 235-byte region [ffff888102c28200, ffff888102c282eb) [ 28.287988] [ 28.288186] The buggy address belongs to the physical page: [ 28.288469] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c28 [ 28.289192] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.289807] flags: 0x200000000000040(head|node=0|zone=2) [ 28.290201] page_type: f5(slab) [ 28.290530] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 28.290971] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.291342] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 28.293626] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.294350] head: 0200000000000001 ffffea00040b0a01 00000000ffffffff 00000000ffffffff [ 28.295521] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 28.295867] page dumped because: kasan: bad access detected [ 28.296019] [ 28.296081] Memory state around the buggy address: [ 28.296211] ffff888102c28180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.296382] ffff888102c28200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.296575] >ffff888102c28280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 28.296893] ^ [ 28.297690] ffff888102c28300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.298422] ffff888102c28380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.299090] ================================================================== [ 28.570790] ================================================================== [ 28.571469] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 28.572726] Write of size 1 at addr ffff8881029fa0eb by task kunit_try_catch/190 [ 28.573187] [ 28.573880] CPU: 1 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 28.573993] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.574026] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.574111] Call Trace: [ 28.574143] <TASK> [ 28.574179] dump_stack_lvl+0x73/0xb0 [ 28.574253] print_report+0xd1/0x650 [ 28.574305] ? __virt_addr_valid+0x1db/0x2d0 [ 28.574363] ? krealloc_more_oob_helper+0x821/0x930 [ 28.574421] ? kasan_addr_to_slab+0x11/0xa0 [ 28.574472] ? krealloc_more_oob_helper+0x821/0x930 [ 28.574525] kasan_report+0x141/0x180 [ 28.574601] ? krealloc_more_oob_helper+0x821/0x930 [ 28.574704] __asan_report_store1_noabort+0x1b/0x30 [ 28.574768] krealloc_more_oob_helper+0x821/0x930 [ 28.574824] ? __schedule+0x10cc/0x2b60 [ 28.574883] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 28.574945] ? finish_task_switch.isra.0+0x153/0x700 [ 28.575008] ? __switch_to+0x47/0xf50 [ 28.575104] ? __schedule+0x10cc/0x2b60 [ 28.575166] ? __pfx_read_tsc+0x10/0x10 [ 28.575225] krealloc_large_more_oob+0x1c/0x30 [ 28.575286] kunit_try_run_case+0x1a5/0x480 [ 28.575351] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.575404] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.575459] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.575513] ? __kthread_parkme+0x82/0x180 [ 28.575577] ? preempt_count_sub+0x50/0x80 [ 28.575665] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.575727] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.575789] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.575865] kthread+0x337/0x6f0 [ 28.575913] ? trace_preempt_on+0x20/0xc0 [ 28.575969] ? __pfx_kthread+0x10/0x10 [ 28.576010] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.576042] ? calculate_sigpending+0x7b/0xa0 [ 28.576108] ? __pfx_kthread+0x10/0x10 [ 28.576155] ret_from_fork+0x116/0x1d0 [ 28.576191] ? __pfx_kthread+0x10/0x10 [ 28.576220] ret_from_fork_asm+0x1a/0x30 [ 28.576261] </TASK> [ 28.576276] [ 28.592624] The buggy address belongs to the physical page: [ 28.593402] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029f8 [ 28.594408] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.595020] flags: 0x200000000000040(head|node=0|zone=2) [ 28.595725] page_type: f8(unknown) [ 28.596038] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.596879] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 28.597333] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.598091] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 28.598530] head: 0200000000000002 ffffea00040a7e01 00000000ffffffff 00000000ffffffff [ 28.599170] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 28.599916] page dumped because: kasan: bad access detected [ 28.600571] [ 28.600803] Memory state around the buggy address: [ 28.601345] ffff8881029f9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.601893] ffff8881029fa000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.602819] >ffff8881029fa080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 28.603231] ^ [ 28.604248] ffff8881029fa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.604954] ffff8881029fa180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.605583] ================================================================== [ 28.300960] ================================================================== [ 28.302207] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 28.302658] Write of size 1 at addr ffff888102c282f0 by task kunit_try_catch/186 [ 28.303131] [ 28.303378] CPU: 1 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 28.303489] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.303519] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.303583] Call Trace: [ 28.303619] <TASK> [ 28.303656] dump_stack_lvl+0x73/0xb0 [ 28.304097] print_report+0xd1/0x650 [ 28.304192] ? __virt_addr_valid+0x1db/0x2d0 [ 28.304260] ? krealloc_more_oob_helper+0x7eb/0x930 [ 28.304315] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.304381] ? krealloc_more_oob_helper+0x7eb/0x930 [ 28.304440] kasan_report+0x141/0x180 [ 28.304500] ? krealloc_more_oob_helper+0x7eb/0x930 [ 28.304588] __asan_report_store1_noabort+0x1b/0x30 [ 28.304760] krealloc_more_oob_helper+0x7eb/0x930 [ 28.304845] ? __schedule+0x10cc/0x2b60 [ 28.304916] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 28.304960] ? finish_task_switch.isra.0+0x153/0x700 [ 28.304992] ? __switch_to+0x47/0xf50 [ 28.305025] ? __schedule+0x10cc/0x2b60 [ 28.305065] ? __pfx_read_tsc+0x10/0x10 [ 28.305154] krealloc_more_oob+0x1c/0x30 [ 28.305207] kunit_try_run_case+0x1a5/0x480 [ 28.305243] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.305274] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.305307] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.305339] ? __kthread_parkme+0x82/0x180 [ 28.305366] ? preempt_count_sub+0x50/0x80 [ 28.305395] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.305426] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.305456] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.305486] kthread+0x337/0x6f0 [ 28.305512] ? trace_preempt_on+0x20/0xc0 [ 28.305564] ? __pfx_kthread+0x10/0x10 [ 28.305593] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.305623] ? calculate_sigpending+0x7b/0xa0 [ 28.305678] ? __pfx_kthread+0x10/0x10 [ 28.305706] ret_from_fork+0x116/0x1d0 [ 28.305733] ? __pfx_kthread+0x10/0x10 [ 28.305759] ret_from_fork_asm+0x1a/0x30 [ 28.305799] </TASK> [ 28.305812] [ 28.324408] Allocated by task 186: [ 28.324846] kasan_save_stack+0x45/0x70 [ 28.325309] kasan_save_track+0x18/0x40 [ 28.325850] kasan_save_alloc_info+0x3b/0x50 [ 28.326640] __kasan_krealloc+0x190/0x1f0 [ 28.326892] krealloc_noprof+0xf3/0x340 [ 28.327451] krealloc_more_oob_helper+0x1a9/0x930 [ 28.328035] krealloc_more_oob+0x1c/0x30 [ 28.328528] kunit_try_run_case+0x1a5/0x480 [ 28.328862] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.329451] kthread+0x337/0x6f0 [ 28.329746] ret_from_fork+0x116/0x1d0 [ 28.330120] ret_from_fork_asm+0x1a/0x30 [ 28.330454] [ 28.331335] The buggy address belongs to the object at ffff888102c28200 [ 28.331335] which belongs to the cache kmalloc-256 of size 256 [ 28.332288] The buggy address is located 5 bytes to the right of [ 28.332288] allocated 235-byte region [ffff888102c28200, ffff888102c282eb) [ 28.333239] [ 28.333769] The buggy address belongs to the physical page: [ 28.334044] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c28 [ 28.334594] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.335583] flags: 0x200000000000040(head|node=0|zone=2) [ 28.336073] page_type: f5(slab) [ 28.336745] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 28.337523] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.338103] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 28.339108] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.340162] head: 0200000000000001 ffffea00040b0a01 00000000ffffffff 00000000ffffffff [ 28.340482] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 28.341158] page dumped because: kasan: bad access detected [ 28.341611] [ 28.341750] Memory state around the buggy address: [ 28.342365] ffff888102c28180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.343425] ffff888102c28200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.343899] >ffff888102c28280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 28.344270] ^ [ 28.345061] ffff888102c28300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.345659] ffff888102c28380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.346320] ==================================================================
Failure - kunit - _TV
<8>[ 326.318018] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_TV RESULT=fail> _TV fail
Failure - kunit - _HDMI-B
<8>[ 325.873042] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_HDMI-B RESULT=fail> _HDMI-B fail
Failure - kunit - _HDMI-A
<8>[ 325.510057] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_HDMI-A RESULT=fail> _HDMI-A fail
Failure - kunit - _DP
<8>[ 325.114562] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_DP RESULT=fail> _DP fail _DPI fail
Failure - kunit - _DIN
<8>[ 324.684067] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_DIN RESULT=fail> _DIN fail
Failure - kunit - _Component
<8>[ 324.156575] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_Component RESULT=fail> _Component fail
Failure - kunit - _LVDS
<8>[ 323.626054] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_LVDS RESULT=fail> _LVDS fail
Failure - kunit - _SVIDEO
<8>[ 323.242903] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_SVIDEO RESULT=fail> _SVIDEO fail
Failure - kunit - drm_test_connector_helper_tv_get_modes_check_None
<8>[ 406.275212] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_connector_helper_tv_get_modes_check_None RESULT=fail>
Failure - kunit - drm_modes_analog_tv_drm_modes_analog_tv
<8>[ 403.420213] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_modes_analog_tv_drm_modes_analog_tv RESULT=fail>
Failure - kunit - drm_modes_analog_tv_drm_test_modes_analog_tv_pal_576i_inlined
<8>[ 403.224892] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_modes_analog_tv_drm_test_modes_analog_tv_pal_576i_inlined RESULT=fail>
Failure - kunit - drm_modes_analog_tv_drm_test_modes_analog_tv_pal_576i
<8>[ 403.044442] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_modes_analog_tv_drm_test_modes_analog_tv_pal_576i RESULT=fail>
Failure - kunit - drm_modes_analog_tv_drm_test_modes_analog_tv_ntsc_480i_inlined
<8>[ 402.860236] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_modes_analog_tv_drm_test_modes_analog_tv_ntsc_480i_inlined RESULT=fail>
Failure - kunit - drm_modes_analog_tv_drm_test_modes_analog_tv_ntsc_480i
<8>[ 402.632806] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_modes_analog_tv_drm_test_modes_analog_tv_ntsc_480i RESULT=fail>
Failure - kunit - drm_modes_analog_tv_drm_test_modes_analog_tv_mono_576i
<8>[ 402.454479] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_modes_analog_tv_drm_test_modes_analog_tv_mono_576i RESULT=fail>
Failure - kunit - drm_managed_drm_managed
<8>[ 401.041399] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_managed_drm_managed RESULT=fail>
Failure - kunit - drm_managed_drm_test_managed_run_action
<8>[ 400.870053] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_managed_drm_test_managed_run_action RESULT=fail>
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 31.164519] ================================================================== [ 31.165119] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 31.166535] Read of size 1 at addr ffff888103bdc000 by task kunit_try_catch/263 [ 31.167525] [ 31.168122] CPU: 1 UID: 0 PID: 263 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 31.168328] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.168363] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.168391] Call Trace: [ 31.168409] <TASK> [ 31.168433] dump_stack_lvl+0x73/0xb0 [ 31.168481] print_report+0xd1/0x650 [ 31.168513] ? __virt_addr_valid+0x1db/0x2d0 [ 31.168570] ? mempool_uaf_helper+0x392/0x400 [ 31.168602] ? kasan_addr_to_slab+0x11/0xa0 [ 31.168634] ? mempool_uaf_helper+0x392/0x400 [ 31.168675] kasan_report+0x141/0x180 [ 31.168706] ? mempool_uaf_helper+0x392/0x400 [ 31.168742] __asan_report_load1_noabort+0x18/0x20 [ 31.168774] mempool_uaf_helper+0x392/0x400 [ 31.168804] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 31.168835] ? __pfx_sched_clock_cpu+0x10/0x10 [ 31.168866] ? finish_task_switch.isra.0+0x153/0x700 [ 31.168900] mempool_page_alloc_uaf+0xed/0x140 [ 31.168931] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 31.168965] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 31.168998] ? __pfx_mempool_free_pages+0x10/0x10 [ 31.169031] ? __pfx_read_tsc+0x10/0x10 [ 31.169072] ? ktime_get_ts64+0x86/0x230 [ 31.169128] kunit_try_run_case+0x1a5/0x480 [ 31.169189] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.169239] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.169295] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.169352] ? __kthread_parkme+0x82/0x180 [ 31.169399] ? preempt_count_sub+0x50/0x80 [ 31.169431] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.169465] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.169498] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.169529] kthread+0x337/0x6f0 [ 31.169578] ? trace_preempt_on+0x20/0xc0 [ 31.169611] ? __pfx_kthread+0x10/0x10 [ 31.169650] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.169686] ? calculate_sigpending+0x7b/0xa0 [ 31.169719] ? __pfx_kthread+0x10/0x10 [ 31.169748] ret_from_fork+0x116/0x1d0 [ 31.169774] ? __pfx_kthread+0x10/0x10 [ 31.169801] ret_from_fork_asm+0x1a/0x30 [ 31.169841] </TASK> [ 31.169856] [ 31.190079] The buggy address belongs to the physical page: [ 31.190628] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103bdc [ 31.191098] flags: 0x200000000000000(node=0|zone=2) [ 31.191600] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 31.192283] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 31.193557] page dumped because: kasan: bad access detected [ 31.194025] [ 31.194372] Memory state around the buggy address: [ 31.194720] ffff888103bdbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.195558] ffff888103bdbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.196284] >ffff888103bdc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.196638] ^ [ 31.196839] ffff888103bdc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.197031] ffff888103bdc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.198061] ================================================================== [ 31.057448] ================================================================== [ 31.058268] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 31.059263] Read of size 1 at addr ffff888103bdc000 by task kunit_try_catch/259 [ 31.059625] [ 31.059934] CPU: 1 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 31.060090] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.060124] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.060184] Call Trace: [ 31.060216] <TASK> [ 31.060274] dump_stack_lvl+0x73/0xb0 [ 31.060347] print_report+0xd1/0x650 [ 31.060405] ? __virt_addr_valid+0x1db/0x2d0 [ 31.060466] ? mempool_uaf_helper+0x392/0x400 [ 31.060521] ? kasan_addr_to_slab+0x11/0xa0 [ 31.060590] ? mempool_uaf_helper+0x392/0x400 [ 31.060756] kasan_report+0x141/0x180 [ 31.060877] ? mempool_uaf_helper+0x392/0x400 [ 31.060972] __asan_report_load1_noabort+0x18/0x20 [ 31.061036] mempool_uaf_helper+0x392/0x400 [ 31.061105] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 31.061164] ? __kasan_check_write+0x18/0x20 [ 31.061225] ? __pfx_sched_clock_cpu+0x10/0x10 [ 31.061267] ? irqentry_exit+0x2a/0x60 [ 31.061309] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 31.061367] mempool_kmalloc_large_uaf+0xef/0x140 [ 31.061417] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 31.061462] ? __pfx_mempool_kmalloc+0x10/0x10 [ 31.061491] ? __pfx_mempool_kfree+0x10/0x10 [ 31.061521] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 31.061575] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 31.061607] kunit_try_run_case+0x1a5/0x480 [ 31.061663] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.061696] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.061728] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.061758] ? __kthread_parkme+0x82/0x180 [ 31.061784] ? preempt_count_sub+0x50/0x80 [ 31.061813] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.061842] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.061872] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.061900] kthread+0x337/0x6f0 [ 31.061924] ? trace_preempt_on+0x20/0xc0 [ 31.061952] ? __pfx_kthread+0x10/0x10 [ 31.061978] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.062005] ? calculate_sigpending+0x7b/0xa0 [ 31.062034] ? __pfx_kthread+0x10/0x10 [ 31.062082] ret_from_fork+0x116/0x1d0 [ 31.062135] ? __pfx_kthread+0x10/0x10 [ 31.062177] ret_from_fork_asm+0x1a/0x30 [ 31.062237] </TASK> [ 31.062254] [ 31.081252] The buggy address belongs to the physical page: [ 31.082320] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103bdc [ 31.083057] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 31.083507] flags: 0x200000000000040(head|node=0|zone=2) [ 31.084696] page_type: f8(unknown) [ 31.085181] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 31.086031] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 31.086902] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 31.087652] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 31.088269] head: 0200000000000002 ffffea00040ef701 00000000ffffffff 00000000ffffffff [ 31.089002] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 31.089921] page dumped because: kasan: bad access detected [ 31.090303] [ 31.090743] Memory state around the buggy address: [ 31.091200] ffff888103bdbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.091929] ffff888103bdbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.092751] >ffff888103bdc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.093280] ^ [ 31.094002] ffff888103bdc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.094653] ffff888103bdc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.095332] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 31.103488] ================================================================== [ 31.104528] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 31.105323] Read of size 1 at addr ffff888102df3240 by task kunit_try_catch/261 [ 31.105882] [ 31.106166] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 31.106406] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.106454] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.106535] Call Trace: [ 31.106586] <TASK> [ 31.106676] dump_stack_lvl+0x73/0xb0 [ 31.106788] print_report+0xd1/0x650 [ 31.106864] ? __virt_addr_valid+0x1db/0x2d0 [ 31.106929] ? mempool_uaf_helper+0x392/0x400 [ 31.106981] ? kasan_complete_mode_report_info+0x64/0x200 [ 31.107023] ? mempool_uaf_helper+0x392/0x400 [ 31.107059] kasan_report+0x141/0x180 [ 31.107142] ? mempool_uaf_helper+0x392/0x400 [ 31.107191] __asan_report_load1_noabort+0x18/0x20 [ 31.107225] mempool_uaf_helper+0x392/0x400 [ 31.107257] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 31.107290] ? __pfx_sched_clock_cpu+0x10/0x10 [ 31.107322] ? finish_task_switch.isra.0+0x153/0x700 [ 31.107359] mempool_slab_uaf+0xea/0x140 [ 31.107389] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 31.107422] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 31.107453] ? __pfx_mempool_free_slab+0x10/0x10 [ 31.107486] ? __pfx_read_tsc+0x10/0x10 [ 31.107515] ? ktime_get_ts64+0x86/0x230 [ 31.107570] kunit_try_run_case+0x1a5/0x480 [ 31.107606] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.107658] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.107698] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.107733] ? __kthread_parkme+0x82/0x180 [ 31.107762] ? preempt_count_sub+0x50/0x80 [ 31.107793] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.107837] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.107869] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.107901] kthread+0x337/0x6f0 [ 31.107928] ? trace_preempt_on+0x20/0xc0 [ 31.107959] ? __pfx_kthread+0x10/0x10 [ 31.107986] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.108016] ? calculate_sigpending+0x7b/0xa0 [ 31.108048] ? __pfx_kthread+0x10/0x10 [ 31.108101] ret_from_fork+0x116/0x1d0 [ 31.108147] ? __pfx_kthread+0x10/0x10 [ 31.108192] ret_from_fork_asm+0x1a/0x30 [ 31.108258] </TASK> [ 31.108281] [ 31.125930] Allocated by task 261: [ 31.126513] kasan_save_stack+0x45/0x70 [ 31.126945] kasan_save_track+0x18/0x40 [ 31.127562] kasan_save_alloc_info+0x3b/0x50 [ 31.127935] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 31.128654] remove_element+0x11e/0x190 [ 31.128992] mempool_alloc_preallocated+0x4d/0x90 [ 31.129704] mempool_uaf_helper+0x96/0x400 [ 31.130129] mempool_slab_uaf+0xea/0x140 [ 31.130482] kunit_try_run_case+0x1a5/0x480 [ 31.130763] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.131748] kthread+0x337/0x6f0 [ 31.132123] ret_from_fork+0x116/0x1d0 [ 31.132984] ret_from_fork_asm+0x1a/0x30 [ 31.133570] [ 31.133854] Freed by task 261: [ 31.134443] kasan_save_stack+0x45/0x70 [ 31.134808] kasan_save_track+0x18/0x40 [ 31.135397] kasan_save_free_info+0x3f/0x60 [ 31.135850] __kasan_mempool_poison_object+0x131/0x1d0 [ 31.136625] mempool_free+0x2ec/0x380 [ 31.137075] mempool_uaf_helper+0x11a/0x400 [ 31.137442] mempool_slab_uaf+0xea/0x140 [ 31.137903] kunit_try_run_case+0x1a5/0x480 [ 31.138319] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.138895] kthread+0x337/0x6f0 [ 31.139405] ret_from_fork+0x116/0x1d0 [ 31.139811] ret_from_fork_asm+0x1a/0x30 [ 31.140341] [ 31.140566] The buggy address belongs to the object at ffff888102df3240 [ 31.140566] which belongs to the cache test_cache of size 123 [ 31.141859] The buggy address is located 0 bytes inside of [ 31.141859] freed 123-byte region [ffff888102df3240, ffff888102df32bb) [ 31.142880] [ 31.143193] The buggy address belongs to the physical page: [ 31.143669] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102df3 [ 31.144536] flags: 0x200000000000000(node=0|zone=2) [ 31.145021] page_type: f5(slab) [ 31.145415] raw: 0200000000000000 ffff888102de7500 dead000000000122 0000000000000000 [ 31.146003] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 31.146575] page dumped because: kasan: bad access detected [ 31.147404] [ 31.147791] Memory state around the buggy address: [ 31.148427] ffff888102df3100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 31.148975] ffff888102df3180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.149737] >ffff888102df3200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 31.150419] ^ [ 31.150731] ffff888102df3280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 31.151726] ffff888102df3300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.152344] ================================================================== [ 31.009907] ================================================================== [ 31.010595] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 31.011258] Read of size 1 at addr ffff888102dcfe00 by task kunit_try_catch/257 [ 31.011777] [ 31.012119] CPU: 0 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 31.012238] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.012270] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.012350] Call Trace: [ 31.012398] <TASK> [ 31.012439] dump_stack_lvl+0x73/0xb0 [ 31.012519] print_report+0xd1/0x650 [ 31.012604] ? __virt_addr_valid+0x1db/0x2d0 [ 31.012670] ? mempool_uaf_helper+0x392/0x400 [ 31.012728] ? kasan_complete_mode_report_info+0x64/0x200 [ 31.012818] ? mempool_uaf_helper+0x392/0x400 [ 31.012879] kasan_report+0x141/0x180 [ 31.012942] ? mempool_uaf_helper+0x392/0x400 [ 31.013013] __asan_report_load1_noabort+0x18/0x20 [ 31.013070] mempool_uaf_helper+0x392/0x400 [ 31.013126] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 31.013186] ? kasan_save_track+0x18/0x40 [ 31.013271] ? kasan_save_alloc_info+0x3b/0x50 [ 31.013329] ? kasan_save_stack+0x45/0x70 [ 31.013392] mempool_kmalloc_uaf+0xef/0x140 [ 31.013474] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 31.013535] ? __pfx_mempool_kmalloc+0x10/0x10 [ 31.013615] ? __pfx_mempool_kfree+0x10/0x10 [ 31.013679] ? __pfx_read_tsc+0x10/0x10 [ 31.013740] ? ktime_get_ts64+0x86/0x230 [ 31.013809] kunit_try_run_case+0x1a5/0x480 [ 31.013858] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.013891] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.013926] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.013958] ? __kthread_parkme+0x82/0x180 [ 31.013987] ? preempt_count_sub+0x50/0x80 [ 31.014018] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.014049] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.014081] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.014113] kthread+0x337/0x6f0 [ 31.014139] ? trace_preempt_on+0x20/0xc0 [ 31.014170] ? __pfx_kthread+0x10/0x10 [ 31.014197] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.014268] ? calculate_sigpending+0x7b/0xa0 [ 31.014301] ? __pfx_kthread+0x10/0x10 [ 31.014328] ret_from_fork+0x116/0x1d0 [ 31.014355] ? __pfx_kthread+0x10/0x10 [ 31.014381] ret_from_fork_asm+0x1a/0x30 [ 31.014423] </TASK> [ 31.014438] [ 31.027188] Allocated by task 257: [ 31.027607] kasan_save_stack+0x45/0x70 [ 31.028063] kasan_save_track+0x18/0x40 [ 31.028467] kasan_save_alloc_info+0x3b/0x50 [ 31.028910] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 31.029514] remove_element+0x11e/0x190 [ 31.029853] mempool_alloc_preallocated+0x4d/0x90 [ 31.030337] mempool_uaf_helper+0x96/0x400 [ 31.030653] mempool_kmalloc_uaf+0xef/0x140 [ 31.031081] kunit_try_run_case+0x1a5/0x480 [ 31.031355] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.031765] kthread+0x337/0x6f0 [ 31.032169] ret_from_fork+0x116/0x1d0 [ 31.032688] ret_from_fork_asm+0x1a/0x30 [ 31.033102] [ 31.033324] Freed by task 257: [ 31.033592] kasan_save_stack+0x45/0x70 [ 31.033975] kasan_save_track+0x18/0x40 [ 31.034263] kasan_save_free_info+0x3f/0x60 [ 31.034516] __kasan_mempool_poison_object+0x131/0x1d0 [ 31.035029] mempool_free+0x2ec/0x380 [ 31.035467] mempool_uaf_helper+0x11a/0x400 [ 31.035987] mempool_kmalloc_uaf+0xef/0x140 [ 31.036431] kunit_try_run_case+0x1a5/0x480 [ 31.036868] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.037177] kthread+0x337/0x6f0 [ 31.037567] ret_from_fork+0x116/0x1d0 [ 31.038011] ret_from_fork_asm+0x1a/0x30 [ 31.038470] [ 31.038701] The buggy address belongs to the object at ffff888102dcfe00 [ 31.038701] which belongs to the cache kmalloc-128 of size 128 [ 31.039306] The buggy address is located 0 bytes inside of [ 31.039306] freed 128-byte region [ffff888102dcfe00, ffff888102dcfe80) [ 31.040449] [ 31.040765] The buggy address belongs to the physical page: [ 31.041204] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102dcf [ 31.041620] flags: 0x200000000000000(node=0|zone=2) [ 31.042165] page_type: f5(slab) [ 31.042613] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 31.043406] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.044071] page dumped because: kasan: bad access detected [ 31.044401] [ 31.044523] Memory state around the buggy address: [ 31.045021] ffff888102dcfd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.045854] ffff888102dcfd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.046398] >ffff888102dcfe00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.046756] ^ [ 31.047009] ffff888102dcfe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.047733] ffff888102dcff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.048481] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 30.953510] ================================================================== [ 30.954286] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 30.955092] Read of size 1 at addr ffff888102df02bb by task kunit_try_catch/255 [ 30.955938] [ 30.956307] CPU: 0 UID: 0 PID: 255 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 30.956416] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.956445] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.956490] Call Trace: [ 30.956518] <TASK> [ 30.956574] dump_stack_lvl+0x73/0xb0 [ 30.956691] print_report+0xd1/0x650 [ 30.956756] ? __virt_addr_valid+0x1db/0x2d0 [ 30.956827] ? mempool_oob_right_helper+0x318/0x380 [ 30.956887] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.956955] ? mempool_oob_right_helper+0x318/0x380 [ 30.957019] kasan_report+0x141/0x180 [ 30.957124] ? mempool_oob_right_helper+0x318/0x380 [ 30.957225] __asan_report_load1_noabort+0x18/0x20 [ 30.957297] mempool_oob_right_helper+0x318/0x380 [ 30.957367] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 30.957438] ? __pfx_sched_clock_cpu+0x10/0x10 [ 30.957593] ? finish_task_switch.isra.0+0x153/0x700 [ 30.957661] mempool_slab_oob_right+0xed/0x140 [ 30.957701] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 30.957737] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 30.957772] ? __pfx_mempool_free_slab+0x10/0x10 [ 30.957806] ? __pfx_read_tsc+0x10/0x10 [ 30.957837] ? ktime_get_ts64+0x86/0x230 [ 30.957872] kunit_try_run_case+0x1a5/0x480 [ 30.957909] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.957940] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.957975] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.958007] ? __kthread_parkme+0x82/0x180 [ 30.958035] ? preempt_count_sub+0x50/0x80 [ 30.958081] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.958138] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.958179] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.958213] kthread+0x337/0x6f0 [ 30.958240] ? trace_preempt_on+0x20/0xc0 [ 30.958274] ? __pfx_kthread+0x10/0x10 [ 30.958303] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.958334] ? calculate_sigpending+0x7b/0xa0 [ 30.958365] ? __pfx_kthread+0x10/0x10 [ 30.958393] ret_from_fork+0x116/0x1d0 [ 30.958420] ? __pfx_kthread+0x10/0x10 [ 30.958448] ret_from_fork_asm+0x1a/0x30 [ 30.958490] </TASK> [ 30.958506] [ 30.976525] Allocated by task 255: [ 30.976906] kasan_save_stack+0x45/0x70 [ 30.977370] kasan_save_track+0x18/0x40 [ 30.977709] kasan_save_alloc_info+0x3b/0x50 [ 30.978535] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 30.979280] remove_element+0x11e/0x190 [ 30.980049] mempool_alloc_preallocated+0x4d/0x90 [ 30.980574] mempool_oob_right_helper+0x8a/0x380 [ 30.981259] mempool_slab_oob_right+0xed/0x140 [ 30.981795] kunit_try_run_case+0x1a5/0x480 [ 30.982454] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.982743] kthread+0x337/0x6f0 [ 30.983144] ret_from_fork+0x116/0x1d0 [ 30.983722] ret_from_fork_asm+0x1a/0x30 [ 30.983992] [ 30.984190] The buggy address belongs to the object at ffff888102df0240 [ 30.984190] which belongs to the cache test_cache of size 123 [ 30.985961] The buggy address is located 0 bytes to the right of [ 30.985961] allocated 123-byte region [ffff888102df0240, ffff888102df02bb) [ 30.987141] [ 30.987359] The buggy address belongs to the physical page: [ 30.987984] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102df0 [ 30.988635] flags: 0x200000000000000(node=0|zone=2) [ 30.989098] page_type: f5(slab) [ 30.989443] raw: 0200000000000000 ffff888102de73c0 dead000000000122 0000000000000000 [ 30.990150] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 30.991171] page dumped because: kasan: bad access detected [ 30.991662] [ 30.991877] Memory state around the buggy address: [ 30.992367] ffff888102df0180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.992873] ffff888102df0200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 30.993787] >ffff888102df0280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 30.994754] ^ [ 30.995319] ffff888102df0300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.995984] ffff888102df0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.996673] ================================================================== [ 30.869021] ================================================================== [ 30.869724] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 30.870479] Read of size 1 at addr ffff888100aaed73 by task kunit_try_catch/251 [ 30.871044] [ 30.871341] CPU: 1 UID: 0 PID: 251 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 30.871465] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.871497] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.871565] Call Trace: [ 30.871599] <TASK> [ 30.871682] dump_stack_lvl+0x73/0xb0 [ 30.871783] print_report+0xd1/0x650 [ 30.871852] ? __virt_addr_valid+0x1db/0x2d0 [ 30.871918] ? mempool_oob_right_helper+0x318/0x380 [ 30.871981] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.872047] ? mempool_oob_right_helper+0x318/0x380 [ 30.872097] kasan_report+0x141/0x180 [ 30.872138] ? mempool_oob_right_helper+0x318/0x380 [ 30.872174] __asan_report_load1_noabort+0x18/0x20 [ 30.872204] mempool_oob_right_helper+0x318/0x380 [ 30.872234] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 30.872261] ? update_load_avg+0x1be/0x21b0 [ 30.872292] ? dequeue_entities+0x27e/0x1740 [ 30.872322] ? finish_task_switch.isra.0+0x153/0x700 [ 30.872354] mempool_kmalloc_oob_right+0xf2/0x150 [ 30.872382] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 30.872413] ? __pfx_mempool_kmalloc+0x10/0x10 [ 30.872442] ? __pfx_mempool_kfree+0x10/0x10 [ 30.872471] ? __pfx_read_tsc+0x10/0x10 [ 30.872497] ? ktime_get_ts64+0x86/0x230 [ 30.872527] kunit_try_run_case+0x1a5/0x480 [ 30.872584] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.872612] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.872681] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.872713] ? __kthread_parkme+0x82/0x180 [ 30.872739] ? preempt_count_sub+0x50/0x80 [ 30.872766] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.872796] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.872825] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.872854] kthread+0x337/0x6f0 [ 30.872878] ? trace_preempt_on+0x20/0xc0 [ 30.872907] ? __pfx_kthread+0x10/0x10 [ 30.872932] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.872959] ? calculate_sigpending+0x7b/0xa0 [ 30.872988] ? __pfx_kthread+0x10/0x10 [ 30.873014] ret_from_fork+0x116/0x1d0 [ 30.873038] ? __pfx_kthread+0x10/0x10 [ 30.873062] ret_from_fork_asm+0x1a/0x30 [ 30.873099] </TASK> [ 30.873115] [ 30.891946] Allocated by task 251: [ 30.892191] kasan_save_stack+0x45/0x70 [ 30.892924] kasan_save_track+0x18/0x40 [ 30.893261] kasan_save_alloc_info+0x3b/0x50 [ 30.894157] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 30.894582] remove_element+0x11e/0x190 [ 30.894968] mempool_alloc_preallocated+0x4d/0x90 [ 30.895295] mempool_oob_right_helper+0x8a/0x380 [ 30.895702] mempool_kmalloc_oob_right+0xf2/0x150 [ 30.896036] kunit_try_run_case+0x1a5/0x480 [ 30.896446] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.896827] kthread+0x337/0x6f0 [ 30.897059] ret_from_fork+0x116/0x1d0 [ 30.897282] ret_from_fork_asm+0x1a/0x30 [ 30.897665] [ 30.897806] The buggy address belongs to the object at ffff888100aaed00 [ 30.897806] which belongs to the cache kmalloc-128 of size 128 [ 30.898859] The buggy address is located 0 bytes to the right of [ 30.898859] allocated 115-byte region [ffff888100aaed00, ffff888100aaed73) [ 30.900002] [ 30.900217] The buggy address belongs to the physical page: [ 30.900892] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aae [ 30.901372] flags: 0x200000000000000(node=0|zone=2) [ 30.901974] page_type: f5(slab) [ 30.902200] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.902957] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.903593] page dumped because: kasan: bad access detected [ 30.904200] [ 30.904328] Memory state around the buggy address: [ 30.904948] ffff888100aaec00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.905409] ffff888100aaec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.905954] >ffff888100aaed00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 30.906429] ^ [ 30.907266] ffff888100aaed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.907829] ffff888100aaee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 30.908398] ================================================================== [ 30.915790] ================================================================== [ 30.916396] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 30.917103] Read of size 1 at addr ffff888103bde001 by task kunit_try_catch/253 [ 30.917693] [ 30.917872] CPU: 1 UID: 0 PID: 253 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 30.917982] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.918015] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.918062] Call Trace: [ 30.918091] <TASK> [ 30.918125] dump_stack_lvl+0x73/0xb0 [ 30.918193] print_report+0xd1/0x650 [ 30.918246] ? __virt_addr_valid+0x1db/0x2d0 [ 30.918298] ? mempool_oob_right_helper+0x318/0x380 [ 30.918350] ? kasan_addr_to_slab+0x11/0xa0 [ 30.918396] ? mempool_oob_right_helper+0x318/0x380 [ 30.918449] kasan_report+0x141/0x180 [ 30.918498] ? mempool_oob_right_helper+0x318/0x380 [ 30.918583] __asan_report_load1_noabort+0x18/0x20 [ 30.918643] mempool_oob_right_helper+0x318/0x380 [ 30.918707] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 30.918775] ? __pfx_sched_clock_cpu+0x10/0x10 [ 30.918833] ? finish_task_switch.isra.0+0x153/0x700 [ 30.918900] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 30.918951] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 30.919013] ? __pfx_mempool_kmalloc+0x10/0x10 [ 30.919067] ? __pfx_mempool_kfree+0x10/0x10 [ 30.919126] ? __pfx_read_tsc+0x10/0x10 [ 30.919174] ? ktime_get_ts64+0x86/0x230 [ 30.919227] kunit_try_run_case+0x1a5/0x480 [ 30.919337] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.919390] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.919452] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.919515] ? __kthread_parkme+0x82/0x180 [ 30.919585] ? preempt_count_sub+0x50/0x80 [ 30.919630] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.919673] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.919706] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.919735] kthread+0x337/0x6f0 [ 30.919760] ? trace_preempt_on+0x20/0xc0 [ 30.919790] ? __pfx_kthread+0x10/0x10 [ 30.919815] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.919856] ? calculate_sigpending+0x7b/0xa0 [ 30.919887] ? __pfx_kthread+0x10/0x10 [ 30.919912] ret_from_fork+0x116/0x1d0 [ 30.919936] ? __pfx_kthread+0x10/0x10 [ 30.919961] ret_from_fork_asm+0x1a/0x30 [ 30.920000] </TASK> [ 30.920015] [ 30.934377] The buggy address belongs to the physical page: [ 30.934964] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103bdc [ 30.935661] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.936211] flags: 0x200000000000040(head|node=0|zone=2) [ 30.936528] page_type: f8(unknown) [ 30.936940] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.937679] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.938273] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.938910] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.939380] head: 0200000000000002 ffffea00040ef701 00000000ffffffff 00000000ffffffff [ 30.939978] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.940562] page dumped because: kasan: bad access detected [ 30.941061] [ 30.941293] Memory state around the buggy address: [ 30.941691] ffff888103bddf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.942250] ffff888103bddf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.942827] >ffff888103bde000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.943316] ^ [ 30.943726] ffff888103bde080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.944238] ffff888103bde100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.944836] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 30.262903] ================================================================== [ 30.263528] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x1bf/0x380 [ 30.264248] Read of size 1 at addr ffff888102de7000 by task kunit_try_catch/245 [ 30.264834] [ 30.265102] CPU: 0 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 30.265219] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.265250] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.265304] Call Trace: [ 30.265336] <TASK> [ 30.265378] dump_stack_lvl+0x73/0xb0 [ 30.265447] print_report+0xd1/0x650 [ 30.265497] ? __virt_addr_valid+0x1db/0x2d0 [ 30.265573] ? kmem_cache_double_destroy+0x1bf/0x380 [ 30.265660] ? kasan_complete_mode_report_info+0x64/0x200 [ 30.265724] ? kmem_cache_double_destroy+0x1bf/0x380 [ 30.265783] kasan_report+0x141/0x180 [ 30.265832] ? kmem_cache_double_destroy+0x1bf/0x380 [ 30.265891] ? kmem_cache_double_destroy+0x1bf/0x380 [ 30.265948] __kasan_check_byte+0x3d/0x50 [ 30.266004] kmem_cache_destroy+0x25/0x1d0 [ 30.266061] kmem_cache_double_destroy+0x1bf/0x380 [ 30.266117] ? __pfx_kmem_cache_double_destroy+0x10/0x10 [ 30.266171] ? finish_task_switch.isra.0+0x153/0x700 [ 30.266230] ? __switch_to+0x47/0xf50 [ 30.266297] ? __pfx_read_tsc+0x10/0x10 [ 30.266346] ? ktime_get_ts64+0x86/0x230 [ 30.266400] kunit_try_run_case+0x1a5/0x480 [ 30.266458] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.266510] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.266588] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.266650] ? __kthread_parkme+0x82/0x180 [ 30.266702] ? preempt_count_sub+0x50/0x80 [ 30.266762] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.266849] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.266887] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.266918] kthread+0x337/0x6f0 [ 30.266942] ? trace_preempt_on+0x20/0xc0 [ 30.266974] ? __pfx_kthread+0x10/0x10 [ 30.266999] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.267028] ? calculate_sigpending+0x7b/0xa0 [ 30.267057] ? __pfx_kthread+0x10/0x10 [ 30.267083] ret_from_fork+0x116/0x1d0 [ 30.267107] ? __pfx_kthread+0x10/0x10 [ 30.267132] ret_from_fork_asm+0x1a/0x30 [ 30.267170] </TASK> [ 30.267185] [ 30.282060] Allocated by task 245: [ 30.282498] kasan_save_stack+0x45/0x70 [ 30.283007] kasan_save_track+0x18/0x40 [ 30.283441] kasan_save_alloc_info+0x3b/0x50 [ 30.283905] __kasan_slab_alloc+0x91/0xa0 [ 30.284422] kmem_cache_alloc_noprof+0x123/0x3f0 [ 30.284679] __kmem_cache_create_args+0x169/0x240 [ 30.285133] kmem_cache_double_destroy+0xd5/0x380 [ 30.285563] kunit_try_run_case+0x1a5/0x480 [ 30.285994] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.286327] kthread+0x337/0x6f0 [ 30.286785] ret_from_fork+0x116/0x1d0 [ 30.287129] ret_from_fork_asm+0x1a/0x30 [ 30.287456] [ 30.287722] Freed by task 245: [ 30.288053] kasan_save_stack+0x45/0x70 [ 30.288460] kasan_save_track+0x18/0x40 [ 30.288844] kasan_save_free_info+0x3f/0x60 [ 30.289237] __kasan_slab_free+0x56/0x70 [ 30.289693] kmem_cache_free+0x249/0x420 [ 30.289972] slab_kmem_cache_release+0x2e/0x40 [ 30.290454] kmem_cache_release+0x16/0x20 [ 30.290882] kobject_put+0x181/0x450 [ 30.291301] sysfs_slab_release+0x16/0x20 [ 30.291839] kmem_cache_destroy+0xf0/0x1d0 [ 30.292528] kmem_cache_double_destroy+0x14e/0x380 [ 30.293118] kunit_try_run_case+0x1a5/0x480 [ 30.293664] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.294215] kthread+0x337/0x6f0 [ 30.294419] ret_from_fork+0x116/0x1d0 [ 30.294909] ret_from_fork_asm+0x1a/0x30 [ 30.295114] [ 30.295242] The buggy address belongs to the object at ffff888102de7000 [ 30.295242] which belongs to the cache kmem_cache of size 208 [ 30.296674] The buggy address is located 0 bytes inside of [ 30.296674] freed 208-byte region [ffff888102de7000, ffff888102de70d0) [ 30.297613] [ 30.297849] The buggy address belongs to the physical page: [ 30.298315] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102de7 [ 30.298882] flags: 0x200000000000000(node=0|zone=2) [ 30.299326] page_type: f5(slab) [ 30.299710] raw: 0200000000000000 ffff888100041000 dead000000000122 0000000000000000 [ 30.300490] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 30.301056] page dumped because: kasan: bad access detected [ 30.301406] [ 30.301647] Memory state around the buggy address: [ 30.302195] ffff888102de6f00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 30.302967] ffff888102de6f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.303403] >ffff888102de7000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.304372] ^ [ 30.304899] ffff888102de7080: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 30.305264] ffff888102de7100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.305476] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 30.176405] ================================================================== [ 30.177011] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x3e3/0x510 [ 30.177989] Read of size 1 at addr ffff888102de7000 by task kunit_try_catch/243 [ 30.178966] [ 30.179215] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 30.179334] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.179366] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.179413] Call Trace: [ 30.179443] <TASK> [ 30.179477] dump_stack_lvl+0x73/0xb0 [ 30.179569] print_report+0xd1/0x650 [ 30.179624] ? __virt_addr_valid+0x1db/0x2d0 [ 30.179687] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 30.179743] ? kasan_complete_mode_report_info+0x64/0x200 [ 30.179799] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 30.179857] kasan_report+0x141/0x180 [ 30.179904] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 30.179961] __asan_report_load1_noabort+0x18/0x20 [ 30.180014] kmem_cache_rcu_uaf+0x3e3/0x510 [ 30.180062] ? __pfx_kmem_cache_rcu_uaf+0x10/0x10 [ 30.180111] ? finish_task_switch.isra.0+0x153/0x700 [ 30.180161] ? __switch_to+0x47/0xf50 [ 30.180222] ? __pfx_read_tsc+0x10/0x10 [ 30.180269] ? ktime_get_ts64+0x86/0x230 [ 30.180323] kunit_try_run_case+0x1a5/0x480 [ 30.180383] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.180439] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.180504] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.180621] ? __kthread_parkme+0x82/0x180 [ 30.180674] ? preempt_count_sub+0x50/0x80 [ 30.180734] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.180796] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.180857] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.180892] kthread+0x337/0x6f0 [ 30.180919] ? trace_preempt_on+0x20/0xc0 [ 30.180951] ? __pfx_kthread+0x10/0x10 [ 30.180977] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.181006] ? calculate_sigpending+0x7b/0xa0 [ 30.181035] ? __pfx_kthread+0x10/0x10 [ 30.181083] ret_from_fork+0x116/0x1d0 [ 30.181126] ? __pfx_kthread+0x10/0x10 [ 30.181170] ret_from_fork_asm+0x1a/0x30 [ 30.181215] </TASK> [ 30.181230] [ 30.200600] Allocated by task 243: [ 30.201415] kasan_save_stack+0x45/0x70 [ 30.201936] kasan_save_track+0x18/0x40 [ 30.202434] kasan_save_alloc_info+0x3b/0x50 [ 30.203037] __kasan_slab_alloc+0x91/0xa0 [ 30.203652] kmem_cache_alloc_noprof+0x123/0x3f0 [ 30.203931] kmem_cache_rcu_uaf+0x155/0x510 [ 30.204560] kunit_try_run_case+0x1a5/0x480 [ 30.205461] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.205791] kthread+0x337/0x6f0 [ 30.206268] ret_from_fork+0x116/0x1d0 [ 30.206759] ret_from_fork_asm+0x1a/0x30 [ 30.207436] [ 30.207585] Freed by task 0: [ 30.208210] kasan_save_stack+0x45/0x70 [ 30.208860] kasan_save_track+0x18/0x40 [ 30.209444] kasan_save_free_info+0x3f/0x60 [ 30.209862] __kasan_slab_free+0x56/0x70 [ 30.210614] slab_free_after_rcu_debug+0xe4/0x310 [ 30.211358] rcu_core+0x66f/0x1c40 [ 30.211625] rcu_core_si+0x12/0x20 [ 30.212014] handle_softirqs+0x209/0x730 [ 30.212627] __irq_exit_rcu+0xc9/0x110 [ 30.213272] irq_exit_rcu+0x12/0x20 [ 30.214135] sysvec_apic_timer_interrupt+0x81/0x90 [ 30.214532] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 30.214804] [ 30.215317] Last potentially related work creation: [ 30.215713] kasan_save_stack+0x45/0x70 [ 30.216240] kasan_record_aux_stack+0xb2/0xc0 [ 30.216954] kmem_cache_free+0x131/0x420 [ 30.217408] kmem_cache_rcu_uaf+0x194/0x510 [ 30.217778] kunit_try_run_case+0x1a5/0x480 [ 30.218508] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.218857] kthread+0x337/0x6f0 [ 30.219111] ret_from_fork+0x116/0x1d0 [ 30.219444] ret_from_fork_asm+0x1a/0x30 [ 30.220273] [ 30.220491] The buggy address belongs to the object at ffff888102de7000 [ 30.220491] which belongs to the cache test_cache of size 200 [ 30.221528] The buggy address is located 0 bytes inside of [ 30.221528] freed 200-byte region [ffff888102de7000, ffff888102de70c8) [ 30.222835] [ 30.223360] The buggy address belongs to the physical page: [ 30.224089] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102de7 [ 30.224755] flags: 0x200000000000000(node=0|zone=2) [ 30.225211] page_type: f5(slab) [ 30.225433] raw: 0200000000000000 ffff888101060dc0 dead000000000122 0000000000000000 [ 30.226066] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 30.226733] page dumped because: kasan: bad access detected [ 30.227590] [ 30.227785] Memory state around the buggy address: [ 30.228398] ffff888102de6f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.228988] ffff888102de6f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.229797] >ffff888102de7000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.230500] ^ [ 30.230878] ffff888102de7080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 30.231422] ffff888102de7100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.231929] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 30.092744] ================================================================== [ 30.093481] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 30.094323] Free of addr ffff888103b4a001 by task kunit_try_catch/241 [ 30.094755] [ 30.095739] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 30.095849] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.095876] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.095917] Call Trace: [ 30.095945] <TASK> [ 30.095979] dump_stack_lvl+0x73/0xb0 [ 30.096028] print_report+0xd1/0x650 [ 30.096084] ? __virt_addr_valid+0x1db/0x2d0 [ 30.096143] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.096192] ? kmem_cache_invalid_free+0x1d8/0x460 [ 30.096225] kasan_report_invalid_free+0x10a/0x130 [ 30.096257] ? kmem_cache_invalid_free+0x1d8/0x460 [ 30.096290] ? kmem_cache_invalid_free+0x1d8/0x460 [ 30.096321] check_slab_allocation+0x11f/0x130 [ 30.096349] __kasan_slab_pre_free+0x28/0x40 [ 30.096375] kmem_cache_free+0xed/0x420 [ 30.096401] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 30.096433] ? kmem_cache_invalid_free+0x1d8/0x460 [ 30.096466] kmem_cache_invalid_free+0x1d8/0x460 [ 30.096497] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 30.096526] ? finish_task_switch.isra.0+0x153/0x700 [ 30.096579] ? __switch_to+0x47/0xf50 [ 30.096617] ? __pfx_read_tsc+0x10/0x10 [ 30.096673] ? ktime_get_ts64+0x86/0x230 [ 30.096708] kunit_try_run_case+0x1a5/0x480 [ 30.096743] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.096772] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.096806] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.096837] ? __kthread_parkme+0x82/0x180 [ 30.096864] ? preempt_count_sub+0x50/0x80 [ 30.096893] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.096923] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.096954] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.096984] kthread+0x337/0x6f0 [ 30.097010] ? trace_preempt_on+0x20/0xc0 [ 30.097041] ? __pfx_kthread+0x10/0x10 [ 30.097082] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.097132] ? calculate_sigpending+0x7b/0xa0 [ 30.097176] ? __pfx_kthread+0x10/0x10 [ 30.097206] ret_from_fork+0x116/0x1d0 [ 30.097232] ? __pfx_kthread+0x10/0x10 [ 30.097259] ret_from_fork_asm+0x1a/0x30 [ 30.097300] </TASK> [ 30.097314] [ 30.113419] Allocated by task 241: [ 30.113830] kasan_save_stack+0x45/0x70 [ 30.114152] kasan_save_track+0x18/0x40 [ 30.114483] kasan_save_alloc_info+0x3b/0x50 [ 30.114919] __kasan_slab_alloc+0x91/0xa0 [ 30.115303] kmem_cache_alloc_noprof+0x123/0x3f0 [ 30.116227] kmem_cache_invalid_free+0x157/0x460 [ 30.116743] kunit_try_run_case+0x1a5/0x480 [ 30.117290] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.117695] kthread+0x337/0x6f0 [ 30.118165] ret_from_fork+0x116/0x1d0 [ 30.118575] ret_from_fork_asm+0x1a/0x30 [ 30.118864] [ 30.119000] The buggy address belongs to the object at ffff888103b4a000 [ 30.119000] which belongs to the cache test_cache of size 200 [ 30.120503] The buggy address is located 1 bytes inside of [ 30.120503] 200-byte region [ffff888103b4a000, ffff888103b4a0c8) [ 30.121678] [ 30.121893] The buggy address belongs to the physical page: [ 30.122320] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103b4a [ 30.122957] flags: 0x200000000000000(node=0|zone=2) [ 30.123810] page_type: f5(slab) [ 30.124744] raw: 0200000000000000 ffff888101ba6c80 dead000000000122 0000000000000000 [ 30.125537] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 30.126156] page dumped because: kasan: bad access detected [ 30.126579] [ 30.126790] Memory state around the buggy address: [ 30.127205] ffff888103b49f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.128190] ffff888103b49f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.128831] >ffff888103b4a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.129478] ^ [ 30.129808] ffff888103b4a080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 30.130527] ffff888103b4a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.130996] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 30.039490] ================================================================== [ 30.040470] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 30.041288] Free of addr ffff888102de6000 by task kunit_try_catch/239 [ 30.041885] [ 30.042151] CPU: 0 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 30.042263] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.042292] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.042338] Call Trace: [ 30.042368] <TASK> [ 30.042408] dump_stack_lvl+0x73/0xb0 [ 30.042482] print_report+0xd1/0x650 [ 30.042553] ? __virt_addr_valid+0x1db/0x2d0 [ 30.042616] ? kasan_complete_mode_report_info+0x64/0x200 [ 30.042741] ? kmem_cache_double_free+0x1e5/0x480 [ 30.042810] kasan_report_invalid_free+0x10a/0x130 [ 30.042885] ? kmem_cache_double_free+0x1e5/0x480 [ 30.042942] ? kmem_cache_double_free+0x1e5/0x480 [ 30.042982] check_slab_allocation+0x101/0x130 [ 30.043011] __kasan_slab_pre_free+0x28/0x40 [ 30.043037] kmem_cache_free+0xed/0x420 [ 30.043063] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 30.043092] ? kmem_cache_double_free+0x1e5/0x480 [ 30.043124] kmem_cache_double_free+0x1e5/0x480 [ 30.043152] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 30.043180] ? finish_task_switch.isra.0+0x153/0x700 [ 30.043208] ? __switch_to+0x47/0xf50 [ 30.043244] ? __pfx_read_tsc+0x10/0x10 [ 30.043270] ? ktime_get_ts64+0x86/0x230 [ 30.043301] kunit_try_run_case+0x1a5/0x480 [ 30.043333] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.043359] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.043390] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.043418] ? __kthread_parkme+0x82/0x180 [ 30.043442] ? preempt_count_sub+0x50/0x80 [ 30.043469] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.043497] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.043526] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.043575] kthread+0x337/0x6f0 [ 30.043599] ? trace_preempt_on+0x20/0xc0 [ 30.043632] ? __pfx_kthread+0x10/0x10 [ 30.043674] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.043703] ? calculate_sigpending+0x7b/0xa0 [ 30.043732] ? __pfx_kthread+0x10/0x10 [ 30.043758] ret_from_fork+0x116/0x1d0 [ 30.043781] ? __pfx_kthread+0x10/0x10 [ 30.043805] ret_from_fork_asm+0x1a/0x30 [ 30.043853] </TASK> [ 30.043869] [ 30.058915] Allocated by task 239: [ 30.059300] kasan_save_stack+0x45/0x70 [ 30.059767] kasan_save_track+0x18/0x40 [ 30.060102] kasan_save_alloc_info+0x3b/0x50 [ 30.060429] __kasan_slab_alloc+0x91/0xa0 [ 30.060842] kmem_cache_alloc_noprof+0x123/0x3f0 [ 30.061121] kmem_cache_double_free+0x14f/0x480 [ 30.061378] kunit_try_run_case+0x1a5/0x480 [ 30.061845] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.062354] kthread+0x337/0x6f0 [ 30.062743] ret_from_fork+0x116/0x1d0 [ 30.063114] ret_from_fork_asm+0x1a/0x30 [ 30.063512] [ 30.063734] Freed by task 239: [ 30.064062] kasan_save_stack+0x45/0x70 [ 30.064360] kasan_save_track+0x18/0x40 [ 30.064615] kasan_save_free_info+0x3f/0x60 [ 30.065045] __kasan_slab_free+0x56/0x70 [ 30.065446] kmem_cache_free+0x249/0x420 [ 30.065849] kmem_cache_double_free+0x16a/0x480 [ 30.066122] kunit_try_run_case+0x1a5/0x480 [ 30.066368] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.066811] kthread+0x337/0x6f0 [ 30.067175] ret_from_fork+0x116/0x1d0 [ 30.067576] ret_from_fork_asm+0x1a/0x30 [ 30.068021] [ 30.068222] The buggy address belongs to the object at ffff888102de6000 [ 30.068222] which belongs to the cache test_cache of size 200 [ 30.069134] The buggy address is located 0 bytes inside of [ 30.069134] 200-byte region [ffff888102de6000, ffff888102de60c8) [ 30.070075] [ 30.070275] The buggy address belongs to the physical page: [ 30.070748] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102de6 [ 30.071364] flags: 0x200000000000000(node=0|zone=2) [ 30.071748] page_type: f5(slab) [ 30.071985] raw: 0200000000000000 ffff888101060c80 dead000000000122 0000000000000000 [ 30.072669] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 30.073314] page dumped because: kasan: bad access detected [ 30.073607] [ 30.073823] Memory state around the buggy address: [ 30.074229] ffff888102de5f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.074869] ffff888102de5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.075400] >ffff888102de6000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.075891] ^ [ 30.076103] ffff888102de6080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 30.076735] ffff888102de6100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.077330] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 29.979449] ================================================================== [ 29.980205] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 29.981243] Read of size 1 at addr ffff888102de60c8 by task kunit_try_catch/237 [ 29.982330] [ 29.982884] CPU: 0 UID: 0 PID: 237 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 29.982973] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.982992] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.983017] Call Trace: [ 29.983034] <TASK> [ 29.983060] dump_stack_lvl+0x73/0xb0 [ 29.983157] print_report+0xd1/0x650 [ 29.983194] ? __virt_addr_valid+0x1db/0x2d0 [ 29.983228] ? kmem_cache_oob+0x402/0x530 [ 29.983257] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.983291] ? kmem_cache_oob+0x402/0x530 [ 29.983320] kasan_report+0x141/0x180 [ 29.983348] ? kmem_cache_oob+0x402/0x530 [ 29.983381] __asan_report_load1_noabort+0x18/0x20 [ 29.983412] kmem_cache_oob+0x402/0x530 [ 29.983438] ? trace_hardirqs_on+0x37/0xe0 [ 29.983467] ? __pfx_kmem_cache_oob+0x10/0x10 [ 29.983495] ? finish_task_switch.isra.0+0x153/0x700 [ 29.983525] ? __switch_to+0x47/0xf50 [ 29.983584] ? __pfx_read_tsc+0x10/0x10 [ 29.983613] ? ktime_get_ts64+0x86/0x230 [ 29.983668] kunit_try_run_case+0x1a5/0x480 [ 29.983703] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.983733] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.983765] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.983797] ? __kthread_parkme+0x82/0x180 [ 29.983835] ? preempt_count_sub+0x50/0x80 [ 29.983865] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.983895] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.983926] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.983956] kthread+0x337/0x6f0 [ 29.983981] ? trace_preempt_on+0x20/0xc0 [ 29.984010] ? __pfx_kthread+0x10/0x10 [ 29.984036] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.984081] ? calculate_sigpending+0x7b/0xa0 [ 29.984137] ? __pfx_kthread+0x10/0x10 [ 29.984171] ret_from_fork+0x116/0x1d0 [ 29.984230] ? __pfx_kthread+0x10/0x10 [ 29.984258] ret_from_fork_asm+0x1a/0x30 [ 29.984300] </TASK> [ 29.984314] [ 30.001379] Allocated by task 237: [ 30.001740] kasan_save_stack+0x45/0x70 [ 30.002170] kasan_save_track+0x18/0x40 [ 30.002506] kasan_save_alloc_info+0x3b/0x50 [ 30.003599] __kasan_slab_alloc+0x91/0xa0 [ 30.004393] kmem_cache_alloc_noprof+0x123/0x3f0 [ 30.004904] kmem_cache_oob+0x157/0x530 [ 30.005121] kunit_try_run_case+0x1a5/0x480 [ 30.005969] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.006848] kthread+0x337/0x6f0 [ 30.007376] ret_from_fork+0x116/0x1d0 [ 30.007658] ret_from_fork_asm+0x1a/0x30 [ 30.007939] [ 30.008192] The buggy address belongs to the object at ffff888102de6000 [ 30.008192] which belongs to the cache test_cache of size 200 [ 30.009517] The buggy address is located 0 bytes to the right of [ 30.009517] allocated 200-byte region [ffff888102de6000, ffff888102de60c8) [ 30.010671] [ 30.011114] The buggy address belongs to the physical page: [ 30.011613] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102de6 [ 30.012301] flags: 0x200000000000000(node=0|zone=2) [ 30.012609] page_type: f5(slab) [ 30.012887] raw: 0200000000000000 ffff888101060b40 dead000000000122 0000000000000000 [ 30.013576] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 30.014048] page dumped because: kasan: bad access detected [ 30.014524] [ 30.014914] Memory state around the buggy address: [ 30.015911] ffff888102de5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.016703] ffff888102de6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.017263] >ffff888102de6080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 30.017571] ^ [ 30.018216] ffff888102de6100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.018816] ffff888102de6180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.019421] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 29.910158] ================================================================== [ 29.911882] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x4d6/0x560 [ 29.912651] Read of size 8 at addr ffff888102de1400 by task kunit_try_catch/230 [ 29.913351] [ 29.913605] CPU: 0 UID: 0 PID: 230 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 29.913720] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.913750] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.913792] Call Trace: [ 29.913822] <TASK> [ 29.913861] dump_stack_lvl+0x73/0xb0 [ 29.913938] print_report+0xd1/0x650 [ 29.913990] ? __virt_addr_valid+0x1db/0x2d0 [ 29.914054] ? workqueue_uaf+0x4d6/0x560 [ 29.914103] ? kasan_complete_mode_report_info+0x64/0x200 [ 29.914171] ? workqueue_uaf+0x4d6/0x560 [ 29.914288] kasan_report+0x141/0x180 [ 29.914349] ? workqueue_uaf+0x4d6/0x560 [ 29.914418] __asan_report_load8_noabort+0x18/0x20 [ 29.914481] workqueue_uaf+0x4d6/0x560 [ 29.914597] ? __pfx_workqueue_uaf+0x10/0x10 [ 29.914662] ? __schedule+0x10cc/0x2b60 [ 29.914723] ? __pfx_read_tsc+0x10/0x10 [ 29.914778] ? ktime_get_ts64+0x86/0x230 [ 29.914847] kunit_try_run_case+0x1a5/0x480 [ 29.914919] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.914981] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.915047] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.915114] ? __kthread_parkme+0x82/0x180 [ 29.915174] ? preempt_count_sub+0x50/0x80 [ 29.915234] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.915299] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.915365] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.915433] kthread+0x337/0x6f0 [ 29.915487] ? trace_preempt_on+0x20/0xc0 [ 29.915568] ? __pfx_kthread+0x10/0x10 [ 29.915612] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.915662] ? calculate_sigpending+0x7b/0xa0 [ 29.915748] ? __pfx_kthread+0x10/0x10 [ 29.915793] ret_from_fork+0x116/0x1d0 [ 29.915835] ? __pfx_kthread+0x10/0x10 [ 29.915864] ret_from_fork_asm+0x1a/0x30 [ 29.915906] </TASK> [ 29.915921] [ 29.933176] Allocated by task 230: [ 29.933732] kasan_save_stack+0x45/0x70 [ 29.934325] kasan_save_track+0x18/0x40 [ 29.934673] kasan_save_alloc_info+0x3b/0x50 [ 29.935719] __kasan_kmalloc+0xb7/0xc0 [ 29.936238] __kmalloc_cache_noprof+0x189/0x420 [ 29.936773] workqueue_uaf+0x152/0x560 [ 29.937198] kunit_try_run_case+0x1a5/0x480 [ 29.937628] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.938303] kthread+0x337/0x6f0 [ 29.938594] ret_from_fork+0x116/0x1d0 [ 29.939049] ret_from_fork_asm+0x1a/0x30 [ 29.939383] [ 29.939603] Freed by task 9: [ 29.940099] kasan_save_stack+0x45/0x70 [ 29.940926] kasan_save_track+0x18/0x40 [ 29.941457] kasan_save_free_info+0x3f/0x60 [ 29.941890] __kasan_slab_free+0x56/0x70 [ 29.942444] kfree+0x222/0x3f0 [ 29.942822] workqueue_uaf_work+0x12/0x20 [ 29.943243] process_one_work+0x5ee/0xf60 [ 29.943759] worker_thread+0x758/0x1220 [ 29.944312] kthread+0x337/0x6f0 [ 29.944578] ret_from_fork+0x116/0x1d0 [ 29.945022] ret_from_fork_asm+0x1a/0x30 [ 29.945628] [ 29.945834] Last potentially related work creation: [ 29.946161] kasan_save_stack+0x45/0x70 [ 29.947209] kasan_record_aux_stack+0xb2/0xc0 [ 29.947701] __queue_work+0x61a/0xe70 [ 29.948030] queue_work_on+0xb6/0xc0 [ 29.948522] workqueue_uaf+0x26d/0x560 [ 29.948950] kunit_try_run_case+0x1a5/0x480 [ 29.949437] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.950173] kthread+0x337/0x6f0 [ 29.950829] ret_from_fork+0x116/0x1d0 [ 29.951306] ret_from_fork_asm+0x1a/0x30 [ 29.951650] [ 29.951892] The buggy address belongs to the object at ffff888102de1400 [ 29.951892] which belongs to the cache kmalloc-32 of size 32 [ 29.952875] The buggy address is located 0 bytes inside of [ 29.952875] freed 32-byte region [ffff888102de1400, ffff888102de1420) [ 29.953851] [ 29.954085] The buggy address belongs to the physical page: [ 29.954787] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102de1 [ 29.955535] flags: 0x200000000000000(node=0|zone=2) [ 29.956313] page_type: f5(slab) [ 29.956621] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 29.957598] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 29.958597] page dumped because: kasan: bad access detected [ 29.958845] [ 29.959079] Memory state around the buggy address: [ 29.959586] ffff888102de1300: 00 00 05 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 29.960277] ffff888102de1380: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 29.961081] >ffff888102de1400: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 29.961580] ^ [ 29.962196] ffff888102de1480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.962894] ffff888102de1500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.963507] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 29.837313] ================================================================== [ 29.837966] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x50/0x60 [ 29.838846] Read of size 4 at addr ffff888102de1380 by task swapper/0/0 [ 29.839618] [ 29.840488] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 29.840672] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.840722] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.840763] Call Trace: [ 29.840804] <IRQ> [ 29.840829] dump_stack_lvl+0x73/0xb0 [ 29.840878] print_report+0xd1/0x650 [ 29.840911] ? __virt_addr_valid+0x1db/0x2d0 [ 29.840946] ? rcu_uaf_reclaim+0x50/0x60 [ 29.840973] ? kasan_complete_mode_report_info+0x64/0x200 [ 29.841006] ? rcu_uaf_reclaim+0x50/0x60 [ 29.841033] kasan_report+0x141/0x180 [ 29.841086] ? rcu_uaf_reclaim+0x50/0x60 [ 29.841142] __asan_report_load4_noabort+0x18/0x20 [ 29.841195] rcu_uaf_reclaim+0x50/0x60 [ 29.841225] rcu_core+0x66f/0x1c40 [ 29.841263] ? __pfx_rcu_core+0x10/0x10 [ 29.841292] ? ktime_get+0x6b/0x150 [ 29.841326] rcu_core_si+0x12/0x20 [ 29.841352] handle_softirqs+0x209/0x730 [ 29.841380] ? hrtimer_interrupt+0x2fe/0x780 [ 29.841415] ? __pfx_handle_softirqs+0x10/0x10 [ 29.841447] __irq_exit_rcu+0xc9/0x110 [ 29.841473] irq_exit_rcu+0x12/0x20 [ 29.841499] sysvec_apic_timer_interrupt+0x81/0x90 [ 29.841533] </IRQ> [ 29.841594] <TASK> [ 29.841610] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 29.841750] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 29.842023] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 83 d9 1a 00 fb f4 <e9> 7c 1d 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 29.842220] RSP: 0000:ffffffffa0607dd8 EFLAGS: 00010206 [ 29.842342] RAX: ffff8881b962f000 RBX: ffffffffa061cac0 RCX: ffffffff9f4de165 [ 29.842401] RDX: ffffed102b606193 RSI: 0000000000000004 RDI: 0000000000039794 [ 29.842457] RBP: ffffffffa0607de0 R08: 0000000000000001 R09: ffffed102b606192 [ 29.842511] R10: ffff88815b030c93 R11: 0000000000063800 R12: 0000000000000000 [ 29.842587] R13: fffffbfff40c3958 R14: ffffffffa11e9490 R15: 0000000000000000 [ 29.842678] ? ct_kernel_exit.constprop.0+0xa5/0xd0 [ 29.842759] ? default_idle+0xd/0x20 [ 29.842790] arch_cpu_idle+0xd/0x20 [ 29.842817] default_idle_call+0x48/0x80 [ 29.842845] do_idle+0x379/0x4f0 [ 29.842880] ? __pfx_do_idle+0x10/0x10 [ 29.842915] cpu_startup_entry+0x5c/0x70 [ 29.842946] rest_init+0x11a/0x140 [ 29.842971] ? acpi_subsystem_init+0x5d/0x150 [ 29.843006] start_kernel+0x352/0x400 [ 29.843035] x86_64_start_reservations+0x1c/0x30 [ 29.843082] x86_64_start_kernel+0x10d/0x120 [ 29.843135] common_startup_64+0x13e/0x148 [ 29.843194] </TASK> [ 29.843211] [ 29.866530] Allocated by task 228: [ 29.867359] kasan_save_stack+0x45/0x70 [ 29.867618] kasan_save_track+0x18/0x40 [ 29.868089] kasan_save_alloc_info+0x3b/0x50 [ 29.868575] __kasan_kmalloc+0xb7/0xc0 [ 29.869070] __kmalloc_cache_noprof+0x189/0x420 [ 29.869832] rcu_uaf+0xb0/0x330 [ 29.870262] kunit_try_run_case+0x1a5/0x480 [ 29.870643] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.871925] kthread+0x337/0x6f0 [ 29.872267] ret_from_fork+0x116/0x1d0 [ 29.872715] ret_from_fork_asm+0x1a/0x30 [ 29.873097] [ 29.873284] Freed by task 0: [ 29.874087] kasan_save_stack+0x45/0x70 [ 29.874296] kasan_save_track+0x18/0x40 [ 29.874748] kasan_save_free_info+0x3f/0x60 [ 29.875193] __kasan_slab_free+0x56/0x70 [ 29.875964] kfree+0x222/0x3f0 [ 29.876618] rcu_uaf_reclaim+0x1f/0x60 [ 29.876910] rcu_core+0x66f/0x1c40 [ 29.877282] rcu_core_si+0x12/0x20 [ 29.877835] handle_softirqs+0x209/0x730 [ 29.878186] __irq_exit_rcu+0xc9/0x110 [ 29.879111] irq_exit_rcu+0x12/0x20 [ 29.879597] sysvec_apic_timer_interrupt+0x81/0x90 [ 29.880006] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 29.880382] [ 29.881030] Last potentially related work creation: [ 29.881669] kasan_save_stack+0x45/0x70 [ 29.881965] kasan_record_aux_stack+0xb2/0xc0 [ 29.882913] __call_rcu_common.constprop.0+0x7b/0x9e0 [ 29.883733] call_rcu+0x12/0x20 [ 29.884209] rcu_uaf+0x168/0x330 [ 29.884812] kunit_try_run_case+0x1a5/0x480 [ 29.885523] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.886337] kthread+0x337/0x6f0 [ 29.886778] ret_from_fork+0x116/0x1d0 [ 29.887301] ret_from_fork_asm+0x1a/0x30 [ 29.887859] [ 29.888101] The buggy address belongs to the object at ffff888102de1380 [ 29.888101] which belongs to the cache kmalloc-32 of size 32 [ 29.888866] The buggy address is located 0 bytes inside of [ 29.888866] freed 32-byte region [ffff888102de1380, ffff888102de13a0) [ 29.890083] [ 29.890284] The buggy address belongs to the physical page: [ 29.891262] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102de1 [ 29.891484] flags: 0x200000000000000(node=0|zone=2) [ 29.891727] page_type: f5(slab) [ 29.892057] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 29.892624] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 29.893390] page dumped because: kasan: bad access detected [ 29.894592] [ 29.894769] Memory state around the buggy address: [ 29.895228] ffff888102de1280: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 29.895865] ffff888102de1300: 00 00 05 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 29.896601] >ffff888102de1380: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 29.897053] ^ [ 29.897799] ffff888102de1400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.898674] ffff888102de1480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.899148] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 29.738362] ================================================================== [ 29.738998] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5fe/0x6c0 [ 29.739455] Read of size 1 at addr ffff888100aaea00 by task kunit_try_catch/226 [ 29.740639] [ 29.740847] CPU: 1 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 29.740958] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.740980] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.741007] Call Trace: [ 29.741024] <TASK> [ 29.741047] dump_stack_lvl+0x73/0xb0 [ 29.741102] print_report+0xd1/0x650 [ 29.741151] ? __virt_addr_valid+0x1db/0x2d0 [ 29.741187] ? ksize_uaf+0x5fe/0x6c0 [ 29.741215] ? kasan_complete_mode_report_info+0x64/0x200 [ 29.741248] ? ksize_uaf+0x5fe/0x6c0 [ 29.741275] kasan_report+0x141/0x180 [ 29.741303] ? ksize_uaf+0x5fe/0x6c0 [ 29.741335] __asan_report_load1_noabort+0x18/0x20 [ 29.741366] ksize_uaf+0x5fe/0x6c0 [ 29.741392] ? __pfx_ksize_uaf+0x10/0x10 [ 29.741420] ? __schedule+0x10cc/0x2b60 [ 29.741451] ? __pfx_read_tsc+0x10/0x10 [ 29.741478] ? ktime_get_ts64+0x86/0x230 [ 29.741509] kunit_try_run_case+0x1a5/0x480 [ 29.741559] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.741611] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.741665] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.741716] ? __kthread_parkme+0x82/0x180 [ 29.741759] ? preempt_count_sub+0x50/0x80 [ 29.741810] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.741861] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.741912] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.741965] kthread+0x337/0x6f0 [ 29.742069] ? trace_preempt_on+0x20/0xc0 [ 29.742137] ? __pfx_kthread+0x10/0x10 [ 29.742196] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.742262] ? calculate_sigpending+0x7b/0xa0 [ 29.742328] ? __pfx_kthread+0x10/0x10 [ 29.742389] ret_from_fork+0x116/0x1d0 [ 29.742446] ? __pfx_kthread+0x10/0x10 [ 29.742497] ret_from_fork_asm+0x1a/0x30 [ 29.742591] </TASK> [ 29.742618] [ 29.755863] Allocated by task 226: [ 29.756453] kasan_save_stack+0x45/0x70 [ 29.756732] kasan_save_track+0x18/0x40 [ 29.757118] kasan_save_alloc_info+0x3b/0x50 [ 29.757697] __kasan_kmalloc+0xb7/0xc0 [ 29.758264] __kmalloc_cache_noprof+0x189/0x420 [ 29.758783] ksize_uaf+0xaa/0x6c0 [ 29.759261] kunit_try_run_case+0x1a5/0x480 [ 29.759481] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.760211] kthread+0x337/0x6f0 [ 29.760512] ret_from_fork+0x116/0x1d0 [ 29.760969] ret_from_fork_asm+0x1a/0x30 [ 29.761456] [ 29.761917] Freed by task 226: [ 29.762364] kasan_save_stack+0x45/0x70 [ 29.762753] kasan_save_track+0x18/0x40 [ 29.763299] kasan_save_free_info+0x3f/0x60 [ 29.763672] __kasan_slab_free+0x56/0x70 [ 29.764136] kfree+0x222/0x3f0 [ 29.764517] ksize_uaf+0x12c/0x6c0 [ 29.764769] kunit_try_run_case+0x1a5/0x480 [ 29.765292] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.765860] kthread+0x337/0x6f0 [ 29.766301] ret_from_fork+0x116/0x1d0 [ 29.766980] ret_from_fork_asm+0x1a/0x30 [ 29.767354] [ 29.767572] The buggy address belongs to the object at ffff888100aaea00 [ 29.767572] which belongs to the cache kmalloc-128 of size 128 [ 29.768523] The buggy address is located 0 bytes inside of [ 29.768523] freed 128-byte region [ffff888100aaea00, ffff888100aaea80) [ 29.769468] [ 29.769700] The buggy address belongs to the physical page: [ 29.770405] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aae [ 29.770999] flags: 0x200000000000000(node=0|zone=2) [ 29.771569] page_type: f5(slab) [ 29.771909] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.773433] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.773785] page dumped because: kasan: bad access detected [ 29.774279] [ 29.774608] Memory state around the buggy address: [ 29.775505] ffff888100aae900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.775854] ffff888100aae980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.776589] >ffff888100aaea00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.777425] ^ [ 29.777632] ffff888100aaea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.778341] ffff888100aaeb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.779390] ================================================================== [ 29.780870] ================================================================== [ 29.781893] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5e4/0x6c0 [ 29.782431] Read of size 1 at addr ffff888100aaea78 by task kunit_try_catch/226 [ 29.783202] [ 29.783366] CPU: 1 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 29.783685] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.783704] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.783728] Call Trace: [ 29.783764] <TASK> [ 29.783793] dump_stack_lvl+0x73/0xb0 [ 29.783849] print_report+0xd1/0x650 [ 29.783880] ? __virt_addr_valid+0x1db/0x2d0 [ 29.783911] ? ksize_uaf+0x5e4/0x6c0 [ 29.783938] ? kasan_complete_mode_report_info+0x64/0x200 [ 29.783971] ? ksize_uaf+0x5e4/0x6c0 [ 29.783998] kasan_report+0x141/0x180 [ 29.784026] ? ksize_uaf+0x5e4/0x6c0 [ 29.784091] __asan_report_load1_noabort+0x18/0x20 [ 29.784164] ksize_uaf+0x5e4/0x6c0 [ 29.784258] ? __pfx_ksize_uaf+0x10/0x10 [ 29.784318] ? __schedule+0x10cc/0x2b60 [ 29.784386] ? __pfx_read_tsc+0x10/0x10 [ 29.784439] ? ktime_get_ts64+0x86/0x230 [ 29.784494] kunit_try_run_case+0x1a5/0x480 [ 29.784533] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.784587] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.784620] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.784675] ? __kthread_parkme+0x82/0x180 [ 29.784703] ? preempt_count_sub+0x50/0x80 [ 29.784733] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.784764] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.784795] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.784826] kthread+0x337/0x6f0 [ 29.784851] ? trace_preempt_on+0x20/0xc0 [ 29.784882] ? __pfx_kthread+0x10/0x10 [ 29.784908] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.784936] ? calculate_sigpending+0x7b/0xa0 [ 29.784966] ? __pfx_kthread+0x10/0x10 [ 29.784993] ret_from_fork+0x116/0x1d0 [ 29.785018] ? __pfx_kthread+0x10/0x10 [ 29.785044] ret_from_fork_asm+0x1a/0x30 [ 29.785110] </TASK> [ 29.785135] [ 29.801686] Allocated by task 226: [ 29.802628] kasan_save_stack+0x45/0x70 [ 29.802998] kasan_save_track+0x18/0x40 [ 29.803523] kasan_save_alloc_info+0x3b/0x50 [ 29.804241] __kasan_kmalloc+0xb7/0xc0 [ 29.804653] __kmalloc_cache_noprof+0x189/0x420 [ 29.804957] ksize_uaf+0xaa/0x6c0 [ 29.805375] kunit_try_run_case+0x1a5/0x480 [ 29.805605] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.806591] kthread+0x337/0x6f0 [ 29.807180] ret_from_fork+0x116/0x1d0 [ 29.807758] ret_from_fork_asm+0x1a/0x30 [ 29.808182] [ 29.808680] Freed by task 226: [ 29.809008] kasan_save_stack+0x45/0x70 [ 29.809414] kasan_save_track+0x18/0x40 [ 29.809741] kasan_save_free_info+0x3f/0x60 [ 29.810029] __kasan_slab_free+0x56/0x70 [ 29.810779] kfree+0x222/0x3f0 [ 29.811253] ksize_uaf+0x12c/0x6c0 [ 29.811488] kunit_try_run_case+0x1a5/0x480 [ 29.812333] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.812945] kthread+0x337/0x6f0 [ 29.813493] ret_from_fork+0x116/0x1d0 [ 29.813960] ret_from_fork_asm+0x1a/0x30 [ 29.814335] [ 29.814557] The buggy address belongs to the object at ffff888100aaea00 [ 29.814557] which belongs to the cache kmalloc-128 of size 128 [ 29.815198] The buggy address is located 120 bytes inside of [ 29.815198] freed 128-byte region [ffff888100aaea00, ffff888100aaea80) [ 29.816531] [ 29.816748] The buggy address belongs to the physical page: [ 29.817247] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aae [ 29.817834] flags: 0x200000000000000(node=0|zone=2) [ 29.818127] page_type: f5(slab) [ 29.818444] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.819022] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.819633] page dumped because: kasan: bad access detected [ 29.819983] [ 29.820166] Memory state around the buggy address: [ 29.820800] ffff888100aae900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.821436] ffff888100aae980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.821934] >ffff888100aaea00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.822621] ^ [ 29.823294] ffff888100aaea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.823976] ffff888100aaeb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.825010] ================================================================== [ 29.693585] ================================================================== [ 29.694663] BUG: KASAN: slab-use-after-free in ksize_uaf+0x19d/0x6c0 [ 29.695309] Read of size 1 at addr ffff888100aaea00 by task kunit_try_catch/226 [ 29.695785] [ 29.696029] CPU: 1 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 29.696269] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.696302] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.696345] Call Trace: [ 29.696375] <TASK> [ 29.696414] dump_stack_lvl+0x73/0xb0 [ 29.696529] print_report+0xd1/0x650 [ 29.696659] ? __virt_addr_valid+0x1db/0x2d0 [ 29.696731] ? ksize_uaf+0x19d/0x6c0 [ 29.696787] ? kasan_complete_mode_report_info+0x64/0x200 [ 29.696856] ? ksize_uaf+0x19d/0x6c0 [ 29.696909] kasan_report+0x141/0x180 [ 29.696954] ? ksize_uaf+0x19d/0x6c0 [ 29.696987] ? ksize_uaf+0x19d/0x6c0 [ 29.697015] __kasan_check_byte+0x3d/0x50 [ 29.697044] ksize+0x20/0x60 [ 29.697135] ksize_uaf+0x19d/0x6c0 [ 29.697181] ? __pfx_ksize_uaf+0x10/0x10 [ 29.697212] ? __schedule+0x10cc/0x2b60 [ 29.697245] ? __pfx_read_tsc+0x10/0x10 [ 29.697274] ? ktime_get_ts64+0x86/0x230 [ 29.697307] kunit_try_run_case+0x1a5/0x480 [ 29.697341] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.697371] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.697402] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.697433] ? __kthread_parkme+0x82/0x180 [ 29.697461] ? preempt_count_sub+0x50/0x80 [ 29.697491] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.697521] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.697572] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.697605] kthread+0x337/0x6f0 [ 29.697631] ? trace_preempt_on+0x20/0xc0 [ 29.697674] ? __pfx_kthread+0x10/0x10 [ 29.697702] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.697731] ? calculate_sigpending+0x7b/0xa0 [ 29.697762] ? __pfx_kthread+0x10/0x10 [ 29.697789] ret_from_fork+0x116/0x1d0 [ 29.697813] ? __pfx_kthread+0x10/0x10 [ 29.697840] ret_from_fork_asm+0x1a/0x30 [ 29.697879] </TASK> [ 29.697894] [ 29.711937] Allocated by task 226: [ 29.712530] kasan_save_stack+0x45/0x70 [ 29.713213] kasan_save_track+0x18/0x40 [ 29.713690] kasan_save_alloc_info+0x3b/0x50 [ 29.714380] __kasan_kmalloc+0xb7/0xc0 [ 29.714880] __kmalloc_cache_noprof+0x189/0x420 [ 29.715450] ksize_uaf+0xaa/0x6c0 [ 29.716084] kunit_try_run_case+0x1a5/0x480 [ 29.716685] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.717234] kthread+0x337/0x6f0 [ 29.717666] ret_from_fork+0x116/0x1d0 [ 29.717976] ret_from_fork_asm+0x1a/0x30 [ 29.718608] [ 29.718877] Freed by task 226: [ 29.719115] kasan_save_stack+0x45/0x70 [ 29.719732] kasan_save_track+0x18/0x40 [ 29.720172] kasan_save_free_info+0x3f/0x60 [ 29.720944] __kasan_slab_free+0x56/0x70 [ 29.721425] kfree+0x222/0x3f0 [ 29.721880] ksize_uaf+0x12c/0x6c0 [ 29.722355] kunit_try_run_case+0x1a5/0x480 [ 29.722849] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.723469] kthread+0x337/0x6f0 [ 29.723911] ret_from_fork+0x116/0x1d0 [ 29.724271] ret_from_fork_asm+0x1a/0x30 [ 29.724686] [ 29.724893] The buggy address belongs to the object at ffff888100aaea00 [ 29.724893] which belongs to the cache kmalloc-128 of size 128 [ 29.726250] The buggy address is located 0 bytes inside of [ 29.726250] freed 128-byte region [ffff888100aaea00, ffff888100aaea80) [ 29.727379] [ 29.727558] The buggy address belongs to the physical page: [ 29.728289] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aae [ 29.728755] flags: 0x200000000000000(node=0|zone=2) [ 29.729249] page_type: f5(slab) [ 29.729498] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.730267] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.730965] page dumped because: kasan: bad access detected [ 29.731353] [ 29.731570] Memory state around the buggy address: [ 29.731863] ffff888100aae900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.732491] ffff888100aae980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.733402] >ffff888100aaea00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.734244] ^ [ 29.734507] ffff888100aaea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.735296] ffff888100aaeb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.735917] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 29.581584] ================================================================== [ 29.582495] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 29.583005] Read of size 1 at addr ffff888100aae973 by task kunit_try_catch/224 [ 29.583509] [ 29.583833] CPU: 1 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 29.583947] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.583979] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.584023] Call Trace: [ 29.584052] <TASK> [ 29.584087] dump_stack_lvl+0x73/0xb0 [ 29.584152] print_report+0xd1/0x650 [ 29.584250] ? __virt_addr_valid+0x1db/0x2d0 [ 29.584315] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 29.584374] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.584443] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 29.584507] kasan_report+0x141/0x180 [ 29.584577] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 29.584680] __asan_report_load1_noabort+0x18/0x20 [ 29.584744] ksize_unpoisons_memory+0x81c/0x9b0 [ 29.584801] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 29.584852] ? finish_task_switch.isra.0+0x153/0x700 [ 29.584910] ? __switch_to+0x47/0xf50 [ 29.584974] ? __schedule+0x10cc/0x2b60 [ 29.585033] ? __pfx_read_tsc+0x10/0x10 [ 29.585083] ? ktime_get_ts64+0x86/0x230 [ 29.585141] kunit_try_run_case+0x1a5/0x480 [ 29.585206] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.585266] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.585326] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.585362] ? __kthread_parkme+0x82/0x180 [ 29.585390] ? preempt_count_sub+0x50/0x80 [ 29.585421] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.585453] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.585484] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.585514] kthread+0x337/0x6f0 [ 29.585560] ? trace_preempt_on+0x20/0xc0 [ 29.585594] ? __pfx_kthread+0x10/0x10 [ 29.585621] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.585676] ? calculate_sigpending+0x7b/0xa0 [ 29.585709] ? __pfx_kthread+0x10/0x10 [ 29.585737] ret_from_fork+0x116/0x1d0 [ 29.585764] ? __pfx_kthread+0x10/0x10 [ 29.585791] ret_from_fork_asm+0x1a/0x30 [ 29.585831] </TASK> [ 29.585845] [ 29.600216] Allocated by task 224: [ 29.600586] kasan_save_stack+0x45/0x70 [ 29.601127] kasan_save_track+0x18/0x40 [ 29.601585] kasan_save_alloc_info+0x3b/0x50 [ 29.602054] __kasan_kmalloc+0xb7/0xc0 [ 29.602414] __kmalloc_cache_noprof+0x189/0x420 [ 29.602889] ksize_unpoisons_memory+0xc7/0x9b0 [ 29.603316] kunit_try_run_case+0x1a5/0x480 [ 29.603745] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.604242] kthread+0x337/0x6f0 [ 29.604496] ret_from_fork+0x116/0x1d0 [ 29.604894] ret_from_fork_asm+0x1a/0x30 [ 29.605295] [ 29.605523] The buggy address belongs to the object at ffff888100aae900 [ 29.605523] which belongs to the cache kmalloc-128 of size 128 [ 29.606313] The buggy address is located 0 bytes to the right of [ 29.606313] allocated 115-byte region [ffff888100aae900, ffff888100aae973) [ 29.607206] [ 29.607419] The buggy address belongs to the physical page: [ 29.608020] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aae [ 29.608436] flags: 0x200000000000000(node=0|zone=2) [ 29.608984] page_type: f5(slab) [ 29.609342] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.609844] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.610496] page dumped because: kasan: bad access detected [ 29.610910] [ 29.611141] Memory state around the buggy address: [ 29.611659] ffff888100aae800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.612103] ffff888100aae880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.612763] >ffff888100aae900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 29.613267] ^ [ 29.613875] ffff888100aae980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.614298] ffff888100aaea00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.614978] ================================================================== [ 29.651856] ================================================================== [ 29.653261] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 29.653980] Read of size 1 at addr ffff888100aae97f by task kunit_try_catch/224 [ 29.654626] [ 29.654873] CPU: 1 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 29.654987] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.655018] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.655068] Call Trace: [ 29.655110] <TASK> [ 29.655150] dump_stack_lvl+0x73/0xb0 [ 29.655223] print_report+0xd1/0x650 [ 29.655282] ? __virt_addr_valid+0x1db/0x2d0 [ 29.655345] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 29.655406] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.655470] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 29.655579] kasan_report+0x141/0x180 [ 29.655637] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 29.655724] __asan_report_load1_noabort+0x18/0x20 [ 29.655813] ksize_unpoisons_memory+0x7b6/0x9b0 [ 29.655902] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 29.655959] ? finish_task_switch.isra.0+0x153/0x700 [ 29.656014] ? __switch_to+0x47/0xf50 [ 29.656080] ? __schedule+0x10cc/0x2b60 [ 29.656147] ? __pfx_read_tsc+0x10/0x10 [ 29.656206] ? ktime_get_ts64+0x86/0x230 [ 29.656271] kunit_try_run_case+0x1a5/0x480 [ 29.656332] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.656375] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.656408] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.656440] ? __kthread_parkme+0x82/0x180 [ 29.656467] ? preempt_count_sub+0x50/0x80 [ 29.656497] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.656528] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.656582] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.656614] kthread+0x337/0x6f0 [ 29.656651] ? trace_preempt_on+0x20/0xc0 [ 29.656699] ? __pfx_kthread+0x10/0x10 [ 29.656726] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.656756] ? calculate_sigpending+0x7b/0xa0 [ 29.656787] ? __pfx_kthread+0x10/0x10 [ 29.656815] ret_from_fork+0x116/0x1d0 [ 29.656840] ? __pfx_kthread+0x10/0x10 [ 29.656866] ret_from_fork_asm+0x1a/0x30 [ 29.656905] </TASK> [ 29.656919] [ 29.669271] Allocated by task 224: [ 29.669681] kasan_save_stack+0x45/0x70 [ 29.670068] kasan_save_track+0x18/0x40 [ 29.670314] kasan_save_alloc_info+0x3b/0x50 [ 29.670603] __kasan_kmalloc+0xb7/0xc0 [ 29.671013] __kmalloc_cache_noprof+0x189/0x420 [ 29.671465] ksize_unpoisons_memory+0xc7/0x9b0 [ 29.671896] kunit_try_run_case+0x1a5/0x480 [ 29.672162] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.672683] kthread+0x337/0x6f0 [ 29.673094] ret_from_fork+0x116/0x1d0 [ 29.673494] ret_from_fork_asm+0x1a/0x30 [ 29.673930] [ 29.674100] The buggy address belongs to the object at ffff888100aae900 [ 29.674100] which belongs to the cache kmalloc-128 of size 128 [ 29.674718] The buggy address is located 12 bytes to the right of [ 29.674718] allocated 115-byte region [ffff888100aae900, ffff888100aae973) [ 29.675390] [ 29.675574] The buggy address belongs to the physical page: [ 29.676087] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aae [ 29.676769] flags: 0x200000000000000(node=0|zone=2) [ 29.677246] page_type: f5(slab) [ 29.677774] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.678373] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.678972] page dumped because: kasan: bad access detected [ 29.679470] [ 29.679747] Memory state around the buggy address: [ 29.680095] ffff888100aae800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.680703] ffff888100aae880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.681211] >ffff888100aae900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 29.681576] ^ [ 29.682212] ffff888100aae980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.682908] ffff888100aaea00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.683397] ================================================================== [ 29.617103] ================================================================== [ 29.618240] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 29.618892] Read of size 1 at addr ffff888100aae978 by task kunit_try_catch/224 [ 29.619354] [ 29.619502] CPU: 1 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 29.619592] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.619620] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.619667] Call Trace: [ 29.619704] <TASK> [ 29.619793] dump_stack_lvl+0x73/0xb0 [ 29.619890] print_report+0xd1/0x650 [ 29.619950] ? __virt_addr_valid+0x1db/0x2d0 [ 29.620013] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 29.620115] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.620190] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 29.620252] kasan_report+0x141/0x180 [ 29.620306] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 29.620376] __asan_report_load1_noabort+0x18/0x20 [ 29.620490] ksize_unpoisons_memory+0x7e9/0x9b0 [ 29.620573] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 29.620633] ? finish_task_switch.isra.0+0x153/0x700 [ 29.620690] ? __switch_to+0x47/0xf50 [ 29.620756] ? __schedule+0x10cc/0x2b60 [ 29.620872] ? __pfx_read_tsc+0x10/0x10 [ 29.620934] ? ktime_get_ts64+0x86/0x230 [ 29.621000] kunit_try_run_case+0x1a5/0x480 [ 29.621067] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.621179] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.621246] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.621305] ? __kthread_parkme+0x82/0x180 [ 29.621346] ? preempt_count_sub+0x50/0x80 [ 29.621377] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.621409] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.621441] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.621472] kthread+0x337/0x6f0 [ 29.621499] ? trace_preempt_on+0x20/0xc0 [ 29.621531] ? __pfx_kthread+0x10/0x10 [ 29.621578] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.621608] ? calculate_sigpending+0x7b/0xa0 [ 29.621651] ? __pfx_kthread+0x10/0x10 [ 29.621696] ret_from_fork+0x116/0x1d0 [ 29.621723] ? __pfx_kthread+0x10/0x10 [ 29.621750] ret_from_fork_asm+0x1a/0x30 [ 29.621791] </TASK> [ 29.621804] [ 29.634628] Allocated by task 224: [ 29.634990] kasan_save_stack+0x45/0x70 [ 29.635669] kasan_save_track+0x18/0x40 [ 29.636083] kasan_save_alloc_info+0x3b/0x50 [ 29.636566] __kasan_kmalloc+0xb7/0xc0 [ 29.636960] __kmalloc_cache_noprof+0x189/0x420 [ 29.637370] ksize_unpoisons_memory+0xc7/0x9b0 [ 29.637718] kunit_try_run_case+0x1a5/0x480 [ 29.638028] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.638659] kthread+0x337/0x6f0 [ 29.639002] ret_from_fork+0x116/0x1d0 [ 29.639394] ret_from_fork_asm+0x1a/0x30 [ 29.639846] [ 29.640054] The buggy address belongs to the object at ffff888100aae900 [ 29.640054] which belongs to the cache kmalloc-128 of size 128 [ 29.640918] The buggy address is located 5 bytes to the right of [ 29.640918] allocated 115-byte region [ffff888100aae900, ffff888100aae973) [ 29.641779] [ 29.641993] The buggy address belongs to the physical page: [ 29.642490] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aae [ 29.643235] flags: 0x200000000000000(node=0|zone=2) [ 29.643792] page_type: f5(slab) [ 29.644059] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.644420] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.645063] page dumped because: kasan: bad access detected [ 29.645611] [ 29.645853] Memory state around the buggy address: [ 29.646315] ffff888100aae800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.646939] ffff888100aae880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.647291] >ffff888100aae900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 29.647702] ^ [ 29.648374] ffff888100aae980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.649130] ffff888100aaea00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.649785] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-kfree_sensitive
[ 29.531325] ================================================================== [ 29.531790] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 29.532809] Free of addr ffff8881022bd720 by task kunit_try_catch/222 [ 29.533294] [ 29.533492] CPU: 1 UID: 0 PID: 222 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 29.533618] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.533770] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.533871] Call Trace: [ 29.533913] <TASK> [ 29.533952] dump_stack_lvl+0x73/0xb0 [ 29.534052] print_report+0xd1/0x650 [ 29.534116] ? __virt_addr_valid+0x1db/0x2d0 [ 29.534240] ? kasan_complete_mode_report_info+0x64/0x200 [ 29.534336] ? kfree_sensitive+0x2e/0x90 [ 29.534399] kasan_report_invalid_free+0x10a/0x130 [ 29.534658] ? kfree_sensitive+0x2e/0x90 [ 29.534730] ? kfree_sensitive+0x2e/0x90 [ 29.534794] check_slab_allocation+0x101/0x130 [ 29.534854] __kasan_slab_pre_free+0x28/0x40 [ 29.534909] kfree+0xf0/0x3f0 [ 29.535165] ? kfree_sensitive+0x2e/0x90 [ 29.535359] kfree_sensitive+0x2e/0x90 [ 29.535437] kmalloc_double_kzfree+0x19c/0x350 [ 29.535502] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 29.535588] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 29.535667] kunit_try_run_case+0x1a5/0x480 [ 29.535706] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.535737] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.535771] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.535803] ? __kthread_parkme+0x82/0x180 [ 29.535841] ? preempt_count_sub+0x50/0x80 [ 29.535871] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.535902] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.535933] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.535963] kthread+0x337/0x6f0 [ 29.535989] ? trace_preempt_on+0x20/0xc0 [ 29.536019] ? __pfx_kthread+0x10/0x10 [ 29.536045] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.536119] ? calculate_sigpending+0x7b/0xa0 [ 29.536175] ? __pfx_kthread+0x10/0x10 [ 29.536224] ret_from_fork+0x116/0x1d0 [ 29.536269] ? __pfx_kthread+0x10/0x10 [ 29.536314] ret_from_fork_asm+0x1a/0x30 [ 29.536380] </TASK> [ 29.536400] [ 29.553319] Allocated by task 222: [ 29.553716] kasan_save_stack+0x45/0x70 [ 29.554007] kasan_save_track+0x18/0x40 [ 29.554288] kasan_save_alloc_info+0x3b/0x50 [ 29.554768] __kasan_kmalloc+0xb7/0xc0 [ 29.555161] __kmalloc_cache_noprof+0x189/0x420 [ 29.555606] kmalloc_double_kzfree+0xa9/0x350 [ 29.555980] kunit_try_run_case+0x1a5/0x480 [ 29.556281] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.557057] kthread+0x337/0x6f0 [ 29.557538] ret_from_fork+0x116/0x1d0 [ 29.557963] ret_from_fork_asm+0x1a/0x30 [ 29.558518] [ 29.558757] Freed by task 222: [ 29.558976] kasan_save_stack+0x45/0x70 [ 29.559218] kasan_save_track+0x18/0x40 [ 29.559623] kasan_save_free_info+0x3f/0x60 [ 29.560076] __kasan_slab_free+0x56/0x70 [ 29.560459] kfree+0x222/0x3f0 [ 29.560870] kfree_sensitive+0x67/0x90 [ 29.561251] kmalloc_double_kzfree+0x12b/0x350 [ 29.561693] kunit_try_run_case+0x1a5/0x480 [ 29.561983] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.562286] kthread+0x337/0x6f0 [ 29.563178] ret_from_fork+0x116/0x1d0 [ 29.563601] ret_from_fork_asm+0x1a/0x30 [ 29.564023] [ 29.564363] The buggy address belongs to the object at ffff8881022bd720 [ 29.564363] which belongs to the cache kmalloc-16 of size 16 [ 29.565047] The buggy address is located 0 bytes inside of [ 29.565047] 16-byte region [ffff8881022bd720, ffff8881022bd730) [ 29.566180] [ 29.566383] The buggy address belongs to the physical page: [ 29.567276] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022bd [ 29.567681] flags: 0x200000000000000(node=0|zone=2) [ 29.567972] page_type: f5(slab) [ 29.568311] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 29.569202] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.569873] page dumped because: kasan: bad access detected [ 29.570794] [ 29.570985] Memory state around the buggy address: [ 29.571633] ffff8881022bd600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.572003] ffff8881022bd680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.572768] >ffff8881022bd700: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 29.573267] ^ [ 29.573515] ffff8881022bd780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.574280] ffff8881022bd800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.575340] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 29.482498] ================================================================== [ 29.483513] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350 [ 29.484560] Read of size 1 at addr ffff8881022bd720 by task kunit_try_catch/222 [ 29.485015] [ 29.485361] CPU: 1 UID: 0 PID: 222 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 29.485740] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.485797] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.485950] Call Trace: [ 29.486026] <TASK> [ 29.486084] dump_stack_lvl+0x73/0xb0 [ 29.486162] print_report+0xd1/0x650 [ 29.486213] ? __virt_addr_valid+0x1db/0x2d0 [ 29.486266] ? kmalloc_double_kzfree+0x19c/0x350 [ 29.486314] ? kasan_complete_mode_report_info+0x64/0x200 [ 29.486369] ? kmalloc_double_kzfree+0x19c/0x350 [ 29.486418] kasan_report+0x141/0x180 [ 29.486469] ? kmalloc_double_kzfree+0x19c/0x350 [ 29.486535] ? kmalloc_double_kzfree+0x19c/0x350 [ 29.486612] __kasan_check_byte+0x3d/0x50 [ 29.486671] kfree_sensitive+0x22/0x90 [ 29.486738] kmalloc_double_kzfree+0x19c/0x350 [ 29.486790] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 29.486853] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 29.486914] kunit_try_run_case+0x1a5/0x480 [ 29.486970] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.487016] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.487056] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.487179] ? __kthread_parkme+0x82/0x180 [ 29.487210] ? preempt_count_sub+0x50/0x80 [ 29.487241] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.487273] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.487305] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.487335] kthread+0x337/0x6f0 [ 29.487361] ? trace_preempt_on+0x20/0xc0 [ 29.487391] ? __pfx_kthread+0x10/0x10 [ 29.487418] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.487448] ? calculate_sigpending+0x7b/0xa0 [ 29.487478] ? __pfx_kthread+0x10/0x10 [ 29.487505] ret_from_fork+0x116/0x1d0 [ 29.487533] ? __pfx_kthread+0x10/0x10 [ 29.487583] ret_from_fork_asm+0x1a/0x30 [ 29.487624] </TASK> [ 29.487644] [ 29.505229] Allocated by task 222: [ 29.505873] kasan_save_stack+0x45/0x70 [ 29.506132] kasan_save_track+0x18/0x40 [ 29.506661] kasan_save_alloc_info+0x3b/0x50 [ 29.507030] __kasan_kmalloc+0xb7/0xc0 [ 29.507602] __kmalloc_cache_noprof+0x189/0x420 [ 29.507844] kmalloc_double_kzfree+0xa9/0x350 [ 29.508927] kunit_try_run_case+0x1a5/0x480 [ 29.509677] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.510028] kthread+0x337/0x6f0 [ 29.510575] ret_from_fork+0x116/0x1d0 [ 29.511049] ret_from_fork_asm+0x1a/0x30 [ 29.511507] [ 29.511933] Freed by task 222: [ 29.512145] kasan_save_stack+0x45/0x70 [ 29.512521] kasan_save_track+0x18/0x40 [ 29.512783] kasan_save_free_info+0x3f/0x60 [ 29.513493] __kasan_slab_free+0x56/0x70 [ 29.514025] kfree+0x222/0x3f0 [ 29.514950] kfree_sensitive+0x67/0x90 [ 29.515407] kmalloc_double_kzfree+0x12b/0x350 [ 29.515663] kunit_try_run_case+0x1a5/0x480 [ 29.515910] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.516353] kthread+0x337/0x6f0 [ 29.516938] ret_from_fork+0x116/0x1d0 [ 29.517708] ret_from_fork_asm+0x1a/0x30 [ 29.518081] [ 29.518222] The buggy address belongs to the object at ffff8881022bd720 [ 29.518222] which belongs to the cache kmalloc-16 of size 16 [ 29.519114] The buggy address is located 0 bytes inside of [ 29.519114] freed 16-byte region [ffff8881022bd720, ffff8881022bd730) [ 29.521115] [ 29.521308] The buggy address belongs to the physical page: [ 29.522044] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022bd [ 29.522671] flags: 0x200000000000000(node=0|zone=2) [ 29.523027] page_type: f5(slab) [ 29.523374] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 29.523987] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.524298] page dumped because: kasan: bad access detected [ 29.524725] [ 29.524935] Memory state around the buggy address: [ 29.526041] ffff8881022bd600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.526712] ffff8881022bd680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.527578] >ffff8881022bd700: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 29.528596] ^ [ 29.528853] ffff8881022bd780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.529622] ffff8881022bd800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.530326] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 29.427612] ================================================================== [ 29.428283] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x4a8/0x520 [ 29.428955] Read of size 1 at addr ffff888102ddc928 by task kunit_try_catch/218 [ 29.429506] [ 29.429802] CPU: 0 UID: 0 PID: 218 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 29.429920] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.429947] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.429998] Call Trace: [ 29.430030] <TASK> [ 29.430071] dump_stack_lvl+0x73/0xb0 [ 29.430151] print_report+0xd1/0x650 [ 29.430213] ? __virt_addr_valid+0x1db/0x2d0 [ 29.430281] ? kmalloc_uaf2+0x4a8/0x520 [ 29.430331] ? kasan_complete_mode_report_info+0x64/0x200 [ 29.430390] ? kmalloc_uaf2+0x4a8/0x520 [ 29.430462] kasan_report+0x141/0x180 [ 29.430521] ? kmalloc_uaf2+0x4a8/0x520 [ 29.430605] __asan_report_load1_noabort+0x18/0x20 [ 29.430706] kmalloc_uaf2+0x4a8/0x520 [ 29.430782] ? __pfx_kmalloc_uaf2+0x10/0x10 [ 29.430842] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 29.430942] ? __pfx_kmalloc_uaf2+0x10/0x10 [ 29.431011] kunit_try_run_case+0x1a5/0x480 [ 29.431180] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.431221] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.431257] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.431291] ? __kthread_parkme+0x82/0x180 [ 29.431320] ? preempt_count_sub+0x50/0x80 [ 29.431352] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.431383] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.431414] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.431445] kthread+0x337/0x6f0 [ 29.431471] ? trace_preempt_on+0x20/0xc0 [ 29.431502] ? __pfx_kthread+0x10/0x10 [ 29.431529] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.431582] ? calculate_sigpending+0x7b/0xa0 [ 29.431614] ? __pfx_kthread+0x10/0x10 [ 29.431655] ret_from_fork+0x116/0x1d0 [ 29.431686] ? __pfx_kthread+0x10/0x10 [ 29.431713] ret_from_fork_asm+0x1a/0x30 [ 29.431753] </TASK> [ 29.431768] [ 29.447010] Allocated by task 218: [ 29.447563] kasan_save_stack+0x45/0x70 [ 29.448028] kasan_save_track+0x18/0x40 [ 29.448832] kasan_save_alloc_info+0x3b/0x50 [ 29.449422] __kasan_kmalloc+0xb7/0xc0 [ 29.449881] __kmalloc_cache_noprof+0x189/0x420 [ 29.450300] kmalloc_uaf2+0xc6/0x520 [ 29.450655] kunit_try_run_case+0x1a5/0x480 [ 29.451236] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.451814] kthread+0x337/0x6f0 [ 29.452057] ret_from_fork+0x116/0x1d0 [ 29.452566] ret_from_fork_asm+0x1a/0x30 [ 29.453729] [ 29.453893] Freed by task 218: [ 29.454337] kasan_save_stack+0x45/0x70 [ 29.454698] kasan_save_track+0x18/0x40 [ 29.455163] kasan_save_free_info+0x3f/0x60 [ 29.455468] __kasan_slab_free+0x56/0x70 [ 29.455892] kfree+0x222/0x3f0 [ 29.456761] kmalloc_uaf2+0x14c/0x520 [ 29.457325] kunit_try_run_case+0x1a5/0x480 [ 29.457960] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.458427] kthread+0x337/0x6f0 [ 29.458626] ret_from_fork+0x116/0x1d0 [ 29.458815] ret_from_fork_asm+0x1a/0x30 [ 29.459183] [ 29.459503] The buggy address belongs to the object at ffff888102ddc900 [ 29.459503] which belongs to the cache kmalloc-64 of size 64 [ 29.461145] The buggy address is located 40 bytes inside of [ 29.461145] freed 64-byte region [ffff888102ddc900, ffff888102ddc940) [ 29.462506] [ 29.462693] The buggy address belongs to the physical page: [ 29.462942] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ddc [ 29.464016] flags: 0x200000000000000(node=0|zone=2) [ 29.464980] page_type: f5(slab) [ 29.465333] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.465892] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.466407] page dumped because: kasan: bad access detected [ 29.466840] [ 29.467195] Memory state around the buggy address: [ 29.467781] ffff888102ddc800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.468194] ffff888102ddc880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.468939] >ffff888102ddc900: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.469569] ^ [ 29.470024] ffff888102ddc980: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 29.471202] ffff888102ddca00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.471884] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 29.377814] ================================================================== [ 29.379004] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x1a3/0x360 [ 29.379673] Write of size 33 at addr ffff888102d0b300 by task kunit_try_catch/216 [ 29.380776] [ 29.380953] CPU: 1 UID: 0 PID: 216 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 29.381066] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.381099] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.381159] Call Trace: [ 29.381196] <TASK> [ 29.381235] dump_stack_lvl+0x73/0xb0 [ 29.381326] print_report+0xd1/0x650 [ 29.381595] ? __virt_addr_valid+0x1db/0x2d0 [ 29.381698] ? kmalloc_uaf_memset+0x1a3/0x360 [ 29.381748] ? kasan_complete_mode_report_info+0x64/0x200 [ 29.381795] ? kmalloc_uaf_memset+0x1a3/0x360 [ 29.381823] kasan_report+0x141/0x180 [ 29.381853] ? kmalloc_uaf_memset+0x1a3/0x360 [ 29.381887] kasan_check_range+0x10c/0x1c0 [ 29.381917] __asan_memset+0x27/0x50 [ 29.381948] kmalloc_uaf_memset+0x1a3/0x360 [ 29.381975] ? __pfx_kmalloc_uaf_memset+0x10/0x10 [ 29.382003] ? __schedule+0x207f/0x2b60 [ 29.382036] ? __pfx_read_tsc+0x10/0x10 [ 29.382116] ? ktime_get_ts64+0x86/0x230 [ 29.382178] kunit_try_run_case+0x1a5/0x480 [ 29.382218] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.382248] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.382281] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.382312] ? __kthread_parkme+0x82/0x180 [ 29.382343] ? preempt_count_sub+0x50/0x80 [ 29.382373] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.382404] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.382435] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.382465] kthread+0x337/0x6f0 [ 29.382490] ? trace_preempt_on+0x20/0xc0 [ 29.382521] ? __pfx_kthread+0x10/0x10 [ 29.382568] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.382599] ? calculate_sigpending+0x7b/0xa0 [ 29.382642] ? __pfx_kthread+0x10/0x10 [ 29.382691] ret_from_fork+0x116/0x1d0 [ 29.382718] ? __pfx_kthread+0x10/0x10 [ 29.382746] ret_from_fork_asm+0x1a/0x30 [ 29.382787] </TASK> [ 29.382801] [ 29.398674] Allocated by task 216: [ 29.398931] kasan_save_stack+0x45/0x70 [ 29.399191] kasan_save_track+0x18/0x40 [ 29.399458] kasan_save_alloc_info+0x3b/0x50 [ 29.399958] __kasan_kmalloc+0xb7/0xc0 [ 29.400417] __kmalloc_cache_noprof+0x189/0x420 [ 29.400960] kmalloc_uaf_memset+0xa9/0x360 [ 29.401517] kunit_try_run_case+0x1a5/0x480 [ 29.402015] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.402679] kthread+0x337/0x6f0 [ 29.403019] ret_from_fork+0x116/0x1d0 [ 29.403295] ret_from_fork_asm+0x1a/0x30 [ 29.403564] [ 29.403832] Freed by task 216: [ 29.404321] kasan_save_stack+0x45/0x70 [ 29.404831] kasan_save_track+0x18/0x40 [ 29.405440] kasan_save_free_info+0x3f/0x60 [ 29.405920] __kasan_slab_free+0x56/0x70 [ 29.406292] kfree+0x222/0x3f0 [ 29.406520] kmalloc_uaf_memset+0x12b/0x360 [ 29.407094] kunit_try_run_case+0x1a5/0x480 [ 29.407736] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.408243] kthread+0x337/0x6f0 [ 29.408596] ret_from_fork+0x116/0x1d0 [ 29.409031] ret_from_fork_asm+0x1a/0x30 [ 29.409321] [ 29.409449] The buggy address belongs to the object at ffff888102d0b300 [ 29.409449] which belongs to the cache kmalloc-64 of size 64 [ 29.410675] The buggy address is located 0 bytes inside of [ 29.410675] freed 64-byte region [ffff888102d0b300, ffff888102d0b340) [ 29.411376] [ 29.411717] The buggy address belongs to the physical page: [ 29.412271] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d0b [ 29.412847] flags: 0x200000000000000(node=0|zone=2) [ 29.413176] page_type: f5(slab) [ 29.413390] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.414120] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.414836] page dumped because: kasan: bad access detected [ 29.415472] [ 29.415748] Memory state around the buggy address: [ 29.416231] ffff888102d0b200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.416641] ffff888102d0b280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.417269] >ffff888102d0b300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.417938] ^ [ 29.418358] ffff888102d0b380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.418835] ffff888102d0b400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.419497] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 29.331943] ================================================================== [ 29.332773] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x320/0x380 [ 29.333746] Read of size 1 at addr ffff8881010ffc88 by task kunit_try_catch/214 [ 29.334071] [ 29.334265] CPU: 0 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 29.334376] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.334406] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.334450] Call Trace: [ 29.334478] <TASK> [ 29.334513] dump_stack_lvl+0x73/0xb0 [ 29.334605] print_report+0xd1/0x650 [ 29.334659] ? __virt_addr_valid+0x1db/0x2d0 [ 29.335252] ? kmalloc_uaf+0x320/0x380 [ 29.335285] ? kasan_complete_mode_report_info+0x64/0x200 [ 29.335319] ? kmalloc_uaf+0x320/0x380 [ 29.335346] kasan_report+0x141/0x180 [ 29.335376] ? kmalloc_uaf+0x320/0x380 [ 29.335407] __asan_report_load1_noabort+0x18/0x20 [ 29.335439] kmalloc_uaf+0x320/0x380 [ 29.335464] ? __pfx_kmalloc_uaf+0x10/0x10 [ 29.335491] ? __schedule+0x10cc/0x2b60 [ 29.335524] ? __pfx_read_tsc+0x10/0x10 [ 29.335573] ? ktime_get_ts64+0x86/0x230 [ 29.335606] kunit_try_run_case+0x1a5/0x480 [ 29.335651] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.335709] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.335741] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.335773] ? __kthread_parkme+0x82/0x180 [ 29.335803] ? preempt_count_sub+0x50/0x80 [ 29.335847] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.335878] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.335909] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.335940] kthread+0x337/0x6f0 [ 29.335965] ? trace_preempt_on+0x20/0xc0 [ 29.335996] ? __pfx_kthread+0x10/0x10 [ 29.336022] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.336051] ? calculate_sigpending+0x7b/0xa0 [ 29.336081] ? __pfx_kthread+0x10/0x10 [ 29.336109] ret_from_fork+0x116/0x1d0 [ 29.336133] ? __pfx_kthread+0x10/0x10 [ 29.336159] ret_from_fork_asm+0x1a/0x30 [ 29.336198] </TASK> [ 29.336212] [ 29.351068] Allocated by task 214: [ 29.351463] kasan_save_stack+0x45/0x70 [ 29.351806] kasan_save_track+0x18/0x40 [ 29.352074] kasan_save_alloc_info+0x3b/0x50 [ 29.352329] __kasan_kmalloc+0xb7/0xc0 [ 29.352571] __kmalloc_cache_noprof+0x189/0x420 [ 29.352982] kmalloc_uaf+0xaa/0x380 [ 29.353356] kunit_try_run_case+0x1a5/0x480 [ 29.353848] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.354412] kthread+0x337/0x6f0 [ 29.355071] ret_from_fork+0x116/0x1d0 [ 29.355786] ret_from_fork_asm+0x1a/0x30 [ 29.356022] [ 29.356198] Freed by task 214: [ 29.356517] kasan_save_stack+0x45/0x70 [ 29.356982] kasan_save_track+0x18/0x40 [ 29.357314] kasan_save_free_info+0x3f/0x60 [ 29.357818] __kasan_slab_free+0x56/0x70 [ 29.358156] kfree+0x222/0x3f0 [ 29.358474] kmalloc_uaf+0x12c/0x380 [ 29.358868] kunit_try_run_case+0x1a5/0x480 [ 29.359235] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.359772] kthread+0x337/0x6f0 [ 29.360080] ret_from_fork+0x116/0x1d0 [ 29.360434] ret_from_fork_asm+0x1a/0x30 [ 29.360890] [ 29.361094] The buggy address belongs to the object at ffff8881010ffc80 [ 29.361094] which belongs to the cache kmalloc-16 of size 16 [ 29.361965] The buggy address is located 8 bytes inside of [ 29.361965] freed 16-byte region [ffff8881010ffc80, ffff8881010ffc90) [ 29.362758] [ 29.362986] The buggy address belongs to the physical page: [ 29.363480] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1010ff [ 29.364109] flags: 0x200000000000000(node=0|zone=2) [ 29.364536] page_type: f5(slab) [ 29.364881] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 29.365468] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.366037] page dumped because: kasan: bad access detected [ 29.366510] [ 29.366776] Memory state around the buggy address: [ 29.367110] ffff8881010ffb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.367753] ffff8881010ffc00: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 29.368232] >ffff8881010ffc80: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.368897] ^ [ 29.369223] ffff8881010ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.369701] ffff8881010ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.370338] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 29.286568] ================================================================== [ 29.287834] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 29.288531] Read of size 64 at addr ffff888102ddc784 by task kunit_try_catch/212 [ 29.289723] [ 29.290715] CPU: 0 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 29.290854] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.290889] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.290942] Call Trace: [ 29.290977] <TASK> [ 29.291017] dump_stack_lvl+0x73/0xb0 [ 29.291093] print_report+0xd1/0x650 [ 29.291148] ? __virt_addr_valid+0x1db/0x2d0 [ 29.291199] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 29.291232] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.291267] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 29.291299] kasan_report+0x141/0x180 [ 29.291328] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 29.291365] kasan_check_range+0x10c/0x1c0 [ 29.291395] __asan_memmove+0x27/0x70 [ 29.291426] kmalloc_memmove_invalid_size+0x16f/0x330 [ 29.291457] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 29.291489] ? __schedule+0x10cc/0x2b60 [ 29.291522] ? __pfx_read_tsc+0x10/0x10 [ 29.291577] ? ktime_get_ts64+0x86/0x230 [ 29.291613] kunit_try_run_case+0x1a5/0x480 [ 29.291649] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.291679] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.291715] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.291772] ? __kthread_parkme+0x82/0x180 [ 29.291801] ? preempt_count_sub+0x50/0x80 [ 29.291845] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.291878] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.291909] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.291940] kthread+0x337/0x6f0 [ 29.291966] ? trace_preempt_on+0x20/0xc0 [ 29.291998] ? __pfx_kthread+0x10/0x10 [ 29.292025] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.292062] ? calculate_sigpending+0x7b/0xa0 [ 29.292145] ? __pfx_kthread+0x10/0x10 [ 29.292193] ret_from_fork+0x116/0x1d0 [ 29.292236] ? __pfx_kthread+0x10/0x10 [ 29.292280] ret_from_fork_asm+0x1a/0x30 [ 29.292349] </TASK> [ 29.292372] [ 29.308190] Allocated by task 212: [ 29.308505] kasan_save_stack+0x45/0x70 [ 29.309003] kasan_save_track+0x18/0x40 [ 29.309904] kasan_save_alloc_info+0x3b/0x50 [ 29.310449] __kasan_kmalloc+0xb7/0xc0 [ 29.310831] __kmalloc_cache_noprof+0x189/0x420 [ 29.311488] kmalloc_memmove_invalid_size+0xac/0x330 [ 29.312046] kunit_try_run_case+0x1a5/0x480 [ 29.312511] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.313107] kthread+0x337/0x6f0 [ 29.313523] ret_from_fork+0x116/0x1d0 [ 29.313932] ret_from_fork_asm+0x1a/0x30 [ 29.314833] [ 29.315037] The buggy address belongs to the object at ffff888102ddc780 [ 29.315037] which belongs to the cache kmalloc-64 of size 64 [ 29.316163] The buggy address is located 4 bytes inside of [ 29.316163] allocated 64-byte region [ffff888102ddc780, ffff888102ddc7c0) [ 29.316999] [ 29.317363] The buggy address belongs to the physical page: [ 29.317919] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ddc [ 29.318723] flags: 0x200000000000000(node=0|zone=2) [ 29.319002] page_type: f5(slab) [ 29.319881] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.320526] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.321002] page dumped because: kasan: bad access detected [ 29.321392] [ 29.321717] Memory state around the buggy address: [ 29.322121] ffff888102ddc680: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 29.322668] ffff888102ddc700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.323165] >ffff888102ddc780: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 29.323636] ^ [ 29.324387] ffff888102ddc800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.325075] ffff888102ddc880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.325823] ==================================================================
Failure - log-parser-boot - bug-bug-kernel-null-pointer-dereference-address
[ 199.579785] BUG: kernel NULL pointer dereference, address: 0000000000000690 [ 199.431092] BUG: kernel NULL pointer dereference, address: 0000000000000690 [ 199.480289] BUG: kernel NULL pointer dereference, address: 0000000000000690 [ 199.529597] BUG: kernel NULL pointer dereference, address: 0000000000000690
Failure - log-parser-boot - oops-oops-oops-smp-kasan-pti
[ 199.435072] Oops: Oops: 0002 [#49] SMP KASAN PTI [ 199.532161] Oops: Oops: 0002 [#51] SMP KASAN PTI [ 199.581290] Oops: Oops: 0002 [#52] SMP KASAN PTI [ 199.482439] Oops: Oops: 0002 [#50] SMP KASAN PTI
Failure - log-parser-boot - oops-oops-general-protection-fault-probably-for-non-canonical-address-smp-kasan-pti
[ 197.831875] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#14] SMP KASAN PTI [ 197.689823] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#11] SMP KASAN PTI [ 199.855502] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#58] SMP KASAN PTI [ 197.924621] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#16] SMP KASAN PTI [ 197.788619] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#13] SMP KASAN PTI [ 197.642252] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#10] SMP KASAN PTI [ 198.113704] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#20] SMP KASAN PTI [ 199.186758] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#44] SMP KASAN PTI [ 198.248712] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#23] SMP KASAN PTI [ 199.808513] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#57] SMP KASAN PTI [ 198.378698] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#26] SMP KASAN PTI [ 199.141792] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#43] SMP KASAN PTI [ 199.635831] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#53] SMP KASAN PTI [ 198.204819] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#22] SMP KASAN PTI [ 149.189540] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI [ 198.597010] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#31] SMP KASAN PTI [ 199.007311] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#40] SMP KASAN PTI [ 199.097364] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#42] SMP KASAN PTI [ 199.717685] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#55] SMP KASAN PTI [ 199.763682] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#56] SMP KASAN PTI [ 198.962664] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#39] SMP KASAN PTI [ 198.159580] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#21] SMP KASAN PTI [ 197.738329] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#12] SMP KASAN PTI [ 199.053418] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#41] SMP KASAN PTI [ 199.237658] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#45] SMP KASAN PTI [ 197.362905] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#4] SMP KASAN PTI [ 197.551447] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#8] SMP KASAN PTI [ 198.332576] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#25] SMP KASAN PTI [ 198.869469] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#37] SMP KASAN PTI [ 197.503411] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#7] SMP KASAN PTI [ 197.453969] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#6] SMP KASAN PTI [ 198.423314] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#27] SMP KASAN PTI [ 198.017187] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#18] SMP KASAN PTI [ 198.827396] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#36] SMP KASAN PTI [ 199.675668] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#54] SMP KASAN PTI [ 198.732739] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#34] SMP KASAN PTI [ 198.684993] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#33] SMP KASAN PTI [ 198.514511] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#29] SMP KASAN PTI [ 196.139848] Oops: general protection fault, probably for non-canonical address 0xe0e3fc17000000d2: 0000 [#2] SMP KASAN PTI [ 198.289629] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#24] SMP KASAN PTI [ 199.330241] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#47] SMP KASAN PTI [ 199.900659] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#59] SMP KASAN PTI [ 198.777329] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#35] SMP KASAN PTI [ 197.972979] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#17] SMP KASAN PTI [ 198.069996] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#19] SMP KASAN PTI [ 197.317718] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#3] SMP KASAN PTI [ 197.598458] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#9] SMP KASAN PTI [ 198.556604] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#30] SMP KASAN PTI [ 197.877006] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#15] SMP KASAN PTI [ 198.470563] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#28] SMP KASAN PTI [ 198.642367] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#32] SMP KASAN PTI [ 198.914823] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#38] SMP KASAN PTI [ 197.410890] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#5] SMP KASAN PTI [ 199.281798] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#46] SMP KASAN PTI [ 199.374686] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#48] SMP KASAN PTI
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 66.093786] ================================================================== [ 66.094273] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0 [ 66.094273] [ 66.094973] Use-after-free read at 0x(____ptrval____) (in kfence-#165): [ 66.095454] test_krealloc+0x6fc/0xbe0 [ 66.095700] kunit_try_run_case+0x1a5/0x480 [ 66.096081] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 66.096687] kthread+0x337/0x6f0 [ 66.097030] ret_from_fork+0x116/0x1d0 [ 66.097295] ret_from_fork_asm+0x1a/0x30 [ 66.097734] [ 66.097884] kfence-#165: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 66.097884] [ 66.098338] allocated by task 367 on cpu 0 at 66.092709s (0.005623s ago): [ 66.098993] test_alloc+0x364/0x10f0 [ 66.099362] test_krealloc+0xad/0xbe0 [ 66.099853] kunit_try_run_case+0x1a5/0x480 [ 66.100180] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 66.100484] kthread+0x337/0x6f0 [ 66.100846] ret_from_fork+0x116/0x1d0 [ 66.101300] ret_from_fork_asm+0x1a/0x30 [ 66.101751] [ 66.101955] freed by task 367 on cpu 0 at 66.093088s (0.008860s ago): [ 66.102396] krealloc_noprof+0x108/0x340 [ 66.102865] test_krealloc+0x226/0xbe0 [ 66.103247] kunit_try_run_case+0x1a5/0x480 [ 66.103572] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 66.104092] kthread+0x337/0x6f0 [ 66.104362] ret_from_fork+0x116/0x1d0 [ 66.104742] ret_from_fork_asm+0x1a/0x30 [ 66.105111] [ 66.105312] CPU: 0 UID: 0 PID: 367 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 66.106273] Tainted: [B]=BAD_PAGE, [N]=TEST [ 66.106721] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 66.107305] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 65.995959] ================================================================== [ 65.996354] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 65.996354] [ 65.996828] Use-after-free read at 0x(____ptrval____) (in kfence-#164): [ 65.997121] test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 65.997405] kunit_try_run_case+0x1a5/0x480 [ 65.997706] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 65.998016] kthread+0x337/0x6f0 [ 65.998297] ret_from_fork+0x116/0x1d0 [ 65.998554] ret_from_fork_asm+0x1a/0x30 [ 65.998799] [ 65.998938] kfence-#164: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 65.998938] [ 65.999364] allocated by task 365 on cpu 0 at 65.988690s (0.010668s ago): [ 66.000061] test_alloc+0x2a6/0x10f0 [ 66.000415] test_memcache_typesafe_by_rcu+0x16f/0x670 [ 66.000859] kunit_try_run_case+0x1a5/0x480 [ 66.001152] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 66.001678] kthread+0x337/0x6f0 [ 66.002028] ret_from_fork+0x116/0x1d0 [ 66.002291] ret_from_fork_asm+0x1a/0x30 [ 66.002557] [ 66.002735] freed by task 365 on cpu 0 at 65.988902s (0.013827s ago): [ 66.003340] test_memcache_typesafe_by_rcu+0x1bf/0x670 [ 66.003890] kunit_try_run_case+0x1a5/0x480 [ 66.004321] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 66.004748] kthread+0x337/0x6f0 [ 66.004980] ret_from_fork+0x116/0x1d0 [ 66.005360] ret_from_fork_asm+0x1a/0x30 [ 66.005811] [ 66.006083] CPU: 0 UID: 0 PID: 365 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 66.007049] Tainted: [B]=BAD_PAGE, [N]=TEST [ 66.007406] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 66.007882] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 42.090311] ================================================================== [ 42.090952] BUG: KFENCE: invalid read in test_invalid_access+0xf0/0x210 [ 42.090952] [ 42.092196] Invalid read at 0x(____ptrval____): [ 42.092593] test_invalid_access+0xf0/0x210 [ 42.092884] kunit_try_run_case+0x1a5/0x480 [ 42.093444] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 42.094145] kthread+0x337/0x6f0 [ 42.094510] ret_from_fork+0x116/0x1d0 [ 42.094933] ret_from_fork_asm+0x1a/0x30 [ 42.095452] [ 42.095803] CPU: 1 UID: 0 PID: 361 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 42.096755] Tainted: [B]=BAD_PAGE, [N]=TEST [ 42.097004] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 42.097686] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 41.861102] ================================================================== [ 41.861601] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x24f/0x340 [ 41.861601] [ 41.862263] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#160): [ 41.863194] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 41.863755] kunit_try_run_case+0x1a5/0x480 [ 41.864200] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 41.864745] kthread+0x337/0x6f0 [ 41.865027] ret_from_fork+0x116/0x1d0 [ 41.865403] ret_from_fork_asm+0x1a/0x30 [ 41.865682] [ 41.865877] kfence-#160: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 41.865877] [ 41.866645] allocated by task 355 on cpu 1 at 41.860691s (0.005933s ago): [ 41.867062] test_alloc+0x364/0x10f0 [ 41.867430] test_kmalloc_aligned_oob_write+0xc8/0x340 [ 41.867973] kunit_try_run_case+0x1a5/0x480 [ 41.868352] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 41.868670] kthread+0x337/0x6f0 [ 41.869015] ret_from_fork+0x116/0x1d0 [ 41.869421] ret_from_fork_asm+0x1a/0x30 [ 41.869866] [ 41.870079] freed by task 355 on cpu 1 at 41.860918s (0.009155s ago): [ 41.870522] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 41.870837] kunit_try_run_case+0x1a5/0x480 [ 41.871251] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 41.871783] kthread+0x337/0x6f0 [ 41.872154] ret_from_fork+0x116/0x1d0 [ 41.872552] ret_from_fork_asm+0x1a/0x30 [ 41.872916] [ 41.873120] CPU: 1 UID: 0 PID: 355 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 41.874060] Tainted: [B]=BAD_PAGE, [N]=TEST [ 41.874546] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 41.875155] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 41.653005] ================================================================== [ 41.653554] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x27e/0x560 [ 41.653554] [ 41.654213] Out-of-bounds read at 0x(____ptrval____) (105B right of kfence-#158): [ 41.654797] test_kmalloc_aligned_oob_read+0x27e/0x560 [ 41.655103] kunit_try_run_case+0x1a5/0x480 [ 41.655513] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 41.656107] kthread+0x337/0x6f0 [ 41.656471] ret_from_fork+0x116/0x1d0 [ 41.656828] ret_from_fork_asm+0x1a/0x30 [ 41.657125] [ 41.657330] kfence-#158: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 41.657330] [ 41.658210] allocated by task 353 on cpu 1 at 41.652674s (0.005529s ago): [ 41.658669] test_alloc+0x364/0x10f0 [ 41.659083] test_kmalloc_aligned_oob_read+0x105/0x560 [ 41.659592] kunit_try_run_case+0x1a5/0x480 [ 41.659926] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 41.660239] kthread+0x337/0x6f0 [ 41.660608] ret_from_fork+0x116/0x1d0 [ 41.661104] ret_from_fork_asm+0x1a/0x30 [ 41.661524] [ 41.661831] CPU: 1 UID: 0 PID: 353 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 41.662628] Tainted: [B]=BAD_PAGE, [N]=TEST [ 41.663035] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 41.663592] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-test_corruption
[ 37.805111] ================================================================== [ 37.805725] BUG: KFENCE: memory corruption in test_corruption+0x2d2/0x3e0 [ 37.805725] [ 37.806415] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#121): [ 37.808251] test_corruption+0x2d2/0x3e0 [ 37.808670] kunit_try_run_case+0x1a5/0x480 [ 37.809147] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 37.809670] kthread+0x337/0x6f0 [ 37.810007] ret_from_fork+0x116/0x1d0 [ 37.810381] ret_from_fork_asm+0x1a/0x30 [ 37.810750] [ 37.810994] kfence-#121: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 37.810994] [ 37.811742] allocated by task 341 on cpu 1 at 37.804702s (0.007034s ago): [ 37.812395] test_alloc+0x364/0x10f0 [ 37.812740] test_corruption+0xe6/0x3e0 [ 37.813151] kunit_try_run_case+0x1a5/0x480 [ 37.813607] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 37.813977] kthread+0x337/0x6f0 [ 37.814400] ret_from_fork+0x116/0x1d0 [ 37.814804] ret_from_fork_asm+0x1a/0x30 [ 37.815071] [ 37.815213] freed by task 341 on cpu 1 at 37.804851s (0.010356s ago): [ 37.815728] test_corruption+0x2d2/0x3e0 [ 37.816100] kunit_try_run_case+0x1a5/0x480 [ 37.816550] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 37.817065] kthread+0x337/0x6f0 [ 37.817311] ret_from_fork+0x116/0x1d0 [ 37.817643] ret_from_fork_asm+0x1a/0x30 [ 37.818060] [ 37.818330] CPU: 1 UID: 0 PID: 341 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 37.819191] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.819506] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 37.820133] ================================================================== [ 38.740764] ================================================================== [ 38.741285] BUG: KFENCE: memory corruption in test_corruption+0x216/0x3e0 [ 38.741285] [ 38.741975] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#130): [ 38.742571] test_corruption+0x216/0x3e0 [ 38.743034] kunit_try_run_case+0x1a5/0x480 [ 38.743472] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 38.743859] kthread+0x337/0x6f0 [ 38.744230] ret_from_fork+0x116/0x1d0 [ 38.744714] ret_from_fork_asm+0x1a/0x30 [ 38.745038] [ 38.745238] kfence-#130: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 38.745238] [ 38.746095] allocated by task 343 on cpu 1 at 38.740573s (0.005515s ago): [ 38.746467] test_alloc+0x2a6/0x10f0 [ 38.746776] test_corruption+0x1cb/0x3e0 [ 38.747195] kunit_try_run_case+0x1a5/0x480 [ 38.747710] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 38.748263] kthread+0x337/0x6f0 [ 38.748577] ret_from_fork+0x116/0x1d0 [ 38.749003] ret_from_fork_asm+0x1a/0x30 [ 38.749339] [ 38.749560] freed by task 343 on cpu 1 at 38.740659s (0.008894s ago): [ 38.750009] test_corruption+0x216/0x3e0 [ 38.750323] kunit_try_run_case+0x1a5/0x480 [ 38.750765] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 38.751311] kthread+0x337/0x6f0 [ 38.751650] ret_from_fork+0x116/0x1d0 [ 38.751947] ret_from_fork_asm+0x1a/0x30 [ 38.752210] [ 38.752447] CPU: 1 UID: 0 PID: 343 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 38.753557] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.753949] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 38.754446] ================================================================== [ 38.220895] ================================================================== [ 38.221452] BUG: KFENCE: memory corruption in test_corruption+0x131/0x3e0 [ 38.221452] [ 38.222071] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#125): [ 38.223318] test_corruption+0x131/0x3e0 [ 38.223785] kunit_try_run_case+0x1a5/0x480 [ 38.224191] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 38.224714] kthread+0x337/0x6f0 [ 38.224958] ret_from_fork+0x116/0x1d0 [ 38.225378] ret_from_fork_asm+0x1a/0x30 [ 38.225855] [ 38.226104] kfence-#125: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 38.226104] [ 38.226654] allocated by task 343 on cpu 1 at 38.220692s (0.005956s ago): [ 38.227549] test_alloc+0x2a6/0x10f0 [ 38.227853] test_corruption+0xe6/0x3e0 [ 38.228304] kunit_try_run_case+0x1a5/0x480 [ 38.228714] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 38.229310] kthread+0x337/0x6f0 [ 38.229610] ret_from_fork+0x116/0x1d0 [ 38.230015] ret_from_fork_asm+0x1a/0x30 [ 38.230338] [ 38.230482] freed by task 343 on cpu 1 at 38.220780s (0.009695s ago): [ 38.231155] test_corruption+0x131/0x3e0 [ 38.231599] kunit_try_run_case+0x1a5/0x480 [ 38.232039] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 38.232390] kthread+0x337/0x6f0 [ 38.232851] ret_from_fork+0x116/0x1d0 [ 38.233241] ret_from_fork_asm+0x1a/0x30 [ 38.233631] [ 38.233884] CPU: 1 UID: 0 PID: 343 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 38.234570] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.234785] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 38.235137] ================================================================== [ 38.117058] ================================================================== [ 38.117613] BUG: KFENCE: memory corruption in test_corruption+0x2df/0x3e0 [ 38.117613] [ 38.118181] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#124): [ 38.118726] test_corruption+0x2df/0x3e0 [ 38.119141] kunit_try_run_case+0x1a5/0x480 [ 38.119492] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 38.119881] kthread+0x337/0x6f0 [ 38.120279] ret_from_fork+0x116/0x1d0 [ 38.120620] ret_from_fork_asm+0x1a/0x30 [ 38.120949] [ 38.121146] kfence-#124: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 38.121146] [ 38.121759] allocated by task 341 on cpu 1 at 38.116654s (0.005100s ago): [ 38.122309] test_alloc+0x364/0x10f0 [ 38.122688] test_corruption+0x1cb/0x3e0 [ 38.122936] kunit_try_run_case+0x1a5/0x480 [ 38.123270] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 38.123792] kthread+0x337/0x6f0 [ 38.124167] ret_from_fork+0x116/0x1d0 [ 38.124563] ret_from_fork_asm+0x1a/0x30 [ 38.124968] [ 38.125168] freed by task 341 on cpu 1 at 38.116807s (0.008355s ago): [ 38.125749] test_corruption+0x2df/0x3e0 [ 38.126015] kunit_try_run_case+0x1a5/0x480 [ 38.126278] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 38.126615] kthread+0x337/0x6f0 [ 38.126979] ret_from_fork+0x116/0x1d0 [ 38.127363] ret_from_fork_asm+0x1a/0x30 [ 38.127828] [ 38.128069] CPU: 1 UID: 0 PID: 341 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 38.128775] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.129016] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 38.129776] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 29.241488] ================================================================== [ 29.242837] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 29.243445] Read of size 18446744073709551614 at addr ffff888102d0b104 by task kunit_try_catch/210 [ 29.244005] [ 29.244386] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 29.244502] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.244532] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.244601] Call Trace: [ 29.244663] <TASK> [ 29.244711] dump_stack_lvl+0x73/0xb0 [ 29.244807] print_report+0xd1/0x650 [ 29.244863] ? __virt_addr_valid+0x1db/0x2d0 [ 29.244922] ? kmalloc_memmove_negative_size+0x171/0x330 [ 29.244981] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.245209] ? kmalloc_memmove_negative_size+0x171/0x330 [ 29.245342] kasan_report+0x141/0x180 [ 29.245405] ? kmalloc_memmove_negative_size+0x171/0x330 [ 29.245471] kasan_check_range+0x10c/0x1c0 [ 29.245526] __asan_memmove+0x27/0x70 [ 29.245582] kmalloc_memmove_negative_size+0x171/0x330 [ 29.245616] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 29.245664] ? __schedule+0x10cc/0x2b60 [ 29.245698] ? __pfx_read_tsc+0x10/0x10 [ 29.245727] ? ktime_get_ts64+0x86/0x230 [ 29.245758] kunit_try_run_case+0x1a5/0x480 [ 29.245791] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.245820] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.245850] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.245880] ? __kthread_parkme+0x82/0x180 [ 29.245907] ? preempt_count_sub+0x50/0x80 [ 29.245937] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.245967] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.245997] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.246027] kthread+0x337/0x6f0 [ 29.246056] ? trace_preempt_on+0x20/0xc0 [ 29.246134] ? __pfx_kthread+0x10/0x10 [ 29.246181] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.246213] ? calculate_sigpending+0x7b/0xa0 [ 29.246245] ? __pfx_kthread+0x10/0x10 [ 29.246273] ret_from_fork+0x116/0x1d0 [ 29.246299] ? __pfx_kthread+0x10/0x10 [ 29.246326] ret_from_fork_asm+0x1a/0x30 [ 29.246364] </TASK> [ 29.246379] [ 29.262513] Allocated by task 210: [ 29.263272] kasan_save_stack+0x45/0x70 [ 29.263677] kasan_save_track+0x18/0x40 [ 29.264189] kasan_save_alloc_info+0x3b/0x50 [ 29.264690] __kasan_kmalloc+0xb7/0xc0 [ 29.265536] __kmalloc_cache_noprof+0x189/0x420 [ 29.266088] kmalloc_memmove_negative_size+0xac/0x330 [ 29.266584] kunit_try_run_case+0x1a5/0x480 [ 29.267018] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.267728] kthread+0x337/0x6f0 [ 29.267943] ret_from_fork+0x116/0x1d0 [ 29.268466] ret_from_fork_asm+0x1a/0x30 [ 29.268912] [ 29.269444] The buggy address belongs to the object at ffff888102d0b100 [ 29.269444] which belongs to the cache kmalloc-64 of size 64 [ 29.270399] The buggy address is located 4 bytes inside of [ 29.270399] 64-byte region [ffff888102d0b100, ffff888102d0b140) [ 29.271553] [ 29.271820] The buggy address belongs to the physical page: [ 29.272397] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d0b [ 29.272986] flags: 0x200000000000000(node=0|zone=2) [ 29.273782] page_type: f5(slab) [ 29.274088] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.274858] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.275597] page dumped because: kasan: bad access detected [ 29.276027] [ 29.276361] Memory state around the buggy address: [ 29.276878] ffff888102d0b000: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc [ 29.277772] ffff888102d0b080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.278402] >ffff888102d0b100: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 29.279199] ^ [ 29.279403] ffff888102d0b180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.280285] ffff888102d0b200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.280698] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 37.492862] ================================================================== [ 37.493454] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1e1/0x260 [ 37.493454] [ 37.494103] Invalid free of 0x(____ptrval____) (in kfence-#118): [ 37.495100] test_invalid_addr_free+0x1e1/0x260 [ 37.495416] kunit_try_run_case+0x1a5/0x480 [ 37.495703] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 37.496061] kthread+0x337/0x6f0 [ 37.496434] ret_from_fork+0x116/0x1d0 [ 37.496762] ret_from_fork_asm+0x1a/0x30 [ 37.497427] [ 37.497654] kfence-#118: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 37.497654] [ 37.498295] allocated by task 337 on cpu 0 at 37.492644s (0.005645s ago): [ 37.499165] test_alloc+0x364/0x10f0 [ 37.499456] test_invalid_addr_free+0xdb/0x260 [ 37.499982] kunit_try_run_case+0x1a5/0x480 [ 37.500251] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 37.500943] kthread+0x337/0x6f0 [ 37.501183] ret_from_fork+0x116/0x1d0 [ 37.501499] ret_from_fork_asm+0x1a/0x30 [ 37.501853] [ 37.502044] CPU: 0 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 37.503242] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.503609] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 37.504352] ================================================================== [ 37.596878] ================================================================== [ 37.597476] BUG: KFENCE: invalid free in test_invalid_addr_free+0xfb/0x260 [ 37.597476] [ 37.598095] Invalid free of 0x(____ptrval____) (in kfence-#119): [ 37.598414] test_invalid_addr_free+0xfb/0x260 [ 37.598767] kunit_try_run_case+0x1a5/0x480 [ 37.599196] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 37.599790] kthread+0x337/0x6f0 [ 37.600042] ret_from_fork+0x116/0x1d0 [ 37.600399] ret_from_fork_asm+0x1a/0x30 [ 37.600811] [ 37.601031] kfence-#119: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 37.601031] [ 37.601506] allocated by task 339 on cpu 1 at 37.596689s (0.004812s ago): [ 37.602187] test_alloc+0x2a6/0x10f0 [ 37.602577] test_invalid_addr_free+0xdb/0x260 [ 37.602916] kunit_try_run_case+0x1a5/0x480 [ 37.603183] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 37.603659] kthread+0x337/0x6f0 [ 37.604074] ret_from_fork+0x116/0x1d0 [ 37.604395] ret_from_fork_asm+0x1a/0x30 [ 37.604749] [ 37.605002] CPU: 1 UID: 0 PID: 339 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 37.605918] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.606239] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 37.606971] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-free-in-test_double_free
[ 37.388887] ================================================================== [ 37.389413] BUG: KFENCE: invalid free in test_double_free+0x112/0x260 [ 37.389413] [ 37.390048] Invalid free of 0x(____ptrval____) (in kfence-#117): [ 37.390383] test_double_free+0x112/0x260 [ 37.390840] kunit_try_run_case+0x1a5/0x480 [ 37.391301] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 37.391681] kthread+0x337/0x6f0 [ 37.392034] ret_from_fork+0x116/0x1d0 [ 37.392481] ret_from_fork_asm+0x1a/0x30 [ 37.392971] [ 37.393191] kfence-#117: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 37.393191] [ 37.393724] allocated by task 335 on cpu 1 at 37.388619s (0.005099s ago): [ 37.394500] test_alloc+0x2a6/0x10f0 [ 37.394912] test_double_free+0xdb/0x260 [ 37.395166] kunit_try_run_case+0x1a5/0x480 [ 37.395516] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 37.396122] kthread+0x337/0x6f0 [ 37.396485] ret_from_fork+0x116/0x1d0 [ 37.396908] ret_from_fork_asm+0x1a/0x30 [ 37.397174] [ 37.397398] freed by task 335 on cpu 1 at 37.388710s (0.008682s ago): [ 37.398011] test_double_free+0xfa/0x260 [ 37.398353] kunit_try_run_case+0x1a5/0x480 [ 37.398781] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 37.399238] kthread+0x337/0x6f0 [ 37.399517] ret_from_fork+0x116/0x1d0 [ 37.399957] ret_from_fork_asm+0x1a/0x30 [ 37.400380] [ 37.400664] CPU: 1 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 37.401606] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.401915] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 37.402472] ================================================================== [ 37.285037] ================================================================== [ 37.285618] BUG: KFENCE: invalid free in test_double_free+0x1d3/0x260 [ 37.285618] [ 37.286203] Invalid free of 0x(____ptrval____) (in kfence-#116): [ 37.286630] test_double_free+0x1d3/0x260 [ 37.286888] kunit_try_run_case+0x1a5/0x480 [ 37.287359] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 37.287889] kthread+0x337/0x6f0 [ 37.288314] ret_from_fork+0x116/0x1d0 [ 37.288618] ret_from_fork_asm+0x1a/0x30 [ 37.288875] [ 37.289071] kfence-#116: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 37.289071] [ 37.289955] allocated by task 333 on cpu 1 at 37.284660s (0.005288s ago): [ 37.290574] test_alloc+0x364/0x10f0 [ 37.290881] test_double_free+0xdb/0x260 [ 37.291229] kunit_try_run_case+0x1a5/0x480 [ 37.291648] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 37.292161] kthread+0x337/0x6f0 [ 37.292462] ret_from_fork+0x116/0x1d0 [ 37.292901] ret_from_fork_asm+0x1a/0x30 [ 37.293157] [ 37.293288] freed by task 333 on cpu 1 at 37.284786s (0.008497s ago): [ 37.293836] test_double_free+0x1e0/0x260 [ 37.294268] kunit_try_run_case+0x1a5/0x480 [ 37.294780] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 37.295315] kthread+0x337/0x6f0 [ 37.295563] ret_from_fork+0x116/0x1d0 [ 37.295791] ret_from_fork_asm+0x1a/0x30 [ 37.296205] [ 37.296484] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 37.297569] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.298002] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 37.298510] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 36.869044] ================================================================== [ 36.869691] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 36.869691] [ 36.870476] Use-after-free read at 0x(____ptrval____) (in kfence-#112): [ 36.871142] test_use_after_free_read+0x129/0x270 [ 36.871597] kunit_try_run_case+0x1a5/0x480 [ 36.871966] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.872343] kthread+0x337/0x6f0 [ 36.872602] ret_from_fork+0x116/0x1d0 [ 36.872902] ret_from_fork_asm+0x1a/0x30 [ 36.873315] [ 36.873579] kfence-#112: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 36.873579] [ 36.874294] allocated by task 325 on cpu 1 at 36.868674s (0.005614s ago): [ 36.874843] test_alloc+0x364/0x10f0 [ 36.875159] test_use_after_free_read+0xdc/0x270 [ 36.875631] kunit_try_run_case+0x1a5/0x480 [ 36.876076] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.876457] kthread+0x337/0x6f0 [ 36.876854] ret_from_fork+0x116/0x1d0 [ 36.877200] ret_from_fork_asm+0x1a/0x30 [ 36.877517] [ 36.877675] freed by task 325 on cpu 1 at 36.868791s (0.008877s ago): [ 36.878030] test_use_after_free_read+0x1e7/0x270 [ 36.878458] kunit_try_run_case+0x1a5/0x480 [ 36.878922] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.879432] kthread+0x337/0x6f0 [ 36.879858] ret_from_fork+0x116/0x1d0 [ 36.880116] ret_from_fork_asm+0x1a/0x30 [ 36.880372] [ 36.880633] CPU: 1 UID: 0 PID: 325 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 36.881915] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.882331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 36.883042] ================================================================== [ 36.972910] ================================================================== [ 36.973475] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 36.973475] [ 36.974147] Use-after-free read at 0x(____ptrval____) (in kfence-#113): [ 36.974665] test_use_after_free_read+0x129/0x270 [ 36.975042] kunit_try_run_case+0x1a5/0x480 [ 36.975557] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.976055] kthread+0x337/0x6f0 [ 36.976304] ret_from_fork+0x116/0x1d0 [ 36.976653] ret_from_fork_asm+0x1a/0x30 [ 36.977028] [ 36.977222] kfence-#113: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 36.977222] [ 36.977755] allocated by task 327 on cpu 0 at 36.972680s (0.005069s ago): [ 36.978343] test_alloc+0x2a6/0x10f0 [ 36.978759] test_use_after_free_read+0xdc/0x270 [ 36.979081] kunit_try_run_case+0x1a5/0x480 [ 36.979414] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.979767] kthread+0x337/0x6f0 [ 36.980138] ret_from_fork+0x116/0x1d0 [ 36.980510] ret_from_fork_asm+0x1a/0x30 [ 36.980820] [ 36.980959] freed by task 327 on cpu 0 at 36.972764s (0.008189s ago): [ 36.981622] test_use_after_free_read+0xfb/0x270 [ 36.982068] kunit_try_run_case+0x1a5/0x480 [ 36.982401] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.982714] kthread+0x337/0x6f0 [ 36.982935] ret_from_fork+0x116/0x1d0 [ 36.983318] ret_from_fork_asm+0x1a/0x30 [ 36.983882] [ 36.984133] CPU: 0 UID: 0 PID: 327 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 36.985114] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.985360] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 36.986296] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 36.556895] ================================================================== [ 36.557273] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 36.557273] [ 36.557726] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#109): [ 36.558217] test_out_of_bounds_write+0x10d/0x260 [ 36.558496] kunit_try_run_case+0x1a5/0x480 [ 36.558887] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.559322] kthread+0x337/0x6f0 [ 36.559700] ret_from_fork+0x116/0x1d0 [ 36.559968] ret_from_fork_asm+0x1a/0x30 [ 36.560223] [ 36.560358] kfence-#109: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 36.560358] [ 36.561249] allocated by task 321 on cpu 1 at 36.556696s (0.004546s ago): [ 36.562022] test_alloc+0x364/0x10f0 [ 36.562418] test_out_of_bounds_write+0xd4/0x260 [ 36.562849] kunit_try_run_case+0x1a5/0x480 [ 36.563203] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.563792] kthread+0x337/0x6f0 [ 36.564178] ret_from_fork+0x116/0x1d0 [ 36.564497] ret_from_fork_asm+0x1a/0x30 [ 36.564821] [ 36.565007] CPU: 1 UID: 0 PID: 321 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 36.566137] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.566564] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 36.567207] ================================================================== [ 36.764766] ================================================================== [ 36.765378] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 36.765378] [ 36.766057] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#111): [ 36.766415] test_out_of_bounds_write+0x10d/0x260 [ 36.766935] kunit_try_run_case+0x1a5/0x480 [ 36.767274] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.767742] kthread+0x337/0x6f0 [ 36.768108] ret_from_fork+0x116/0x1d0 [ 36.768483] ret_from_fork_asm+0x1a/0x30 [ 36.768779] [ 36.768970] kfence-#111: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 36.768970] [ 36.769417] allocated by task 323 on cpu 1 at 36.764673s (0.004738s ago): [ 36.770082] test_alloc+0x2a6/0x10f0 [ 36.770451] test_out_of_bounds_write+0xd4/0x260 [ 36.770821] kunit_try_run_case+0x1a5/0x480 [ 36.771098] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.771609] kthread+0x337/0x6f0 [ 36.772071] ret_from_fork+0x116/0x1d0 [ 36.772380] ret_from_fork_asm+0x1a/0x30 [ 36.772792] [ 36.772996] CPU: 1 UID: 0 PID: 323 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 36.773651] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.774142] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 36.774912] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 36.452758] ================================================================== [ 36.453300] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 36.453300] [ 36.454004] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#108): [ 36.454657] test_out_of_bounds_read+0x216/0x4e0 [ 36.455213] kunit_try_run_case+0x1a5/0x480 [ 36.455687] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.456078] kthread+0x337/0x6f0 [ 36.456424] ret_from_fork+0x116/0x1d0 [ 36.456966] ret_from_fork_asm+0x1a/0x30 [ 36.457385] [ 36.457612] kfence-#108: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 36.457612] [ 36.458204] allocated by task 319 on cpu 0 at 36.452672s (0.005526s ago): [ 36.458816] test_alloc+0x2a6/0x10f0 [ 36.459163] test_out_of_bounds_read+0x1e2/0x4e0 [ 36.459616] kunit_try_run_case+0x1a5/0x480 [ 36.460044] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.460520] kthread+0x337/0x6f0 [ 36.460868] ret_from_fork+0x116/0x1d0 [ 36.461118] ret_from_fork_asm+0x1a/0x30 [ 36.461428] [ 36.461748] CPU: 0 UID: 0 PID: 319 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 36.462852] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.463268] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 36.464039] ================================================================== [ 36.348792] ================================================================== [ 36.349340] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 36.349340] [ 36.350079] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#107): [ 36.350783] test_out_of_bounds_read+0x126/0x4e0 [ 36.351040] kunit_try_run_case+0x1a5/0x480 [ 36.351306] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.351830] kthread+0x337/0x6f0 [ 36.352255] ret_from_fork+0x116/0x1d0 [ 36.352682] ret_from_fork_asm+0x1a/0x30 [ 36.352979] [ 36.353118] kfence-#107: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 36.353118] [ 36.353653] allocated by task 319 on cpu 0 at 36.348693s (0.004954s ago): [ 36.354515] test_alloc+0x2a6/0x10f0 [ 36.355011] test_out_of_bounds_read+0xed/0x4e0 [ 36.355283] kunit_try_run_case+0x1a5/0x480 [ 36.355565] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.355929] kthread+0x337/0x6f0 [ 36.356345] ret_from_fork+0x116/0x1d0 [ 36.356809] ret_from_fork_asm+0x1a/0x30 [ 36.357254] [ 36.357560] CPU: 0 UID: 0 PID: 319 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 36.358396] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.358655] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 36.359457] ================================================================== [ 36.244903] ================================================================== [ 36.245456] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 36.245456] [ 36.246194] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#106): [ 36.246778] test_out_of_bounds_read+0x216/0x4e0 [ 36.247085] kunit_try_run_case+0x1a5/0x480 [ 36.247510] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.247951] kthread+0x337/0x6f0 [ 36.248213] ret_from_fork+0x116/0x1d0 [ 36.248615] ret_from_fork_asm+0x1a/0x30 [ 36.248932] [ 36.249072] kfence-#106: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 36.249072] [ 36.249802] allocated by task 317 on cpu 1 at 36.244650s (0.005145s ago): [ 36.250380] test_alloc+0x364/0x10f0 [ 36.250755] test_out_of_bounds_read+0x1e2/0x4e0 [ 36.251035] kunit_try_run_case+0x1a5/0x480 [ 36.251458] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.252008] kthread+0x337/0x6f0 [ 36.252372] ret_from_fork+0x116/0x1d0 [ 36.252744] ret_from_fork_asm+0x1a/0x30 [ 36.253013] [ 36.253194] CPU: 1 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 36.254336] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.254782] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 36.255328] ================================================================== [ 36.141924] ================================================================== [ 36.142527] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 36.142527] [ 36.143296] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#105): [ 36.144057] test_out_of_bounds_read+0x126/0x4e0 [ 36.144521] kunit_try_run_case+0x1a5/0x480 [ 36.144993] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.145389] kthread+0x337/0x6f0 [ 36.145791] ret_from_fork+0x116/0x1d0 [ 36.146119] ret_from_fork_asm+0x1a/0x30 [ 36.146449] [ 36.146658] kfence-#105: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 36.146658] [ 36.147398] allocated by task 317 on cpu 1 at 36.140627s (0.006765s ago): [ 36.148112] test_alloc+0x364/0x10f0 [ 36.148502] test_out_of_bounds_read+0xed/0x4e0 [ 36.148934] kunit_try_run_case+0x1a5/0x480 [ 36.149258] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.149778] kthread+0x337/0x6f0 [ 36.150135] ret_from_fork+0x116/0x1d0 [ 36.150487] ret_from_fork_asm+0x1a/0x30 [ 36.150817] [ 36.151086] CPU: 1 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 36.152087] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.152321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 36.153147] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 29.195462] ================================================================== [ 29.196712] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 29.197166] Write of size 16 at addr ffff888100aae869 by task kunit_try_catch/208 [ 29.197736] [ 29.198013] CPU: 1 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 29.198128] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.198161] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.198212] Call Trace: [ 29.198245] <TASK> [ 29.198288] dump_stack_lvl+0x73/0xb0 [ 29.198365] print_report+0xd1/0x650 [ 29.198424] ? __virt_addr_valid+0x1db/0x2d0 [ 29.198677] ? kmalloc_oob_memset_16+0x166/0x330 [ 29.198736] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.198801] ? kmalloc_oob_memset_16+0x166/0x330 [ 29.198856] kasan_report+0x141/0x180 [ 29.198914] ? kmalloc_oob_memset_16+0x166/0x330 [ 29.198984] kasan_check_range+0x10c/0x1c0 [ 29.199035] __asan_memset+0x27/0x50 [ 29.199097] kmalloc_oob_memset_16+0x166/0x330 [ 29.199161] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 29.199213] ? __schedule+0x10cc/0x2b60 [ 29.199256] ? __pfx_read_tsc+0x10/0x10 [ 29.199287] ? ktime_get_ts64+0x86/0x230 [ 29.199322] kunit_try_run_case+0x1a5/0x480 [ 29.199358] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.199387] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.199419] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.199450] ? __kthread_parkme+0x82/0x180 [ 29.199479] ? preempt_count_sub+0x50/0x80 [ 29.199509] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.199560] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.199593] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.199624] kthread+0x337/0x6f0 [ 29.199683] ? trace_preempt_on+0x20/0xc0 [ 29.199716] ? __pfx_kthread+0x10/0x10 [ 29.199744] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.199774] ? calculate_sigpending+0x7b/0xa0 [ 29.199804] ? __pfx_kthread+0x10/0x10 [ 29.199844] ret_from_fork+0x116/0x1d0 [ 29.199869] ? __pfx_kthread+0x10/0x10 [ 29.199896] ret_from_fork_asm+0x1a/0x30 [ 29.199935] </TASK> [ 29.199949] [ 29.214784] Allocated by task 208: [ 29.215493] kasan_save_stack+0x45/0x70 [ 29.216032] kasan_save_track+0x18/0x40 [ 29.216675] kasan_save_alloc_info+0x3b/0x50 [ 29.217239] __kasan_kmalloc+0xb7/0xc0 [ 29.217719] __kmalloc_cache_noprof+0x189/0x420 [ 29.218334] kmalloc_oob_memset_16+0xac/0x330 [ 29.218871] kunit_try_run_case+0x1a5/0x480 [ 29.219443] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.220181] kthread+0x337/0x6f0 [ 29.220484] ret_from_fork+0x116/0x1d0 [ 29.220932] ret_from_fork_asm+0x1a/0x30 [ 29.221519] [ 29.221759] The buggy address belongs to the object at ffff888100aae800 [ 29.221759] which belongs to the cache kmalloc-128 of size 128 [ 29.222633] The buggy address is located 105 bytes inside of [ 29.222633] allocated 120-byte region [ffff888100aae800, ffff888100aae878) [ 29.224008] [ 29.224215] The buggy address belongs to the physical page: [ 29.224621] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aae [ 29.225608] flags: 0x200000000000000(node=0|zone=2) [ 29.226041] page_type: f5(slab) [ 29.226601] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.227268] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.228103] page dumped because: kasan: bad access detected [ 29.228370] [ 29.228764] Memory state around the buggy address: [ 29.229470] ffff888100aae700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.230211] ffff888100aae780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.230848] >ffff888100aae800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.231673] ^ [ 29.232282] ffff888100aae880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.232995] ffff888100aae900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.233681] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 29.156425] ================================================================== [ 29.157325] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 29.157992] Write of size 8 at addr ffff888102dcfb71 by task kunit_try_catch/206 [ 29.159005] [ 29.159393] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 29.159696] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.159718] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.159745] Call Trace: [ 29.159761] <TASK> [ 29.159783] dump_stack_lvl+0x73/0xb0 [ 29.159838] print_report+0xd1/0x650 [ 29.159870] ? __virt_addr_valid+0x1db/0x2d0 [ 29.159901] ? kmalloc_oob_memset_8+0x166/0x330 [ 29.159928] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.159962] ? kmalloc_oob_memset_8+0x166/0x330 [ 29.159989] kasan_report+0x141/0x180 [ 29.160017] ? kmalloc_oob_memset_8+0x166/0x330 [ 29.160050] kasan_check_range+0x10c/0x1c0 [ 29.160079] __asan_memset+0x27/0x50 [ 29.160108] kmalloc_oob_memset_8+0x166/0x330 [ 29.160137] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 29.160167] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 29.160199] kunit_try_run_case+0x1a5/0x480 [ 29.160230] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.160259] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.160291] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.160322] ? __kthread_parkme+0x82/0x180 [ 29.160348] ? preempt_count_sub+0x50/0x80 [ 29.160378] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.160408] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.160438] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.160468] kthread+0x337/0x6f0 [ 29.160492] ? trace_preempt_on+0x20/0xc0 [ 29.160521] ? __pfx_kthread+0x10/0x10 [ 29.160568] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.160600] ? calculate_sigpending+0x7b/0xa0 [ 29.160635] ? __pfx_kthread+0x10/0x10 [ 29.160685] ret_from_fork+0x116/0x1d0 [ 29.160713] ? __pfx_kthread+0x10/0x10 [ 29.160741] ret_from_fork_asm+0x1a/0x30 [ 29.160781] </TASK> [ 29.160795] [ 29.172992] Allocated by task 206: [ 29.173375] kasan_save_stack+0x45/0x70 [ 29.173865] kasan_save_track+0x18/0x40 [ 29.174316] kasan_save_alloc_info+0x3b/0x50 [ 29.174770] __kasan_kmalloc+0xb7/0xc0 [ 29.175021] __kmalloc_cache_noprof+0x189/0x420 [ 29.175478] kmalloc_oob_memset_8+0xac/0x330 [ 29.175993] kunit_try_run_case+0x1a5/0x480 [ 29.176424] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.176785] kthread+0x337/0x6f0 [ 29.177142] ret_from_fork+0x116/0x1d0 [ 29.177573] ret_from_fork_asm+0x1a/0x30 [ 29.178016] [ 29.178212] The buggy address belongs to the object at ffff888102dcfb00 [ 29.178212] which belongs to the cache kmalloc-128 of size 128 [ 29.179218] The buggy address is located 113 bytes inside of [ 29.179218] allocated 120-byte region [ffff888102dcfb00, ffff888102dcfb78) [ 29.180249] [ 29.180447] The buggy address belongs to the physical page: [ 29.180798] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102dcf [ 29.181482] flags: 0x200000000000000(node=0|zone=2) [ 29.182034] page_type: f5(slab) [ 29.182264] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.182805] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.183658] page dumped because: kasan: bad access detected [ 29.184236] [ 29.184512] Memory state around the buggy address: [ 29.184966] ffff888102dcfa00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.185495] ffff888102dcfa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.186111] >ffff888102dcfb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.186457] ^ [ 29.187017] ffff888102dcfb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.187781] ffff888102dcfc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.188398] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 29.114570] ================================================================== [ 29.115172] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 29.116238] Write of size 4 at addr ffff888102dcfa75 by task kunit_try_catch/204 [ 29.117343] [ 29.117571] CPU: 0 UID: 0 PID: 204 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 29.117675] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.117706] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.117751] Call Trace: [ 29.118059] <TASK> [ 29.118102] dump_stack_lvl+0x73/0xb0 [ 29.118191] print_report+0xd1/0x650 [ 29.118242] ? __virt_addr_valid+0x1db/0x2d0 [ 29.118287] ? kmalloc_oob_memset_4+0x166/0x330 [ 29.118317] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.118351] ? kmalloc_oob_memset_4+0x166/0x330 [ 29.118380] kasan_report+0x141/0x180 [ 29.118408] ? kmalloc_oob_memset_4+0x166/0x330 [ 29.118442] kasan_check_range+0x10c/0x1c0 [ 29.118472] __asan_memset+0x27/0x50 [ 29.118501] kmalloc_oob_memset_4+0x166/0x330 [ 29.118529] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 29.118583] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 29.118615] kunit_try_run_case+0x1a5/0x480 [ 29.118663] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.118694] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.118727] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.118759] ? __kthread_parkme+0x82/0x180 [ 29.118786] ? preempt_count_sub+0x50/0x80 [ 29.118815] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.118846] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.118876] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.118905] kthread+0x337/0x6f0 [ 29.118930] ? trace_preempt_on+0x20/0xc0 [ 29.118962] ? __pfx_kthread+0x10/0x10 [ 29.118989] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.119019] ? calculate_sigpending+0x7b/0xa0 [ 29.119051] ? __pfx_kthread+0x10/0x10 [ 29.119100] ret_from_fork+0x116/0x1d0 [ 29.119146] ? __pfx_kthread+0x10/0x10 [ 29.119179] ret_from_fork_asm+0x1a/0x30 [ 29.119219] </TASK> [ 29.119233] [ 29.132584] Allocated by task 204: [ 29.132991] kasan_save_stack+0x45/0x70 [ 29.133476] kasan_save_track+0x18/0x40 [ 29.133760] kasan_save_alloc_info+0x3b/0x50 [ 29.134407] __kasan_kmalloc+0xb7/0xc0 [ 29.134863] __kmalloc_cache_noprof+0x189/0x420 [ 29.135555] kmalloc_oob_memset_4+0xac/0x330 [ 29.135995] kunit_try_run_case+0x1a5/0x480 [ 29.136355] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.137182] kthread+0x337/0x6f0 [ 29.137526] ret_from_fork+0x116/0x1d0 [ 29.137898] ret_from_fork_asm+0x1a/0x30 [ 29.138312] [ 29.138452] The buggy address belongs to the object at ffff888102dcfa00 [ 29.138452] which belongs to the cache kmalloc-128 of size 128 [ 29.139708] The buggy address is located 117 bytes inside of [ 29.139708] allocated 120-byte region [ffff888102dcfa00, ffff888102dcfa78) [ 29.140853] [ 29.141214] The buggy address belongs to the physical page: [ 29.141654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102dcf [ 29.142427] flags: 0x200000000000000(node=0|zone=2) [ 29.142920] page_type: f5(slab) [ 29.143477] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.144238] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.144859] page dumped because: kasan: bad access detected [ 29.145456] [ 29.145640] Memory state around the buggy address: [ 29.146206] ffff888102dcf900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.146829] ffff888102dcf980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.147590] >ffff888102dcfa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.148118] ^ [ 29.148871] ffff888102dcfa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.149511] ffff888102dcfb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.150040] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-free-in-mempool_kfree
[ 31.209033] ================================================================== [ 31.210480] BUG: KFENCE: invalid free in mempool_kfree+0x12/0x20 [ 31.210480] [ 31.211111] Invalid free of 0x(____ptrval____) (in kfence-#88): [ 31.211746] mempool_kfree+0x12/0x20 [ 31.212197] mempool_exit+0xa4/0x180 [ 31.212643] mempool_kmalloc_double_free+0x108/0x140 [ 31.213082] kunit_try_run_case+0x1a5/0x480 [ 31.213514] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.214052] kthread+0x337/0x6f0 [ 31.214412] ret_from_fork+0x116/0x1d0 [ 31.214899] ret_from_fork_asm+0x1a/0x30 [ 31.215230] [ 31.215853] kfence-#88: 0x(____ptrval____)-0x(____ptrval____), size=128, cache=kmalloc-128 [ 31.215853] [ 31.217095] allocated by task 265 on cpu 1 at 31.204825s (0.012191s ago): [ 31.217645] mempool_kmalloc+0x19/0x20 [ 31.218118] mempool_init_node+0x2ab/0x6f0 [ 31.218589] mempool_init_noprof+0x1a/0x20 [ 31.218954] mempool_prepare_kmalloc+0xb9/0x2c0 [ 31.219251] mempool_kmalloc_double_free+0xdb/0x140 [ 31.219734] kunit_try_run_case+0x1a5/0x480 [ 31.220360] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.220716] kthread+0x337/0x6f0 [ 31.221146] ret_from_fork+0x116/0x1d0 [ 31.221635] ret_from_fork_asm+0x1a/0x30 [ 31.222107] [ 31.222476] freed by task 265 on cpu 1 at 31.208470s (0.013848s ago): [ 31.223083] mempool_kfree+0x12/0x20 [ 31.223369] mempool_exit+0xa4/0x180 [ 31.223819] mempool_kmalloc_double_free+0x108/0x140 [ 31.224319] kunit_try_run_case+0x1a5/0x480 [ 31.224805] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.225323] kthread+0x337/0x6f0 [ 31.225798] ret_from_fork+0x116/0x1d0 [ 31.226009] ret_from_fork_asm+0x1a/0x30 [ 31.226437] [ 31.226818] CPU: 1 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 31.227607] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.227949] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.228592] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-drm_encoder_cleanup
[ 196.083372] ================================================================== [ 196.083918] BUG: KASAN: slab-use-after-free in drm_encoder_cleanup+0x265/0x270 [ 196.084594] Read of size 8 at addr ffff8881044e3070 by task kunit_try_catch/1679 [ 196.085105] [ 196.085298] CPU: 1 UID: 0 PID: 1679 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 196.085470] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 196.085500] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 196.085533] Call Trace: [ 196.085561] <TASK> [ 196.085598] dump_stack_lvl+0x73/0xb0 [ 196.085670] print_report+0xd1/0x650 [ 196.085727] ? __virt_addr_valid+0x1db/0x2d0 [ 196.085795] ? drm_encoder_cleanup+0x265/0x270 [ 196.085860] ? kasan_complete_mode_report_info+0x64/0x200 [ 196.085930] ? drm_encoder_cleanup+0x265/0x270 [ 196.085992] kasan_report+0x141/0x180 [ 196.086052] ? drm_encoder_cleanup+0x265/0x270 [ 196.086153] __asan_report_load8_noabort+0x18/0x20 [ 196.086213] drm_encoder_cleanup+0x265/0x270 [ 196.086270] drmm_encoder_alloc_release+0x36/0x60 [ 196.086320] drm_managed_release+0x15c/0x470 [ 196.086367] ? simple_release_fs+0x86/0xb0 [ 196.086442] drm_dev_put.part.0+0xa1/0x100 [ 196.086492] ? __pfx_devm_drm_dev_init_release+0x10/0x10 [ 196.086544] devm_drm_dev_init_release+0x17/0x30 [ 196.086591] devm_action_release+0x50/0x80 [ 196.086650] devres_release_all+0x186/0x240 [ 196.086703] ? __pfx_devres_release_all+0x10/0x10 [ 196.086756] ? kernfs_remove_by_name_ns+0x166/0x1d0 [ 196.086816] ? sysfs_remove_file_ns+0x56/0xa0 [ 196.086870] device_unbind_cleanup+0x1b/0x1b0 [ 196.086925] device_release_driver_internal+0x3e4/0x540 [ 196.086974] ? klist_devices_put+0x35/0x50 [ 196.087027] device_release_driver+0x16/0x20 [ 196.087080] bus_remove_device+0x1e9/0x3d0 [ 196.087137] device_del+0x397/0x980 [ 196.087205] ? __pfx_device_del+0x10/0x10 [ 196.087267] ? __kasan_check_write+0x18/0x20 [ 196.087307] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 196.087344] ? __pfx_device_unregister_wrapper+0x10/0x10 [ 196.087379] device_unregister+0x1b/0xa0 [ 196.087409] device_unregister_wrapper+0x12/0x20 [ 196.087459] __kunit_action_free+0x57/0x70 [ 196.087492] kunit_remove_resource+0x133/0x200 [ 196.087550] ? preempt_count_sub+0x50/0x80 [ 196.087588] kunit_cleanup+0x7a/0x120 [ 196.087621] kunit_try_run_case_cleanup+0xbd/0xf0 [ 196.087653] ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [ 196.087682] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 196.087723] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 196.087752] kthread+0x337/0x6f0 [ 196.087780] ? trace_preempt_on+0x20/0xc0 [ 196.087812] ? __pfx_kthread+0x10/0x10 [ 196.087839] ? _raw_spin_unlock_irq+0x47/0x80 [ 196.087869] ? calculate_sigpending+0x7b/0xa0 [ 196.087900] ? __pfx_kthread+0x10/0x10 [ 196.087927] ret_from_fork+0x116/0x1d0 [ 196.087955] ? __pfx_kthread+0x10/0x10 [ 196.087982] ret_from_fork_asm+0x1a/0x30 [ 196.088021] </TASK> [ 196.088038] [ 196.106624] Allocated by task 1678: [ 196.107075] kasan_save_stack+0x45/0x70 [ 196.107421] kasan_save_track+0x18/0x40 [ 196.107900] kasan_save_alloc_info+0x3b/0x50 [ 196.108194] __kasan_kmalloc+0xb7/0xc0 [ 196.108638] __kmalloc_noprof+0x1c9/0x500 [ 196.108962] __devm_drm_bridge_alloc+0x33/0x170 [ 196.109455] drm_test_bridge_init+0x188/0x5c0 [ 196.109954] drm_test_drm_bridge_get_current_state_atomic+0xea/0x870 [ 196.110374] kunit_try_run_case+0x1a5/0x480 [ 196.110698] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 196.111092] kthread+0x337/0x6f0 [ 196.111477] ret_from_fork+0x116/0x1d0 [ 196.111914] ret_from_fork_asm+0x1a/0x30 [ 196.112321] [ 196.112595] Freed by task 1679: [ 196.112937] kasan_save_stack+0x45/0x70 [ 196.113367] kasan_save_track+0x18/0x40 [ 196.113838] kasan_save_free_info+0x3f/0x60 [ 196.114255] __kasan_slab_free+0x56/0x70 [ 196.114642] kfree+0x222/0x3f0 [ 196.114987] drm_bridge_put.part.0+0xc7/0x100 [ 196.115377] drm_bridge_put_void+0x17/0x30 [ 196.115694] devm_action_release+0x50/0x80 [ 196.116075] devres_release_all+0x186/0x240 [ 196.116583] device_unbind_cleanup+0x1b/0x1b0 [ 196.117035] device_release_driver_internal+0x3e4/0x540 [ 196.117635] device_release_driver+0x16/0x20 [ 196.117980] bus_remove_device+0x1e9/0x3d0 [ 196.118401] device_del+0x397/0x980 [ 196.118876] device_unregister+0x1b/0xa0 [ 196.119133] device_unregister_wrapper+0x12/0x20 [ 196.119400] __kunit_action_free+0x57/0x70 [ 196.119884] kunit_remove_resource+0x133/0x200 [ 196.120489] kunit_cleanup+0x7a/0x120 [ 196.121011] kunit_try_run_case_cleanup+0xbd/0xf0 [ 196.121573] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 196.122041] kthread+0x337/0x6f0 [ 196.122424] ret_from_fork+0x116/0x1d0 [ 196.122834] ret_from_fork_asm+0x1a/0x30 [ 196.123239] [ 196.123417] The buggy address belongs to the object at ffff8881044e3000 [ 196.123417] which belongs to the cache kmalloc-512 of size 512 [ 196.124008] The buggy address is located 112 bytes inside of [ 196.124008] freed 512-byte region [ffff8881044e3000, ffff8881044e3200) [ 196.124685] [ 196.124905] The buggy address belongs to the physical page: [ 196.125415] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1044e0 [ 196.126169] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 196.126923] flags: 0x200000000000040(head|node=0|zone=2) [ 196.127452] page_type: f5(slab) [ 196.127846] raw: 0200000000000040 ffff888100041c80 dead000000000122 0000000000000000 [ 196.128491] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 196.128894] head: 0200000000000040 ffff888100041c80 dead000000000122 0000000000000000 [ 196.129250] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 196.129831] head: 0200000000000002 ffffea0004113801 00000000ffffffff 00000000ffffffff [ 196.130554] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 196.131248] page dumped because: kasan: bad access detected [ 196.131791] [ 196.132059] Memory state around the buggy address: [ 196.132544] ffff8881044e2f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 196.133219] ffff8881044e2f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 196.133822] >ffff8881044e3000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 196.134161] ^ [ 196.134922] ffff8881044e3080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 196.135590] ffff8881044e3100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 196.136263] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 35.270338] ================================================================== [ 35.271302] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 35.272001] Write of size 1 at addr ffff888102df6578 by task kunit_try_catch/315 [ 35.272580] [ 35.272826] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 35.272943] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.272980] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.273034] Call Trace: [ 35.273079] <TASK> [ 35.273124] dump_stack_lvl+0x73/0xb0 [ 35.273201] print_report+0xd1/0x650 [ 35.273261] ? __virt_addr_valid+0x1db/0x2d0 [ 35.273328] ? strncpy_from_user+0x1a5/0x1d0 [ 35.273390] ? kasan_complete_mode_report_info+0x2a/0x200 [ 35.273462] ? strncpy_from_user+0x1a5/0x1d0 [ 35.273526] kasan_report+0x141/0x180 [ 35.273607] ? strncpy_from_user+0x1a5/0x1d0 [ 35.273719] __asan_report_store1_noabort+0x1b/0x30 [ 35.273786] strncpy_from_user+0x1a5/0x1d0 [ 35.273858] copy_user_test_oob+0x760/0x10f0 [ 35.273924] ? __pfx_copy_user_test_oob+0x10/0x10 [ 35.273983] ? finish_task_switch.isra.0+0x153/0x700 [ 35.274043] ? __switch_to+0x47/0xf50 [ 35.274109] ? __schedule+0x10cc/0x2b60 [ 35.274178] ? __pfx_read_tsc+0x10/0x10 [ 35.274242] ? ktime_get_ts64+0x86/0x230 [ 35.274303] kunit_try_run_case+0x1a5/0x480 [ 35.274375] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.274414] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 35.274451] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 35.274486] ? __kthread_parkme+0x82/0x180 [ 35.274515] ? preempt_count_sub+0x50/0x80 [ 35.274569] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.274606] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.274664] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 35.274699] kthread+0x337/0x6f0 [ 35.274728] ? trace_preempt_on+0x20/0xc0 [ 35.274761] ? __pfx_kthread+0x10/0x10 [ 35.274790] ? _raw_spin_unlock_irq+0x47/0x80 [ 35.274821] ? calculate_sigpending+0x7b/0xa0 [ 35.274854] ? __pfx_kthread+0x10/0x10 [ 35.274884] ret_from_fork+0x116/0x1d0 [ 35.274910] ? __pfx_kthread+0x10/0x10 [ 35.274939] ret_from_fork_asm+0x1a/0x30 [ 35.274980] </TASK> [ 35.274996] [ 35.289498] Allocated by task 315: [ 35.289887] kasan_save_stack+0x45/0x70 [ 35.290307] kasan_save_track+0x18/0x40 [ 35.290571] kasan_save_alloc_info+0x3b/0x50 [ 35.291028] __kasan_kmalloc+0xb7/0xc0 [ 35.291424] __kmalloc_noprof+0x1c9/0x500 [ 35.291953] kunit_kmalloc_array+0x25/0x60 [ 35.292301] copy_user_test_oob+0xab/0x10f0 [ 35.292827] kunit_try_run_case+0x1a5/0x480 [ 35.293105] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.293405] kthread+0x337/0x6f0 [ 35.293742] ret_from_fork+0x116/0x1d0 [ 35.294151] ret_from_fork_asm+0x1a/0x30 [ 35.294652] [ 35.294960] The buggy address belongs to the object at ffff888102df6500 [ 35.294960] which belongs to the cache kmalloc-128 of size 128 [ 35.296085] The buggy address is located 0 bytes to the right of [ 35.296085] allocated 120-byte region [ffff888102df6500, ffff888102df6578) [ 35.297049] [ 35.297202] The buggy address belongs to the physical page: [ 35.297477] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102df6 [ 35.298227] flags: 0x200000000000000(node=0|zone=2) [ 35.298850] page_type: f5(slab) [ 35.299200] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 35.299968] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.300576] page dumped because: kasan: bad access detected [ 35.300899] [ 35.301030] Memory state around the buggy address: [ 35.301313] ffff888102df6400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.302035] ffff888102df6480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.302792] >ffff888102df6500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.303507] ^ [ 35.304215] ffff888102df6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.304718] ffff888102df6600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.305422] ================================================================== [ 35.231756] ================================================================== [ 35.232461] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 35.233140] Write of size 121 at addr ffff888102df6500 by task kunit_try_catch/315 [ 35.233802] [ 35.233996] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 35.234114] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.234147] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.234197] Call Trace: [ 35.234239] <TASK> [ 35.234280] dump_stack_lvl+0x73/0xb0 [ 35.234349] print_report+0xd1/0x650 [ 35.234401] ? __virt_addr_valid+0x1db/0x2d0 [ 35.234461] ? strncpy_from_user+0x2e/0x1d0 [ 35.234526] ? kasan_complete_mode_report_info+0x2a/0x200 [ 35.234617] ? strncpy_from_user+0x2e/0x1d0 [ 35.234724] kasan_report+0x141/0x180 [ 35.234791] ? strncpy_from_user+0x2e/0x1d0 [ 35.234870] kasan_check_range+0x10c/0x1c0 [ 35.234939] __kasan_check_write+0x18/0x20 [ 35.235005] strncpy_from_user+0x2e/0x1d0 [ 35.235070] ? __kasan_check_read+0x15/0x20 [ 35.235140] copy_user_test_oob+0x760/0x10f0 [ 35.235211] ? __pfx_copy_user_test_oob+0x10/0x10 [ 35.235275] ? finish_task_switch.isra.0+0x153/0x700 [ 35.235341] ? __switch_to+0x47/0xf50 [ 35.235413] ? __schedule+0x10cc/0x2b60 [ 35.235483] ? __pfx_read_tsc+0x10/0x10 [ 35.235562] ? ktime_get_ts64+0x86/0x230 [ 35.235669] kunit_try_run_case+0x1a5/0x480 [ 35.235747] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.235813] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 35.235893] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 35.235962] ? __kthread_parkme+0x82/0x180 [ 35.236024] ? preempt_count_sub+0x50/0x80 [ 35.236092] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.236162] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.236228] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 35.236291] kthread+0x337/0x6f0 [ 35.236345] ? trace_preempt_on+0x20/0xc0 [ 35.236410] ? __pfx_kthread+0x10/0x10 [ 35.236472] ? _raw_spin_unlock_irq+0x47/0x80 [ 35.236550] ? calculate_sigpending+0x7b/0xa0 [ 35.236611] ? __pfx_kthread+0x10/0x10 [ 35.236713] ret_from_fork+0x116/0x1d0 [ 35.236774] ? __pfx_kthread+0x10/0x10 [ 35.236836] ret_from_fork_asm+0x1a/0x30 [ 35.236922] </TASK> [ 35.236955] [ 35.249362] Allocated by task 315: [ 35.249789] kasan_save_stack+0x45/0x70 [ 35.250231] kasan_save_track+0x18/0x40 [ 35.250683] kasan_save_alloc_info+0x3b/0x50 [ 35.251085] __kasan_kmalloc+0xb7/0xc0 [ 35.251396] __kmalloc_noprof+0x1c9/0x500 [ 35.251712] kunit_kmalloc_array+0x25/0x60 [ 35.252005] copy_user_test_oob+0xab/0x10f0 [ 35.252415] kunit_try_run_case+0x1a5/0x480 [ 35.253673] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.254220] kthread+0x337/0x6f0 [ 35.254521] ret_from_fork+0x116/0x1d0 [ 35.255990] ret_from_fork_asm+0x1a/0x30 [ 35.257002] [ 35.257533] The buggy address belongs to the object at ffff888102df6500 [ 35.257533] which belongs to the cache kmalloc-128 of size 128 [ 35.259743] The buggy address is located 0 bytes inside of [ 35.259743] allocated 120-byte region [ffff888102df6500, ffff888102df6578) [ 35.261184] [ 35.261339] The buggy address belongs to the physical page: [ 35.261958] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102df6 [ 35.262427] flags: 0x200000000000000(node=0|zone=2) [ 35.262938] page_type: f5(slab) [ 35.263466] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 35.264217] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.264926] page dumped because: kasan: bad access detected [ 35.265300] [ 35.265508] Memory state around the buggy address: [ 35.265898] ffff888102df6400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.266364] ffff888102df6480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.266871] >ffff888102df6500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.267316] ^ [ 35.267895] ffff888102df6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.268498] ffff888102df6600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.268969] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 35.130701] ================================================================== [ 35.131214] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 35.131985] Read of size 121 at addr ffff888102df6500 by task kunit_try_catch/315 [ 35.132606] [ 35.132948] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 35.133058] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.133088] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.133132] Call Trace: [ 35.133173] <TASK> [ 35.133209] dump_stack_lvl+0x73/0xb0 [ 35.133275] print_report+0xd1/0x650 [ 35.133321] ? __virt_addr_valid+0x1db/0x2d0 [ 35.133372] ? copy_user_test_oob+0x4aa/0x10f0 [ 35.133419] ? kasan_complete_mode_report_info+0x2a/0x200 [ 35.133471] ? copy_user_test_oob+0x4aa/0x10f0 [ 35.133521] kasan_report+0x141/0x180 [ 35.133590] ? copy_user_test_oob+0x4aa/0x10f0 [ 35.133692] kasan_check_range+0x10c/0x1c0 [ 35.133761] __kasan_check_read+0x15/0x20 [ 35.133892] copy_user_test_oob+0x4aa/0x10f0 [ 35.133969] ? __pfx_copy_user_test_oob+0x10/0x10 [ 35.134032] ? finish_task_switch.isra.0+0x153/0x700 [ 35.134098] ? __switch_to+0x47/0xf50 [ 35.134170] ? __schedule+0x10cc/0x2b60 [ 35.134241] ? __pfx_read_tsc+0x10/0x10 [ 35.134352] ? ktime_get_ts64+0x86/0x230 [ 35.134424] kunit_try_run_case+0x1a5/0x480 [ 35.134533] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.134657] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 35.134730] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 35.134797] ? __kthread_parkme+0x82/0x180 [ 35.134895] ? preempt_count_sub+0x50/0x80 [ 35.134981] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.135052] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.135122] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 35.135231] kthread+0x337/0x6f0 [ 35.135311] ? trace_preempt_on+0x20/0xc0 [ 35.135375] ? __pfx_kthread+0x10/0x10 [ 35.135421] ? _raw_spin_unlock_irq+0x47/0x80 [ 35.135455] ? calculate_sigpending+0x7b/0xa0 [ 35.135490] ? __pfx_kthread+0x10/0x10 [ 35.135519] ret_from_fork+0x116/0x1d0 [ 35.135571] ? __pfx_kthread+0x10/0x10 [ 35.135602] ret_from_fork_asm+0x1a/0x30 [ 35.135669] </TASK> [ 35.135686] [ 35.149331] Allocated by task 315: [ 35.149810] kasan_save_stack+0x45/0x70 [ 35.150219] kasan_save_track+0x18/0x40 [ 35.150688] kasan_save_alloc_info+0x3b/0x50 [ 35.151050] __kasan_kmalloc+0xb7/0xc0 [ 35.151476] __kmalloc_noprof+0x1c9/0x500 [ 35.151996] kunit_kmalloc_array+0x25/0x60 [ 35.152322] copy_user_test_oob+0xab/0x10f0 [ 35.152786] kunit_try_run_case+0x1a5/0x480 [ 35.153229] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.153843] kthread+0x337/0x6f0 [ 35.154211] ret_from_fork+0x116/0x1d0 [ 35.154721] ret_from_fork_asm+0x1a/0x30 [ 35.155235] [ 35.155454] The buggy address belongs to the object at ffff888102df6500 [ 35.155454] which belongs to the cache kmalloc-128 of size 128 [ 35.156747] The buggy address is located 0 bytes inside of [ 35.156747] allocated 120-byte region [ffff888102df6500, ffff888102df6578) [ 35.158160] [ 35.158382] The buggy address belongs to the physical page: [ 35.158963] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102df6 [ 35.159646] flags: 0x200000000000000(node=0|zone=2) [ 35.160128] page_type: f5(slab) [ 35.160466] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 35.161108] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.161741] page dumped because: kasan: bad access detected [ 35.162281] [ 35.162520] Memory state around the buggy address: [ 35.163795] ffff888102df6400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.164365] ffff888102df6480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.164751] >ffff888102df6500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.164942] ^ [ 35.165126] ffff888102df6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.165306] ffff888102df6600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.165483] ================================================================== [ 35.166914] ================================================================== [ 35.167664] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 35.168444] Write of size 121 at addr ffff888102df6500 by task kunit_try_catch/315 [ 35.169693] [ 35.170006] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 35.170127] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.170164] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.170217] Call Trace: [ 35.170257] <TASK> [ 35.170297] dump_stack_lvl+0x73/0xb0 [ 35.170372] print_report+0xd1/0x650 [ 35.170431] ? __virt_addr_valid+0x1db/0x2d0 [ 35.170498] ? copy_user_test_oob+0x557/0x10f0 [ 35.170558] ? kasan_complete_mode_report_info+0x2a/0x200 [ 35.170597] ? copy_user_test_oob+0x557/0x10f0 [ 35.170649] kasan_report+0x141/0x180 [ 35.170696] ? copy_user_test_oob+0x557/0x10f0 [ 35.170734] kasan_check_range+0x10c/0x1c0 [ 35.170768] __kasan_check_write+0x18/0x20 [ 35.170800] copy_user_test_oob+0x557/0x10f0 [ 35.170835] ? __pfx_copy_user_test_oob+0x10/0x10 [ 35.170865] ? finish_task_switch.isra.0+0x153/0x700 [ 35.170897] ? __switch_to+0x47/0xf50 [ 35.170931] ? __schedule+0x10cc/0x2b60 [ 35.170965] ? __pfx_read_tsc+0x10/0x10 [ 35.170996] ? ktime_get_ts64+0x86/0x230 [ 35.171031] kunit_try_run_case+0x1a5/0x480 [ 35.171067] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.171098] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 35.171132] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 35.171165] ? __kthread_parkme+0x82/0x180 [ 35.171194] ? preempt_count_sub+0x50/0x80 [ 35.171225] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.171257] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.171290] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 35.171323] kthread+0x337/0x6f0 [ 35.171350] ? trace_preempt_on+0x20/0xc0 [ 35.171381] ? __pfx_kthread+0x10/0x10 [ 35.171410] ? _raw_spin_unlock_irq+0x47/0x80 [ 35.171440] ? calculate_sigpending+0x7b/0xa0 [ 35.171473] ? __pfx_kthread+0x10/0x10 [ 35.171503] ret_from_fork+0x116/0x1d0 [ 35.171529] ? __pfx_kthread+0x10/0x10 [ 35.171577] ret_from_fork_asm+0x1a/0x30 [ 35.171618] </TASK> [ 35.171652] [ 35.183146] Allocated by task 315: [ 35.183517] kasan_save_stack+0x45/0x70 [ 35.183969] kasan_save_track+0x18/0x40 [ 35.184233] kasan_save_alloc_info+0x3b/0x50 [ 35.184671] __kasan_kmalloc+0xb7/0xc0 [ 35.184916] __kmalloc_noprof+0x1c9/0x500 [ 35.185210] kunit_kmalloc_array+0x25/0x60 [ 35.185654] copy_user_test_oob+0xab/0x10f0 [ 35.186075] kunit_try_run_case+0x1a5/0x480 [ 35.186464] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.186894] kthread+0x337/0x6f0 [ 35.187130] ret_from_fork+0x116/0x1d0 [ 35.187519] ret_from_fork_asm+0x1a/0x30 [ 35.187936] [ 35.188076] The buggy address belongs to the object at ffff888102df6500 [ 35.188076] which belongs to the cache kmalloc-128 of size 128 [ 35.188998] The buggy address is located 0 bytes inside of [ 35.188998] allocated 120-byte region [ffff888102df6500, ffff888102df6578) [ 35.189743] [ 35.189942] The buggy address belongs to the physical page: [ 35.190350] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102df6 [ 35.190924] flags: 0x200000000000000(node=0|zone=2) [ 35.191399] page_type: f5(slab) [ 35.191752] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 35.192279] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.192755] page dumped because: kasan: bad access detected [ 35.193041] [ 35.193167] Memory state around the buggy address: [ 35.193419] ffff888102df6400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.194013] ffff888102df6480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.194690] >ffff888102df6500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.195329] ^ [ 35.195995] ffff888102df6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.196608] ffff888102df6600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.197072] ================================================================== [ 35.198245] ================================================================== [ 35.199192] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 35.200105] Read of size 121 at addr ffff888102df6500 by task kunit_try_catch/315 [ 35.200869] [ 35.201063] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 35.201156] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.201183] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.201239] Call Trace: [ 35.201280] <TASK> [ 35.201315] dump_stack_lvl+0x73/0xb0 [ 35.201380] print_report+0xd1/0x650 [ 35.201428] ? __virt_addr_valid+0x1db/0x2d0 [ 35.201480] ? copy_user_test_oob+0x604/0x10f0 [ 35.201526] ? kasan_complete_mode_report_info+0x2a/0x200 [ 35.201600] ? copy_user_test_oob+0x604/0x10f0 [ 35.201650] kasan_report+0x141/0x180 [ 35.201701] ? copy_user_test_oob+0x604/0x10f0 [ 35.201776] kasan_check_range+0x10c/0x1c0 [ 35.201847] __kasan_check_read+0x15/0x20 [ 35.201918] copy_user_test_oob+0x604/0x10f0 [ 35.201990] ? __pfx_copy_user_test_oob+0x10/0x10 [ 35.202055] ? finish_task_switch.isra.0+0x153/0x700 [ 35.202121] ? __switch_to+0x47/0xf50 [ 35.202194] ? __schedule+0x10cc/0x2b60 [ 35.202266] ? __pfx_read_tsc+0x10/0x10 [ 35.202331] ? ktime_get_ts64+0x86/0x230 [ 35.202401] kunit_try_run_case+0x1a5/0x480 [ 35.202472] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.202584] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 35.202690] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 35.202763] ? __kthread_parkme+0x82/0x180 [ 35.202822] ? preempt_count_sub+0x50/0x80 [ 35.202890] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.202958] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.203021] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 35.203083] kthread+0x337/0x6f0 [ 35.203138] ? trace_preempt_on+0x20/0xc0 [ 35.203200] ? __pfx_kthread+0x10/0x10 [ 35.203251] ? _raw_spin_unlock_irq+0x47/0x80 [ 35.203312] ? calculate_sigpending+0x7b/0xa0 [ 35.203371] ? __pfx_kthread+0x10/0x10 [ 35.203427] ret_from_fork+0x116/0x1d0 [ 35.203473] ? __pfx_kthread+0x10/0x10 [ 35.203526] ret_from_fork_asm+0x1a/0x30 [ 35.203655] </TASK> [ 35.203689] [ 35.216024] Allocated by task 315: [ 35.216423] kasan_save_stack+0x45/0x70 [ 35.216893] kasan_save_track+0x18/0x40 [ 35.217299] kasan_save_alloc_info+0x3b/0x50 [ 35.217786] __kasan_kmalloc+0xb7/0xc0 [ 35.218130] __kmalloc_noprof+0x1c9/0x500 [ 35.218391] kunit_kmalloc_array+0x25/0x60 [ 35.218855] copy_user_test_oob+0xab/0x10f0 [ 35.219278] kunit_try_run_case+0x1a5/0x480 [ 35.219696] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.220196] kthread+0x337/0x6f0 [ 35.220524] ret_from_fork+0x116/0x1d0 [ 35.220828] ret_from_fork_asm+0x1a/0x30 [ 35.221227] [ 35.221438] The buggy address belongs to the object at ffff888102df6500 [ 35.221438] which belongs to the cache kmalloc-128 of size 128 [ 35.222275] The buggy address is located 0 bytes inside of [ 35.222275] allocated 120-byte region [ffff888102df6500, ffff888102df6578) [ 35.222881] [ 35.223027] The buggy address belongs to the physical page: [ 35.223302] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102df6 [ 35.223872] flags: 0x200000000000000(node=0|zone=2) [ 35.224316] page_type: f5(slab) [ 35.224721] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 35.225399] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.226110] page dumped because: kasan: bad access detected [ 35.226605] [ 35.226828] Memory state around the buggy address: [ 35.227282] ffff888102df6400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.227766] ffff888102df6480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.228389] >ffff888102df6500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.228917] ^ [ 35.229383] ffff888102df6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.229844] ffff888102df6600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.230192] ================================================================== [ 35.092810] ================================================================== [ 35.093254] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 35.094040] Write of size 121 at addr ffff888102df6500 by task kunit_try_catch/315 [ 35.094743] [ 35.095180] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 35.095304] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.095340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.095388] Call Trace: [ 35.095420] <TASK> [ 35.095458] dump_stack_lvl+0x73/0xb0 [ 35.095530] print_report+0xd1/0x650 [ 35.095610] ? __virt_addr_valid+0x1db/0x2d0 [ 35.095672] ? copy_user_test_oob+0x3fd/0x10f0 [ 35.095737] ? kasan_complete_mode_report_info+0x2a/0x200 [ 35.095804] ? copy_user_test_oob+0x3fd/0x10f0 [ 35.095872] kasan_report+0x141/0x180 [ 35.095933] ? copy_user_test_oob+0x3fd/0x10f0 [ 35.096013] kasan_check_range+0x10c/0x1c0 [ 35.096081] __kasan_check_write+0x18/0x20 [ 35.096202] copy_user_test_oob+0x3fd/0x10f0 [ 35.096296] ? __pfx_copy_user_test_oob+0x10/0x10 [ 35.096364] ? finish_task_switch.isra.0+0x153/0x700 [ 35.096412] ? __switch_to+0x47/0xf50 [ 35.096451] ? __schedule+0x10cc/0x2b60 [ 35.096489] ? __pfx_read_tsc+0x10/0x10 [ 35.096521] ? ktime_get_ts64+0x86/0x230 [ 35.096578] kunit_try_run_case+0x1a5/0x480 [ 35.096616] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.096674] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 35.096709] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 35.096743] ? __kthread_parkme+0x82/0x180 [ 35.096773] ? preempt_count_sub+0x50/0x80 [ 35.096804] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.096836] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.096869] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 35.096902] kthread+0x337/0x6f0 [ 35.096930] ? trace_preempt_on+0x20/0xc0 [ 35.096963] ? __pfx_kthread+0x10/0x10 [ 35.096992] ? _raw_spin_unlock_irq+0x47/0x80 [ 35.097023] ? calculate_sigpending+0x7b/0xa0 [ 35.097055] ? __pfx_kthread+0x10/0x10 [ 35.097085] ret_from_fork+0x116/0x1d0 [ 35.097111] ? __pfx_kthread+0x10/0x10 [ 35.097140] ret_from_fork_asm+0x1a/0x30 [ 35.097181] </TASK> [ 35.097197] [ 35.112958] Allocated by task 315: [ 35.113330] kasan_save_stack+0x45/0x70 [ 35.113886] kasan_save_track+0x18/0x40 [ 35.114214] kasan_save_alloc_info+0x3b/0x50 [ 35.114826] __kasan_kmalloc+0xb7/0xc0 [ 35.115218] __kmalloc_noprof+0x1c9/0x500 [ 35.115680] kunit_kmalloc_array+0x25/0x60 [ 35.116097] copy_user_test_oob+0xab/0x10f0 [ 35.116532] kunit_try_run_case+0x1a5/0x480 [ 35.116954] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.117328] kthread+0x337/0x6f0 [ 35.117582] ret_from_fork+0x116/0x1d0 [ 35.117824] ret_from_fork_asm+0x1a/0x30 [ 35.118216] [ 35.118474] The buggy address belongs to the object at ffff888102df6500 [ 35.118474] which belongs to the cache kmalloc-128 of size 128 [ 35.119705] The buggy address is located 0 bytes inside of [ 35.119705] allocated 120-byte region [ffff888102df6500, ffff888102df6578) [ 35.120805] [ 35.120958] The buggy address belongs to the physical page: [ 35.121236] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102df6 [ 35.122082] flags: 0x200000000000000(node=0|zone=2) [ 35.122610] page_type: f5(slab) [ 35.122963] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 35.123517] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.124152] page dumped because: kasan: bad access detected [ 35.124597] [ 35.124867] Memory state around the buggy address: [ 35.125370] ffff888102df6400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.125991] ffff888102df6480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.126604] >ffff888102df6500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.127276] ^ [ 35.127937] ffff888102df6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.128526] ffff888102df6600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.129055] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-_copy_to_user
[ 35.051387] ================================================================== [ 35.051934] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70 [ 35.052517] Read of size 121 at addr ffff888102df6500 by task kunit_try_catch/315 [ 35.053186] [ 35.053382] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 35.053500] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.053559] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.053657] Call Trace: [ 35.053708] <TASK> [ 35.053752] dump_stack_lvl+0x73/0xb0 [ 35.053866] print_report+0xd1/0x650 [ 35.053934] ? __virt_addr_valid+0x1db/0x2d0 [ 35.054004] ? _copy_to_user+0x3c/0x70 [ 35.054052] ? kasan_complete_mode_report_info+0x2a/0x200 [ 35.054123] ? _copy_to_user+0x3c/0x70 [ 35.054183] kasan_report+0x141/0x180 [ 35.054246] ? _copy_to_user+0x3c/0x70 [ 35.054362] kasan_check_range+0x10c/0x1c0 [ 35.054439] __kasan_check_read+0x15/0x20 [ 35.054522] _copy_to_user+0x3c/0x70 [ 35.054598] copy_user_test_oob+0x364/0x10f0 [ 35.054705] ? __pfx_copy_user_test_oob+0x10/0x10 [ 35.054778] ? finish_task_switch.isra.0+0x153/0x700 [ 35.054857] ? __switch_to+0x47/0xf50 [ 35.054929] ? __schedule+0x10cc/0x2b60 [ 35.054998] ? __pfx_read_tsc+0x10/0x10 [ 35.055067] ? ktime_get_ts64+0x86/0x230 [ 35.055151] kunit_try_run_case+0x1a5/0x480 [ 35.055227] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.055295] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 35.055364] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 35.055425] ? __kthread_parkme+0x82/0x180 [ 35.055460] ? preempt_count_sub+0x50/0x80 [ 35.055493] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.055527] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.055582] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 35.055616] kthread+0x337/0x6f0 [ 35.055671] ? trace_preempt_on+0x20/0xc0 [ 35.055707] ? __pfx_kthread+0x10/0x10 [ 35.055737] ? _raw_spin_unlock_irq+0x47/0x80 [ 35.055769] ? calculate_sigpending+0x7b/0xa0 [ 35.055802] ? __pfx_kthread+0x10/0x10 [ 35.055842] ret_from_fork+0x116/0x1d0 [ 35.055870] ? __pfx_kthread+0x10/0x10 [ 35.055899] ret_from_fork_asm+0x1a/0x30 [ 35.055940] </TASK> [ 35.055956] [ 35.069882] Allocated by task 315: [ 35.070332] kasan_save_stack+0x45/0x70 [ 35.070804] kasan_save_track+0x18/0x40 [ 35.071274] kasan_save_alloc_info+0x3b/0x50 [ 35.071826] __kasan_kmalloc+0xb7/0xc0 [ 35.072228] __kmalloc_noprof+0x1c9/0x500 [ 35.072583] kunit_kmalloc_array+0x25/0x60 [ 35.072895] copy_user_test_oob+0xab/0x10f0 [ 35.073152] kunit_try_run_case+0x1a5/0x480 [ 35.073663] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.074200] kthread+0x337/0x6f0 [ 35.074583] ret_from_fork+0x116/0x1d0 [ 35.075113] ret_from_fork_asm+0x1a/0x30 [ 35.075558] [ 35.075861] The buggy address belongs to the object at ffff888102df6500 [ 35.075861] which belongs to the cache kmalloc-128 of size 128 [ 35.076676] The buggy address is located 0 bytes inside of [ 35.076676] allocated 120-byte region [ffff888102df6500, ffff888102df6578) [ 35.077810] [ 35.078004] The buggy address belongs to the physical page: [ 35.078486] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102df6 [ 35.078901] flags: 0x200000000000000(node=0|zone=2) [ 35.079382] page_type: f5(slab) [ 35.079911] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 35.080441] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.080847] page dumped because: kasan: bad access detected [ 35.081127] [ 35.081254] Memory state around the buggy address: [ 35.082710] ffff888102df6400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.083396] ffff888102df6480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.084150] >ffff888102df6500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.084794] ^ [ 35.085338] ffff888102df6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.085892] ffff888102df6600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.086481] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-_copy_from_user
[ 35.010295] ================================================================== [ 35.011141] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 35.011991] Write of size 121 at addr ffff888102df6500 by task kunit_try_catch/315 [ 35.012574] [ 35.012942] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 35.013068] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.013105] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.013161] Call Trace: [ 35.013199] <TASK> [ 35.013242] dump_stack_lvl+0x73/0xb0 [ 35.013327] print_report+0xd1/0x650 [ 35.013393] ? __virt_addr_valid+0x1db/0x2d0 [ 35.013463] ? _copy_from_user+0x32/0x90 [ 35.013513] ? kasan_complete_mode_report_info+0x2a/0x200 [ 35.013632] ? _copy_from_user+0x32/0x90 [ 35.013711] kasan_report+0x141/0x180 [ 35.013789] ? _copy_from_user+0x32/0x90 [ 35.013855] kasan_check_range+0x10c/0x1c0 [ 35.013917] __kasan_check_write+0x18/0x20 [ 35.013987] _copy_from_user+0x32/0x90 [ 35.014051] copy_user_test_oob+0x2be/0x10f0 [ 35.014124] ? __pfx_copy_user_test_oob+0x10/0x10 [ 35.014177] ? finish_task_switch.isra.0+0x153/0x700 [ 35.014215] ? __switch_to+0x47/0xf50 [ 35.014253] ? __schedule+0x10cc/0x2b60 [ 35.014301] ? __pfx_read_tsc+0x10/0x10 [ 35.014337] ? ktime_get_ts64+0x86/0x230 [ 35.014374] kunit_try_run_case+0x1a5/0x480 [ 35.014408] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.014441] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 35.014475] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 35.014508] ? __kthread_parkme+0x82/0x180 [ 35.014558] ? preempt_count_sub+0x50/0x80 [ 35.014592] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.014631] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.014676] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 35.014710] kthread+0x337/0x6f0 [ 35.014737] ? trace_preempt_on+0x20/0xc0 [ 35.014773] ? __pfx_kthread+0x10/0x10 [ 35.014802] ? _raw_spin_unlock_irq+0x47/0x80 [ 35.014833] ? calculate_sigpending+0x7b/0xa0 [ 35.014867] ? __pfx_kthread+0x10/0x10 [ 35.014896] ret_from_fork+0x116/0x1d0 [ 35.014923] ? __pfx_kthread+0x10/0x10 [ 35.014951] ret_from_fork_asm+0x1a/0x30 [ 35.014994] </TASK> [ 35.015011] [ 35.029195] Allocated by task 315: [ 35.029677] kasan_save_stack+0x45/0x70 [ 35.030096] kasan_save_track+0x18/0x40 [ 35.030558] kasan_save_alloc_info+0x3b/0x50 [ 35.030987] __kasan_kmalloc+0xb7/0xc0 [ 35.031466] __kmalloc_noprof+0x1c9/0x500 [ 35.032352] kunit_kmalloc_array+0x25/0x60 [ 35.032831] copy_user_test_oob+0xab/0x10f0 [ 35.033123] kunit_try_run_case+0x1a5/0x480 [ 35.033595] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.034270] kthread+0x337/0x6f0 [ 35.034648] ret_from_fork+0x116/0x1d0 [ 35.035077] ret_from_fork_asm+0x1a/0x30 [ 35.035783] [ 35.036043] The buggy address belongs to the object at ffff888102df6500 [ 35.036043] which belongs to the cache kmalloc-128 of size 128 [ 35.036908] The buggy address is located 0 bytes inside of [ 35.036908] allocated 120-byte region [ffff888102df6500, ffff888102df6578) [ 35.038030] [ 35.038176] The buggy address belongs to the physical page: [ 35.038671] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102df6 [ 35.039221] flags: 0x200000000000000(node=0|zone=2) [ 35.039827] page_type: f5(slab) [ 35.040254] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 35.040791] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.041417] page dumped because: kasan: bad access detected [ 35.041818] [ 35.042085] Memory state around the buggy address: [ 35.042455] ffff888102df6400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.043171] ffff888102df6480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.043717] >ffff888102df6500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.044127] ^ [ 35.044874] ffff888102df6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.045449] ffff888102df6600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.045918] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 34.909744] ================================================================== [ 34.910495] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 34.910880] Read of size 8 at addr ffff888102df6478 by task kunit_try_catch/311 [ 34.912271] [ 34.912561] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 34.912743] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.912782] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.912837] Call Trace: [ 34.912895] <TASK> [ 34.912943] dump_stack_lvl+0x73/0xb0 [ 34.913070] print_report+0xd1/0x650 [ 34.913136] ? __virt_addr_valid+0x1db/0x2d0 [ 34.913204] ? copy_to_kernel_nofault+0x225/0x260 [ 34.913271] ? kasan_complete_mode_report_info+0x2a/0x200 [ 34.913344] ? copy_to_kernel_nofault+0x225/0x260 [ 34.913411] kasan_report+0x141/0x180 [ 34.913492] ? copy_to_kernel_nofault+0x225/0x260 [ 34.913589] __asan_report_load8_noabort+0x18/0x20 [ 34.913649] copy_to_kernel_nofault+0x225/0x260 [ 34.913691] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 34.913726] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 34.913760] ? finish_task_switch.isra.0+0x153/0x700 [ 34.913796] ? __schedule+0x10cc/0x2b60 [ 34.913831] ? trace_hardirqs_on+0x37/0xe0 [ 34.913872] ? __pfx_read_tsc+0x10/0x10 [ 34.913903] ? ktime_get_ts64+0x86/0x230 [ 34.913936] kunit_try_run_case+0x1a5/0x480 [ 34.913972] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.914004] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 34.914037] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 34.914090] ? __kthread_parkme+0x82/0x180 [ 34.914140] ? preempt_count_sub+0x50/0x80 [ 34.914176] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.914210] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.914243] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 34.914287] kthread+0x337/0x6f0 [ 34.914325] ? trace_preempt_on+0x20/0xc0 [ 34.914356] ? __pfx_kthread+0x10/0x10 [ 34.914386] ? _raw_spin_unlock_irq+0x47/0x80 [ 34.914419] ? calculate_sigpending+0x7b/0xa0 [ 34.914452] ? __pfx_kthread+0x10/0x10 [ 34.914481] ret_from_fork+0x116/0x1d0 [ 34.914510] ? __pfx_kthread+0x10/0x10 [ 34.914559] ret_from_fork_asm+0x1a/0x30 [ 34.914603] </TASK> [ 34.914620] [ 34.930431] Allocated by task 311: [ 34.930807] kasan_save_stack+0x45/0x70 [ 34.931550] kasan_save_track+0x18/0x40 [ 34.931912] kasan_save_alloc_info+0x3b/0x50 [ 34.932453] __kasan_kmalloc+0xb7/0xc0 [ 34.932922] __kmalloc_cache_noprof+0x189/0x420 [ 34.933423] copy_to_kernel_nofault_oob+0x12f/0x560 [ 34.933917] kunit_try_run_case+0x1a5/0x480 [ 34.934437] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.934806] kthread+0x337/0x6f0 [ 34.935326] ret_from_fork+0x116/0x1d0 [ 34.935786] ret_from_fork_asm+0x1a/0x30 [ 34.936475] [ 34.936721] The buggy address belongs to the object at ffff888102df6400 [ 34.936721] which belongs to the cache kmalloc-128 of size 128 [ 34.937753] The buggy address is located 0 bytes to the right of [ 34.937753] allocated 120-byte region [ffff888102df6400, ffff888102df6478) [ 34.938801] [ 34.939020] The buggy address belongs to the physical page: [ 34.939612] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102df6 [ 34.940387] flags: 0x200000000000000(node=0|zone=2) [ 34.940910] page_type: f5(slab) [ 34.941451] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 34.942094] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.942894] page dumped because: kasan: bad access detected [ 34.943483] [ 34.943744] Memory state around the buggy address: [ 34.944078] ffff888102df6300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.944896] ffff888102df6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.945658] >ffff888102df6400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.946319] ^ [ 34.946922] ffff888102df6480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.947452] ffff888102df6500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.948098] ================================================================== [ 34.950700] ================================================================== [ 34.951296] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 34.952486] Write of size 8 at addr ffff888102df6478 by task kunit_try_catch/311 [ 34.953664] [ 34.953853] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 34.953930] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.953961] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.954015] Call Trace: [ 34.954057] <TASK> [ 34.954097] dump_stack_lvl+0x73/0xb0 [ 34.954355] print_report+0xd1/0x650 [ 34.954393] ? __virt_addr_valid+0x1db/0x2d0 [ 34.954429] ? copy_to_kernel_nofault+0x99/0x260 [ 34.954463] ? kasan_complete_mode_report_info+0x2a/0x200 [ 34.954500] ? copy_to_kernel_nofault+0x99/0x260 [ 34.954549] kasan_report+0x141/0x180 [ 34.954585] ? copy_to_kernel_nofault+0x99/0x260 [ 34.954626] kasan_check_range+0x10c/0x1c0 [ 34.954672] __kasan_check_write+0x18/0x20 [ 34.954706] copy_to_kernel_nofault+0x99/0x260 [ 34.954741] copy_to_kernel_nofault_oob+0x288/0x560 [ 34.954774] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 34.954806] ? finish_task_switch.isra.0+0x153/0x700 [ 34.954838] ? __schedule+0x10cc/0x2b60 [ 34.954871] ? trace_hardirqs_on+0x37/0xe0 [ 34.954912] ? __pfx_read_tsc+0x10/0x10 [ 34.954943] ? ktime_get_ts64+0x86/0x230 [ 34.954976] kunit_try_run_case+0x1a5/0x480 [ 34.955009] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.955041] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 34.955095] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 34.955154] ? __kthread_parkme+0x82/0x180 [ 34.955186] ? preempt_count_sub+0x50/0x80 [ 34.955220] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.955254] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.955288] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 34.955321] kthread+0x337/0x6f0 [ 34.955349] ? trace_preempt_on+0x20/0xc0 [ 34.955379] ? __pfx_kthread+0x10/0x10 [ 34.955408] ? _raw_spin_unlock_irq+0x47/0x80 [ 34.955439] ? calculate_sigpending+0x7b/0xa0 [ 34.955473] ? __pfx_kthread+0x10/0x10 [ 34.955503] ret_from_fork+0x116/0x1d0 [ 34.955529] ? __pfx_kthread+0x10/0x10 [ 34.955579] ret_from_fork_asm+0x1a/0x30 [ 34.955622] </TASK> [ 34.955649] [ 34.969951] Allocated by task 311: [ 34.970212] kasan_save_stack+0x45/0x70 [ 34.970650] kasan_save_track+0x18/0x40 [ 34.971033] kasan_save_alloc_info+0x3b/0x50 [ 34.971736] __kasan_kmalloc+0xb7/0xc0 [ 34.972219] __kmalloc_cache_noprof+0x189/0x420 [ 34.972866] copy_to_kernel_nofault_oob+0x12f/0x560 [ 34.973477] kunit_try_run_case+0x1a5/0x480 [ 34.973999] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.974585] kthread+0x337/0x6f0 [ 34.974960] ret_from_fork+0x116/0x1d0 [ 34.975372] ret_from_fork_asm+0x1a/0x30 [ 34.975771] [ 34.976050] The buggy address belongs to the object at ffff888102df6400 [ 34.976050] which belongs to the cache kmalloc-128 of size 128 [ 34.976821] The buggy address is located 0 bytes to the right of [ 34.976821] allocated 120-byte region [ffff888102df6400, ffff888102df6478) [ 34.977393] [ 34.977531] The buggy address belongs to the physical page: [ 34.978231] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102df6 [ 34.979209] flags: 0x200000000000000(node=0|zone=2) [ 34.979816] page_type: f5(slab) [ 34.980188] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 34.980877] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.981494] page dumped because: kasan: bad access detected [ 34.982245] [ 34.982377] Memory state around the buggy address: [ 34.982735] ffff888102df6300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.983388] ffff888102df6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.984042] >ffff888102df6400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.984466] ^ [ 34.984876] ffff888102df6480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.985613] ffff888102df6500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.986449] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 33.452668] ================================================================== [ 33.453044] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a36/0x5450 [ 33.453468] Read of size 4 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 33.454203] [ 33.454505] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 33.454695] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.454734] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.454808] Call Trace: [ 33.454854] <TASK> [ 33.454902] dump_stack_lvl+0x73/0xb0 [ 33.455009] print_report+0xd1/0x650 [ 33.455072] ? __virt_addr_valid+0x1db/0x2d0 [ 33.455139] ? kasan_atomics_helper+0x4a36/0x5450 [ 33.455203] ? kasan_complete_mode_report_info+0x2a/0x200 [ 33.455278] ? kasan_atomics_helper+0x4a36/0x5450 [ 33.455343] kasan_report+0x141/0x180 [ 33.455407] ? kasan_atomics_helper+0x4a36/0x5450 [ 33.455484] __asan_report_load4_noabort+0x18/0x20 [ 33.455570] kasan_atomics_helper+0x4a36/0x5450 [ 33.455672] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 33.455744] ? __kmalloc_cache_noprof+0x189/0x420 [ 33.455816] ? kasan_atomics+0x152/0x310 [ 33.455903] kasan_atomics+0x1dc/0x310 [ 33.455968] ? __pfx_kasan_atomics+0x10/0x10 [ 33.456034] ? __pfx_read_tsc+0x10/0x10 [ 33.456091] ? ktime_get_ts64+0x86/0x230 [ 33.456159] kunit_try_run_case+0x1a5/0x480 [ 33.456229] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.456296] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 33.456368] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 33.456441] ? __kthread_parkme+0x82/0x180 [ 33.456503] ? preempt_count_sub+0x50/0x80 [ 33.456589] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.456694] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.456749] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.456786] kthread+0x337/0x6f0 [ 33.456817] ? trace_preempt_on+0x20/0xc0 [ 33.456852] ? __pfx_kthread+0x10/0x10 [ 33.456883] ? _raw_spin_unlock_irq+0x47/0x80 [ 33.456915] ? calculate_sigpending+0x7b/0xa0 [ 33.456948] ? __pfx_kthread+0x10/0x10 [ 33.456977] ret_from_fork+0x116/0x1d0 [ 33.457004] ? __pfx_kthread+0x10/0x10 [ 33.457034] ret_from_fork_asm+0x1a/0x30 [ 33.457074] </TASK> [ 33.457090] [ 33.472379] Allocated by task 295: [ 33.472804] kasan_save_stack+0x45/0x70 [ 33.473192] kasan_save_track+0x18/0x40 [ 33.473596] kasan_save_alloc_info+0x3b/0x50 [ 33.473994] __kasan_kmalloc+0xb7/0xc0 [ 33.474356] __kmalloc_cache_noprof+0x189/0x420 [ 33.474794] kasan_atomics+0x95/0x310 [ 33.475048] kunit_try_run_case+0x1a5/0x480 [ 33.475290] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.475855] kthread+0x337/0x6f0 [ 33.476242] ret_from_fork+0x116/0x1d0 [ 33.476674] ret_from_fork_asm+0x1a/0x30 [ 33.477101] [ 33.477275] The buggy address belongs to the object at ffff888102daa080 [ 33.477275] which belongs to the cache kmalloc-64 of size 64 [ 33.478088] The buggy address is located 0 bytes to the right of [ 33.478088] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 33.479044] [ 33.479195] The buggy address belongs to the physical page: [ 33.479672] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 33.480427] flags: 0x200000000000000(node=0|zone=2) [ 33.480821] page_type: f5(slab) [ 33.481045] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 33.481767] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.482349] page dumped because: kasan: bad access detected [ 33.482813] [ 33.483071] Memory state around the buggy address: [ 33.483470] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.484101] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.484624] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.485512] ^ [ 33.485818] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.486165] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.486841] ================================================================== [ 34.091907] ================================================================== [ 34.092587] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1818/0x5450 [ 34.093334] Write of size 8 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 34.094134] [ 34.094316] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 34.094423] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.094454] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.094505] Call Trace: [ 34.094567] <TASK> [ 34.094612] dump_stack_lvl+0x73/0xb0 [ 34.094689] print_report+0xd1/0x650 [ 34.094753] ? __virt_addr_valid+0x1db/0x2d0 [ 34.094818] ? kasan_atomics_helper+0x1818/0x5450 [ 34.094875] ? kasan_complete_mode_report_info+0x2a/0x200 [ 34.094946] ? kasan_atomics_helper+0x1818/0x5450 [ 34.095009] kasan_report+0x141/0x180 [ 34.095071] ? kasan_atomics_helper+0x1818/0x5450 [ 34.095145] kasan_check_range+0x10c/0x1c0 [ 34.095212] __kasan_check_write+0x18/0x20 [ 34.095277] kasan_atomics_helper+0x1818/0x5450 [ 34.095364] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 34.095436] ? __kmalloc_cache_noprof+0x189/0x420 [ 34.095509] ? kasan_atomics+0x152/0x310 [ 34.095598] kasan_atomics+0x1dc/0x310 [ 34.095763] ? __pfx_kasan_atomics+0x10/0x10 [ 34.095847] ? __pfx_read_tsc+0x10/0x10 [ 34.095915] ? ktime_get_ts64+0x86/0x230 [ 34.095987] kunit_try_run_case+0x1a5/0x480 [ 34.096061] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.096127] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 34.096201] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 34.096264] ? __kthread_parkme+0x82/0x180 [ 34.096296] ? preempt_count_sub+0x50/0x80 [ 34.096332] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.096365] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.096400] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 34.096433] kthread+0x337/0x6f0 [ 34.096461] ? trace_preempt_on+0x20/0xc0 [ 34.096494] ? __pfx_kthread+0x10/0x10 [ 34.096523] ? _raw_spin_unlock_irq+0x47/0x80 [ 34.096578] ? calculate_sigpending+0x7b/0xa0 [ 34.096612] ? __pfx_kthread+0x10/0x10 [ 34.096683] ret_from_fork+0x116/0x1d0 [ 34.096715] ? __pfx_kthread+0x10/0x10 [ 34.096744] ret_from_fork_asm+0x1a/0x30 [ 34.096786] </TASK> [ 34.096803] [ 34.111470] Allocated by task 295: [ 34.111781] kasan_save_stack+0x45/0x70 [ 34.112077] kasan_save_track+0x18/0x40 [ 34.112316] kasan_save_alloc_info+0x3b/0x50 [ 34.112811] __kasan_kmalloc+0xb7/0xc0 [ 34.113229] __kmalloc_cache_noprof+0x189/0x420 [ 34.113743] kasan_atomics+0x95/0x310 [ 34.114208] kunit_try_run_case+0x1a5/0x480 [ 34.114735] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.115307] kthread+0x337/0x6f0 [ 34.115794] ret_from_fork+0x116/0x1d0 [ 34.116269] ret_from_fork_asm+0x1a/0x30 [ 34.116777] [ 34.117056] The buggy address belongs to the object at ffff888102daa080 [ 34.117056] which belongs to the cache kmalloc-64 of size 64 [ 34.117986] The buggy address is located 0 bytes to the right of [ 34.117986] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 34.118831] [ 34.119105] The buggy address belongs to the physical page: [ 34.119589] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 34.120033] flags: 0x200000000000000(node=0|zone=2) [ 34.120487] page_type: f5(slab) [ 34.120920] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 34.121611] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 34.122271] page dumped because: kasan: bad access detected [ 34.122864] [ 34.123032] Memory state around the buggy address: [ 34.123418] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.124043] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.124393] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 34.125164] ^ [ 34.125770] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.126467] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.126948] ================================================================== [ 32.698519] ================================================================== [ 32.699007] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b54/0x5450 [ 32.700442] Read of size 4 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 32.701107] [ 32.701446] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 32.701618] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.701655] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.701708] Call Trace: [ 32.701754] <TASK> [ 32.701800] dump_stack_lvl+0x73/0xb0 [ 32.701881] print_report+0xd1/0x650 [ 32.701948] ? __virt_addr_valid+0x1db/0x2d0 [ 32.702016] ? kasan_atomics_helper+0x4b54/0x5450 [ 32.702078] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.702190] ? kasan_atomics_helper+0x4b54/0x5450 [ 32.702224] kasan_report+0x141/0x180 [ 32.702257] ? kasan_atomics_helper+0x4b54/0x5450 [ 32.702294] __asan_report_load4_noabort+0x18/0x20 [ 32.702328] kasan_atomics_helper+0x4b54/0x5450 [ 32.702359] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 32.702389] ? __kmalloc_cache_noprof+0x189/0x420 [ 32.702424] ? kasan_atomics+0x152/0x310 [ 32.702459] kasan_atomics+0x1dc/0x310 [ 32.702490] ? __pfx_kasan_atomics+0x10/0x10 [ 32.702523] ? __pfx_read_tsc+0x10/0x10 [ 32.702579] ? ktime_get_ts64+0x86/0x230 [ 32.702614] kunit_try_run_case+0x1a5/0x480 [ 32.702675] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.702708] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.702744] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.702778] ? __kthread_parkme+0x82/0x180 [ 32.702808] ? preempt_count_sub+0x50/0x80 [ 32.702841] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.702874] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.702907] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.702940] kthread+0x337/0x6f0 [ 32.702969] ? trace_preempt_on+0x20/0xc0 [ 32.703002] ? __pfx_kthread+0x10/0x10 [ 32.703031] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.703063] ? calculate_sigpending+0x7b/0xa0 [ 32.703095] ? __pfx_kthread+0x10/0x10 [ 32.703125] ret_from_fork+0x116/0x1d0 [ 32.703152] ? __pfx_kthread+0x10/0x10 [ 32.703181] ret_from_fork_asm+0x1a/0x30 [ 32.703221] </TASK> [ 32.703236] [ 32.716673] Allocated by task 295: [ 32.717096] kasan_save_stack+0x45/0x70 [ 32.717518] kasan_save_track+0x18/0x40 [ 32.718000] kasan_save_alloc_info+0x3b/0x50 [ 32.718445] __kasan_kmalloc+0xb7/0xc0 [ 32.718854] __kmalloc_cache_noprof+0x189/0x420 [ 32.719321] kasan_atomics+0x95/0x310 [ 32.719746] kunit_try_run_case+0x1a5/0x480 [ 32.720159] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.720815] kthread+0x337/0x6f0 [ 32.721236] ret_from_fork+0x116/0x1d0 [ 32.721662] ret_from_fork_asm+0x1a/0x30 [ 32.721996] [ 32.722213] The buggy address belongs to the object at ffff888102daa080 [ 32.722213] which belongs to the cache kmalloc-64 of size 64 [ 32.723063] The buggy address is located 0 bytes to the right of [ 32.723063] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 32.723997] [ 32.724313] The buggy address belongs to the physical page: [ 32.724899] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 32.725658] flags: 0x200000000000000(node=0|zone=2) [ 32.726102] page_type: f5(slab) [ 32.726503] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 32.727159] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.727950] page dumped because: kasan: bad access detected [ 32.728321] [ 32.728593] Memory state around the buggy address: [ 32.729130] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.729720] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.730278] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.730896] ^ [ 32.731340] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.731877] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.732367] ================================================================== [ 32.988352] ================================================================== [ 32.989068] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x860/0x5450 [ 32.990387] Write of size 4 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 32.991389] [ 32.991601] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 32.991779] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.991812] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.991896] Call Trace: [ 32.991942] <TASK> [ 32.991991] dump_stack_lvl+0x73/0xb0 [ 32.992068] print_report+0xd1/0x650 [ 32.992115] ? __virt_addr_valid+0x1db/0x2d0 [ 32.992152] ? kasan_atomics_helper+0x860/0x5450 [ 32.992184] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.992220] ? kasan_atomics_helper+0x860/0x5450 [ 32.992251] kasan_report+0x141/0x180 [ 32.992281] ? kasan_atomics_helper+0x860/0x5450 [ 32.992316] kasan_check_range+0x10c/0x1c0 [ 32.992348] __kasan_check_write+0x18/0x20 [ 32.992379] kasan_atomics_helper+0x860/0x5450 [ 32.992410] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 32.992439] ? __kmalloc_cache_noprof+0x189/0x420 [ 32.992473] ? kasan_atomics+0x152/0x310 [ 32.992508] kasan_atomics+0x1dc/0x310 [ 32.992558] ? __pfx_kasan_atomics+0x10/0x10 [ 32.992594] ? __pfx_read_tsc+0x10/0x10 [ 32.992641] ? ktime_get_ts64+0x86/0x230 [ 32.992698] kunit_try_run_case+0x1a5/0x480 [ 32.992734] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.992766] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.992801] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.992835] ? __kthread_parkme+0x82/0x180 [ 32.992865] ? preempt_count_sub+0x50/0x80 [ 32.992899] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.992932] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.992966] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.992999] kthread+0x337/0x6f0 [ 32.993027] ? trace_preempt_on+0x20/0xc0 [ 32.993060] ? __pfx_kthread+0x10/0x10 [ 32.993089] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.993121] ? calculate_sigpending+0x7b/0xa0 [ 32.993153] ? __pfx_kthread+0x10/0x10 [ 32.993183] ret_from_fork+0x116/0x1d0 [ 32.993210] ? __pfx_kthread+0x10/0x10 [ 32.993239] ret_from_fork_asm+0x1a/0x30 [ 32.993280] </TASK> [ 32.993296] [ 33.007586] Allocated by task 295: [ 33.008066] kasan_save_stack+0x45/0x70 [ 33.008510] kasan_save_track+0x18/0x40 [ 33.009006] kasan_save_alloc_info+0x3b/0x50 [ 33.009434] __kasan_kmalloc+0xb7/0xc0 [ 33.009911] __kmalloc_cache_noprof+0x189/0x420 [ 33.010329] kasan_atomics+0x95/0x310 [ 33.010812] kunit_try_run_case+0x1a5/0x480 [ 33.011093] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.011389] kthread+0x337/0x6f0 [ 33.011618] ret_from_fork+0x116/0x1d0 [ 33.011914] ret_from_fork_asm+0x1a/0x30 [ 33.012362] [ 33.012584] The buggy address belongs to the object at ffff888102daa080 [ 33.012584] which belongs to the cache kmalloc-64 of size 64 [ 33.013772] The buggy address is located 0 bytes to the right of [ 33.013772] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 33.015115] [ 33.015335] The buggy address belongs to the physical page: [ 33.015888] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 33.016600] flags: 0x200000000000000(node=0|zone=2) [ 33.017050] page_type: f5(slab) [ 33.017341] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 33.018067] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.018851] page dumped because: kasan: bad access detected [ 33.019398] [ 33.019653] Memory state around the buggy address: [ 33.019996] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.020704] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.021279] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.021953] ^ [ 33.022325] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.022961] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.023585] ================================================================== [ 33.630282] ================================================================== [ 33.631817] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1217/0x5450 [ 33.632224] Write of size 4 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 33.632908] [ 33.633097] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 33.633210] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.633244] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.633299] Call Trace: [ 33.633344] <TASK> [ 33.633389] dump_stack_lvl+0x73/0xb0 [ 33.633469] print_report+0xd1/0x650 [ 33.633549] ? __virt_addr_valid+0x1db/0x2d0 [ 33.633619] ? kasan_atomics_helper+0x1217/0x5450 [ 33.633683] ? kasan_complete_mode_report_info+0x2a/0x200 [ 33.633756] ? kasan_atomics_helper+0x1217/0x5450 [ 33.633821] kasan_report+0x141/0x180 [ 33.633883] ? kasan_atomics_helper+0x1217/0x5450 [ 33.633953] kasan_check_range+0x10c/0x1c0 [ 33.634014] __kasan_check_write+0x18/0x20 [ 33.634077] kasan_atomics_helper+0x1217/0x5450 [ 33.634175] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 33.634270] ? __kmalloc_cache_noprof+0x189/0x420 [ 33.634335] ? kasan_atomics+0x152/0x310 [ 33.634397] kasan_atomics+0x1dc/0x310 [ 33.634460] ? __pfx_kasan_atomics+0x10/0x10 [ 33.634787] ? __pfx_read_tsc+0x10/0x10 [ 33.634861] ? ktime_get_ts64+0x86/0x230 [ 33.634931] kunit_try_run_case+0x1a5/0x480 [ 33.635005] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.635072] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 33.635143] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 33.635184] ? __kthread_parkme+0x82/0x180 [ 33.635216] ? preempt_count_sub+0x50/0x80 [ 33.635250] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.635285] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.635321] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.635355] kthread+0x337/0x6f0 [ 33.635383] ? trace_preempt_on+0x20/0xc0 [ 33.635416] ? __pfx_kthread+0x10/0x10 [ 33.635446] ? _raw_spin_unlock_irq+0x47/0x80 [ 33.635478] ? calculate_sigpending+0x7b/0xa0 [ 33.635511] ? __pfx_kthread+0x10/0x10 [ 33.635563] ret_from_fork+0x116/0x1d0 [ 33.635592] ? __pfx_kthread+0x10/0x10 [ 33.635623] ret_from_fork_asm+0x1a/0x30 [ 33.635681] </TASK> [ 33.635697] [ 33.648141] Allocated by task 295: [ 33.648479] kasan_save_stack+0x45/0x70 [ 33.648994] kasan_save_track+0x18/0x40 [ 33.649254] kasan_save_alloc_info+0x3b/0x50 [ 33.649516] __kasan_kmalloc+0xb7/0xc0 [ 33.649948] __kmalloc_cache_noprof+0x189/0x420 [ 33.650520] kasan_atomics+0x95/0x310 [ 33.651041] kunit_try_run_case+0x1a5/0x480 [ 33.651487] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.652153] kthread+0x337/0x6f0 [ 33.652497] ret_from_fork+0x116/0x1d0 [ 33.652973] ret_from_fork_asm+0x1a/0x30 [ 33.653400] [ 33.653556] The buggy address belongs to the object at ffff888102daa080 [ 33.653556] which belongs to the cache kmalloc-64 of size 64 [ 33.654132] The buggy address is located 0 bytes to the right of [ 33.654132] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 33.654884] [ 33.655104] The buggy address belongs to the physical page: [ 33.655655] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 33.656390] flags: 0x200000000000000(node=0|zone=2) [ 33.656979] page_type: f5(slab) [ 33.657331] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 33.658136] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.658716] page dumped because: kasan: bad access detected [ 33.659073] [ 33.659341] Memory state around the buggy address: [ 33.659857] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.660218] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.660579] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.661241] ^ [ 33.661812] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.662476] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.663144] ================================================================== [ 33.948748] ================================================================== [ 33.949402] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b6/0x5450 [ 33.950030] Write of size 8 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 33.950552] [ 33.950952] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 33.951074] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.951109] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.951159] Call Trace: [ 33.951202] <TASK> [ 33.951248] dump_stack_lvl+0x73/0xb0 [ 33.951325] print_report+0xd1/0x650 [ 33.951387] ? __virt_addr_valid+0x1db/0x2d0 [ 33.951447] ? kasan_atomics_helper+0x15b6/0x5450 [ 33.951501] ? kasan_complete_mode_report_info+0x2a/0x200 [ 33.951587] ? kasan_atomics_helper+0x15b6/0x5450 [ 33.951686] kasan_report+0x141/0x180 [ 33.951750] ? kasan_atomics_helper+0x15b6/0x5450 [ 33.951836] kasan_check_range+0x10c/0x1c0 [ 33.951905] __kasan_check_write+0x18/0x20 [ 33.951961] kasan_atomics_helper+0x15b6/0x5450 [ 33.951996] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 33.952028] ? __kmalloc_cache_noprof+0x189/0x420 [ 33.952064] ? kasan_atomics+0x152/0x310 [ 33.952100] kasan_atomics+0x1dc/0x310 [ 33.952132] ? __pfx_kasan_atomics+0x10/0x10 [ 33.952164] ? __pfx_read_tsc+0x10/0x10 [ 33.952198] ? ktime_get_ts64+0x86/0x230 [ 33.952232] kunit_try_run_case+0x1a5/0x480 [ 33.952266] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.952298] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 33.952334] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 33.952367] ? __kthread_parkme+0x82/0x180 [ 33.952396] ? preempt_count_sub+0x50/0x80 [ 33.952428] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.952461] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.952494] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.952527] kthread+0x337/0x6f0 [ 33.952579] ? trace_preempt_on+0x20/0xc0 [ 33.952614] ? __pfx_kthread+0x10/0x10 [ 33.952669] ? _raw_spin_unlock_irq+0x47/0x80 [ 33.952703] ? calculate_sigpending+0x7b/0xa0 [ 33.952737] ? __pfx_kthread+0x10/0x10 [ 33.952767] ret_from_fork+0x116/0x1d0 [ 33.952795] ? __pfx_kthread+0x10/0x10 [ 33.952824] ret_from_fork_asm+0x1a/0x30 [ 33.952865] </TASK> [ 33.952882] [ 33.967597] Allocated by task 295: [ 33.968337] kasan_save_stack+0x45/0x70 [ 33.968894] kasan_save_track+0x18/0x40 [ 33.969376] kasan_save_alloc_info+0x3b/0x50 [ 33.969816] __kasan_kmalloc+0xb7/0xc0 [ 33.970298] __kmalloc_cache_noprof+0x189/0x420 [ 33.970729] kasan_atomics+0x95/0x310 [ 33.971155] kunit_try_run_case+0x1a5/0x480 [ 33.971767] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.972143] kthread+0x337/0x6f0 [ 33.972605] ret_from_fork+0x116/0x1d0 [ 33.973131] ret_from_fork_asm+0x1a/0x30 [ 33.973614] [ 33.973872] The buggy address belongs to the object at ffff888102daa080 [ 33.973872] which belongs to the cache kmalloc-64 of size 64 [ 33.974647] The buggy address is located 0 bytes to the right of [ 33.974647] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 33.975906] [ 33.976063] The buggy address belongs to the physical page: [ 33.976690] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 33.977352] flags: 0x200000000000000(node=0|zone=2) [ 33.977821] page_type: f5(slab) [ 33.978300] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 33.978953] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.979667] page dumped because: kasan: bad access detected [ 33.980139] [ 33.980377] Memory state around the buggy address: [ 33.980908] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.981471] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.982121] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.982713] ^ [ 33.982983] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.983745] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.984226] ================================================================== [ 32.916130] ================================================================== [ 32.916602] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x72f/0x5450 [ 32.917356] Write of size 4 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 32.918049] [ 32.918271] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 32.918413] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.918464] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.918518] Call Trace: [ 32.918579] <TASK> [ 32.918638] dump_stack_lvl+0x73/0xb0 [ 32.918713] print_report+0xd1/0x650 [ 32.918776] ? __virt_addr_valid+0x1db/0x2d0 [ 32.918840] ? kasan_atomics_helper+0x72f/0x5450 [ 32.918899] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.918962] ? kasan_atomics_helper+0x72f/0x5450 [ 32.919049] kasan_report+0x141/0x180 [ 32.919113] ? kasan_atomics_helper+0x72f/0x5450 [ 32.919189] kasan_check_range+0x10c/0x1c0 [ 32.919256] __kasan_check_write+0x18/0x20 [ 32.919318] kasan_atomics_helper+0x72f/0x5450 [ 32.919352] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 32.919384] ? __kmalloc_cache_noprof+0x189/0x420 [ 32.919419] ? kasan_atomics+0x152/0x310 [ 32.919454] kasan_atomics+0x1dc/0x310 [ 32.919485] ? __pfx_kasan_atomics+0x10/0x10 [ 32.919517] ? __pfx_read_tsc+0x10/0x10 [ 32.919571] ? ktime_get_ts64+0x86/0x230 [ 32.919606] kunit_try_run_case+0x1a5/0x480 [ 32.919654] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.919690] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.919729] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.919763] ? __kthread_parkme+0x82/0x180 [ 32.919792] ? preempt_count_sub+0x50/0x80 [ 32.919837] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.919871] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.919904] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.919937] kthread+0x337/0x6f0 [ 32.919965] ? trace_preempt_on+0x20/0xc0 [ 32.919998] ? __pfx_kthread+0x10/0x10 [ 32.920027] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.920059] ? calculate_sigpending+0x7b/0xa0 [ 32.920092] ? __pfx_kthread+0x10/0x10 [ 32.920121] ret_from_fork+0x116/0x1d0 [ 32.920148] ? __pfx_kthread+0x10/0x10 [ 32.920176] ret_from_fork_asm+0x1a/0x30 [ 32.920217] </TASK> [ 32.920233] [ 32.936955] Allocated by task 295: [ 32.937231] kasan_save_stack+0x45/0x70 [ 32.937695] kasan_save_track+0x18/0x40 [ 32.937997] kasan_save_alloc_info+0x3b/0x50 [ 32.938382] __kasan_kmalloc+0xb7/0xc0 [ 32.938768] __kmalloc_cache_noprof+0x189/0x420 [ 32.939176] kasan_atomics+0x95/0x310 [ 32.939615] kunit_try_run_case+0x1a5/0x480 [ 32.939936] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.940533] kthread+0x337/0x6f0 [ 32.941026] ret_from_fork+0x116/0x1d0 [ 32.941433] ret_from_fork_asm+0x1a/0x30 [ 32.941888] [ 32.942119] The buggy address belongs to the object at ffff888102daa080 [ 32.942119] which belongs to the cache kmalloc-64 of size 64 [ 32.943053] The buggy address is located 0 bytes to the right of [ 32.943053] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 32.943918] [ 32.944187] The buggy address belongs to the physical page: [ 32.944825] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 32.945465] flags: 0x200000000000000(node=0|zone=2) [ 32.945900] page_type: f5(slab) [ 32.946278] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 32.946950] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.947595] page dumped because: kasan: bad access detected [ 32.948077] [ 32.948286] Memory state around the buggy address: [ 32.948725] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.949396] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.950058] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.950609] ^ [ 32.951150] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.951707] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.952288] ================================================================== [ 34.020306] ================================================================== [ 34.021144] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16e7/0x5450 [ 34.021752] Write of size 8 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 34.022203] [ 34.022444] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 34.022604] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.022665] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.022720] Call Trace: [ 34.022763] <TASK> [ 34.022808] dump_stack_lvl+0x73/0xb0 [ 34.022886] print_report+0xd1/0x650 [ 34.022949] ? __virt_addr_valid+0x1db/0x2d0 [ 34.023011] ? kasan_atomics_helper+0x16e7/0x5450 [ 34.023067] ? kasan_complete_mode_report_info+0x2a/0x200 [ 34.023134] ? kasan_atomics_helper+0x16e7/0x5450 [ 34.023194] kasan_report+0x141/0x180 [ 34.023259] ? kasan_atomics_helper+0x16e7/0x5450 [ 34.023327] kasan_check_range+0x10c/0x1c0 [ 34.023389] __kasan_check_write+0x18/0x20 [ 34.023449] kasan_atomics_helper+0x16e7/0x5450 [ 34.023507] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 34.023587] ? __kmalloc_cache_noprof+0x189/0x420 [ 34.023692] ? kasan_atomics+0x152/0x310 [ 34.023761] kasan_atomics+0x1dc/0x310 [ 34.023830] ? __pfx_kasan_atomics+0x10/0x10 [ 34.023898] ? __pfx_read_tsc+0x10/0x10 [ 34.023956] ? ktime_get_ts64+0x86/0x230 [ 34.024018] kunit_try_run_case+0x1a5/0x480 [ 34.024059] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.024094] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 34.024131] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 34.024165] ? __kthread_parkme+0x82/0x180 [ 34.024195] ? preempt_count_sub+0x50/0x80 [ 34.024227] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.024299] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.024334] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 34.024368] kthread+0x337/0x6f0 [ 34.024396] ? trace_preempt_on+0x20/0xc0 [ 34.024429] ? __pfx_kthread+0x10/0x10 [ 34.024459] ? _raw_spin_unlock_irq+0x47/0x80 [ 34.024491] ? calculate_sigpending+0x7b/0xa0 [ 34.024524] ? __pfx_kthread+0x10/0x10 [ 34.024579] ret_from_fork+0x116/0x1d0 [ 34.024608] ? __pfx_kthread+0x10/0x10 [ 34.024662] ret_from_fork_asm+0x1a/0x30 [ 34.024708] </TASK> [ 34.024726] [ 34.039267] Allocated by task 295: [ 34.039770] kasan_save_stack+0x45/0x70 [ 34.040256] kasan_save_track+0x18/0x40 [ 34.040748] kasan_save_alloc_info+0x3b/0x50 [ 34.041123] __kasan_kmalloc+0xb7/0xc0 [ 34.041586] __kmalloc_cache_noprof+0x189/0x420 [ 34.042117] kasan_atomics+0x95/0x310 [ 34.042411] kunit_try_run_case+0x1a5/0x480 [ 34.042874] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.043275] kthread+0x337/0x6f0 [ 34.043700] ret_from_fork+0x116/0x1d0 [ 34.044044] ret_from_fork_asm+0x1a/0x30 [ 34.044355] [ 34.044606] The buggy address belongs to the object at ffff888102daa080 [ 34.044606] which belongs to the cache kmalloc-64 of size 64 [ 34.045460] The buggy address is located 0 bytes to the right of [ 34.045460] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 34.046397] [ 34.046671] The buggy address belongs to the physical page: [ 34.047089] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 34.047795] flags: 0x200000000000000(node=0|zone=2) [ 34.048120] page_type: f5(slab) [ 34.048525] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 34.049232] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 34.049920] page dumped because: kasan: bad access detected [ 34.050245] [ 34.050393] Memory state around the buggy address: [ 34.050818] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.051398] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.051951] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 34.052482] ^ [ 34.052986] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.053497] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.054066] ================================================================== [ 34.305849] ================================================================== [ 34.306390] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1c18/0x5450 [ 34.307095] Write of size 8 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 34.307478] [ 34.307813] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 34.307951] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.307988] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.308038] Call Trace: [ 34.308079] <TASK> [ 34.308137] dump_stack_lvl+0x73/0xb0 [ 34.308234] print_report+0xd1/0x650 [ 34.308300] ? __virt_addr_valid+0x1db/0x2d0 [ 34.308363] ? kasan_atomics_helper+0x1c18/0x5450 [ 34.308424] ? kasan_complete_mode_report_info+0x2a/0x200 [ 34.308502] ? kasan_atomics_helper+0x1c18/0x5450 [ 34.308589] kasan_report+0x141/0x180 [ 34.308691] ? kasan_atomics_helper+0x1c18/0x5450 [ 34.308765] kasan_check_range+0x10c/0x1c0 [ 34.308840] __kasan_check_write+0x18/0x20 [ 34.308925] kasan_atomics_helper+0x1c18/0x5450 [ 34.308985] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 34.309025] ? __kmalloc_cache_noprof+0x189/0x420 [ 34.309063] ? kasan_atomics+0x152/0x310 [ 34.309100] kasan_atomics+0x1dc/0x310 [ 34.309135] ? __pfx_kasan_atomics+0x10/0x10 [ 34.309192] ? __pfx_read_tsc+0x10/0x10 [ 34.309253] ? ktime_get_ts64+0x86/0x230 [ 34.309330] kunit_try_run_case+0x1a5/0x480 [ 34.309418] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.309478] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 34.309560] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 34.309660] ? __kthread_parkme+0x82/0x180 [ 34.309740] ? preempt_count_sub+0x50/0x80 [ 34.309825] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.309867] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.309902] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 34.309936] kthread+0x337/0x6f0 [ 34.309965] ? trace_preempt_on+0x20/0xc0 [ 34.310000] ? __pfx_kthread+0x10/0x10 [ 34.310030] ? _raw_spin_unlock_irq+0x47/0x80 [ 34.310064] ? calculate_sigpending+0x7b/0xa0 [ 34.310098] ? __pfx_kthread+0x10/0x10 [ 34.310128] ret_from_fork+0x116/0x1d0 [ 34.310155] ? __pfx_kthread+0x10/0x10 [ 34.310183] ret_from_fork_asm+0x1a/0x30 [ 34.310225] </TASK> [ 34.310241] [ 34.324123] Allocated by task 295: [ 34.324584] kasan_save_stack+0x45/0x70 [ 34.325037] kasan_save_track+0x18/0x40 [ 34.325291] kasan_save_alloc_info+0x3b/0x50 [ 34.325598] __kasan_kmalloc+0xb7/0xc0 [ 34.326107] __kmalloc_cache_noprof+0x189/0x420 [ 34.326591] kasan_atomics+0x95/0x310 [ 34.327003] kunit_try_run_case+0x1a5/0x480 [ 34.327414] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.327948] kthread+0x337/0x6f0 [ 34.328346] ret_from_fork+0x116/0x1d0 [ 34.328866] ret_from_fork_asm+0x1a/0x30 [ 34.329221] [ 34.329362] The buggy address belongs to the object at ffff888102daa080 [ 34.329362] which belongs to the cache kmalloc-64 of size 64 [ 34.330407] The buggy address is located 0 bytes to the right of [ 34.330407] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 34.331514] [ 34.331815] The buggy address belongs to the physical page: [ 34.332237] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 34.332893] flags: 0x200000000000000(node=0|zone=2) [ 34.333345] page_type: f5(slab) [ 34.333760] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 34.334433] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 34.335030] page dumped because: kasan: bad access detected [ 34.335324] [ 34.335452] Memory state around the buggy address: [ 34.335917] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.336712] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.337444] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 34.337979] ^ [ 34.338434] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.338960] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.339331] ================================================================== [ 34.197923] ================================================================== [ 34.198564] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x19e3/0x5450 [ 34.199792] Write of size 8 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 34.200434] [ 34.200710] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 34.200830] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.200863] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.200916] Call Trace: [ 34.200961] <TASK> [ 34.201003] dump_stack_lvl+0x73/0xb0 [ 34.201084] print_report+0xd1/0x650 [ 34.201147] ? __virt_addr_valid+0x1db/0x2d0 [ 34.201215] ? kasan_atomics_helper+0x19e3/0x5450 [ 34.201276] ? kasan_complete_mode_report_info+0x2a/0x200 [ 34.201399] ? kasan_atomics_helper+0x19e3/0x5450 [ 34.201467] kasan_report+0x141/0x180 [ 34.201533] ? kasan_atomics_helper+0x19e3/0x5450 [ 34.201654] kasan_check_range+0x10c/0x1c0 [ 34.201703] __kasan_check_write+0x18/0x20 [ 34.201739] kasan_atomics_helper+0x19e3/0x5450 [ 34.201771] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 34.201803] ? __kmalloc_cache_noprof+0x189/0x420 [ 34.201837] ? kasan_atomics+0x152/0x310 [ 34.201872] kasan_atomics+0x1dc/0x310 [ 34.201904] ? __pfx_kasan_atomics+0x10/0x10 [ 34.201936] ? __pfx_read_tsc+0x10/0x10 [ 34.201969] ? ktime_get_ts64+0x86/0x230 [ 34.202002] kunit_try_run_case+0x1a5/0x480 [ 34.202036] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.202068] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 34.202103] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 34.202135] ? __kthread_parkme+0x82/0x180 [ 34.202164] ? preempt_count_sub+0x50/0x80 [ 34.202197] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.202230] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.202262] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 34.202295] kthread+0x337/0x6f0 [ 34.202323] ? trace_preempt_on+0x20/0xc0 [ 34.202355] ? __pfx_kthread+0x10/0x10 [ 34.202383] ? _raw_spin_unlock_irq+0x47/0x80 [ 34.202415] ? calculate_sigpending+0x7b/0xa0 [ 34.202447] ? __pfx_kthread+0x10/0x10 [ 34.202476] ret_from_fork+0x116/0x1d0 [ 34.202503] ? __pfx_kthread+0x10/0x10 [ 34.202531] ret_from_fork_asm+0x1a/0x30 [ 34.202592] </TASK> [ 34.202609] [ 34.214665] Allocated by task 295: [ 34.215009] kasan_save_stack+0x45/0x70 [ 34.215462] kasan_save_track+0x18/0x40 [ 34.215967] kasan_save_alloc_info+0x3b/0x50 [ 34.216415] __kasan_kmalloc+0xb7/0xc0 [ 34.216823] __kmalloc_cache_noprof+0x189/0x420 [ 34.217341] kasan_atomics+0x95/0x310 [ 34.217760] kunit_try_run_case+0x1a5/0x480 [ 34.218176] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.218491] kthread+0x337/0x6f0 [ 34.218735] ret_from_fork+0x116/0x1d0 [ 34.218977] ret_from_fork_asm+0x1a/0x30 [ 34.219297] [ 34.219524] The buggy address belongs to the object at ffff888102daa080 [ 34.219524] which belongs to the cache kmalloc-64 of size 64 [ 34.220659] The buggy address is located 0 bytes to the right of [ 34.220659] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 34.221793] [ 34.222017] The buggy address belongs to the physical page: [ 34.222517] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 34.223145] flags: 0x200000000000000(node=0|zone=2) [ 34.223433] page_type: f5(slab) [ 34.223670] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 34.224224] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 34.224980] page dumped because: kasan: bad access detected [ 34.225510] [ 34.225772] Memory state around the buggy address: [ 34.226238] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.226862] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.227221] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 34.227696] ^ [ 34.228182] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.228884] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.229486] ================================================================== [ 33.664364] ================================================================== [ 33.665035] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49e8/0x5450 [ 33.666071] Read of size 4 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 33.667124] [ 33.667387] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 33.667511] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.667559] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.667615] Call Trace: [ 33.667689] <TASK> [ 33.667733] dump_stack_lvl+0x73/0xb0 [ 33.667834] print_report+0xd1/0x650 [ 33.667919] ? __virt_addr_valid+0x1db/0x2d0 [ 33.667983] ? kasan_atomics_helper+0x49e8/0x5450 [ 33.668039] ? kasan_complete_mode_report_info+0x2a/0x200 [ 33.668106] ? kasan_atomics_helper+0x49e8/0x5450 [ 33.668178] kasan_report+0x141/0x180 [ 33.668262] ? kasan_atomics_helper+0x49e8/0x5450 [ 33.668327] __asan_report_load4_noabort+0x18/0x20 [ 33.668393] kasan_atomics_helper+0x49e8/0x5450 [ 33.668455] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 33.668519] ? __kmalloc_cache_noprof+0x189/0x420 [ 33.668615] ? kasan_atomics+0x152/0x310 [ 33.668726] kasan_atomics+0x1dc/0x310 [ 33.668796] ? __pfx_kasan_atomics+0x10/0x10 [ 33.668867] ? __pfx_read_tsc+0x10/0x10 [ 33.668922] ? ktime_get_ts64+0x86/0x230 [ 33.668971] kunit_try_run_case+0x1a5/0x480 [ 33.669009] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.669043] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 33.669078] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 33.669111] ? __kthread_parkme+0x82/0x180 [ 33.669140] ? preempt_count_sub+0x50/0x80 [ 33.669174] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.669206] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.669240] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.669273] kthread+0x337/0x6f0 [ 33.669300] ? trace_preempt_on+0x20/0xc0 [ 33.669333] ? __pfx_kthread+0x10/0x10 [ 33.669363] ? _raw_spin_unlock_irq+0x47/0x80 [ 33.669394] ? calculate_sigpending+0x7b/0xa0 [ 33.669427] ? __pfx_kthread+0x10/0x10 [ 33.669457] ret_from_fork+0x116/0x1d0 [ 33.669484] ? __pfx_kthread+0x10/0x10 [ 33.669512] ret_from_fork_asm+0x1a/0x30 [ 33.669576] </TASK> [ 33.669592] [ 33.685402] Allocated by task 295: [ 33.686059] kasan_save_stack+0x45/0x70 [ 33.686400] kasan_save_track+0x18/0x40 [ 33.686723] kasan_save_alloc_info+0x3b/0x50 [ 33.687144] __kasan_kmalloc+0xb7/0xc0 [ 33.687870] __kmalloc_cache_noprof+0x189/0x420 [ 33.688182] kasan_atomics+0x95/0x310 [ 33.688479] kunit_try_run_case+0x1a5/0x480 [ 33.688975] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.689360] kthread+0x337/0x6f0 [ 33.689653] ret_from_fork+0x116/0x1d0 [ 33.689995] ret_from_fork_asm+0x1a/0x30 [ 33.690393] [ 33.690552] The buggy address belongs to the object at ffff888102daa080 [ 33.690552] which belongs to the cache kmalloc-64 of size 64 [ 33.691447] The buggy address is located 0 bytes to the right of [ 33.691447] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 33.692325] [ 33.692556] The buggy address belongs to the physical page: [ 33.692937] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 33.693431] flags: 0x200000000000000(node=0|zone=2) [ 33.693954] page_type: f5(slab) [ 33.694298] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 33.694831] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.695292] page dumped because: kasan: bad access detected [ 33.695831] [ 33.696038] Memory state around the buggy address: [ 33.696449] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.697077] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.697594] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.698096] ^ [ 33.698432] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.700099] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.700775] ================================================================== [ 34.340578] ================================================================== [ 34.341247] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f30/0x5450 [ 34.341833] Read of size 8 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 34.342360] [ 34.342626] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 34.342735] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.342769] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.342861] Call Trace: [ 34.342925] <TASK> [ 34.342972] dump_stack_lvl+0x73/0xb0 [ 34.343049] print_report+0xd1/0x650 [ 34.343108] ? __virt_addr_valid+0x1db/0x2d0 [ 34.343224] ? kasan_atomics_helper+0x4f30/0x5450 [ 34.343314] ? kasan_complete_mode_report_info+0x2a/0x200 [ 34.343386] ? kasan_atomics_helper+0x4f30/0x5450 [ 34.343450] kasan_report+0x141/0x180 [ 34.343573] ? kasan_atomics_helper+0x4f30/0x5450 [ 34.343654] __asan_report_load8_noabort+0x18/0x20 [ 34.343724] kasan_atomics_helper+0x4f30/0x5450 [ 34.343783] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 34.343847] ? __kmalloc_cache_noprof+0x189/0x420 [ 34.343904] ? kasan_atomics+0x152/0x310 [ 34.343972] kasan_atomics+0x1dc/0x310 [ 34.344077] ? __pfx_kasan_atomics+0x10/0x10 [ 34.344167] ? __pfx_read_tsc+0x10/0x10 [ 34.344322] ? ktime_get_ts64+0x86/0x230 [ 34.344465] kunit_try_run_case+0x1a5/0x480 [ 34.344584] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.344701] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 34.344782] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 34.344854] ? __kthread_parkme+0x82/0x180 [ 34.344918] ? preempt_count_sub+0x50/0x80 [ 34.344987] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.345053] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.345159] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 34.345256] kthread+0x337/0x6f0 [ 34.345315] ? trace_preempt_on+0x20/0xc0 [ 34.345380] ? __pfx_kthread+0x10/0x10 [ 34.345478] ? _raw_spin_unlock_irq+0x47/0x80 [ 34.345581] ? calculate_sigpending+0x7b/0xa0 [ 34.345656] ? __pfx_kthread+0x10/0x10 [ 34.345704] ret_from_fork+0x116/0x1d0 [ 34.345736] ? __pfx_kthread+0x10/0x10 [ 34.345768] ret_from_fork_asm+0x1a/0x30 [ 34.345811] </TASK> [ 34.345827] [ 34.359198] Allocated by task 295: [ 34.359593] kasan_save_stack+0x45/0x70 [ 34.360080] kasan_save_track+0x18/0x40 [ 34.360529] kasan_save_alloc_info+0x3b/0x50 [ 34.361050] __kasan_kmalloc+0xb7/0xc0 [ 34.361363] __kmalloc_cache_noprof+0x189/0x420 [ 34.361783] kasan_atomics+0x95/0x310 [ 34.362176] kunit_try_run_case+0x1a5/0x480 [ 34.362748] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.363344] kthread+0x337/0x6f0 [ 34.363772] ret_from_fork+0x116/0x1d0 [ 34.364089] ret_from_fork_asm+0x1a/0x30 [ 34.364630] [ 34.364847] The buggy address belongs to the object at ffff888102daa080 [ 34.364847] which belongs to the cache kmalloc-64 of size 64 [ 34.365767] The buggy address is located 0 bytes to the right of [ 34.365767] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 34.366759] [ 34.366979] The buggy address belongs to the physical page: [ 34.367511] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 34.368120] flags: 0x200000000000000(node=0|zone=2) [ 34.368571] page_type: f5(slab) [ 34.368995] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 34.369401] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 34.369969] page dumped because: kasan: bad access detected [ 34.370523] [ 34.370862] Memory state around the buggy address: [ 34.371223] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.371864] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.372226] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 34.372870] ^ [ 34.373480] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.374217] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.374884] ================================================================== [ 32.629641] ================================================================== [ 32.630178] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b6e/0x5450 [ 32.630704] Write of size 4 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 32.631239] [ 32.631601] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 32.631761] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.631798] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.631901] Call Trace: [ 32.631937] <TASK> [ 32.631998] dump_stack_lvl+0x73/0xb0 [ 32.632134] print_report+0xd1/0x650 [ 32.632200] ? __virt_addr_valid+0x1db/0x2d0 [ 32.632271] ? kasan_atomics_helper+0x4b6e/0x5450 [ 32.632332] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.632384] ? kasan_atomics_helper+0x4b6e/0x5450 [ 32.632416] kasan_report+0x141/0x180 [ 32.632449] ? kasan_atomics_helper+0x4b6e/0x5450 [ 32.632485] __asan_report_store4_noabort+0x1b/0x30 [ 32.632520] kasan_atomics_helper+0x4b6e/0x5450 [ 32.632572] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 32.632604] ? __kmalloc_cache_noprof+0x189/0x420 [ 32.632667] ? kasan_atomics+0x152/0x310 [ 32.632705] kasan_atomics+0x1dc/0x310 [ 32.632737] ? __pfx_kasan_atomics+0x10/0x10 [ 32.632770] ? __pfx_read_tsc+0x10/0x10 [ 32.632803] ? ktime_get_ts64+0x86/0x230 [ 32.632837] kunit_try_run_case+0x1a5/0x480 [ 32.632871] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.632903] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.632939] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.632973] ? __kthread_parkme+0x82/0x180 [ 32.633003] ? preempt_count_sub+0x50/0x80 [ 32.633035] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.633068] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.633101] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.633134] kthread+0x337/0x6f0 [ 32.633161] ? trace_preempt_on+0x20/0xc0 [ 32.633192] ? __pfx_kthread+0x10/0x10 [ 32.633220] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.633252] ? calculate_sigpending+0x7b/0xa0 [ 32.633284] ? __pfx_kthread+0x10/0x10 [ 32.633313] ret_from_fork+0x116/0x1d0 [ 32.633340] ? __pfx_kthread+0x10/0x10 [ 32.633368] ret_from_fork_asm+0x1a/0x30 [ 32.633410] </TASK> [ 32.633426] [ 32.647917] Allocated by task 295: [ 32.648369] kasan_save_stack+0x45/0x70 [ 32.648915] kasan_save_track+0x18/0x40 [ 32.649614] kasan_save_alloc_info+0x3b/0x50 [ 32.650078] __kasan_kmalloc+0xb7/0xc0 [ 32.650445] __kmalloc_cache_noprof+0x189/0x420 [ 32.650984] kasan_atomics+0x95/0x310 [ 32.651263] kunit_try_run_case+0x1a5/0x480 [ 32.651806] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.652257] kthread+0x337/0x6f0 [ 32.652733] ret_from_fork+0x116/0x1d0 [ 32.653320] ret_from_fork_asm+0x1a/0x30 [ 32.653699] [ 32.653863] The buggy address belongs to the object at ffff888102daa080 [ 32.653863] which belongs to the cache kmalloc-64 of size 64 [ 32.654774] The buggy address is located 0 bytes to the right of [ 32.654774] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 32.655604] [ 32.655850] The buggy address belongs to the physical page: [ 32.656273] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 32.657171] flags: 0x200000000000000(node=0|zone=2) [ 32.657658] page_type: f5(slab) [ 32.658210] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 32.659064] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.659571] page dumped because: kasan: bad access detected [ 32.659995] [ 32.660162] Memory state around the buggy address: [ 32.660552] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.660965] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.661602] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.662058] ^ [ 32.662395] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.662931] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.663424] ================================================================== [ 32.664780] ================================================================== [ 32.665180] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df/0x5450 [ 32.665557] Read of size 4 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 32.666115] [ 32.666344] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 32.666464] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.666500] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.666608] Call Trace: [ 32.666681] <TASK> [ 32.666728] dump_stack_lvl+0x73/0xb0 [ 32.666807] print_report+0xd1/0x650 [ 32.666864] ? __virt_addr_valid+0x1db/0x2d0 [ 32.666929] ? kasan_atomics_helper+0x3df/0x5450 [ 32.666989] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.667062] ? kasan_atomics_helper+0x3df/0x5450 [ 32.667126] kasan_report+0x141/0x180 [ 32.667188] ? kasan_atomics_helper+0x3df/0x5450 [ 32.667250] kasan_check_range+0x10c/0x1c0 [ 32.667307] __kasan_check_read+0x15/0x20 [ 32.667360] kasan_atomics_helper+0x3df/0x5450 [ 32.667413] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 32.667473] ? __kmalloc_cache_noprof+0x189/0x420 [ 32.667559] ? kasan_atomics+0x152/0x310 [ 32.667668] kasan_atomics+0x1dc/0x310 [ 32.667740] ? __pfx_kasan_atomics+0x10/0x10 [ 32.667810] ? __pfx_read_tsc+0x10/0x10 [ 32.667888] ? ktime_get_ts64+0x86/0x230 [ 32.667946] kunit_try_run_case+0x1a5/0x480 [ 32.668014] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.668117] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.668179] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.668232] ? __kthread_parkme+0x82/0x180 [ 32.668276] ? preempt_count_sub+0x50/0x80 [ 32.668326] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.668374] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.668427] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.668479] kthread+0x337/0x6f0 [ 32.668522] ? trace_preempt_on+0x20/0xc0 [ 32.668596] ? __pfx_kthread+0x10/0x10 [ 32.668679] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.668739] ? calculate_sigpending+0x7b/0xa0 [ 32.668800] ? __pfx_kthread+0x10/0x10 [ 32.668854] ret_from_fork+0x116/0x1d0 [ 32.668911] ? __pfx_kthread+0x10/0x10 [ 32.668970] ret_from_fork_asm+0x1a/0x30 [ 32.669074] </TASK> [ 32.669108] [ 32.681511] Allocated by task 295: [ 32.681798] kasan_save_stack+0x45/0x70 [ 32.682076] kasan_save_track+0x18/0x40 [ 32.682308] kasan_save_alloc_info+0x3b/0x50 [ 32.682791] __kasan_kmalloc+0xb7/0xc0 [ 32.683195] __kmalloc_cache_noprof+0x189/0x420 [ 32.683700] kasan_atomics+0x95/0x310 [ 32.684098] kunit_try_run_case+0x1a5/0x480 [ 32.684565] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.685109] kthread+0x337/0x6f0 [ 32.685346] ret_from_fork+0x116/0x1d0 [ 32.685661] ret_from_fork_asm+0x1a/0x30 [ 32.686064] [ 32.686267] The buggy address belongs to the object at ffff888102daa080 [ 32.686267] which belongs to the cache kmalloc-64 of size 64 [ 32.687300] The buggy address is located 0 bytes to the right of [ 32.687300] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 32.688226] [ 32.688378] The buggy address belongs to the physical page: [ 32.688811] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 32.689484] flags: 0x200000000000000(node=0|zone=2) [ 32.689898] page_type: f5(slab) [ 32.690129] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 32.690493] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.691195] page dumped because: kasan: bad access detected [ 32.691774] [ 32.692021] Memory state around the buggy address: [ 32.693901] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.694575] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.695048] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.695399] ^ [ 32.696047] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.696869] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.697429] ================================================================== [ 34.553008] ================================================================== [ 34.553865] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f71/0x5450 [ 34.554387] Read of size 8 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 34.555062] [ 34.555325] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 34.555438] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.555471] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.555522] Call Trace: [ 34.555579] <TASK> [ 34.555624] dump_stack_lvl+0x73/0xb0 [ 34.555701] print_report+0xd1/0x650 [ 34.555764] ? __virt_addr_valid+0x1db/0x2d0 [ 34.555837] ? kasan_atomics_helper+0x4f71/0x5450 [ 34.555896] ? kasan_complete_mode_report_info+0x2a/0x200 [ 34.555968] ? kasan_atomics_helper+0x4f71/0x5450 [ 34.556032] kasan_report+0x141/0x180 [ 34.556098] ? kasan_atomics_helper+0x4f71/0x5450 [ 34.556173] __asan_report_load8_noabort+0x18/0x20 [ 34.556246] kasan_atomics_helper+0x4f71/0x5450 [ 34.556312] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 34.556370] ? __kmalloc_cache_noprof+0x189/0x420 [ 34.556429] ? kasan_atomics+0x152/0x310 [ 34.556499] kasan_atomics+0x1dc/0x310 [ 34.556582] ? __pfx_kasan_atomics+0x10/0x10 [ 34.556629] ? __pfx_read_tsc+0x10/0x10 [ 34.556690] ? ktime_get_ts64+0x86/0x230 [ 34.556726] kunit_try_run_case+0x1a5/0x480 [ 34.556766] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.556798] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 34.556832] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 34.556867] ? __kthread_parkme+0x82/0x180 [ 34.556897] ? preempt_count_sub+0x50/0x80 [ 34.556929] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.556962] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.556995] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 34.557028] kthread+0x337/0x6f0 [ 34.557056] ? trace_preempt_on+0x20/0xc0 [ 34.557088] ? __pfx_kthread+0x10/0x10 [ 34.557118] ? _raw_spin_unlock_irq+0x47/0x80 [ 34.557149] ? calculate_sigpending+0x7b/0xa0 [ 34.557182] ? __pfx_kthread+0x10/0x10 [ 34.557211] ret_from_fork+0x116/0x1d0 [ 34.557237] ? __pfx_kthread+0x10/0x10 [ 34.557266] ret_from_fork_asm+0x1a/0x30 [ 34.557306] </TASK> [ 34.557322] [ 34.568987] Allocated by task 295: [ 34.569365] kasan_save_stack+0x45/0x70 [ 34.569836] kasan_save_track+0x18/0x40 [ 34.570246] kasan_save_alloc_info+0x3b/0x50 [ 34.570569] __kasan_kmalloc+0xb7/0xc0 [ 34.570962] __kmalloc_cache_noprof+0x189/0x420 [ 34.571326] kasan_atomics+0x95/0x310 [ 34.571757] kunit_try_run_case+0x1a5/0x480 [ 34.572191] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.572574] kthread+0x337/0x6f0 [ 34.572877] ret_from_fork+0x116/0x1d0 [ 34.573259] ret_from_fork_asm+0x1a/0x30 [ 34.573520] [ 34.573675] The buggy address belongs to the object at ffff888102daa080 [ 34.573675] which belongs to the cache kmalloc-64 of size 64 [ 34.574598] The buggy address is located 0 bytes to the right of [ 34.574598] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 34.575623] [ 34.575843] The buggy address belongs to the physical page: [ 34.576241] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 34.576794] flags: 0x200000000000000(node=0|zone=2) [ 34.577208] page_type: f5(slab) [ 34.577434] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 34.578233] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 34.578909] page dumped because: kasan: bad access detected [ 34.579263] [ 34.579400] Memory state around the buggy address: [ 34.579676] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.580036] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.580620] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 34.581231] ^ [ 34.581719] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.582330] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.582875] ================================================================== [ 34.730888] ================================================================== [ 34.731396] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x218a/0x5450 [ 34.731812] Write of size 8 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 34.732421] [ 34.732829] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 34.732952] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.732988] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.733043] Call Trace: [ 34.733089] <TASK> [ 34.733136] dump_stack_lvl+0x73/0xb0 [ 34.733214] print_report+0xd1/0x650 [ 34.733279] ? __virt_addr_valid+0x1db/0x2d0 [ 34.733333] ? kasan_atomics_helper+0x218a/0x5450 [ 34.733380] ? kasan_complete_mode_report_info+0x2a/0x200 [ 34.733436] ? kasan_atomics_helper+0x218a/0x5450 [ 34.733486] kasan_report+0x141/0x180 [ 34.733562] ? kasan_atomics_helper+0x218a/0x5450 [ 34.733717] kasan_check_range+0x10c/0x1c0 [ 34.733834] __kasan_check_write+0x18/0x20 [ 34.733937] kasan_atomics_helper+0x218a/0x5450 [ 34.734008] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 34.734068] ? __kmalloc_cache_noprof+0x189/0x420 [ 34.734130] ? kasan_atomics+0x152/0x310 [ 34.734243] kasan_atomics+0x1dc/0x310 [ 34.734315] ? __pfx_kasan_atomics+0x10/0x10 [ 34.734382] ? __pfx_read_tsc+0x10/0x10 [ 34.734494] ? ktime_get_ts64+0x86/0x230 [ 34.734578] kunit_try_run_case+0x1a5/0x480 [ 34.734691] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.734760] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 34.734835] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 34.734909] ? __kthread_parkme+0x82/0x180 [ 34.734968] ? preempt_count_sub+0x50/0x80 [ 34.735021] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.735058] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.735094] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 34.735129] kthread+0x337/0x6f0 [ 34.735158] ? trace_preempt_on+0x20/0xc0 [ 34.735192] ? __pfx_kthread+0x10/0x10 [ 34.735221] ? _raw_spin_unlock_irq+0x47/0x80 [ 34.735254] ? calculate_sigpending+0x7b/0xa0 [ 34.735288] ? __pfx_kthread+0x10/0x10 [ 34.735318] ret_from_fork+0x116/0x1d0 [ 34.735345] ? __pfx_kthread+0x10/0x10 [ 34.735373] ret_from_fork_asm+0x1a/0x30 [ 34.735415] </TASK> [ 34.735430] [ 34.751098] Allocated by task 295: [ 34.751499] kasan_save_stack+0x45/0x70 [ 34.751990] kasan_save_track+0x18/0x40 [ 34.752434] kasan_save_alloc_info+0x3b/0x50 [ 34.752869] __kasan_kmalloc+0xb7/0xc0 [ 34.753333] __kmalloc_cache_noprof+0x189/0x420 [ 34.753815] kasan_atomics+0x95/0x310 [ 34.754218] kunit_try_run_case+0x1a5/0x480 [ 34.754727] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.755204] kthread+0x337/0x6f0 [ 34.755667] ret_from_fork+0x116/0x1d0 [ 34.756008] ret_from_fork_asm+0x1a/0x30 [ 34.756276] [ 34.756406] The buggy address belongs to the object at ffff888102daa080 [ 34.756406] which belongs to the cache kmalloc-64 of size 64 [ 34.757697] The buggy address is located 0 bytes to the right of [ 34.757697] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 34.758602] [ 34.758905] The buggy address belongs to the physical page: [ 34.759397] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 34.759860] flags: 0x200000000000000(node=0|zone=2) [ 34.760435] page_type: f5(slab) [ 34.760918] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 34.761693] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 34.762312] page dumped because: kasan: bad access detected [ 34.762695] [ 34.762951] Memory state around the buggy address: [ 34.763443] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.764029] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.764517] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 34.765105] ^ [ 34.765659] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.766242] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.766842] ================================================================== [ 34.768320] ================================================================== [ 34.769115] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fa5/0x5450 [ 34.769807] Read of size 8 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 34.770330] [ 34.770678] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 34.770850] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.770887] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.770960] Call Trace: [ 34.771034] <TASK> [ 34.771100] dump_stack_lvl+0x73/0xb0 [ 34.771183] print_report+0xd1/0x650 [ 34.771247] ? __virt_addr_valid+0x1db/0x2d0 [ 34.771310] ? kasan_atomics_helper+0x4fa5/0x5450 [ 34.771394] ? kasan_complete_mode_report_info+0x2a/0x200 [ 34.771499] ? kasan_atomics_helper+0x4fa5/0x5450 [ 34.771582] kasan_report+0x141/0x180 [ 34.771663] ? kasan_atomics_helper+0x4fa5/0x5450 [ 34.771704] __asan_report_load8_noabort+0x18/0x20 [ 34.771740] kasan_atomics_helper+0x4fa5/0x5450 [ 34.771772] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 34.771804] ? __kmalloc_cache_noprof+0x189/0x420 [ 34.771853] ? kasan_atomics+0x152/0x310 [ 34.771890] kasan_atomics+0x1dc/0x310 [ 34.771922] ? __pfx_kasan_atomics+0x10/0x10 [ 34.771955] ? __pfx_read_tsc+0x10/0x10 [ 34.771987] ? ktime_get_ts64+0x86/0x230 [ 34.772020] kunit_try_run_case+0x1a5/0x480 [ 34.772054] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.772085] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 34.772120] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 34.772154] ? __kthread_parkme+0x82/0x180 [ 34.772183] ? preempt_count_sub+0x50/0x80 [ 34.772215] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.772248] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.772281] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 34.772313] kthread+0x337/0x6f0 [ 34.772341] ? trace_preempt_on+0x20/0xc0 [ 34.772373] ? __pfx_kthread+0x10/0x10 [ 34.772402] ? _raw_spin_unlock_irq+0x47/0x80 [ 34.772433] ? calculate_sigpending+0x7b/0xa0 [ 34.772466] ? __pfx_kthread+0x10/0x10 [ 34.772496] ret_from_fork+0x116/0x1d0 [ 34.772522] ? __pfx_kthread+0x10/0x10 [ 34.772571] ret_from_fork_asm+0x1a/0x30 [ 34.772613] </TASK> [ 34.772647] [ 34.786511] Allocated by task 295: [ 34.787007] kasan_save_stack+0x45/0x70 [ 34.787339] kasan_save_track+0x18/0x40 [ 34.787610] kasan_save_alloc_info+0x3b/0x50 [ 34.788119] __kasan_kmalloc+0xb7/0xc0 [ 34.788526] __kmalloc_cache_noprof+0x189/0x420 [ 34.789041] kasan_atomics+0x95/0x310 [ 34.789294] kunit_try_run_case+0x1a5/0x480 [ 34.789702] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.790238] kthread+0x337/0x6f0 [ 34.790654] ret_from_fork+0x116/0x1d0 [ 34.791076] ret_from_fork_asm+0x1a/0x30 [ 34.791436] [ 34.791717] The buggy address belongs to the object at ffff888102daa080 [ 34.791717] which belongs to the cache kmalloc-64 of size 64 [ 34.792316] The buggy address is located 0 bytes to the right of [ 34.792316] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 34.793457] [ 34.793684] The buggy address belongs to the physical page: [ 34.794175] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 34.794757] flags: 0x200000000000000(node=0|zone=2) [ 34.795058] page_type: f5(slab) [ 34.795282] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 34.796033] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 34.796617] page dumped because: kasan: bad access detected [ 34.797010] [ 34.797228] Memory state around the buggy address: [ 34.797727] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.798310] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.798777] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 34.799406] ^ [ 34.799838] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.800376] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.800807] ================================================================== [ 33.313828] ================================================================== [ 33.314597] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xde0/0x5450 [ 33.315231] Write of size 4 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 33.315876] [ 33.316165] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 33.316324] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.316361] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.316451] Call Trace: [ 33.316512] <TASK> [ 33.316570] dump_stack_lvl+0x73/0xb0 [ 33.316714] print_report+0xd1/0x650 [ 33.316785] ? __virt_addr_valid+0x1db/0x2d0 [ 33.316867] ? kasan_atomics_helper+0xde0/0x5450 [ 33.316949] ? kasan_complete_mode_report_info+0x2a/0x200 [ 33.317025] ? kasan_atomics_helper+0xde0/0x5450 [ 33.317090] kasan_report+0x141/0x180 [ 33.317146] ? kasan_atomics_helper+0xde0/0x5450 [ 33.317190] kasan_check_range+0x10c/0x1c0 [ 33.317225] __kasan_check_write+0x18/0x20 [ 33.317258] kasan_atomics_helper+0xde0/0x5450 [ 33.317292] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 33.317322] ? __kmalloc_cache_noprof+0x189/0x420 [ 33.317357] ? kasan_atomics+0x152/0x310 [ 33.317391] kasan_atomics+0x1dc/0x310 [ 33.317423] ? __pfx_kasan_atomics+0x10/0x10 [ 33.317456] ? __pfx_read_tsc+0x10/0x10 [ 33.317488] ? ktime_get_ts64+0x86/0x230 [ 33.317521] kunit_try_run_case+0x1a5/0x480 [ 33.317579] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.317611] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 33.317674] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 33.317709] ? __kthread_parkme+0x82/0x180 [ 33.317739] ? preempt_count_sub+0x50/0x80 [ 33.317772] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.317806] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.317838] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.317872] kthread+0x337/0x6f0 [ 33.317900] ? trace_preempt_on+0x20/0xc0 [ 33.317934] ? __pfx_kthread+0x10/0x10 [ 33.317963] ? _raw_spin_unlock_irq+0x47/0x80 [ 33.317995] ? calculate_sigpending+0x7b/0xa0 [ 33.318028] ? __pfx_kthread+0x10/0x10 [ 33.318058] ret_from_fork+0x116/0x1d0 [ 33.318086] ? __pfx_kthread+0x10/0x10 [ 33.318115] ret_from_fork_asm+0x1a/0x30 [ 33.318156] </TASK> [ 33.318172] [ 33.332754] Allocated by task 295: [ 33.333081] kasan_save_stack+0x45/0x70 [ 33.333512] kasan_save_track+0x18/0x40 [ 33.333976] kasan_save_alloc_info+0x3b/0x50 [ 33.334298] __kasan_kmalloc+0xb7/0xc0 [ 33.334575] __kmalloc_cache_noprof+0x189/0x420 [ 33.334895] kasan_atomics+0x95/0x310 [ 33.335313] kunit_try_run_case+0x1a5/0x480 [ 33.335802] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.336338] kthread+0x337/0x6f0 [ 33.336784] ret_from_fork+0x116/0x1d0 [ 33.337107] ret_from_fork_asm+0x1a/0x30 [ 33.337459] [ 33.337717] The buggy address belongs to the object at ffff888102daa080 [ 33.337717] which belongs to the cache kmalloc-64 of size 64 [ 33.338343] The buggy address is located 0 bytes to the right of [ 33.338343] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 33.339480] [ 33.339729] The buggy address belongs to the physical page: [ 33.340029] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 33.340777] flags: 0x200000000000000(node=0|zone=2) [ 33.341266] page_type: f5(slab) [ 33.341590] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 33.342083] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.342817] page dumped because: kasan: bad access detected [ 33.343349] [ 33.343573] Memory state around the buggy address: [ 33.343869] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.344286] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.344986] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.345656] ^ [ 33.346021] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.346410] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.347098] ================================================================== [ 33.382916] ================================================================== [ 33.383881] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf10/0x5450 [ 33.384693] Write of size 4 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 33.385450] [ 33.385755] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 33.385874] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.385909] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.385964] Call Trace: [ 33.386007] <TASK> [ 33.386053] dump_stack_lvl+0x73/0xb0 [ 33.386171] print_report+0xd1/0x650 [ 33.386234] ? __virt_addr_valid+0x1db/0x2d0 [ 33.386302] ? kasan_atomics_helper+0xf10/0x5450 [ 33.386363] ? kasan_complete_mode_report_info+0x2a/0x200 [ 33.386458] ? kasan_atomics_helper+0xf10/0x5450 [ 33.386522] kasan_report+0x141/0x180 [ 33.386597] ? kasan_atomics_helper+0xf10/0x5450 [ 33.386703] kasan_check_range+0x10c/0x1c0 [ 33.386770] __kasan_check_write+0x18/0x20 [ 33.386867] kasan_atomics_helper+0xf10/0x5450 [ 33.386931] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 33.386991] ? __kmalloc_cache_noprof+0x189/0x420 [ 33.387052] ? kasan_atomics+0x152/0x310 [ 33.387109] kasan_atomics+0x1dc/0x310 [ 33.387167] ? __pfx_kasan_atomics+0x10/0x10 [ 33.387256] ? __pfx_read_tsc+0x10/0x10 [ 33.387339] ? ktime_get_ts64+0x86/0x230 [ 33.387412] kunit_try_run_case+0x1a5/0x480 [ 33.387502] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.387595] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 33.387722] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 33.387812] ? __kthread_parkme+0x82/0x180 [ 33.387882] ? preempt_count_sub+0x50/0x80 [ 33.387946] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.388011] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.388079] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.388149] kthread+0x337/0x6f0 [ 33.388210] ? trace_preempt_on+0x20/0xc0 [ 33.388278] ? __pfx_kthread+0x10/0x10 [ 33.388342] ? _raw_spin_unlock_irq+0x47/0x80 [ 33.388409] ? calculate_sigpending+0x7b/0xa0 [ 33.388479] ? __pfx_kthread+0x10/0x10 [ 33.388557] ret_from_fork+0x116/0x1d0 [ 33.388618] ? __pfx_kthread+0x10/0x10 [ 33.388700] ret_from_fork_asm+0x1a/0x30 [ 33.388746] </TASK> [ 33.388763] [ 33.401042] Allocated by task 295: [ 33.401338] kasan_save_stack+0x45/0x70 [ 33.401747] kasan_save_track+0x18/0x40 [ 33.402164] kasan_save_alloc_info+0x3b/0x50 [ 33.402607] __kasan_kmalloc+0xb7/0xc0 [ 33.403039] __kmalloc_cache_noprof+0x189/0x420 [ 33.403495] kasan_atomics+0x95/0x310 [ 33.403966] kunit_try_run_case+0x1a5/0x480 [ 33.404458] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.404963] kthread+0x337/0x6f0 [ 33.405339] ret_from_fork+0x116/0x1d0 [ 33.405695] ret_from_fork_asm+0x1a/0x30 [ 33.406144] [ 33.406367] The buggy address belongs to the object at ffff888102daa080 [ 33.406367] which belongs to the cache kmalloc-64 of size 64 [ 33.407194] The buggy address is located 0 bytes to the right of [ 33.407194] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 33.408087] [ 33.408273] The buggy address belongs to the physical page: [ 33.408692] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 33.409369] flags: 0x200000000000000(node=0|zone=2) [ 33.409895] page_type: f5(slab) [ 33.410261] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 33.410889] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.411313] page dumped because: kasan: bad access detected [ 33.411715] [ 33.411954] Memory state around the buggy address: [ 33.412410] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.413122] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.413741] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.414121] ^ [ 33.414435] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.415142] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.415906] ================================================================== [ 34.128437] ================================================================== [ 34.129235] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x18b1/0x5450 [ 34.130016] Write of size 8 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 34.130776] [ 34.131093] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 34.131234] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.131268] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.131315] Call Trace: [ 34.131356] <TASK> [ 34.131399] dump_stack_lvl+0x73/0xb0 [ 34.131483] print_report+0xd1/0x650 [ 34.131565] ? __virt_addr_valid+0x1db/0x2d0 [ 34.131632] ? kasan_atomics_helper+0x18b1/0x5450 [ 34.131730] ? kasan_complete_mode_report_info+0x2a/0x200 [ 34.131806] ? kasan_atomics_helper+0x18b1/0x5450 [ 34.131872] kasan_report+0x141/0x180 [ 34.131909] ? kasan_atomics_helper+0x18b1/0x5450 [ 34.131946] kasan_check_range+0x10c/0x1c0 [ 34.131978] __kasan_check_write+0x18/0x20 [ 34.132011] kasan_atomics_helper+0x18b1/0x5450 [ 34.132041] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 34.132073] ? __kmalloc_cache_noprof+0x189/0x420 [ 34.132106] ? kasan_atomics+0x152/0x310 [ 34.132140] kasan_atomics+0x1dc/0x310 [ 34.132171] ? __pfx_kasan_atomics+0x10/0x10 [ 34.132206] ? __pfx_read_tsc+0x10/0x10 [ 34.132236] ? ktime_get_ts64+0x86/0x230 [ 34.132269] kunit_try_run_case+0x1a5/0x480 [ 34.132303] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.132335] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 34.132372] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 34.132405] ? __kthread_parkme+0x82/0x180 [ 34.132434] ? preempt_count_sub+0x50/0x80 [ 34.132465] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.132498] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.132531] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 34.132590] kthread+0x337/0x6f0 [ 34.132618] ? trace_preempt_on+0x20/0xc0 [ 34.132678] ? __pfx_kthread+0x10/0x10 [ 34.132709] ? _raw_spin_unlock_irq+0x47/0x80 [ 34.132741] ? calculate_sigpending+0x7b/0xa0 [ 34.132775] ? __pfx_kthread+0x10/0x10 [ 34.132804] ret_from_fork+0x116/0x1d0 [ 34.132831] ? __pfx_kthread+0x10/0x10 [ 34.132860] ret_from_fork_asm+0x1a/0x30 [ 34.132902] </TASK> [ 34.132917] [ 34.145712] Allocated by task 295: [ 34.146092] kasan_save_stack+0x45/0x70 [ 34.146464] kasan_save_track+0x18/0x40 [ 34.146950] kasan_save_alloc_info+0x3b/0x50 [ 34.147332] __kasan_kmalloc+0xb7/0xc0 [ 34.147602] __kmalloc_cache_noprof+0x189/0x420 [ 34.147972] kasan_atomics+0x95/0x310 [ 34.148385] kunit_try_run_case+0x1a5/0x480 [ 34.148907] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.149431] kthread+0x337/0x6f0 [ 34.149865] ret_from_fork+0x116/0x1d0 [ 34.150252] ret_from_fork_asm+0x1a/0x30 [ 34.150746] [ 34.150958] The buggy address belongs to the object at ffff888102daa080 [ 34.150958] which belongs to the cache kmalloc-64 of size 64 [ 34.151562] The buggy address is located 0 bytes to the right of [ 34.151562] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 34.152603] [ 34.152868] The buggy address belongs to the physical page: [ 34.153405] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 34.154169] flags: 0x200000000000000(node=0|zone=2) [ 34.154755] page_type: f5(slab) [ 34.155113] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 34.155736] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 34.156122] page dumped because: kasan: bad access detected [ 34.156397] [ 34.156525] Memory state around the buggy address: [ 34.157056] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.157799] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.158460] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 34.159155] ^ [ 34.159469] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.160173] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.160757] ================================================================== [ 32.734393] ================================================================== [ 32.735651] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a0/0x5450 [ 32.736198] Write of size 4 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 32.737530] [ 32.737828] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 32.738030] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.738072] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.738144] Call Trace: [ 32.738192] <TASK> [ 32.738238] dump_stack_lvl+0x73/0xb0 [ 32.738313] print_report+0xd1/0x650 [ 32.738375] ? __virt_addr_valid+0x1db/0x2d0 [ 32.738487] ? kasan_atomics_helper+0x4a0/0x5450 [ 32.738588] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.738653] ? kasan_atomics_helper+0x4a0/0x5450 [ 32.738710] kasan_report+0x141/0x180 [ 32.738808] ? kasan_atomics_helper+0x4a0/0x5450 [ 32.738901] kasan_check_range+0x10c/0x1c0 [ 32.738971] __kasan_check_write+0x18/0x20 [ 32.739035] kasan_atomics_helper+0x4a0/0x5450 [ 32.739137] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 32.739223] ? __kmalloc_cache_noprof+0x189/0x420 [ 32.739288] ? kasan_atomics+0x152/0x310 [ 32.739342] kasan_atomics+0x1dc/0x310 [ 32.739376] ? __pfx_kasan_atomics+0x10/0x10 [ 32.739410] ? __pfx_read_tsc+0x10/0x10 [ 32.739443] ? ktime_get_ts64+0x86/0x230 [ 32.739476] kunit_try_run_case+0x1a5/0x480 [ 32.739511] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.739563] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.739601] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.739664] ? __kthread_parkme+0x82/0x180 [ 32.739698] ? preempt_count_sub+0x50/0x80 [ 32.739733] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.739767] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.739800] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.739844] kthread+0x337/0x6f0 [ 32.739873] ? trace_preempt_on+0x20/0xc0 [ 32.739906] ? __pfx_kthread+0x10/0x10 [ 32.739935] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.739967] ? calculate_sigpending+0x7b/0xa0 [ 32.740000] ? __pfx_kthread+0x10/0x10 [ 32.740030] ret_from_fork+0x116/0x1d0 [ 32.740057] ? __pfx_kthread+0x10/0x10 [ 32.740086] ret_from_fork_asm+0x1a/0x30 [ 32.740128] </TASK> [ 32.740144] [ 32.754427] Allocated by task 295: [ 32.754688] kasan_save_stack+0x45/0x70 [ 32.755192] kasan_save_track+0x18/0x40 [ 32.755774] kasan_save_alloc_info+0x3b/0x50 [ 32.756250] __kasan_kmalloc+0xb7/0xc0 [ 32.756711] __kmalloc_cache_noprof+0x189/0x420 [ 32.757224] kasan_atomics+0x95/0x310 [ 32.757473] kunit_try_run_case+0x1a5/0x480 [ 32.757985] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.758622] kthread+0x337/0x6f0 [ 32.759024] ret_from_fork+0x116/0x1d0 [ 32.759279] ret_from_fork_asm+0x1a/0x30 [ 32.759525] [ 32.759697] The buggy address belongs to the object at ffff888102daa080 [ 32.759697] which belongs to the cache kmalloc-64 of size 64 [ 32.760944] The buggy address is located 0 bytes to the right of [ 32.760944] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 32.762409] [ 32.762577] The buggy address belongs to the physical page: [ 32.763208] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 32.764094] flags: 0x200000000000000(node=0|zone=2) [ 32.764385] page_type: f5(slab) [ 32.764622] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 32.765350] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.766015] page dumped because: kasan: bad access detected [ 32.766307] [ 32.766433] Memory state around the buggy address: [ 32.766956] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.767749] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.768238] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.768626] ^ [ 32.769202] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.769893] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.770479] ================================================================== [ 33.488635] ================================================================== [ 33.489697] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1079/0x5450 [ 33.490220] Write of size 4 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 33.490903] [ 33.491438] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 33.491577] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.491615] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.491667] Call Trace: [ 33.491714] <TASK> [ 33.491758] dump_stack_lvl+0x73/0xb0 [ 33.491855] print_report+0xd1/0x650 [ 33.491919] ? __virt_addr_valid+0x1db/0x2d0 [ 33.491986] ? kasan_atomics_helper+0x1079/0x5450 [ 33.492050] ? kasan_complete_mode_report_info+0x2a/0x200 [ 33.492126] ? kasan_atomics_helper+0x1079/0x5450 [ 33.492192] kasan_report+0x141/0x180 [ 33.492253] ? kasan_atomics_helper+0x1079/0x5450 [ 33.492322] kasan_check_range+0x10c/0x1c0 [ 33.492386] __kasan_check_write+0x18/0x20 [ 33.492444] kasan_atomics_helper+0x1079/0x5450 [ 33.492506] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 33.492589] ? __kmalloc_cache_noprof+0x189/0x420 [ 33.492652] ? kasan_atomics+0x152/0x310 [ 33.492721] kasan_atomics+0x1dc/0x310 [ 33.492782] ? __pfx_kasan_atomics+0x10/0x10 [ 33.492843] ? __pfx_read_tsc+0x10/0x10 [ 33.492908] ? ktime_get_ts64+0x86/0x230 [ 33.492971] kunit_try_run_case+0x1a5/0x480 [ 33.493039] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.493097] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 33.493171] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 33.493237] ? __kthread_parkme+0x82/0x180 [ 33.493296] ? preempt_count_sub+0x50/0x80 [ 33.493358] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.493426] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.493497] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.493682] kthread+0x337/0x6f0 [ 33.493749] ? trace_preempt_on+0x20/0xc0 [ 33.493801] ? __pfx_kthread+0x10/0x10 [ 33.493833] ? _raw_spin_unlock_irq+0x47/0x80 [ 33.493869] ? calculate_sigpending+0x7b/0xa0 [ 33.493902] ? __pfx_kthread+0x10/0x10 [ 33.493932] ret_from_fork+0x116/0x1d0 [ 33.493962] ? __pfx_kthread+0x10/0x10 [ 33.493990] ret_from_fork_asm+0x1a/0x30 [ 33.494032] </TASK> [ 33.494048] [ 33.508926] Allocated by task 295: [ 33.509263] kasan_save_stack+0x45/0x70 [ 33.509722] kasan_save_track+0x18/0x40 [ 33.510157] kasan_save_alloc_info+0x3b/0x50 [ 33.510485] __kasan_kmalloc+0xb7/0xc0 [ 33.510945] __kmalloc_cache_noprof+0x189/0x420 [ 33.511328] kasan_atomics+0x95/0x310 [ 33.511782] kunit_try_run_case+0x1a5/0x480 [ 33.512208] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.512791] kthread+0x337/0x6f0 [ 33.513122] ret_from_fork+0x116/0x1d0 [ 33.513415] ret_from_fork_asm+0x1a/0x30 [ 33.513897] [ 33.514041] The buggy address belongs to the object at ffff888102daa080 [ 33.514041] which belongs to the cache kmalloc-64 of size 64 [ 33.514861] The buggy address is located 0 bytes to the right of [ 33.514861] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 33.515984] [ 33.516221] The buggy address belongs to the physical page: [ 33.516583] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 33.517212] flags: 0x200000000000000(node=0|zone=2) [ 33.517662] page_type: f5(slab) [ 33.517894] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 33.518600] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.519267] page dumped because: kasan: bad access detected [ 33.519573] [ 33.519825] Memory state around the buggy address: [ 33.520285] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.520779] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.521390] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.521836] ^ [ 33.522152] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.522850] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.523471] ================================================================== [ 33.241521] ================================================================== [ 33.242452] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a84/0x5450 [ 33.243085] Read of size 4 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 33.243694] [ 33.243973] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 33.244091] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.244127] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.244183] Call Trace: [ 33.244216] <TASK> [ 33.244277] dump_stack_lvl+0x73/0xb0 [ 33.244321] print_report+0xd1/0x650 [ 33.244365] ? __virt_addr_valid+0x1db/0x2d0 [ 33.244424] ? kasan_atomics_helper+0x4a84/0x5450 [ 33.244484] ? kasan_complete_mode_report_info+0x2a/0x200 [ 33.244571] ? kasan_atomics_helper+0x4a84/0x5450 [ 33.244632] kasan_report+0x141/0x180 [ 33.244762] ? kasan_atomics_helper+0x4a84/0x5450 [ 33.244839] __asan_report_load4_noabort+0x18/0x20 [ 33.244911] kasan_atomics_helper+0x4a84/0x5450 [ 33.244979] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 33.245046] ? __kmalloc_cache_noprof+0x189/0x420 [ 33.245114] ? kasan_atomics+0x152/0x310 [ 33.245184] kasan_atomics+0x1dc/0x310 [ 33.245232] ? __pfx_kasan_atomics+0x10/0x10 [ 33.245267] ? __pfx_read_tsc+0x10/0x10 [ 33.245302] ? ktime_get_ts64+0x86/0x230 [ 33.245337] kunit_try_run_case+0x1a5/0x480 [ 33.245371] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.245402] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 33.245437] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 33.245471] ? __kthread_parkme+0x82/0x180 [ 33.245500] ? preempt_count_sub+0x50/0x80 [ 33.245532] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.245589] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.245624] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.245673] kthread+0x337/0x6f0 [ 33.245703] ? trace_preempt_on+0x20/0xc0 [ 33.245738] ? __pfx_kthread+0x10/0x10 [ 33.245768] ? _raw_spin_unlock_irq+0x47/0x80 [ 33.245800] ? calculate_sigpending+0x7b/0xa0 [ 33.245834] ? __pfx_kthread+0x10/0x10 [ 33.245863] ret_from_fork+0x116/0x1d0 [ 33.245891] ? __pfx_kthread+0x10/0x10 [ 33.245919] ret_from_fork_asm+0x1a/0x30 [ 33.245959] </TASK> [ 33.245976] [ 33.259184] Allocated by task 295: [ 33.259660] kasan_save_stack+0x45/0x70 [ 33.260206] kasan_save_track+0x18/0x40 [ 33.260608] kasan_save_alloc_info+0x3b/0x50 [ 33.261031] __kasan_kmalloc+0xb7/0xc0 [ 33.261281] __kmalloc_cache_noprof+0x189/0x420 [ 33.261849] kasan_atomics+0x95/0x310 [ 33.262278] kunit_try_run_case+0x1a5/0x480 [ 33.262805] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.263313] kthread+0x337/0x6f0 [ 33.263658] ret_from_fork+0x116/0x1d0 [ 33.264043] ret_from_fork_asm+0x1a/0x30 [ 33.264417] [ 33.264657] The buggy address belongs to the object at ffff888102daa080 [ 33.264657] which belongs to the cache kmalloc-64 of size 64 [ 33.265464] The buggy address is located 0 bytes to the right of [ 33.265464] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 33.266456] [ 33.267659] The buggy address belongs to the physical page: [ 33.268389] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 33.269435] flags: 0x200000000000000(node=0|zone=2) [ 33.270004] page_type: f5(slab) [ 33.270359] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 33.270910] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.271522] page dumped because: kasan: bad access detected [ 33.272050] [ 33.272195] Memory state around the buggy address: [ 33.272526] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.272849] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.273716] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.274292] ^ [ 33.275017] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.275650] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.276365] ================================================================== [ 34.411384] ================================================================== [ 34.412049] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1d7a/0x5450 [ 34.413212] Write of size 8 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 34.413989] [ 34.414274] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 34.414399] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.414435] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.414489] Call Trace: [ 34.414553] <TASK> [ 34.414600] dump_stack_lvl+0x73/0xb0 [ 34.414698] print_report+0xd1/0x650 [ 34.414760] ? __virt_addr_valid+0x1db/0x2d0 [ 34.414811] ? kasan_atomics_helper+0x1d7a/0x5450 [ 34.414858] ? kasan_complete_mode_report_info+0x2a/0x200 [ 34.414910] ? kasan_atomics_helper+0x1d7a/0x5450 [ 34.414957] kasan_report+0x141/0x180 [ 34.415006] ? kasan_atomics_helper+0x1d7a/0x5450 [ 34.415075] kasan_check_range+0x10c/0x1c0 [ 34.415136] __kasan_check_write+0x18/0x20 [ 34.415196] kasan_atomics_helper+0x1d7a/0x5450 [ 34.415260] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 34.415323] ? __kmalloc_cache_noprof+0x189/0x420 [ 34.415389] ? kasan_atomics+0x152/0x310 [ 34.415455] kasan_atomics+0x1dc/0x310 [ 34.415520] ? __pfx_kasan_atomics+0x10/0x10 [ 34.415691] ? __pfx_read_tsc+0x10/0x10 [ 34.415758] ? ktime_get_ts64+0x86/0x230 [ 34.415842] kunit_try_run_case+0x1a5/0x480 [ 34.415914] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.415976] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 34.416069] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 34.416137] ? __kthread_parkme+0x82/0x180 [ 34.416200] ? preempt_count_sub+0x50/0x80 [ 34.416269] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.416342] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.416413] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 34.416482] kthread+0x337/0x6f0 [ 34.416558] ? trace_preempt_on+0x20/0xc0 [ 34.416662] ? __pfx_kthread+0x10/0x10 [ 34.416731] ? _raw_spin_unlock_irq+0x47/0x80 [ 34.416798] ? calculate_sigpending+0x7b/0xa0 [ 34.416856] ? __pfx_kthread+0x10/0x10 [ 34.416897] ret_from_fork+0x116/0x1d0 [ 34.416928] ? __pfx_kthread+0x10/0x10 [ 34.416958] ret_from_fork_asm+0x1a/0x30 [ 34.416999] </TASK> [ 34.417017] [ 34.429530] Allocated by task 295: [ 34.429990] kasan_save_stack+0x45/0x70 [ 34.430467] kasan_save_track+0x18/0x40 [ 34.430913] kasan_save_alloc_info+0x3b/0x50 [ 34.431350] __kasan_kmalloc+0xb7/0xc0 [ 34.431697] __kmalloc_cache_noprof+0x189/0x420 [ 34.432174] kasan_atomics+0x95/0x310 [ 34.432597] kunit_try_run_case+0x1a5/0x480 [ 34.432998] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.433447] kthread+0x337/0x6f0 [ 34.433728] ret_from_fork+0x116/0x1d0 [ 34.433975] ret_from_fork_asm+0x1a/0x30 [ 34.434289] [ 34.434495] The buggy address belongs to the object at ffff888102daa080 [ 34.434495] which belongs to the cache kmalloc-64 of size 64 [ 34.435607] The buggy address is located 0 bytes to the right of [ 34.435607] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 34.436728] [ 34.436955] The buggy address belongs to the physical page: [ 34.437352] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 34.438054] flags: 0x200000000000000(node=0|zone=2) [ 34.438413] page_type: f5(slab) [ 34.438817] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 34.439196] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 34.439563] page dumped because: kasan: bad access detected [ 34.440101] [ 34.440330] Memory state around the buggy address: [ 34.440859] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.441517] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.442144] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 34.442494] ^ [ 34.443020] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.444107] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.444488] ================================================================== [ 33.909009] ================================================================== [ 33.909762] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x151d/0x5450 [ 33.910494] Write of size 8 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 33.911177] [ 33.911366] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 33.911555] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.911656] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.911716] Call Trace: [ 33.911764] <TASK> [ 33.911812] dump_stack_lvl+0x73/0xb0 [ 33.911902] print_report+0xd1/0x650 [ 33.911991] ? __virt_addr_valid+0x1db/0x2d0 [ 33.912093] ? kasan_atomics_helper+0x151d/0x5450 [ 33.912164] ? kasan_complete_mode_report_info+0x2a/0x200 [ 33.912228] ? kasan_atomics_helper+0x151d/0x5450 [ 33.912291] kasan_report+0x141/0x180 [ 33.912395] ? kasan_atomics_helper+0x151d/0x5450 [ 33.912491] kasan_check_range+0x10c/0x1c0 [ 33.912573] __kasan_check_write+0x18/0x20 [ 33.912709] kasan_atomics_helper+0x151d/0x5450 [ 33.912805] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 33.912864] ? __kmalloc_cache_noprof+0x189/0x420 [ 33.912904] ? kasan_atomics+0x152/0x310 [ 33.912941] kasan_atomics+0x1dc/0x310 [ 33.912973] ? __pfx_kasan_atomics+0x10/0x10 [ 33.913006] ? __pfx_read_tsc+0x10/0x10 [ 33.913040] ? ktime_get_ts64+0x86/0x230 [ 33.913073] kunit_try_run_case+0x1a5/0x480 [ 33.913108] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.913139] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 33.913173] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 33.913206] ? __kthread_parkme+0x82/0x180 [ 33.913235] ? preempt_count_sub+0x50/0x80 [ 33.913268] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.913302] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.913334] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.913367] kthread+0x337/0x6f0 [ 33.913394] ? trace_preempt_on+0x20/0xc0 [ 33.913427] ? __pfx_kthread+0x10/0x10 [ 33.913456] ? _raw_spin_unlock_irq+0x47/0x80 [ 33.913487] ? calculate_sigpending+0x7b/0xa0 [ 33.913519] ? __pfx_kthread+0x10/0x10 [ 33.913570] ret_from_fork+0x116/0x1d0 [ 33.913598] ? __pfx_kthread+0x10/0x10 [ 33.913656] ret_from_fork_asm+0x1a/0x30 [ 33.913706] </TASK> [ 33.913722] [ 33.930096] Allocated by task 295: [ 33.930693] kasan_save_stack+0x45/0x70 [ 33.931430] kasan_save_track+0x18/0x40 [ 33.931803] kasan_save_alloc_info+0x3b/0x50 [ 33.932044] __kasan_kmalloc+0xb7/0xc0 [ 33.932439] __kmalloc_cache_noprof+0x189/0x420 [ 33.933075] kasan_atomics+0x95/0x310 [ 33.933418] kunit_try_run_case+0x1a5/0x480 [ 33.934195] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.934767] kthread+0x337/0x6f0 [ 33.935224] ret_from_fork+0x116/0x1d0 [ 33.935744] ret_from_fork_asm+0x1a/0x30 [ 33.936165] [ 33.936333] The buggy address belongs to the object at ffff888102daa080 [ 33.936333] which belongs to the cache kmalloc-64 of size 64 [ 33.937123] The buggy address is located 0 bytes to the right of [ 33.937123] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 33.938167] [ 33.938451] The buggy address belongs to the physical page: [ 33.939049] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 33.939868] flags: 0x200000000000000(node=0|zone=2) [ 33.940384] page_type: f5(slab) [ 33.940660] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 33.941141] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.941651] page dumped because: kasan: bad access detected [ 33.942006] [ 33.942134] Memory state around the buggy address: [ 33.942442] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.943482] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.944019] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.944598] ^ [ 33.945126] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.945858] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.946483] ================================================================== [ 34.837714] ================================================================== [ 34.838388] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5115/0x5450 [ 34.839316] Read of size 8 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 34.840021] [ 34.840811] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 34.840932] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.840967] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.841018] Call Trace: [ 34.841063] <TASK> [ 34.841108] dump_stack_lvl+0x73/0xb0 [ 34.841179] print_report+0xd1/0x650 [ 34.841231] ? __virt_addr_valid+0x1db/0x2d0 [ 34.841285] ? kasan_atomics_helper+0x5115/0x5450 [ 34.841331] ? kasan_complete_mode_report_info+0x2a/0x200 [ 34.841390] ? kasan_atomics_helper+0x5115/0x5450 [ 34.841433] kasan_report+0x141/0x180 [ 34.841466] ? kasan_atomics_helper+0x5115/0x5450 [ 34.841502] __asan_report_load8_noabort+0x18/0x20 [ 34.841557] kasan_atomics_helper+0x5115/0x5450 [ 34.841651] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 34.841695] ? __kmalloc_cache_noprof+0x189/0x420 [ 34.841732] ? kasan_atomics+0x152/0x310 [ 34.841769] kasan_atomics+0x1dc/0x310 [ 34.841800] ? __pfx_kasan_atomics+0x10/0x10 [ 34.841833] ? __pfx_read_tsc+0x10/0x10 [ 34.841864] ? ktime_get_ts64+0x86/0x230 [ 34.841898] kunit_try_run_case+0x1a5/0x480 [ 34.841932] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.841963] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 34.841999] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 34.842032] ? __kthread_parkme+0x82/0x180 [ 34.842061] ? preempt_count_sub+0x50/0x80 [ 34.842093] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.842127] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.842160] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 34.842193] kthread+0x337/0x6f0 [ 34.842220] ? trace_preempt_on+0x20/0xc0 [ 34.842253] ? __pfx_kthread+0x10/0x10 [ 34.842282] ? _raw_spin_unlock_irq+0x47/0x80 [ 34.842314] ? calculate_sigpending+0x7b/0xa0 [ 34.842348] ? __pfx_kthread+0x10/0x10 [ 34.842377] ret_from_fork+0x116/0x1d0 [ 34.842403] ? __pfx_kthread+0x10/0x10 [ 34.842432] ret_from_fork_asm+0x1a/0x30 [ 34.842472] </TASK> [ 34.842487] [ 34.856974] Allocated by task 295: [ 34.857246] kasan_save_stack+0x45/0x70 [ 34.857520] kasan_save_track+0x18/0x40 [ 34.857960] kasan_save_alloc_info+0x3b/0x50 [ 34.858430] __kasan_kmalloc+0xb7/0xc0 [ 34.858875] __kmalloc_cache_noprof+0x189/0x420 [ 34.859346] kasan_atomics+0x95/0x310 [ 34.859786] kunit_try_run_case+0x1a5/0x480 [ 34.860218] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.860551] kthread+0x337/0x6f0 [ 34.860809] ret_from_fork+0x116/0x1d0 [ 34.861181] ret_from_fork_asm+0x1a/0x30 [ 34.861666] [ 34.861875] The buggy address belongs to the object at ffff888102daa080 [ 34.861875] which belongs to the cache kmalloc-64 of size 64 [ 34.862868] The buggy address is located 0 bytes to the right of [ 34.862868] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 34.863985] [ 34.864140] The buggy address belongs to the physical page: [ 34.864470] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 34.865223] flags: 0x200000000000000(node=0|zone=2) [ 34.865760] page_type: f5(slab) [ 34.866135] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 34.866595] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 34.867227] page dumped because: kasan: bad access detected [ 34.867773] [ 34.867993] Memory state around the buggy address: [ 34.868401] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.869074] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.869764] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 34.870268] ^ [ 34.870738] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.871266] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.871891] ================================================================== [ 33.799612] ================================================================== [ 33.800312] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4eae/0x5450 [ 33.800975] Read of size 8 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 33.801512] [ 33.801846] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 33.801986] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.802024] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.802077] Call Trace: [ 33.802116] <TASK> [ 33.802159] dump_stack_lvl+0x73/0xb0 [ 33.802237] print_report+0xd1/0x650 [ 33.802328] ? __virt_addr_valid+0x1db/0x2d0 [ 33.802392] ? kasan_atomics_helper+0x4eae/0x5450 [ 33.802452] ? kasan_complete_mode_report_info+0x2a/0x200 [ 33.802521] ? kasan_atomics_helper+0x4eae/0x5450 [ 33.802619] kasan_report+0x141/0x180 [ 33.802724] ? kasan_atomics_helper+0x4eae/0x5450 [ 33.802799] __asan_report_load8_noabort+0x18/0x20 [ 33.802868] kasan_atomics_helper+0x4eae/0x5450 [ 33.802956] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 33.803025] ? __kmalloc_cache_noprof+0x189/0x420 [ 33.803095] ? kasan_atomics+0x152/0x310 [ 33.803162] kasan_atomics+0x1dc/0x310 [ 33.803224] ? __pfx_kasan_atomics+0x10/0x10 [ 33.803318] ? __pfx_read_tsc+0x10/0x10 [ 33.803380] ? ktime_get_ts64+0x86/0x230 [ 33.803446] kunit_try_run_case+0x1a5/0x480 [ 33.803515] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.803617] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 33.803728] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 33.803796] ? __kthread_parkme+0x82/0x180 [ 33.803866] ? preempt_count_sub+0x50/0x80 [ 33.803957] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.804026] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.804093] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.804161] kthread+0x337/0x6f0 [ 33.804245] ? trace_preempt_on+0x20/0xc0 [ 33.804309] ? __pfx_kthread+0x10/0x10 [ 33.804368] ? _raw_spin_unlock_irq+0x47/0x80 [ 33.804433] ? calculate_sigpending+0x7b/0xa0 [ 33.804497] ? __pfx_kthread+0x10/0x10 [ 33.804572] ret_from_fork+0x116/0x1d0 [ 33.804689] ? __pfx_kthread+0x10/0x10 [ 33.804753] ret_from_fork_asm+0x1a/0x30 [ 33.804833] </TASK> [ 33.804864] [ 33.817277] Allocated by task 295: [ 33.817524] kasan_save_stack+0x45/0x70 [ 33.818024] kasan_save_track+0x18/0x40 [ 33.818429] kasan_save_alloc_info+0x3b/0x50 [ 33.818929] __kasan_kmalloc+0xb7/0xc0 [ 33.819336] __kmalloc_cache_noprof+0x189/0x420 [ 33.819840] kasan_atomics+0x95/0x310 [ 33.820097] kunit_try_run_case+0x1a5/0x480 [ 33.820356] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.820920] kthread+0x337/0x6f0 [ 33.821319] ret_from_fork+0x116/0x1d0 [ 33.821782] ret_from_fork_asm+0x1a/0x30 [ 33.822236] [ 33.822430] The buggy address belongs to the object at ffff888102daa080 [ 33.822430] which belongs to the cache kmalloc-64 of size 64 [ 33.823482] The buggy address is located 0 bytes to the right of [ 33.823482] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 33.824344] [ 33.826452] The buggy address belongs to the physical page: [ 33.827798] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 33.828203] flags: 0x200000000000000(node=0|zone=2) [ 33.828690] page_type: f5(slab) [ 33.828939] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 33.829511] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.830188] page dumped because: kasan: bad access detected [ 33.830747] [ 33.830951] Memory state around the buggy address: [ 33.831432] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.832105] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.832919] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.833504] ^ [ 33.833905] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.834509] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.835114] ================================================================== [ 33.061928] ================================================================== [ 33.062978] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x992/0x5450 [ 33.063602] Write of size 4 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 33.064337] [ 33.064683] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 33.064819] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.064853] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.064907] Call Trace: [ 33.064949] <TASK> [ 33.065027] dump_stack_lvl+0x73/0xb0 [ 33.065184] print_report+0xd1/0x650 [ 33.065255] ? __virt_addr_valid+0x1db/0x2d0 [ 33.065327] ? kasan_atomics_helper+0x992/0x5450 [ 33.065382] ? kasan_complete_mode_report_info+0x2a/0x200 [ 33.065424] ? kasan_atomics_helper+0x992/0x5450 [ 33.065455] kasan_report+0x141/0x180 [ 33.065488] ? kasan_atomics_helper+0x992/0x5450 [ 33.065535] kasan_check_range+0x10c/0x1c0 [ 33.065601] __kasan_check_write+0x18/0x20 [ 33.065658] kasan_atomics_helper+0x992/0x5450 [ 33.065692] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 33.065723] ? __kmalloc_cache_noprof+0x189/0x420 [ 33.065758] ? kasan_atomics+0x152/0x310 [ 33.065793] kasan_atomics+0x1dc/0x310 [ 33.065824] ? __pfx_kasan_atomics+0x10/0x10 [ 33.065857] ? __pfx_read_tsc+0x10/0x10 [ 33.065888] ? ktime_get_ts64+0x86/0x230 [ 33.065922] kunit_try_run_case+0x1a5/0x480 [ 33.065955] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.065986] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 33.066021] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 33.066054] ? __kthread_parkme+0x82/0x180 [ 33.066082] ? preempt_count_sub+0x50/0x80 [ 33.066115] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.066148] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.066182] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.066213] kthread+0x337/0x6f0 [ 33.066240] ? trace_preempt_on+0x20/0xc0 [ 33.066273] ? __pfx_kthread+0x10/0x10 [ 33.066302] ? _raw_spin_unlock_irq+0x47/0x80 [ 33.066333] ? calculate_sigpending+0x7b/0xa0 [ 33.066365] ? __pfx_kthread+0x10/0x10 [ 33.066396] ret_from_fork+0x116/0x1d0 [ 33.066423] ? __pfx_kthread+0x10/0x10 [ 33.066452] ret_from_fork_asm+0x1a/0x30 [ 33.066491] </TASK> [ 33.066507] [ 33.079571] Allocated by task 295: [ 33.079977] kasan_save_stack+0x45/0x70 [ 33.080406] kasan_save_track+0x18/0x40 [ 33.080863] kasan_save_alloc_info+0x3b/0x50 [ 33.081304] __kasan_kmalloc+0xb7/0xc0 [ 33.081742] __kmalloc_cache_noprof+0x189/0x420 [ 33.082204] kasan_atomics+0x95/0x310 [ 33.082460] kunit_try_run_case+0x1a5/0x480 [ 33.082917] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.083444] kthread+0x337/0x6f0 [ 33.083801] ret_from_fork+0x116/0x1d0 [ 33.084103] ret_from_fork_asm+0x1a/0x30 [ 33.084457] [ 33.084671] The buggy address belongs to the object at ffff888102daa080 [ 33.084671] which belongs to the cache kmalloc-64 of size 64 [ 33.085458] The buggy address is located 0 bytes to the right of [ 33.085458] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 33.086074] [ 33.086220] The buggy address belongs to the physical page: [ 33.086494] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 33.087242] flags: 0x200000000000000(node=0|zone=2) [ 33.087780] page_type: f5(slab) [ 33.088147] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 33.088871] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.089446] page dumped because: kasan: bad access detected [ 33.089784] [ 33.089923] Memory state around the buggy address: [ 33.090178] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.090743] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.091367] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.092038] ^ [ 33.092485] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.093043] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.093533] ================================================================== [ 32.954645] ================================================================== [ 32.955320] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x7c7/0x5450 [ 32.956111] Write of size 4 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 32.956705] [ 32.957203] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 32.957344] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.957379] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.957422] Call Trace: [ 32.957446] <TASK> [ 32.957471] dump_stack_lvl+0x73/0xb0 [ 32.957516] print_report+0xd1/0x650 [ 32.957572] ? __virt_addr_valid+0x1db/0x2d0 [ 32.957636] ? kasan_atomics_helper+0x7c7/0x5450 [ 32.957679] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.957717] ? kasan_atomics_helper+0x7c7/0x5450 [ 32.957747] kasan_report+0x141/0x180 [ 32.957779] ? kasan_atomics_helper+0x7c7/0x5450 [ 32.957813] kasan_check_range+0x10c/0x1c0 [ 32.957846] __kasan_check_write+0x18/0x20 [ 32.957879] kasan_atomics_helper+0x7c7/0x5450 [ 32.957910] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 32.957940] ? __kmalloc_cache_noprof+0x189/0x420 [ 32.957974] ? kasan_atomics+0x152/0x310 [ 32.958008] kasan_atomics+0x1dc/0x310 [ 32.958038] ? __pfx_kasan_atomics+0x10/0x10 [ 32.958070] ? __pfx_read_tsc+0x10/0x10 [ 32.958100] ? ktime_get_ts64+0x86/0x230 [ 32.958134] kunit_try_run_case+0x1a5/0x480 [ 32.958168] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.958200] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.958234] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.958268] ? __kthread_parkme+0x82/0x180 [ 32.958297] ? preempt_count_sub+0x50/0x80 [ 32.958329] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.958362] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.958395] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.958428] kthread+0x337/0x6f0 [ 32.958456] ? trace_preempt_on+0x20/0xc0 [ 32.958489] ? __pfx_kthread+0x10/0x10 [ 32.958518] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.958568] ? calculate_sigpending+0x7b/0xa0 [ 32.958603] ? __pfx_kthread+0x10/0x10 [ 32.958641] ret_from_fork+0x116/0x1d0 [ 32.958684] ? __pfx_kthread+0x10/0x10 [ 32.958714] ret_from_fork_asm+0x1a/0x30 [ 32.958757] </TASK> [ 32.958772] [ 32.971080] Allocated by task 295: [ 32.971475] kasan_save_stack+0x45/0x70 [ 32.971964] kasan_save_track+0x18/0x40 [ 32.972286] kasan_save_alloc_info+0x3b/0x50 [ 32.972895] __kasan_kmalloc+0xb7/0xc0 [ 32.973311] __kmalloc_cache_noprof+0x189/0x420 [ 32.973746] kasan_atomics+0x95/0x310 [ 32.974095] kunit_try_run_case+0x1a5/0x480 [ 32.974368] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.974864] kthread+0x337/0x6f0 [ 32.975322] ret_from_fork+0x116/0x1d0 [ 32.975871] ret_from_fork_asm+0x1a/0x30 [ 32.976333] [ 32.976559] The buggy address belongs to the object at ffff888102daa080 [ 32.976559] which belongs to the cache kmalloc-64 of size 64 [ 32.977381] The buggy address is located 0 bytes to the right of [ 32.977381] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 32.977969] [ 32.978110] The buggy address belongs to the physical page: [ 32.978387] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 32.979019] flags: 0x200000000000000(node=0|zone=2) [ 32.979529] page_type: f5(slab) [ 32.979946] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 32.980781] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.981481] page dumped because: kasan: bad access detected [ 32.982057] [ 32.982269] Memory state around the buggy address: [ 32.982805] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.983395] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.983992] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.984450] ^ [ 32.984965] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.985483] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.986190] ================================================================== [ 32.842258] ================================================================== [ 32.842936] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5fe/0x5450 [ 32.843994] Write of size 4 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 32.844616] [ 32.844844] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 32.844964] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.844996] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.845043] Call Trace: [ 32.845087] <TASK> [ 32.845130] dump_stack_lvl+0x73/0xb0 [ 32.845204] print_report+0xd1/0x650 [ 32.845260] ? __virt_addr_valid+0x1db/0x2d0 [ 32.845322] ? kasan_atomics_helper+0x5fe/0x5450 [ 32.845384] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.845458] ? kasan_atomics_helper+0x5fe/0x5450 [ 32.845517] kasan_report+0x141/0x180 [ 32.845573] ? kasan_atomics_helper+0x5fe/0x5450 [ 32.845610] kasan_check_range+0x10c/0x1c0 [ 32.845716] __kasan_check_write+0x18/0x20 [ 32.845776] kasan_atomics_helper+0x5fe/0x5450 [ 32.845831] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 32.845893] ? __kmalloc_cache_noprof+0x189/0x420 [ 32.846022] ? kasan_atomics+0x152/0x310 [ 32.846125] kasan_atomics+0x1dc/0x310 [ 32.846194] ? __pfx_kasan_atomics+0x10/0x10 [ 32.846255] ? __pfx_read_tsc+0x10/0x10 [ 32.846314] ? ktime_get_ts64+0x86/0x230 [ 32.846385] kunit_try_run_case+0x1a5/0x480 [ 32.846455] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.846507] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.846575] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.846619] ? __kthread_parkme+0x82/0x180 [ 32.846678] ? preempt_count_sub+0x50/0x80 [ 32.846738] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.846807] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.846890] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.846981] kthread+0x337/0x6f0 [ 32.847042] ? trace_preempt_on+0x20/0xc0 [ 32.847111] ? __pfx_kthread+0x10/0x10 [ 32.847174] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.847243] ? calculate_sigpending+0x7b/0xa0 [ 32.847312] ? __pfx_kthread+0x10/0x10 [ 32.847377] ret_from_fork+0x116/0x1d0 [ 32.847414] ? __pfx_kthread+0x10/0x10 [ 32.847446] ret_from_fork_asm+0x1a/0x30 [ 32.847489] </TASK> [ 32.847505] [ 32.863916] Allocated by task 295: [ 32.864381] kasan_save_stack+0x45/0x70 [ 32.864823] kasan_save_track+0x18/0x40 [ 32.865288] kasan_save_alloc_info+0x3b/0x50 [ 32.865676] __kasan_kmalloc+0xb7/0xc0 [ 32.866133] __kmalloc_cache_noprof+0x189/0x420 [ 32.866580] kasan_atomics+0x95/0x310 [ 32.867001] kunit_try_run_case+0x1a5/0x480 [ 32.867414] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.868047] kthread+0x337/0x6f0 [ 32.868395] ret_from_fork+0x116/0x1d0 [ 32.868801] ret_from_fork_asm+0x1a/0x30 [ 32.869281] [ 32.869513] The buggy address belongs to the object at ffff888102daa080 [ 32.869513] which belongs to the cache kmalloc-64 of size 64 [ 32.870481] The buggy address is located 0 bytes to the right of [ 32.870481] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 32.871469] [ 32.871716] The buggy address belongs to the physical page: [ 32.872048] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 32.872478] flags: 0x200000000000000(node=0|zone=2) [ 32.873048] page_type: f5(slab) [ 32.873428] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 32.874136] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.874769] page dumped because: kasan: bad access detected [ 32.875225] [ 32.875444] Memory state around the buggy address: [ 32.875908] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.876345] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.877021] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.877483] ^ [ 32.878014] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.878459] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.879072] ================================================================== [ 33.525235] ================================================================== [ 33.525682] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a1c/0x5450 [ 33.526339] Read of size 4 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 33.526900] [ 33.527174] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 33.527293] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.527330] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.527383] Call Trace: [ 33.527438] <TASK> [ 33.527499] dump_stack_lvl+0x73/0xb0 [ 33.527599] print_report+0xd1/0x650 [ 33.527690] ? __virt_addr_valid+0x1db/0x2d0 [ 33.527747] ? kasan_atomics_helper+0x4a1c/0x5450 [ 33.527806] ? kasan_complete_mode_report_info+0x2a/0x200 [ 33.527897] ? kasan_atomics_helper+0x4a1c/0x5450 [ 33.527977] kasan_report+0x141/0x180 [ 33.528041] ? kasan_atomics_helper+0x4a1c/0x5450 [ 33.528108] __asan_report_load4_noabort+0x18/0x20 [ 33.528173] kasan_atomics_helper+0x4a1c/0x5450 [ 33.528230] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 33.528303] ? __kmalloc_cache_noprof+0x189/0x420 [ 33.528390] ? kasan_atomics+0x152/0x310 [ 33.528442] kasan_atomics+0x1dc/0x310 [ 33.528478] ? __pfx_kasan_atomics+0x10/0x10 [ 33.528511] ? __pfx_read_tsc+0x10/0x10 [ 33.528564] ? ktime_get_ts64+0x86/0x230 [ 33.528600] kunit_try_run_case+0x1a5/0x480 [ 33.528660] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.528695] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 33.528731] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 33.528765] ? __kthread_parkme+0x82/0x180 [ 33.528794] ? preempt_count_sub+0x50/0x80 [ 33.528827] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.528861] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.528893] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.528926] kthread+0x337/0x6f0 [ 33.528953] ? trace_preempt_on+0x20/0xc0 [ 33.528986] ? __pfx_kthread+0x10/0x10 [ 33.529015] ? _raw_spin_unlock_irq+0x47/0x80 [ 33.529046] ? calculate_sigpending+0x7b/0xa0 [ 33.529079] ? __pfx_kthread+0x10/0x10 [ 33.529108] ret_from_fork+0x116/0x1d0 [ 33.529135] ? __pfx_kthread+0x10/0x10 [ 33.529162] ret_from_fork_asm+0x1a/0x30 [ 33.529203] </TASK> [ 33.529219] [ 33.545317] Allocated by task 295: [ 33.545781] kasan_save_stack+0x45/0x70 [ 33.546208] kasan_save_track+0x18/0x40 [ 33.546698] kasan_save_alloc_info+0x3b/0x50 [ 33.547111] __kasan_kmalloc+0xb7/0xc0 [ 33.547505] __kmalloc_cache_noprof+0x189/0x420 [ 33.547925] kasan_atomics+0x95/0x310 [ 33.548174] kunit_try_run_case+0x1a5/0x480 [ 33.548695] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.549219] kthread+0x337/0x6f0 [ 33.549608] ret_from_fork+0x116/0x1d0 [ 33.549942] ret_from_fork_asm+0x1a/0x30 [ 33.550294] [ 33.550513] The buggy address belongs to the object at ffff888102daa080 [ 33.550513] which belongs to the cache kmalloc-64 of size 64 [ 33.551363] The buggy address is located 0 bytes to the right of [ 33.551363] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 33.552350] [ 33.552585] The buggy address belongs to the physical page: [ 33.552898] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 33.553669] flags: 0x200000000000000(node=0|zone=2) [ 33.554004] page_type: f5(slab) [ 33.554333] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 33.554896] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.555429] page dumped because: kasan: bad access detected [ 33.555984] [ 33.556195] Memory state around the buggy address: [ 33.556618] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.557188] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.557740] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.558400] ^ [ 33.558838] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.559332] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.559936] ================================================================== [ 34.376488] ================================================================== [ 34.378684] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1ce1/0x5450 [ 34.379496] Write of size 8 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 34.380275] [ 34.380490] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 34.380629] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.380665] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.380947] Call Trace: [ 34.381006] <TASK> [ 34.381064] dump_stack_lvl+0x73/0xb0 [ 34.381148] print_report+0xd1/0x650 [ 34.381213] ? __virt_addr_valid+0x1db/0x2d0 [ 34.381279] ? kasan_atomics_helper+0x1ce1/0x5450 [ 34.381329] ? kasan_complete_mode_report_info+0x2a/0x200 [ 34.381367] ? kasan_atomics_helper+0x1ce1/0x5450 [ 34.381398] kasan_report+0x141/0x180 [ 34.381430] ? kasan_atomics_helper+0x1ce1/0x5450 [ 34.381466] kasan_check_range+0x10c/0x1c0 [ 34.381499] __kasan_check_write+0x18/0x20 [ 34.381530] kasan_atomics_helper+0x1ce1/0x5450 [ 34.381586] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 34.381618] ? __kmalloc_cache_noprof+0x189/0x420 [ 34.381678] ? kasan_atomics+0x152/0x310 [ 34.381714] kasan_atomics+0x1dc/0x310 [ 34.381745] ? __pfx_kasan_atomics+0x10/0x10 [ 34.381778] ? __pfx_read_tsc+0x10/0x10 [ 34.381811] ? ktime_get_ts64+0x86/0x230 [ 34.381846] kunit_try_run_case+0x1a5/0x480 [ 34.381881] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.381913] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 34.381947] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 34.381981] ? __kthread_parkme+0x82/0x180 [ 34.382011] ? preempt_count_sub+0x50/0x80 [ 34.382043] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.382076] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.382109] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 34.382140] kthread+0x337/0x6f0 [ 34.382168] ? trace_preempt_on+0x20/0xc0 [ 34.382199] ? __pfx_kthread+0x10/0x10 [ 34.382229] ? _raw_spin_unlock_irq+0x47/0x80 [ 34.382260] ? calculate_sigpending+0x7b/0xa0 [ 34.382292] ? __pfx_kthread+0x10/0x10 [ 34.382321] ret_from_fork+0x116/0x1d0 [ 34.382348] ? __pfx_kthread+0x10/0x10 [ 34.382377] ret_from_fork_asm+0x1a/0x30 [ 34.382417] </TASK> [ 34.382432] [ 34.395415] Allocated by task 295: [ 34.395899] kasan_save_stack+0x45/0x70 [ 34.396307] kasan_save_track+0x18/0x40 [ 34.396802] kasan_save_alloc_info+0x3b/0x50 [ 34.397178] __kasan_kmalloc+0xb7/0xc0 [ 34.397518] __kmalloc_cache_noprof+0x189/0x420 [ 34.397975] kasan_atomics+0x95/0x310 [ 34.398429] kunit_try_run_case+0x1a5/0x480 [ 34.398940] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.399339] kthread+0x337/0x6f0 [ 34.399743] ret_from_fork+0x116/0x1d0 [ 34.400128] ret_from_fork_asm+0x1a/0x30 [ 34.400595] [ 34.400817] The buggy address belongs to the object at ffff888102daa080 [ 34.400817] which belongs to the cache kmalloc-64 of size 64 [ 34.401790] The buggy address is located 0 bytes to the right of [ 34.401790] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 34.402481] [ 34.402679] The buggy address belongs to the physical page: [ 34.402965] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 34.403336] flags: 0x200000000000000(node=0|zone=2) [ 34.403879] page_type: f5(slab) [ 34.404244] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 34.405007] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 34.405712] page dumped because: kasan: bad access detected [ 34.406222] [ 34.406469] Memory state around the buggy address: [ 34.406969] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.407607] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.408211] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 34.408758] ^ [ 34.409200] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.409571] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.409982] ================================================================== [ 32.771764] ================================================================== [ 32.772670] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b3a/0x5450 [ 32.773157] Write of size 4 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 32.773855] [ 32.774148] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 32.774280] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.774316] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.774367] Call Trace: [ 32.774405] <TASK> [ 32.774483] dump_stack_lvl+0x73/0xb0 [ 32.774606] print_report+0xd1/0x650 [ 32.774686] ? __virt_addr_valid+0x1db/0x2d0 [ 32.774754] ? kasan_atomics_helper+0x4b3a/0x5450 [ 32.774814] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.774947] ? kasan_atomics_helper+0x4b3a/0x5450 [ 32.775017] kasan_report+0x141/0x180 [ 32.775080] ? kasan_atomics_helper+0x4b3a/0x5450 [ 32.775184] __asan_report_store4_noabort+0x1b/0x30 [ 32.775283] kasan_atomics_helper+0x4b3a/0x5450 [ 32.775349] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 32.775451] ? __kmalloc_cache_noprof+0x189/0x420 [ 32.775558] ? kasan_atomics+0x152/0x310 [ 32.775634] kasan_atomics+0x1dc/0x310 [ 32.775717] ? __pfx_kasan_atomics+0x10/0x10 [ 32.775827] ? __pfx_read_tsc+0x10/0x10 [ 32.775907] ? ktime_get_ts64+0x86/0x230 [ 32.775975] kunit_try_run_case+0x1a5/0x480 [ 32.776041] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.776103] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.776215] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.776312] ? __kthread_parkme+0x82/0x180 [ 32.776372] ? preempt_count_sub+0x50/0x80 [ 32.776436] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.776561] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.776633] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.776724] kthread+0x337/0x6f0 [ 32.776762] ? trace_preempt_on+0x20/0xc0 [ 32.776800] ? __pfx_kthread+0x10/0x10 [ 32.776830] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.776864] ? calculate_sigpending+0x7b/0xa0 [ 32.776899] ? __pfx_kthread+0x10/0x10 [ 32.776929] ret_from_fork+0x116/0x1d0 [ 32.776958] ? __pfx_kthread+0x10/0x10 [ 32.776987] ret_from_fork_asm+0x1a/0x30 [ 32.777028] </TASK> [ 32.777044] [ 32.790840] Allocated by task 295: [ 32.791092] kasan_save_stack+0x45/0x70 [ 32.791691] kasan_save_track+0x18/0x40 [ 32.792243] kasan_save_alloc_info+0x3b/0x50 [ 32.792877] __kasan_kmalloc+0xb7/0xc0 [ 32.793337] __kmalloc_cache_noprof+0x189/0x420 [ 32.793791] kasan_atomics+0x95/0x310 [ 32.794276] kunit_try_run_case+0x1a5/0x480 [ 32.794923] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.795582] kthread+0x337/0x6f0 [ 32.796055] ret_from_fork+0x116/0x1d0 [ 32.796599] ret_from_fork_asm+0x1a/0x30 [ 32.796934] [ 32.797209] The buggy address belongs to the object at ffff888102daa080 [ 32.797209] which belongs to the cache kmalloc-64 of size 64 [ 32.798280] The buggy address is located 0 bytes to the right of [ 32.798280] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 32.799329] [ 32.799564] The buggy address belongs to the physical page: [ 32.799964] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 32.800814] flags: 0x200000000000000(node=0|zone=2) [ 32.801258] page_type: f5(slab) [ 32.801658] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 32.802328] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.802955] page dumped because: kasan: bad access detected [ 32.803407] [ 32.803655] Memory state around the buggy address: [ 32.804082] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.804636] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.805064] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.805619] ^ [ 32.805989] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.806407] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.806933] ================================================================== [ 33.134224] ================================================================== [ 33.134796] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xac7/0x5450 [ 33.135288] Write of size 4 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 33.135954] [ 33.136141] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 33.136256] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.136291] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.136341] Call Trace: [ 33.136380] <TASK> [ 33.136422] dump_stack_lvl+0x73/0xb0 [ 33.136499] print_report+0xd1/0x650 [ 33.136578] ? __virt_addr_valid+0x1db/0x2d0 [ 33.136676] ? kasan_atomics_helper+0xac7/0x5450 [ 33.136736] ? kasan_complete_mode_report_info+0x2a/0x200 [ 33.136809] ? kasan_atomics_helper+0xac7/0x5450 [ 33.136852] kasan_report+0x141/0x180 [ 33.136906] ? kasan_atomics_helper+0xac7/0x5450 [ 33.136974] kasan_check_range+0x10c/0x1c0 [ 33.137037] __kasan_check_write+0x18/0x20 [ 33.137095] kasan_atomics_helper+0xac7/0x5450 [ 33.137155] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 33.137219] ? __kmalloc_cache_noprof+0x189/0x420 [ 33.137281] ? kasan_atomics+0x152/0x310 [ 33.137350] kasan_atomics+0x1dc/0x310 [ 33.137411] ? __pfx_kasan_atomics+0x10/0x10 [ 33.137471] ? __pfx_read_tsc+0x10/0x10 [ 33.137526] ? ktime_get_ts64+0x86/0x230 [ 33.137610] kunit_try_run_case+0x1a5/0x480 [ 33.137710] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.137745] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 33.137784] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 33.137820] ? __kthread_parkme+0x82/0x180 [ 33.137851] ? preempt_count_sub+0x50/0x80 [ 33.137884] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.137917] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.137952] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.137985] kthread+0x337/0x6f0 [ 33.138013] ? trace_preempt_on+0x20/0xc0 [ 33.138046] ? __pfx_kthread+0x10/0x10 [ 33.138075] ? _raw_spin_unlock_irq+0x47/0x80 [ 33.138107] ? calculate_sigpending+0x7b/0xa0 [ 33.138140] ? __pfx_kthread+0x10/0x10 [ 33.138170] ret_from_fork+0x116/0x1d0 [ 33.138197] ? __pfx_kthread+0x10/0x10 [ 33.138226] ret_from_fork_asm+0x1a/0x30 [ 33.138267] </TASK> [ 33.138283] [ 33.152584] Allocated by task 295: [ 33.152872] kasan_save_stack+0x45/0x70 [ 33.153344] kasan_save_track+0x18/0x40 [ 33.153808] kasan_save_alloc_info+0x3b/0x50 [ 33.154278] __kasan_kmalloc+0xb7/0xc0 [ 33.154741] __kmalloc_cache_noprof+0x189/0x420 [ 33.155243] kasan_atomics+0x95/0x310 [ 33.155553] kunit_try_run_case+0x1a5/0x480 [ 33.155868] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.156367] kthread+0x337/0x6f0 [ 33.156794] ret_from_fork+0x116/0x1d0 [ 33.157202] ret_from_fork_asm+0x1a/0x30 [ 33.157478] [ 33.157743] The buggy address belongs to the object at ffff888102daa080 [ 33.157743] which belongs to the cache kmalloc-64 of size 64 [ 33.158504] The buggy address is located 0 bytes to the right of [ 33.158504] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 33.159449] [ 33.159736] The buggy address belongs to the physical page: [ 33.160108] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 33.160754] flags: 0x200000000000000(node=0|zone=2) [ 33.161204] page_type: f5(slab) [ 33.161578] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 33.162034] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.162670] page dumped because: kasan: bad access detected [ 33.163173] [ 33.163371] Memory state around the buggy address: [ 33.163888] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.164452] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.165090] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.165634] ^ [ 33.166009] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.166503] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.166931] ================================================================== [ 33.836488] ================================================================== [ 33.837079] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1467/0x5450 [ 33.837580] Write of size 8 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 33.838254] [ 33.838449] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 33.838581] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.838615] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.838690] Call Trace: [ 33.838747] <TASK> [ 33.838783] dump_stack_lvl+0x73/0xb0 [ 33.838848] print_report+0xd1/0x650 [ 33.838895] ? __virt_addr_valid+0x1db/0x2d0 [ 33.838945] ? kasan_atomics_helper+0x1467/0x5450 [ 33.838989] ? kasan_complete_mode_report_info+0x2a/0x200 [ 33.839043] ? kasan_atomics_helper+0x1467/0x5450 [ 33.839134] kasan_report+0x141/0x180 [ 33.839195] ? kasan_atomics_helper+0x1467/0x5450 [ 33.839277] kasan_check_range+0x10c/0x1c0 [ 33.839380] __kasan_check_write+0x18/0x20 [ 33.839467] kasan_atomics_helper+0x1467/0x5450 [ 33.839552] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 33.839615] ? __kmalloc_cache_noprof+0x189/0x420 [ 33.839746] ? kasan_atomics+0x152/0x310 [ 33.839833] kasan_atomics+0x1dc/0x310 [ 33.839901] ? __pfx_kasan_atomics+0x10/0x10 [ 33.839971] ? __pfx_read_tsc+0x10/0x10 [ 33.840037] ? ktime_get_ts64+0x86/0x230 [ 33.840106] kunit_try_run_case+0x1a5/0x480 [ 33.840173] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.840233] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 33.840301] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 33.840381] ? __kthread_parkme+0x82/0x180 [ 33.840460] ? preempt_count_sub+0x50/0x80 [ 33.840520] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.840601] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.840718] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.840809] kthread+0x337/0x6f0 [ 33.840866] ? trace_preempt_on+0x20/0xc0 [ 33.840905] ? __pfx_kthread+0x10/0x10 [ 33.840936] ? _raw_spin_unlock_irq+0x47/0x80 [ 33.840970] ? calculate_sigpending+0x7b/0xa0 [ 33.841006] ? __pfx_kthread+0x10/0x10 [ 33.841036] ret_from_fork+0x116/0x1d0 [ 33.841063] ? __pfx_kthread+0x10/0x10 [ 33.841092] ret_from_fork_asm+0x1a/0x30 [ 33.841133] </TASK> [ 33.841149] [ 33.856606] Allocated by task 295: [ 33.857015] kasan_save_stack+0x45/0x70 [ 33.857525] kasan_save_track+0x18/0x40 [ 33.857836] kasan_save_alloc_info+0x3b/0x50 [ 33.858169] __kasan_kmalloc+0xb7/0xc0 [ 33.858754] __kmalloc_cache_noprof+0x189/0x420 [ 33.859281] kasan_atomics+0x95/0x310 [ 33.859726] kunit_try_run_case+0x1a5/0x480 [ 33.860290] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.860871] kthread+0x337/0x6f0 [ 33.861233] ret_from_fork+0x116/0x1d0 [ 33.861555] ret_from_fork_asm+0x1a/0x30 [ 33.861934] [ 33.862134] The buggy address belongs to the object at ffff888102daa080 [ 33.862134] which belongs to the cache kmalloc-64 of size 64 [ 33.862860] The buggy address is located 0 bytes to the right of [ 33.862860] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 33.864025] [ 33.864302] The buggy address belongs to the physical page: [ 33.864892] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 33.865597] flags: 0x200000000000000(node=0|zone=2) [ 33.865997] page_type: f5(slab) [ 33.866267] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 33.866825] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.867489] page dumped because: kasan: bad access detected [ 33.867977] [ 33.868174] Memory state around the buggy address: [ 33.868513] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.869339] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.869849] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.870459] ^ [ 33.870852] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.871555] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.872083] ================================================================== [ 33.702308] ================================================================== [ 33.702829] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12e6/0x5450 [ 33.703308] Write of size 4 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 33.703816] [ 33.704078] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 33.704190] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.704229] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.704275] Call Trace: [ 33.704317] <TASK> [ 33.704361] dump_stack_lvl+0x73/0xb0 [ 33.704434] print_report+0xd1/0x650 [ 33.704492] ? __virt_addr_valid+0x1db/0x2d0 [ 33.704568] ? kasan_atomics_helper+0x12e6/0x5450 [ 33.704663] ? kasan_complete_mode_report_info+0x2a/0x200 [ 33.704737] ? kasan_atomics_helper+0x12e6/0x5450 [ 33.704795] kasan_report+0x141/0x180 [ 33.704855] ? kasan_atomics_helper+0x12e6/0x5450 [ 33.704923] kasan_check_range+0x10c/0x1c0 [ 33.704984] __kasan_check_write+0x18/0x20 [ 33.705048] kasan_atomics_helper+0x12e6/0x5450 [ 33.705107] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 33.705164] ? __kmalloc_cache_noprof+0x189/0x420 [ 33.705224] ? kasan_atomics+0x152/0x310 [ 33.705297] kasan_atomics+0x1dc/0x310 [ 33.705366] ? __pfx_kasan_atomics+0x10/0x10 [ 33.705435] ? __pfx_read_tsc+0x10/0x10 [ 33.705477] ? ktime_get_ts64+0x86/0x230 [ 33.705514] kunit_try_run_case+0x1a5/0x480 [ 33.705573] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.705607] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 33.705684] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 33.705720] ? __kthread_parkme+0x82/0x180 [ 33.705751] ? preempt_count_sub+0x50/0x80 [ 33.705784] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.705817] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.705851] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.705885] kthread+0x337/0x6f0 [ 33.705912] ? trace_preempt_on+0x20/0xc0 [ 33.705945] ? __pfx_kthread+0x10/0x10 [ 33.705974] ? _raw_spin_unlock_irq+0x47/0x80 [ 33.706006] ? calculate_sigpending+0x7b/0xa0 [ 33.706040] ? __pfx_kthread+0x10/0x10 [ 33.706069] ret_from_fork+0x116/0x1d0 [ 33.706097] ? __pfx_kthread+0x10/0x10 [ 33.706125] ret_from_fork_asm+0x1a/0x30 [ 33.706166] </TASK> [ 33.706181] [ 33.719087] Allocated by task 295: [ 33.719469] kasan_save_stack+0x45/0x70 [ 33.719933] kasan_save_track+0x18/0x40 [ 33.720333] kasan_save_alloc_info+0x3b/0x50 [ 33.720677] __kasan_kmalloc+0xb7/0xc0 [ 33.721072] __kmalloc_cache_noprof+0x189/0x420 [ 33.721412] kasan_atomics+0x95/0x310 [ 33.721716] kunit_try_run_case+0x1a5/0x480 [ 33.721984] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.722279] kthread+0x337/0x6f0 [ 33.722531] ret_from_fork+0x116/0x1d0 [ 33.722987] ret_from_fork_asm+0x1a/0x30 [ 33.723414] [ 33.723653] The buggy address belongs to the object at ffff888102daa080 [ 33.723653] which belongs to the cache kmalloc-64 of size 64 [ 33.724768] The buggy address is located 0 bytes to the right of [ 33.724768] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 33.725744] [ 33.725961] The buggy address belongs to the physical page: [ 33.726249] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 33.726940] flags: 0x200000000000000(node=0|zone=2) [ 33.727200] page_type: f5(slab) [ 33.727482] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 33.728165] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.728674] page dumped because: kasan: bad access detected [ 33.729013] [ 33.729220] Memory state around the buggy address: [ 33.729682] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.730078] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.730428] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.730818] ^ [ 33.731217] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.731885] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.732475] ================================================================== [ 34.267178] ================================================================== [ 34.267838] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1b22/0x5450 [ 34.268452] Write of size 8 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 34.269390] [ 34.269926] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 34.270027] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.270052] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.270090] Call Trace: [ 34.270127] <TASK> [ 34.270163] dump_stack_lvl+0x73/0xb0 [ 34.270225] print_report+0xd1/0x650 [ 34.270277] ? __virt_addr_valid+0x1db/0x2d0 [ 34.270332] ? kasan_atomics_helper+0x1b22/0x5450 [ 34.270378] ? kasan_complete_mode_report_info+0x2a/0x200 [ 34.270433] ? kasan_atomics_helper+0x1b22/0x5450 [ 34.270482] kasan_report+0x141/0x180 [ 34.270529] ? kasan_atomics_helper+0x1b22/0x5450 [ 34.270609] kasan_check_range+0x10c/0x1c0 [ 34.270667] __kasan_check_write+0x18/0x20 [ 34.270732] kasan_atomics_helper+0x1b22/0x5450 [ 34.270792] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 34.270856] ? __kmalloc_cache_noprof+0x189/0x420 [ 34.270925] ? kasan_atomics+0x152/0x310 [ 34.270993] kasan_atomics+0x1dc/0x310 [ 34.271056] ? __pfx_kasan_atomics+0x10/0x10 [ 34.271122] ? __pfx_read_tsc+0x10/0x10 [ 34.271187] ? ktime_get_ts64+0x86/0x230 [ 34.271255] kunit_try_run_case+0x1a5/0x480 [ 34.271326] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.271390] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 34.271522] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 34.271627] ? __kthread_parkme+0x82/0x180 [ 34.271688] ? preempt_count_sub+0x50/0x80 [ 34.271755] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.271837] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.271913] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 34.271984] kthread+0x337/0x6f0 [ 34.272045] ? trace_preempt_on+0x20/0xc0 [ 34.272114] ? __pfx_kthread+0x10/0x10 [ 34.272177] ? _raw_spin_unlock_irq+0x47/0x80 [ 34.272244] ? calculate_sigpending+0x7b/0xa0 [ 34.272314] ? __pfx_kthread+0x10/0x10 [ 34.272378] ret_from_fork+0x116/0x1d0 [ 34.272464] ? __pfx_kthread+0x10/0x10 [ 34.272500] ret_from_fork_asm+0x1a/0x30 [ 34.272565] </TASK> [ 34.272583] [ 34.288054] Allocated by task 295: [ 34.288386] kasan_save_stack+0x45/0x70 [ 34.288923] kasan_save_track+0x18/0x40 [ 34.289219] kasan_save_alloc_info+0x3b/0x50 [ 34.289598] __kasan_kmalloc+0xb7/0xc0 [ 34.290032] __kmalloc_cache_noprof+0x189/0x420 [ 34.290507] kasan_atomics+0x95/0x310 [ 34.290890] kunit_try_run_case+0x1a5/0x480 [ 34.291200] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.291740] kthread+0x337/0x6f0 [ 34.292046] ret_from_fork+0x116/0x1d0 [ 34.292449] ret_from_fork_asm+0x1a/0x30 [ 34.292814] [ 34.293053] The buggy address belongs to the object at ffff888102daa080 [ 34.293053] which belongs to the cache kmalloc-64 of size 64 [ 34.293989] The buggy address is located 0 bytes to the right of [ 34.293989] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 34.295489] [ 34.296057] The buggy address belongs to the physical page: [ 34.296330] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 34.297347] flags: 0x200000000000000(node=0|zone=2) [ 34.297881] page_type: f5(slab) [ 34.298337] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 34.299159] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 34.299881] page dumped because: kasan: bad access detected [ 34.300141] [ 34.300597] Memory state around the buggy address: [ 34.301259] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.301901] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.302517] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 34.303124] ^ [ 34.303443] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.303862] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.304567] ================================================================== [ 34.232305] ================================================================== [ 34.232894] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1a7f/0x5450 [ 34.234184] Write of size 8 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 34.235321] [ 34.235560] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 34.235631] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.235659] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.235686] Call Trace: [ 34.235710] <TASK> [ 34.235735] dump_stack_lvl+0x73/0xb0 [ 34.235783] print_report+0xd1/0x650 [ 34.235815] ? __virt_addr_valid+0x1db/0x2d0 [ 34.235862] ? kasan_atomics_helper+0x1a7f/0x5450 [ 34.235893] ? kasan_complete_mode_report_info+0x2a/0x200 [ 34.235929] ? kasan_atomics_helper+0x1a7f/0x5450 [ 34.235959] kasan_report+0x141/0x180 [ 34.235989] ? kasan_atomics_helper+0x1a7f/0x5450 [ 34.236025] kasan_check_range+0x10c/0x1c0 [ 34.236058] __kasan_check_write+0x18/0x20 [ 34.236089] kasan_atomics_helper+0x1a7f/0x5450 [ 34.236120] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 34.236151] ? __kmalloc_cache_noprof+0x189/0x420 [ 34.236184] ? kasan_atomics+0x152/0x310 [ 34.236218] kasan_atomics+0x1dc/0x310 [ 34.236248] ? __pfx_kasan_atomics+0x10/0x10 [ 34.236280] ? __pfx_read_tsc+0x10/0x10 [ 34.236310] ? ktime_get_ts64+0x86/0x230 [ 34.236344] kunit_try_run_case+0x1a5/0x480 [ 34.236377] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.236408] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 34.236442] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 34.236474] ? __kthread_parkme+0x82/0x180 [ 34.236503] ? preempt_count_sub+0x50/0x80 [ 34.236553] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.236587] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.236623] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 34.236682] kthread+0x337/0x6f0 [ 34.236734] ? trace_preempt_on+0x20/0xc0 [ 34.236803] ? __pfx_kthread+0x10/0x10 [ 34.236861] ? _raw_spin_unlock_irq+0x47/0x80 [ 34.236925] ? calculate_sigpending+0x7b/0xa0 [ 34.236993] ? __pfx_kthread+0x10/0x10 [ 34.237074] ret_from_fork+0x116/0x1d0 [ 34.237141] ? __pfx_kthread+0x10/0x10 [ 34.237213] ret_from_fork_asm+0x1a/0x30 [ 34.237301] </TASK> [ 34.237336] [ 34.251195] Allocated by task 295: [ 34.251597] kasan_save_stack+0x45/0x70 [ 34.252066] kasan_save_track+0x18/0x40 [ 34.252460] kasan_save_alloc_info+0x3b/0x50 [ 34.252850] __kasan_kmalloc+0xb7/0xc0 [ 34.253227] __kmalloc_cache_noprof+0x189/0x420 [ 34.253724] kasan_atomics+0x95/0x310 [ 34.253987] kunit_try_run_case+0x1a5/0x480 [ 34.254410] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.254869] kthread+0x337/0x6f0 [ 34.255112] ret_from_fork+0x116/0x1d0 [ 34.255349] ret_from_fork_asm+0x1a/0x30 [ 34.255685] [ 34.255907] The buggy address belongs to the object at ffff888102daa080 [ 34.255907] which belongs to the cache kmalloc-64 of size 64 [ 34.256979] The buggy address is located 0 bytes to the right of [ 34.256979] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 34.257781] [ 34.257932] The buggy address belongs to the physical page: [ 34.258397] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 34.259122] flags: 0x200000000000000(node=0|zone=2) [ 34.259577] page_type: f5(slab) [ 34.259957] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 34.260504] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 34.261004] page dumped because: kasan: bad access detected [ 34.261300] [ 34.261479] Memory state around the buggy address: [ 34.261982] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.262612] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.263073] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 34.263657] ^ [ 34.263987] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.264493] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.266247] ================================================================== [ 33.734770] ================================================================== [ 33.735415] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49ce/0x5450 [ 33.736113] Read of size 4 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 33.737035] [ 33.737293] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 33.737408] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.737442] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.737496] Call Trace: [ 33.737558] <TASK> [ 33.737597] dump_stack_lvl+0x73/0xb0 [ 33.737714] print_report+0xd1/0x650 [ 33.737768] ? __virt_addr_valid+0x1db/0x2d0 [ 33.737829] ? kasan_atomics_helper+0x49ce/0x5450 [ 33.737883] ? kasan_complete_mode_report_info+0x2a/0x200 [ 33.737937] ? kasan_atomics_helper+0x49ce/0x5450 [ 33.737994] kasan_report+0x141/0x180 [ 33.738053] ? kasan_atomics_helper+0x49ce/0x5450 [ 33.738117] __asan_report_load4_noabort+0x18/0x20 [ 33.738180] kasan_atomics_helper+0x49ce/0x5450 [ 33.738241] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 33.738302] ? __kmalloc_cache_noprof+0x189/0x420 [ 33.738368] ? kasan_atomics+0x152/0x310 [ 33.738434] kasan_atomics+0x1dc/0x310 [ 33.738491] ? __pfx_kasan_atomics+0x10/0x10 [ 33.738563] ? __pfx_read_tsc+0x10/0x10 [ 33.738658] ? ktime_get_ts64+0x86/0x230 [ 33.738731] kunit_try_run_case+0x1a5/0x480 [ 33.738803] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.738863] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 33.738933] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 33.739004] ? __kthread_parkme+0x82/0x180 [ 33.739062] ? preempt_count_sub+0x50/0x80 [ 33.739128] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.739194] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.739265] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.739329] kthread+0x337/0x6f0 [ 33.739385] ? trace_preempt_on+0x20/0xc0 [ 33.739453] ? __pfx_kthread+0x10/0x10 [ 33.739517] ? _raw_spin_unlock_irq+0x47/0x80 [ 33.739603] ? calculate_sigpending+0x7b/0xa0 [ 33.739707] ? __pfx_kthread+0x10/0x10 [ 33.739773] ret_from_fork+0x116/0x1d0 [ 33.739844] ? __pfx_kthread+0x10/0x10 [ 33.739903] ret_from_fork_asm+0x1a/0x30 [ 33.739978] </TASK> [ 33.740002] [ 33.751464] Allocated by task 295: [ 33.751913] kasan_save_stack+0x45/0x70 [ 33.752329] kasan_save_track+0x18/0x40 [ 33.752762] kasan_save_alloc_info+0x3b/0x50 [ 33.753185] __kasan_kmalloc+0xb7/0xc0 [ 33.753582] __kmalloc_cache_noprof+0x189/0x420 [ 33.754080] kasan_atomics+0x95/0x310 [ 33.754431] kunit_try_run_case+0x1a5/0x480 [ 33.754858] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.755228] kthread+0x337/0x6f0 [ 33.755463] ret_from_fork+0x116/0x1d0 [ 33.755918] ret_from_fork_asm+0x1a/0x30 [ 33.756325] [ 33.756530] The buggy address belongs to the object at ffff888102daa080 [ 33.756530] which belongs to the cache kmalloc-64 of size 64 [ 33.757476] The buggy address is located 0 bytes to the right of [ 33.757476] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 33.758317] [ 33.758468] The buggy address belongs to the physical page: [ 33.758806] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 33.759196] flags: 0x200000000000000(node=0|zone=2) [ 33.759689] page_type: f5(slab) [ 33.760058] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 33.760755] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.761392] page dumped because: kasan: bad access detected [ 33.761930] [ 33.762138] Memory state around the buggy address: [ 33.762592] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.763241] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.763682] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.764041] ^ [ 33.764292] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.764932] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.765569] ================================================================== [ 33.168934] ================================================================== [ 33.170238] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xb6a/0x5450 [ 33.170894] Write of size 4 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 33.171405] [ 33.171716] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 33.171847] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.171882] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.171933] Call Trace: [ 33.171980] <TASK> [ 33.172024] dump_stack_lvl+0x73/0xb0 [ 33.172133] print_report+0xd1/0x650 [ 33.172200] ? __virt_addr_valid+0x1db/0x2d0 [ 33.172270] ? kasan_atomics_helper+0xb6a/0x5450 [ 33.172329] ? kasan_complete_mode_report_info+0x2a/0x200 [ 33.172396] ? kasan_atomics_helper+0xb6a/0x5450 [ 33.172455] kasan_report+0x141/0x180 [ 33.172521] ? kasan_atomics_helper+0xb6a/0x5450 [ 33.172748] kasan_check_range+0x10c/0x1c0 [ 33.172844] __kasan_check_write+0x18/0x20 [ 33.172934] kasan_atomics_helper+0xb6a/0x5450 [ 33.173012] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 33.173068] ? __kmalloc_cache_noprof+0x189/0x420 [ 33.173120] ? kasan_atomics+0x152/0x310 [ 33.173175] kasan_atomics+0x1dc/0x310 [ 33.173228] ? __pfx_kasan_atomics+0x10/0x10 [ 33.173289] ? __pfx_read_tsc+0x10/0x10 [ 33.173342] ? ktime_get_ts64+0x86/0x230 [ 33.173400] kunit_try_run_case+0x1a5/0x480 [ 33.173458] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.173512] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 33.173593] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 33.173689] ? __kthread_parkme+0x82/0x180 [ 33.173741] ? preempt_count_sub+0x50/0x80 [ 33.173795] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.173853] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.173915] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.173976] kthread+0x337/0x6f0 [ 33.174022] ? trace_preempt_on+0x20/0xc0 [ 33.174082] ? __pfx_kthread+0x10/0x10 [ 33.174136] ? _raw_spin_unlock_irq+0x47/0x80 [ 33.174196] ? calculate_sigpending+0x7b/0xa0 [ 33.174292] ? __pfx_kthread+0x10/0x10 [ 33.174347] ret_from_fork+0x116/0x1d0 [ 33.174401] ? __pfx_kthread+0x10/0x10 [ 33.174454] ret_from_fork_asm+0x1a/0x30 [ 33.174522] </TASK> [ 33.174569] [ 33.187270] Allocated by task 295: [ 33.187518] kasan_save_stack+0x45/0x70 [ 33.188028] kasan_save_track+0x18/0x40 [ 33.188480] kasan_save_alloc_info+0x3b/0x50 [ 33.188977] __kasan_kmalloc+0xb7/0xc0 [ 33.189417] __kmalloc_cache_noprof+0x189/0x420 [ 33.189986] kasan_atomics+0x95/0x310 [ 33.190434] kunit_try_run_case+0x1a5/0x480 [ 33.190939] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.191304] kthread+0x337/0x6f0 [ 33.191558] ret_from_fork+0x116/0x1d0 [ 33.191869] ret_from_fork_asm+0x1a/0x30 [ 33.192407] [ 33.192737] The buggy address belongs to the object at ffff888102daa080 [ 33.192737] which belongs to the cache kmalloc-64 of size 64 [ 33.193875] The buggy address is located 0 bytes to the right of [ 33.193875] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 33.194936] [ 33.195092] The buggy address belongs to the physical page: [ 33.195374] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 33.196231] flags: 0x200000000000000(node=0|zone=2) [ 33.197060] page_type: f5(slab) [ 33.197495] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 33.198323] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.198745] page dumped because: kasan: bad access detected [ 33.199026] [ 33.199155] Memory state around the buggy address: [ 33.199615] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.200383] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.201262] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.201927] ^ [ 33.202385] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.203170] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.203875] ================================================================== [ 34.162109] ================================================================== [ 34.162713] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x194a/0x5450 [ 34.163473] Write of size 8 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 34.165620] [ 34.166157] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 34.166279] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.166314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.166390] Call Trace: [ 34.166435] <TASK> [ 34.166480] dump_stack_lvl+0x73/0xb0 [ 34.166578] print_report+0xd1/0x650 [ 34.166674] ? __virt_addr_valid+0x1db/0x2d0 [ 34.166715] ? kasan_atomics_helper+0x194a/0x5450 [ 34.166747] ? kasan_complete_mode_report_info+0x2a/0x200 [ 34.166785] ? kasan_atomics_helper+0x194a/0x5450 [ 34.166816] kasan_report+0x141/0x180 [ 34.166846] ? kasan_atomics_helper+0x194a/0x5450 [ 34.166882] kasan_check_range+0x10c/0x1c0 [ 34.166915] __kasan_check_write+0x18/0x20 [ 34.166946] kasan_atomics_helper+0x194a/0x5450 [ 34.166978] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 34.167008] ? __kmalloc_cache_noprof+0x189/0x420 [ 34.167041] ? kasan_atomics+0x152/0x310 [ 34.167077] kasan_atomics+0x1dc/0x310 [ 34.167108] ? __pfx_kasan_atomics+0x10/0x10 [ 34.167139] ? __pfx_read_tsc+0x10/0x10 [ 34.167170] ? ktime_get_ts64+0x86/0x230 [ 34.167204] kunit_try_run_case+0x1a5/0x480 [ 34.167238] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.167269] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 34.167304] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 34.167338] ? __kthread_parkme+0x82/0x180 [ 34.167367] ? preempt_count_sub+0x50/0x80 [ 34.167400] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.167433] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.167466] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 34.167498] kthread+0x337/0x6f0 [ 34.167527] ? trace_preempt_on+0x20/0xc0 [ 34.167581] ? __pfx_kthread+0x10/0x10 [ 34.167611] ? _raw_spin_unlock_irq+0x47/0x80 [ 34.167657] ? calculate_sigpending+0x7b/0xa0 [ 34.167693] ? __pfx_kthread+0x10/0x10 [ 34.167723] ret_from_fork+0x116/0x1d0 [ 34.167751] ? __pfx_kthread+0x10/0x10 [ 34.167780] ret_from_fork_asm+0x1a/0x30 [ 34.167833] </TASK> [ 34.167851] [ 34.182054] Allocated by task 295: [ 34.182472] kasan_save_stack+0x45/0x70 [ 34.182988] kasan_save_track+0x18/0x40 [ 34.183403] kasan_save_alloc_info+0x3b/0x50 [ 34.183847] __kasan_kmalloc+0xb7/0xc0 [ 34.184104] __kmalloc_cache_noprof+0x189/0x420 [ 34.184532] kasan_atomics+0x95/0x310 [ 34.184989] kunit_try_run_case+0x1a5/0x480 [ 34.185449] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.185970] kthread+0x337/0x6f0 [ 34.186211] ret_from_fork+0x116/0x1d0 [ 34.186473] ret_from_fork_asm+0x1a/0x30 [ 34.186963] [ 34.187184] The buggy address belongs to the object at ffff888102daa080 [ 34.187184] which belongs to the cache kmalloc-64 of size 64 [ 34.188235] The buggy address is located 0 bytes to the right of [ 34.188235] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 34.189194] [ 34.189430] The buggy address belongs to the physical page: [ 34.189917] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 34.190328] flags: 0x200000000000000(node=0|zone=2) [ 34.190887] page_type: f5(slab) [ 34.191258] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 34.191937] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 34.192565] page dumped because: kasan: bad access detected [ 34.192887] [ 34.193078] Memory state around the buggy address: [ 34.193522] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.194245] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.194808] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 34.195261] ^ [ 34.195680] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.196045] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.196717] ================================================================== [ 32.517729] ================================================================== [ 32.518766] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4bbc/0x5450 [ 32.519327] Read of size 4 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 32.520408] [ 32.520725] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 32.520848] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.520883] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.520936] Call Trace: [ 32.520971] <TASK> [ 32.521011] dump_stack_lvl+0x73/0xb0 [ 32.521090] print_report+0xd1/0x650 [ 32.521149] ? __virt_addr_valid+0x1db/0x2d0 [ 32.521209] ? kasan_atomics_helper+0x4bbc/0x5450 [ 32.521261] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.521326] ? kasan_atomics_helper+0x4bbc/0x5450 [ 32.521380] kasan_report+0x141/0x180 [ 32.521437] ? kasan_atomics_helper+0x4bbc/0x5450 [ 32.521477] __asan_report_load4_noabort+0x18/0x20 [ 32.521510] kasan_atomics_helper+0x4bbc/0x5450 [ 32.521561] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 32.521592] ? __kmalloc_cache_noprof+0x189/0x420 [ 32.521667] ? kasan_atomics+0x152/0x310 [ 32.521706] kasan_atomics+0x1dc/0x310 [ 32.521737] ? __pfx_kasan_atomics+0x10/0x10 [ 32.521770] ? __pfx_read_tsc+0x10/0x10 [ 32.521802] ? ktime_get_ts64+0x86/0x230 [ 32.521837] kunit_try_run_case+0x1a5/0x480 [ 32.521873] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.521903] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.521937] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.521970] ? __kthread_parkme+0x82/0x180 [ 32.522000] ? preempt_count_sub+0x50/0x80 [ 32.522032] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.522064] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.522095] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.522127] kthread+0x337/0x6f0 [ 32.522153] ? trace_preempt_on+0x20/0xc0 [ 32.522185] ? __pfx_kthread+0x10/0x10 [ 32.522212] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.522241] ? calculate_sigpending+0x7b/0xa0 [ 32.522272] ? __pfx_kthread+0x10/0x10 [ 32.522300] ret_from_fork+0x116/0x1d0 [ 32.522326] ? __pfx_kthread+0x10/0x10 [ 32.522352] ret_from_fork_asm+0x1a/0x30 [ 32.522392] </TASK> [ 32.522406] [ 32.536121] Allocated by task 295: [ 32.536494] kasan_save_stack+0x45/0x70 [ 32.536796] kasan_save_track+0x18/0x40 [ 32.537029] kasan_save_alloc_info+0x3b/0x50 [ 32.537330] __kasan_kmalloc+0xb7/0xc0 [ 32.537807] __kmalloc_cache_noprof+0x189/0x420 [ 32.538274] kasan_atomics+0x95/0x310 [ 32.538859] kunit_try_run_case+0x1a5/0x480 [ 32.539591] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.540135] kthread+0x337/0x6f0 [ 32.540428] ret_from_fork+0x116/0x1d0 [ 32.540739] ret_from_fork_asm+0x1a/0x30 [ 32.541117] [ 32.541283] The buggy address belongs to the object at ffff888102daa080 [ 32.541283] which belongs to the cache kmalloc-64 of size 64 [ 32.542135] The buggy address is located 0 bytes to the right of [ 32.542135] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 32.542948] [ 32.543140] The buggy address belongs to the physical page: [ 32.543512] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 32.544113] flags: 0x200000000000000(node=0|zone=2) [ 32.544557] page_type: f5(slab) [ 32.544856] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 32.545315] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.545962] page dumped because: kasan: bad access detected [ 32.546323] [ 32.546452] Memory state around the buggy address: [ 32.546921] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.547460] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.547983] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.548632] ^ [ 32.549430] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.549815] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.550440] ================================================================== [ 33.767283] ================================================================== [ 33.767868] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x13b5/0x5450 [ 33.768293] Read of size 8 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 33.768762] [ 33.769004] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 33.769116] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.769149] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.769202] Call Trace: [ 33.769241] <TASK> [ 33.769281] dump_stack_lvl+0x73/0xb0 [ 33.769353] print_report+0xd1/0x650 [ 33.769413] ? __virt_addr_valid+0x1db/0x2d0 [ 33.769480] ? kasan_atomics_helper+0x13b5/0x5450 [ 33.769552] ? kasan_complete_mode_report_info+0x2a/0x200 [ 33.769661] ? kasan_atomics_helper+0x13b5/0x5450 [ 33.769731] kasan_report+0x141/0x180 [ 33.769796] ? kasan_atomics_helper+0x13b5/0x5450 [ 33.769871] kasan_check_range+0x10c/0x1c0 [ 33.769939] __kasan_check_read+0x15/0x20 [ 33.770005] kasan_atomics_helper+0x13b5/0x5450 [ 33.770067] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 33.770127] ? __kmalloc_cache_noprof+0x189/0x420 [ 33.770189] ? kasan_atomics+0x152/0x310 [ 33.770255] kasan_atomics+0x1dc/0x310 [ 33.770306] ? __pfx_kasan_atomics+0x10/0x10 [ 33.770365] ? __pfx_read_tsc+0x10/0x10 [ 33.770423] ? ktime_get_ts64+0x86/0x230 [ 33.770488] kunit_try_run_case+0x1a5/0x480 [ 33.770571] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.770673] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 33.770748] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 33.770816] ? __kthread_parkme+0x82/0x180 [ 33.770878] ? preempt_count_sub+0x50/0x80 [ 33.770948] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.771011] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.771070] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.771136] kthread+0x337/0x6f0 [ 33.771193] ? trace_preempt_on+0x20/0xc0 [ 33.771264] ? __pfx_kthread+0x10/0x10 [ 33.771327] ? _raw_spin_unlock_irq+0x47/0x80 [ 33.771395] ? calculate_sigpending+0x7b/0xa0 [ 33.771465] ? __pfx_kthread+0x10/0x10 [ 33.771530] ret_from_fork+0x116/0x1d0 [ 33.771608] ? __pfx_kthread+0x10/0x10 [ 33.771709] ret_from_fork_asm+0x1a/0x30 [ 33.771798] </TASK> [ 33.771843] [ 33.784588] Allocated by task 295: [ 33.784965] kasan_save_stack+0x45/0x70 [ 33.785287] kasan_save_track+0x18/0x40 [ 33.785732] kasan_save_alloc_info+0x3b/0x50 [ 33.786081] __kasan_kmalloc+0xb7/0xc0 [ 33.786403] __kmalloc_cache_noprof+0x189/0x420 [ 33.786882] kasan_atomics+0x95/0x310 [ 33.787264] kunit_try_run_case+0x1a5/0x480 [ 33.787566] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.788027] kthread+0x337/0x6f0 [ 33.788264] ret_from_fork+0x116/0x1d0 [ 33.788501] ret_from_fork_asm+0x1a/0x30 [ 33.788940] [ 33.789151] The buggy address belongs to the object at ffff888102daa080 [ 33.789151] which belongs to the cache kmalloc-64 of size 64 [ 33.790209] The buggy address is located 0 bytes to the right of [ 33.790209] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 33.791062] [ 33.791272] The buggy address belongs to the physical page: [ 33.791727] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 33.792390] flags: 0x200000000000000(node=0|zone=2) [ 33.792889] page_type: f5(slab) [ 33.793154] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 33.793523] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.794229] page dumped because: kasan: bad access detected [ 33.794782] [ 33.794978] Memory state around the buggy address: [ 33.795331] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.795895] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.796369] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.796819] ^ [ 33.797088] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.797430] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.798011] ================================================================== [ 33.417535] ================================================================== [ 33.418271] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xfa9/0x5450 [ 33.418731] Write of size 4 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 33.419379] [ 33.419693] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 33.419814] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.419860] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.419913] Call Trace: [ 33.419982] <TASK> [ 33.420026] dump_stack_lvl+0x73/0xb0 [ 33.420107] print_report+0xd1/0x650 [ 33.420170] ? __virt_addr_valid+0x1db/0x2d0 [ 33.420237] ? kasan_atomics_helper+0xfa9/0x5450 [ 33.420326] ? kasan_complete_mode_report_info+0x2a/0x200 [ 33.420399] ? kasan_atomics_helper+0xfa9/0x5450 [ 33.420461] kasan_report+0x141/0x180 [ 33.420528] ? kasan_atomics_helper+0xfa9/0x5450 [ 33.420670] kasan_check_range+0x10c/0x1c0 [ 33.420747] __kasan_check_write+0x18/0x20 [ 33.420815] kasan_atomics_helper+0xfa9/0x5450 [ 33.420881] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 33.420941] ? __kmalloc_cache_noprof+0x189/0x420 [ 33.421011] ? kasan_atomics+0x152/0x310 [ 33.421082] kasan_atomics+0x1dc/0x310 [ 33.421146] ? __pfx_kasan_atomics+0x10/0x10 [ 33.421215] ? __pfx_read_tsc+0x10/0x10 [ 33.421277] ? ktime_get_ts64+0x86/0x230 [ 33.421347] kunit_try_run_case+0x1a5/0x480 [ 33.421406] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.421442] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 33.421481] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 33.421515] ? __kthread_parkme+0x82/0x180 [ 33.421610] ? preempt_count_sub+0x50/0x80 [ 33.421708] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.421769] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.421824] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.421890] kthread+0x337/0x6f0 [ 33.421970] ? trace_preempt_on+0x20/0xc0 [ 33.422056] ? __pfx_kthread+0x10/0x10 [ 33.422121] ? _raw_spin_unlock_irq+0x47/0x80 [ 33.422206] ? calculate_sigpending+0x7b/0xa0 [ 33.422283] ? __pfx_kthread+0x10/0x10 [ 33.422345] ret_from_fork+0x116/0x1d0 [ 33.422419] ? __pfx_kthread+0x10/0x10 [ 33.422496] ret_from_fork_asm+0x1a/0x30 [ 33.422593] </TASK> [ 33.422654] [ 33.436331] Allocated by task 295: [ 33.436687] kasan_save_stack+0x45/0x70 [ 33.437144] kasan_save_track+0x18/0x40 [ 33.437565] kasan_save_alloc_info+0x3b/0x50 [ 33.438020] __kasan_kmalloc+0xb7/0xc0 [ 33.438414] __kmalloc_cache_noprof+0x189/0x420 [ 33.438946] kasan_atomics+0x95/0x310 [ 33.439289] kunit_try_run_case+0x1a5/0x480 [ 33.439584] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.439931] kthread+0x337/0x6f0 [ 33.440156] ret_from_fork+0x116/0x1d0 [ 33.440389] ret_from_fork_asm+0x1a/0x30 [ 33.440691] [ 33.440829] The buggy address belongs to the object at ffff888102daa080 [ 33.440829] which belongs to the cache kmalloc-64 of size 64 [ 33.441922] The buggy address is located 0 bytes to the right of [ 33.441922] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 33.443084] [ 33.443297] The buggy address belongs to the physical page: [ 33.443914] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 33.444703] flags: 0x200000000000000(node=0|zone=2) [ 33.445104] page_type: f5(slab) [ 33.445326] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 33.445742] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.446096] page dumped because: kasan: bad access detected [ 33.446369] [ 33.446507] Memory state around the buggy address: [ 33.447012] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.447755] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.448427] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.449103] ^ [ 33.449581] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.450250] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.450923] ================================================================== [ 33.205833] ================================================================== [ 33.206566] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xc70/0x5450 [ 33.207151] Write of size 4 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 33.207790] [ 33.208066] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 33.208190] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.208224] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.208270] Call Trace: [ 33.208312] <TASK> [ 33.208355] dump_stack_lvl+0x73/0xb0 [ 33.208490] print_report+0xd1/0x650 [ 33.208572] ? __virt_addr_valid+0x1db/0x2d0 [ 33.208715] ? kasan_atomics_helper+0xc70/0x5450 [ 33.208793] ? kasan_complete_mode_report_info+0x2a/0x200 [ 33.208866] ? kasan_atomics_helper+0xc70/0x5450 [ 33.208914] kasan_report+0x141/0x180 [ 33.208948] ? kasan_atomics_helper+0xc70/0x5450 [ 33.208985] kasan_check_range+0x10c/0x1c0 [ 33.209018] __kasan_check_write+0x18/0x20 [ 33.209051] kasan_atomics_helper+0xc70/0x5450 [ 33.209084] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 33.209115] ? __kmalloc_cache_noprof+0x189/0x420 [ 33.209149] ? kasan_atomics+0x152/0x310 [ 33.209185] kasan_atomics+0x1dc/0x310 [ 33.209216] ? __pfx_kasan_atomics+0x10/0x10 [ 33.209249] ? __pfx_read_tsc+0x10/0x10 [ 33.209279] ? ktime_get_ts64+0x86/0x230 [ 33.209312] kunit_try_run_case+0x1a5/0x480 [ 33.209346] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.209377] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 33.209411] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 33.209445] ? __kthread_parkme+0x82/0x180 [ 33.209474] ? preempt_count_sub+0x50/0x80 [ 33.209506] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.209558] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.209594] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.209658] kthread+0x337/0x6f0 [ 33.209693] ? trace_preempt_on+0x20/0xc0 [ 33.209727] ? __pfx_kthread+0x10/0x10 [ 33.209756] ? _raw_spin_unlock_irq+0x47/0x80 [ 33.209789] ? calculate_sigpending+0x7b/0xa0 [ 33.209823] ? __pfx_kthread+0x10/0x10 [ 33.209853] ret_from_fork+0x116/0x1d0 [ 33.209880] ? __pfx_kthread+0x10/0x10 [ 33.209909] ret_from_fork_asm+0x1a/0x30 [ 33.209952] </TASK> [ 33.209968] [ 33.223800] Allocated by task 295: [ 33.224066] kasan_save_stack+0x45/0x70 [ 33.224620] kasan_save_track+0x18/0x40 [ 33.225078] kasan_save_alloc_info+0x3b/0x50 [ 33.225602] __kasan_kmalloc+0xb7/0xc0 [ 33.225940] __kmalloc_cache_noprof+0x189/0x420 [ 33.226307] kasan_atomics+0x95/0x310 [ 33.226761] kunit_try_run_case+0x1a5/0x480 [ 33.227192] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.227651] kthread+0x337/0x6f0 [ 33.228036] ret_from_fork+0x116/0x1d0 [ 33.228313] ret_from_fork_asm+0x1a/0x30 [ 33.228656] [ 33.228870] The buggy address belongs to the object at ffff888102daa080 [ 33.228870] which belongs to the cache kmalloc-64 of size 64 [ 33.229929] The buggy address is located 0 bytes to the right of [ 33.229929] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 33.230935] [ 33.231182] The buggy address belongs to the physical page: [ 33.231672] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 33.232346] flags: 0x200000000000000(node=0|zone=2) [ 33.232814] page_type: f5(slab) [ 33.233036] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 33.233401] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.233769] page dumped because: kasan: bad access detected [ 33.234117] [ 33.234358] Memory state around the buggy address: [ 33.235375] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.236901] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.237577] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.238673] ^ [ 33.239173] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.239515] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.240194] ================================================================== [ 33.277809] ================================================================== [ 33.279268] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd47/0x5450 [ 33.279810] Write of size 4 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 33.280577] [ 33.281011] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 33.281349] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.281395] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.281425] Call Trace: [ 33.281451] <TASK> [ 33.281475] dump_stack_lvl+0x73/0xb0 [ 33.281521] print_report+0xd1/0x650 [ 33.281587] ? __virt_addr_valid+0x1db/0x2d0 [ 33.281649] ? kasan_atomics_helper+0xd47/0x5450 [ 33.281702] ? kasan_complete_mode_report_info+0x2a/0x200 [ 33.281788] ? kasan_atomics_helper+0xd47/0x5450 [ 33.281884] kasan_report+0x141/0x180 [ 33.281949] ? kasan_atomics_helper+0xd47/0x5450 [ 33.282007] kasan_check_range+0x10c/0x1c0 [ 33.282044] __kasan_check_write+0x18/0x20 [ 33.282078] kasan_atomics_helper+0xd47/0x5450 [ 33.282109] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 33.282140] ? __kmalloc_cache_noprof+0x189/0x420 [ 33.282175] ? kasan_atomics+0x152/0x310 [ 33.282211] kasan_atomics+0x1dc/0x310 [ 33.282242] ? __pfx_kasan_atomics+0x10/0x10 [ 33.282274] ? __pfx_read_tsc+0x10/0x10 [ 33.282306] ? ktime_get_ts64+0x86/0x230 [ 33.282340] kunit_try_run_case+0x1a5/0x480 [ 33.282373] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.282404] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 33.282439] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 33.282473] ? __kthread_parkme+0x82/0x180 [ 33.282501] ? preempt_count_sub+0x50/0x80 [ 33.282533] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.282588] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.282622] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.282672] kthread+0x337/0x6f0 [ 33.282701] ? trace_preempt_on+0x20/0xc0 [ 33.282734] ? __pfx_kthread+0x10/0x10 [ 33.282764] ? _raw_spin_unlock_irq+0x47/0x80 [ 33.282795] ? calculate_sigpending+0x7b/0xa0 [ 33.282828] ? __pfx_kthread+0x10/0x10 [ 33.282857] ret_from_fork+0x116/0x1d0 [ 33.282884] ? __pfx_kthread+0x10/0x10 [ 33.282913] ret_from_fork_asm+0x1a/0x30 [ 33.282955] </TASK> [ 33.282972] [ 33.295985] Allocated by task 295: [ 33.296242] kasan_save_stack+0x45/0x70 [ 33.296659] kasan_save_track+0x18/0x40 [ 33.297076] kasan_save_alloc_info+0x3b/0x50 [ 33.297519] __kasan_kmalloc+0xb7/0xc0 [ 33.298034] __kmalloc_cache_noprof+0x189/0x420 [ 33.298522] kasan_atomics+0x95/0x310 [ 33.298979] kunit_try_run_case+0x1a5/0x480 [ 33.299520] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.300135] kthread+0x337/0x6f0 [ 33.300492] ret_from_fork+0x116/0x1d0 [ 33.301022] ret_from_fork_asm+0x1a/0x30 [ 33.301392] [ 33.301704] The buggy address belongs to the object at ffff888102daa080 [ 33.301704] which belongs to the cache kmalloc-64 of size 64 [ 33.302689] The buggy address is located 0 bytes to the right of [ 33.302689] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 33.303614] [ 33.303890] The buggy address belongs to the physical page: [ 33.304434] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 33.305141] flags: 0x200000000000000(node=0|zone=2) [ 33.305702] page_type: f5(slab) [ 33.306028] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 33.306558] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.307334] page dumped because: kasan: bad access detected [ 33.307698] [ 33.307851] Memory state around the buggy address: [ 33.308111] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.308456] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.309209] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.310007] ^ [ 33.310465] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.311176] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.311909] ================================================================== [ 34.446927] ================================================================== [ 34.447314] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1e12/0x5450 [ 34.447944] Write of size 8 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 34.449152] [ 34.449399] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 34.449555] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.449596] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.449685] Call Trace: [ 34.449731] <TASK> [ 34.449772] dump_stack_lvl+0x73/0xb0 [ 34.449847] print_report+0xd1/0x650 [ 34.449883] ? __virt_addr_valid+0x1db/0x2d0 [ 34.449917] ? kasan_atomics_helper+0x1e12/0x5450 [ 34.449949] ? kasan_complete_mode_report_info+0x2a/0x200 [ 34.449985] ? kasan_atomics_helper+0x1e12/0x5450 [ 34.450015] kasan_report+0x141/0x180 [ 34.450045] ? kasan_atomics_helper+0x1e12/0x5450 [ 34.450079] kasan_check_range+0x10c/0x1c0 [ 34.450111] __kasan_check_write+0x18/0x20 [ 34.450143] kasan_atomics_helper+0x1e12/0x5450 [ 34.450174] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 34.450203] ? __kmalloc_cache_noprof+0x189/0x420 [ 34.450237] ? kasan_atomics+0x152/0x310 [ 34.450272] kasan_atomics+0x1dc/0x310 [ 34.450303] ? __pfx_kasan_atomics+0x10/0x10 [ 34.450334] ? __pfx_read_tsc+0x10/0x10 [ 34.450364] ? ktime_get_ts64+0x86/0x230 [ 34.450397] kunit_try_run_case+0x1a5/0x480 [ 34.450430] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.450462] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 34.450496] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 34.450529] ? __kthread_parkme+0x82/0x180 [ 34.450580] ? preempt_count_sub+0x50/0x80 [ 34.450612] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.450675] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.450711] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 34.450744] kthread+0x337/0x6f0 [ 34.450772] ? trace_preempt_on+0x20/0xc0 [ 34.450805] ? __pfx_kthread+0x10/0x10 [ 34.450834] ? _raw_spin_unlock_irq+0x47/0x80 [ 34.450865] ? calculate_sigpending+0x7b/0xa0 [ 34.450898] ? __pfx_kthread+0x10/0x10 [ 34.450927] ret_from_fork+0x116/0x1d0 [ 34.450954] ? __pfx_kthread+0x10/0x10 [ 34.450983] ret_from_fork_asm+0x1a/0x30 [ 34.451024] </TASK> [ 34.451040] [ 34.465218] Allocated by task 295: [ 34.465577] kasan_save_stack+0x45/0x70 [ 34.466065] kasan_save_track+0x18/0x40 [ 34.466418] kasan_save_alloc_info+0x3b/0x50 [ 34.466822] __kasan_kmalloc+0xb7/0xc0 [ 34.467242] __kmalloc_cache_noprof+0x189/0x420 [ 34.467742] kasan_atomics+0x95/0x310 [ 34.468057] kunit_try_run_case+0x1a5/0x480 [ 34.468438] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.468942] kthread+0x337/0x6f0 [ 34.469184] ret_from_fork+0x116/0x1d0 [ 34.469610] ret_from_fork_asm+0x1a/0x30 [ 34.470071] [ 34.470286] The buggy address belongs to the object at ffff888102daa080 [ 34.470286] which belongs to the cache kmalloc-64 of size 64 [ 34.471166] The buggy address is located 0 bytes to the right of [ 34.471166] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 34.472176] [ 34.472353] The buggy address belongs to the physical page: [ 34.472682] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 34.473394] flags: 0x200000000000000(node=0|zone=2) [ 34.473926] page_type: f5(slab) [ 34.474166] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 34.474862] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 34.475434] page dumped because: kasan: bad access detected [ 34.475975] [ 34.476150] Memory state around the buggy address: [ 34.476508] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.477121] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.477723] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 34.478238] ^ [ 34.478617] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.479227] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.479849] ================================================================== [ 34.481002] ================================================================== [ 34.481710] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1eaa/0x5450 [ 34.482397] Write of size 8 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 34.482992] [ 34.483177] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 34.483299] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.483338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.483392] Call Trace: [ 34.483484] <TASK> [ 34.483571] dump_stack_lvl+0x73/0xb0 [ 34.483676] print_report+0xd1/0x650 [ 34.483744] ? __virt_addr_valid+0x1db/0x2d0 [ 34.483814] ? kasan_atomics_helper+0x1eaa/0x5450 [ 34.483889] ? kasan_complete_mode_report_info+0x2a/0x200 [ 34.483964] ? kasan_atomics_helper+0x1eaa/0x5450 [ 34.484030] kasan_report+0x141/0x180 [ 34.484096] ? kasan_atomics_helper+0x1eaa/0x5450 [ 34.484173] kasan_check_range+0x10c/0x1c0 [ 34.484242] __kasan_check_write+0x18/0x20 [ 34.484360] kasan_atomics_helper+0x1eaa/0x5450 [ 34.484419] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 34.484479] ? __kmalloc_cache_noprof+0x189/0x420 [ 34.484564] ? kasan_atomics+0x152/0x310 [ 34.484637] kasan_atomics+0x1dc/0x310 [ 34.484698] ? __pfx_kasan_atomics+0x10/0x10 [ 34.484754] ? __pfx_read_tsc+0x10/0x10 [ 34.484827] ? ktime_get_ts64+0x86/0x230 [ 34.484916] kunit_try_run_case+0x1a5/0x480 [ 34.484991] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.485053] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 34.485098] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 34.485135] ? __kthread_parkme+0x82/0x180 [ 34.485165] ? preempt_count_sub+0x50/0x80 [ 34.485199] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.485232] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.485266] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 34.485299] kthread+0x337/0x6f0 [ 34.485326] ? trace_preempt_on+0x20/0xc0 [ 34.485360] ? __pfx_kthread+0x10/0x10 [ 34.485388] ? _raw_spin_unlock_irq+0x47/0x80 [ 34.485419] ? calculate_sigpending+0x7b/0xa0 [ 34.485452] ? __pfx_kthread+0x10/0x10 [ 34.485481] ret_from_fork+0x116/0x1d0 [ 34.485509] ? __pfx_kthread+0x10/0x10 [ 34.485555] ret_from_fork_asm+0x1a/0x30 [ 34.485605] </TASK> [ 34.485621] [ 34.498484] Allocated by task 295: [ 34.498954] kasan_save_stack+0x45/0x70 [ 34.499443] kasan_save_track+0x18/0x40 [ 34.499919] kasan_save_alloc_info+0x3b/0x50 [ 34.500295] __kasan_kmalloc+0xb7/0xc0 [ 34.500748] __kmalloc_cache_noprof+0x189/0x420 [ 34.501130] kasan_atomics+0x95/0x310 [ 34.501533] kunit_try_run_case+0x1a5/0x480 [ 34.501942] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.502410] kthread+0x337/0x6f0 [ 34.502786] ret_from_fork+0x116/0x1d0 [ 34.503103] ret_from_fork_asm+0x1a/0x30 [ 34.503516] [ 34.503783] The buggy address belongs to the object at ffff888102daa080 [ 34.503783] which belongs to the cache kmalloc-64 of size 64 [ 34.504586] The buggy address is located 0 bytes to the right of [ 34.504586] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 34.505501] [ 34.505815] The buggy address belongs to the physical page: [ 34.506120] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 34.506858] flags: 0x200000000000000(node=0|zone=2) [ 34.507304] page_type: f5(slab) [ 34.507531] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 34.507965] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 34.508320] page dumped because: kasan: bad access detected [ 34.508852] [ 34.509080] Memory state around the buggy address: [ 34.509530] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.510193] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.510872] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 34.511510] ^ [ 34.512040] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.512597] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.513119] ================================================================== [ 34.621581] ================================================================== [ 34.622073] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f98/0x5450 [ 34.622447] Read of size 8 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 34.623230] [ 34.623487] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 34.623678] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.623716] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.623770] Call Trace: [ 34.623826] <TASK> [ 34.623875] dump_stack_lvl+0x73/0xb0 [ 34.623961] print_report+0xd1/0x650 [ 34.624025] ? __virt_addr_valid+0x1db/0x2d0 [ 34.624093] ? kasan_atomics_helper+0x4f98/0x5450 [ 34.624156] ? kasan_complete_mode_report_info+0x2a/0x200 [ 34.624222] ? kasan_atomics_helper+0x4f98/0x5450 [ 34.624278] kasan_report+0x141/0x180 [ 34.624338] ? kasan_atomics_helper+0x4f98/0x5450 [ 34.624435] __asan_report_load8_noabort+0x18/0x20 [ 34.624514] kasan_atomics_helper+0x4f98/0x5450 [ 34.624579] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 34.624654] ? __kmalloc_cache_noprof+0x189/0x420 [ 34.624712] ? kasan_atomics+0x152/0x310 [ 34.624765] kasan_atomics+0x1dc/0x310 [ 34.624817] ? __pfx_kasan_atomics+0x10/0x10 [ 34.624867] ? __pfx_read_tsc+0x10/0x10 [ 34.624918] ? ktime_get_ts64+0x86/0x230 [ 34.624976] kunit_try_run_case+0x1a5/0x480 [ 34.625047] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.625150] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 34.625264] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 34.625353] ? __kthread_parkme+0x82/0x180 [ 34.625409] ? preempt_count_sub+0x50/0x80 [ 34.625478] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.625558] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.625697] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 34.625797] kthread+0x337/0x6f0 [ 34.625859] ? trace_preempt_on+0x20/0xc0 [ 34.625930] ? __pfx_kthread+0x10/0x10 [ 34.625984] ? _raw_spin_unlock_irq+0x47/0x80 [ 34.626048] ? calculate_sigpending+0x7b/0xa0 [ 34.626150] ? __pfx_kthread+0x10/0x10 [ 34.626232] ret_from_fork+0x116/0x1d0 [ 34.626292] ? __pfx_kthread+0x10/0x10 [ 34.626331] ret_from_fork_asm+0x1a/0x30 [ 34.626375] </TASK> [ 34.626392] [ 34.640347] Allocated by task 295: [ 34.640763] kasan_save_stack+0x45/0x70 [ 34.641247] kasan_save_track+0x18/0x40 [ 34.641581] kasan_save_alloc_info+0x3b/0x50 [ 34.642013] __kasan_kmalloc+0xb7/0xc0 [ 34.642268] __kmalloc_cache_noprof+0x189/0x420 [ 34.642806] kasan_atomics+0x95/0x310 [ 34.643222] kunit_try_run_case+0x1a5/0x480 [ 34.643711] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.644122] kthread+0x337/0x6f0 [ 34.644511] ret_from_fork+0x116/0x1d0 [ 34.644945] ret_from_fork_asm+0x1a/0x30 [ 34.645221] [ 34.645372] The buggy address belongs to the object at ffff888102daa080 [ 34.645372] which belongs to the cache kmalloc-64 of size 64 [ 34.646285] The buggy address is located 0 bytes to the right of [ 34.646285] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 34.647408] [ 34.647580] The buggy address belongs to the physical page: [ 34.648151] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 34.648888] flags: 0x200000000000000(node=0|zone=2) [ 34.649277] page_type: f5(slab) [ 34.649681] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 34.650282] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 34.650916] page dumped because: kasan: bad access detected [ 34.651355] [ 34.651578] Memory state around the buggy address: [ 34.652009] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.652439] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.652974] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 34.653655] ^ [ 34.654008] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.654562] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.655146] ================================================================== [ 33.348664] ================================================================== [ 33.349901] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe78/0x5450 [ 33.350428] Write of size 4 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 33.351334] [ 33.351576] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 33.351687] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.351720] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.351775] Call Trace: [ 33.351833] <TASK> [ 33.351878] dump_stack_lvl+0x73/0xb0 [ 33.351983] print_report+0xd1/0x650 [ 33.352048] ? __virt_addr_valid+0x1db/0x2d0 [ 33.352116] ? kasan_atomics_helper+0xe78/0x5450 [ 33.352181] ? kasan_complete_mode_report_info+0x2a/0x200 [ 33.352252] ? kasan_atomics_helper+0xe78/0x5450 [ 33.352317] kasan_report+0x141/0x180 [ 33.352379] ? kasan_atomics_helper+0xe78/0x5450 [ 33.352436] kasan_check_range+0x10c/0x1c0 [ 33.352473] __kasan_check_write+0x18/0x20 [ 33.352506] kasan_atomics_helper+0xe78/0x5450 [ 33.352559] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 33.352592] ? __kmalloc_cache_noprof+0x189/0x420 [ 33.352635] ? kasan_atomics+0x152/0x310 [ 33.352694] kasan_atomics+0x1dc/0x310 [ 33.352726] ? __pfx_kasan_atomics+0x10/0x10 [ 33.352760] ? __pfx_read_tsc+0x10/0x10 [ 33.352793] ? ktime_get_ts64+0x86/0x230 [ 33.352828] kunit_try_run_case+0x1a5/0x480 [ 33.352861] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.352893] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 33.352929] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 33.352963] ? __kthread_parkme+0x82/0x180 [ 33.352991] ? preempt_count_sub+0x50/0x80 [ 33.353023] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.353057] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.353090] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.353123] kthread+0x337/0x6f0 [ 33.353150] ? trace_preempt_on+0x20/0xc0 [ 33.353183] ? __pfx_kthread+0x10/0x10 [ 33.353211] ? _raw_spin_unlock_irq+0x47/0x80 [ 33.353243] ? calculate_sigpending+0x7b/0xa0 [ 33.353276] ? __pfx_kthread+0x10/0x10 [ 33.353306] ret_from_fork+0x116/0x1d0 [ 33.353333] ? __pfx_kthread+0x10/0x10 [ 33.353361] ret_from_fork_asm+0x1a/0x30 [ 33.353402] </TASK> [ 33.353418] [ 33.366791] Allocated by task 295: [ 33.367187] kasan_save_stack+0x45/0x70 [ 33.367687] kasan_save_track+0x18/0x40 [ 33.368105] kasan_save_alloc_info+0x3b/0x50 [ 33.368587] __kasan_kmalloc+0xb7/0xc0 [ 33.368871] __kmalloc_cache_noprof+0x189/0x420 [ 33.369146] kasan_atomics+0x95/0x310 [ 33.369381] kunit_try_run_case+0x1a5/0x480 [ 33.369818] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.370340] kthread+0x337/0x6f0 [ 33.370769] ret_from_fork+0x116/0x1d0 [ 33.371146] ret_from_fork_asm+0x1a/0x30 [ 33.371512] [ 33.371735] The buggy address belongs to the object at ffff888102daa080 [ 33.371735] which belongs to the cache kmalloc-64 of size 64 [ 33.372663] The buggy address is located 0 bytes to the right of [ 33.372663] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 33.373570] [ 33.373789] The buggy address belongs to the physical page: [ 33.374291] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 33.374887] flags: 0x200000000000000(node=0|zone=2) [ 33.375366] page_type: f5(slab) [ 33.375787] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 33.376271] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.376618] page dumped because: kasan: bad access detected [ 33.376903] [ 33.377020] Memory state around the buggy address: [ 33.377250] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.377576] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.378036] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.378438] ^ [ 33.378836] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.379474] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.380110] ================================================================== [ 33.873756] ================================================================== [ 33.874380] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x50d4/0x5450 [ 33.875107] Write of size 8 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 33.875742] [ 33.876069] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 33.876210] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.876260] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.876314] Call Trace: [ 33.876378] <TASK> [ 33.876425] dump_stack_lvl+0x73/0xb0 [ 33.876508] print_report+0xd1/0x650 [ 33.876587] ? __virt_addr_valid+0x1db/0x2d0 [ 33.876726] ? kasan_atomics_helper+0x50d4/0x5450 [ 33.876815] ? kasan_complete_mode_report_info+0x2a/0x200 [ 33.876885] ? kasan_atomics_helper+0x50d4/0x5450 [ 33.876928] kasan_report+0x141/0x180 [ 33.876962] ? kasan_atomics_helper+0x50d4/0x5450 [ 33.876999] __asan_report_store8_noabort+0x1b/0x30 [ 33.877034] kasan_atomics_helper+0x50d4/0x5450 [ 33.877066] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 33.877098] ? __kmalloc_cache_noprof+0x189/0x420 [ 33.877132] ? kasan_atomics+0x152/0x310 [ 33.877168] kasan_atomics+0x1dc/0x310 [ 33.877199] ? __pfx_kasan_atomics+0x10/0x10 [ 33.877232] ? __pfx_read_tsc+0x10/0x10 [ 33.877263] ? ktime_get_ts64+0x86/0x230 [ 33.877296] kunit_try_run_case+0x1a5/0x480 [ 33.877329] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.877361] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 33.877395] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 33.877429] ? __kthread_parkme+0x82/0x180 [ 33.877457] ? preempt_count_sub+0x50/0x80 [ 33.877489] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.877522] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.877576] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.877610] kthread+0x337/0x6f0 [ 33.877660] ? trace_preempt_on+0x20/0xc0 [ 33.877696] ? __pfx_kthread+0x10/0x10 [ 33.877726] ? _raw_spin_unlock_irq+0x47/0x80 [ 33.877759] ? calculate_sigpending+0x7b/0xa0 [ 33.877792] ? __pfx_kthread+0x10/0x10 [ 33.877822] ret_from_fork+0x116/0x1d0 [ 33.877848] ? __pfx_kthread+0x10/0x10 [ 33.877877] ret_from_fork_asm+0x1a/0x30 [ 33.877918] </TASK> [ 33.877934] [ 33.891903] Allocated by task 295: [ 33.892361] kasan_save_stack+0x45/0x70 [ 33.892758] kasan_save_track+0x18/0x40 [ 33.893249] kasan_save_alloc_info+0x3b/0x50 [ 33.893730] __kasan_kmalloc+0xb7/0xc0 [ 33.894149] __kmalloc_cache_noprof+0x189/0x420 [ 33.894610] kasan_atomics+0x95/0x310 [ 33.895096] kunit_try_run_case+0x1a5/0x480 [ 33.895515] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.896094] kthread+0x337/0x6f0 [ 33.896334] ret_from_fork+0x116/0x1d0 [ 33.896751] ret_from_fork_asm+0x1a/0x30 [ 33.897209] [ 33.897411] The buggy address belongs to the object at ffff888102daa080 [ 33.897411] which belongs to the cache kmalloc-64 of size 64 [ 33.898192] The buggy address is located 0 bytes to the right of [ 33.898192] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 33.899473] [ 33.899741] The buggy address belongs to the physical page: [ 33.900308] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 33.900929] flags: 0x200000000000000(node=0|zone=2) [ 33.901395] page_type: f5(slab) [ 33.901691] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 33.902408] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.902879] page dumped because: kasan: bad access detected [ 33.903389] [ 33.903712] Memory state around the buggy address: [ 33.904115] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.904802] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.905515] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.906148] ^ [ 33.906574] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.907231] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.907805] ================================================================== [ 34.055513] ================================================================== [ 34.056929] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x177f/0x5450 [ 34.057651] Write of size 8 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 34.058240] [ 34.058522] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 34.058726] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.058779] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.058830] Call Trace: [ 34.058873] <TASK> [ 34.058917] dump_stack_lvl+0x73/0xb0 [ 34.058998] print_report+0xd1/0x650 [ 34.059061] ? __virt_addr_valid+0x1db/0x2d0 [ 34.059128] ? kasan_atomics_helper+0x177f/0x5450 [ 34.059193] ? kasan_complete_mode_report_info+0x2a/0x200 [ 34.059266] ? kasan_atomics_helper+0x177f/0x5450 [ 34.059319] kasan_report+0x141/0x180 [ 34.059359] ? kasan_atomics_helper+0x177f/0x5450 [ 34.059396] kasan_check_range+0x10c/0x1c0 [ 34.059429] __kasan_check_write+0x18/0x20 [ 34.059461] kasan_atomics_helper+0x177f/0x5450 [ 34.059492] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 34.059523] ? __kmalloc_cache_noprof+0x189/0x420 [ 34.059583] ? kasan_atomics+0x152/0x310 [ 34.059620] kasan_atomics+0x1dc/0x310 [ 34.059677] ? __pfx_kasan_atomics+0x10/0x10 [ 34.059711] ? __pfx_read_tsc+0x10/0x10 [ 34.059745] ? ktime_get_ts64+0x86/0x230 [ 34.059779] kunit_try_run_case+0x1a5/0x480 [ 34.059814] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.059856] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 34.059892] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 34.059926] ? __kthread_parkme+0x82/0x180 [ 34.059956] ? preempt_count_sub+0x50/0x80 [ 34.059988] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.060022] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.060055] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 34.060087] kthread+0x337/0x6f0 [ 34.060115] ? trace_preempt_on+0x20/0xc0 [ 34.060148] ? __pfx_kthread+0x10/0x10 [ 34.060177] ? _raw_spin_unlock_irq+0x47/0x80 [ 34.060208] ? calculate_sigpending+0x7b/0xa0 [ 34.060240] ? __pfx_kthread+0x10/0x10 [ 34.060269] ret_from_fork+0x116/0x1d0 [ 34.060297] ? __pfx_kthread+0x10/0x10 [ 34.060326] ret_from_fork_asm+0x1a/0x30 [ 34.060367] </TASK> [ 34.060383] [ 34.077457] Allocated by task 295: [ 34.077763] kasan_save_stack+0x45/0x70 [ 34.078034] kasan_save_track+0x18/0x40 [ 34.078291] kasan_save_alloc_info+0x3b/0x50 [ 34.078754] __kasan_kmalloc+0xb7/0xc0 [ 34.079117] __kmalloc_cache_noprof+0x189/0x420 [ 34.079480] kasan_atomics+0x95/0x310 [ 34.079957] kunit_try_run_case+0x1a5/0x480 [ 34.080350] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.080843] kthread+0x337/0x6f0 [ 34.081214] ret_from_fork+0x116/0x1d0 [ 34.081480] ret_from_fork_asm+0x1a/0x30 [ 34.081868] [ 34.082071] The buggy address belongs to the object at ffff888102daa080 [ 34.082071] which belongs to the cache kmalloc-64 of size 64 [ 34.082870] The buggy address is located 0 bytes to the right of [ 34.082870] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 34.083518] [ 34.083778] The buggy address belongs to the physical page: [ 34.084323] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 34.084899] flags: 0x200000000000000(node=0|zone=2) [ 34.085321] page_type: f5(slab) [ 34.085553] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 34.086179] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 34.086676] page dumped because: kasan: bad access detected [ 34.087066] [ 34.087266] Memory state around the buggy address: [ 34.087761] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.088320] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.088866] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 34.089315] ^ [ 34.089746] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.090364] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.090817] ================================================================== [ 34.656853] ================================================================== [ 34.657314] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x20c8/0x5450 [ 34.658053] Write of size 8 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 34.658661] [ 34.658947] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 34.659060] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.659095] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.659150] Call Trace: [ 34.659208] <TASK> [ 34.659271] dump_stack_lvl+0x73/0xb0 [ 34.659348] print_report+0xd1/0x650 [ 34.659410] ? __virt_addr_valid+0x1db/0x2d0 [ 34.659475] ? kasan_atomics_helper+0x20c8/0x5450 [ 34.659555] ? kasan_complete_mode_report_info+0x2a/0x200 [ 34.659666] ? kasan_atomics_helper+0x20c8/0x5450 [ 34.659747] kasan_report+0x141/0x180 [ 34.659841] ? kasan_atomics_helper+0x20c8/0x5450 [ 34.659918] kasan_check_range+0x10c/0x1c0 [ 34.659987] __kasan_check_write+0x18/0x20 [ 34.660055] kasan_atomics_helper+0x20c8/0x5450 [ 34.660117] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 34.660174] ? __kmalloc_cache_noprof+0x189/0x420 [ 34.660242] ? kasan_atomics+0x152/0x310 [ 34.660325] kasan_atomics+0x1dc/0x310 [ 34.660410] ? __pfx_kasan_atomics+0x10/0x10 [ 34.660486] ? __pfx_read_tsc+0x10/0x10 [ 34.660586] ? ktime_get_ts64+0x86/0x230 [ 34.660692] kunit_try_run_case+0x1a5/0x480 [ 34.660758] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.660805] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 34.660848] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 34.660883] ? __kthread_parkme+0x82/0x180 [ 34.660913] ? preempt_count_sub+0x50/0x80 [ 34.660947] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.660980] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.661015] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 34.661049] kthread+0x337/0x6f0 [ 34.661076] ? trace_preempt_on+0x20/0xc0 [ 34.661109] ? __pfx_kthread+0x10/0x10 [ 34.661139] ? _raw_spin_unlock_irq+0x47/0x80 [ 34.661170] ? calculate_sigpending+0x7b/0xa0 [ 34.661202] ? __pfx_kthread+0x10/0x10 [ 34.661233] ret_from_fork+0x116/0x1d0 [ 34.661259] ? __pfx_kthread+0x10/0x10 [ 34.661288] ret_from_fork_asm+0x1a/0x30 [ 34.661328] </TASK> [ 34.661344] [ 34.676018] Allocated by task 295: [ 34.676482] kasan_save_stack+0x45/0x70 [ 34.677008] kasan_save_track+0x18/0x40 [ 34.677266] kasan_save_alloc_info+0x3b/0x50 [ 34.677806] __kasan_kmalloc+0xb7/0xc0 [ 34.678211] __kmalloc_cache_noprof+0x189/0x420 [ 34.678781] kasan_atomics+0x95/0x310 [ 34.679149] kunit_try_run_case+0x1a5/0x480 [ 34.679594] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.680138] kthread+0x337/0x6f0 [ 34.680374] ret_from_fork+0x116/0x1d0 [ 34.680761] ret_from_fork_asm+0x1a/0x30 [ 34.681295] [ 34.681612] The buggy address belongs to the object at ffff888102daa080 [ 34.681612] which belongs to the cache kmalloc-64 of size 64 [ 34.682738] The buggy address is located 0 bytes to the right of [ 34.682738] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 34.683502] [ 34.683732] The buggy address belongs to the physical page: [ 34.684374] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 34.685193] flags: 0x200000000000000(node=0|zone=2) [ 34.685694] page_type: f5(slab) [ 34.685923] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 34.686577] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 34.687330] page dumped because: kasan: bad access detected [ 34.687931] [ 34.688076] Memory state around the buggy address: [ 34.688602] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.689243] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.689758] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 34.690445] ^ [ 34.690935] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.691617] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.692125] ================================================================== [ 33.095146] ================================================================== [ 33.095663] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa2b/0x5450 [ 33.096176] Write of size 4 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 33.097414] [ 33.097694] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 33.097815] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.097848] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.097899] Call Trace: [ 33.097944] <TASK> [ 33.097988] dump_stack_lvl+0x73/0xb0 [ 33.098062] print_report+0xd1/0x650 [ 33.098122] ? __virt_addr_valid+0x1db/0x2d0 [ 33.098181] ? kasan_atomics_helper+0xa2b/0x5450 [ 33.098231] ? kasan_complete_mode_report_info+0x2a/0x200 [ 33.098294] ? kasan_atomics_helper+0xa2b/0x5450 [ 33.098353] kasan_report+0x141/0x180 [ 33.098411] ? kasan_atomics_helper+0xa2b/0x5450 [ 33.098477] kasan_check_range+0x10c/0x1c0 [ 33.098559] __kasan_check_write+0x18/0x20 [ 33.098659] kasan_atomics_helper+0xa2b/0x5450 [ 33.098730] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 33.098795] ? __kmalloc_cache_noprof+0x189/0x420 [ 33.098858] ? kasan_atomics+0x152/0x310 [ 33.098925] kasan_atomics+0x1dc/0x310 [ 33.098984] ? __pfx_kasan_atomics+0x10/0x10 [ 33.099046] ? __pfx_read_tsc+0x10/0x10 [ 33.099109] ? ktime_get_ts64+0x86/0x230 [ 33.099170] kunit_try_run_case+0x1a5/0x480 [ 33.099237] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.099298] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 33.099365] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 33.099430] ? __kthread_parkme+0x82/0x180 [ 33.099490] ? preempt_count_sub+0x50/0x80 [ 33.099576] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.099680] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.099757] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.099838] kthread+0x337/0x6f0 [ 33.099893] ? trace_preempt_on+0x20/0xc0 [ 33.099958] ? __pfx_kthread+0x10/0x10 [ 33.100015] ? _raw_spin_unlock_irq+0x47/0x80 [ 33.100082] ? calculate_sigpending+0x7b/0xa0 [ 33.100152] ? __pfx_kthread+0x10/0x10 [ 33.100217] ret_from_fork+0x116/0x1d0 [ 33.100272] ? __pfx_kthread+0x10/0x10 [ 33.100307] ret_from_fork_asm+0x1a/0x30 [ 33.100351] </TASK> [ 33.100368] [ 33.112850] Allocated by task 295: [ 33.113220] kasan_save_stack+0x45/0x70 [ 33.113554] kasan_save_track+0x18/0x40 [ 33.113895] kasan_save_alloc_info+0x3b/0x50 [ 33.114283] __kasan_kmalloc+0xb7/0xc0 [ 33.114523] __kmalloc_cache_noprof+0x189/0x420 [ 33.114856] kasan_atomics+0x95/0x310 [ 33.115098] kunit_try_run_case+0x1a5/0x480 [ 33.115505] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.116075] kthread+0x337/0x6f0 [ 33.116433] ret_from_fork+0x116/0x1d0 [ 33.116857] ret_from_fork_asm+0x1a/0x30 [ 33.117280] [ 33.117477] The buggy address belongs to the object at ffff888102daa080 [ 33.117477] which belongs to the cache kmalloc-64 of size 64 [ 33.118173] The buggy address is located 0 bytes to the right of [ 33.118173] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 33.119209] [ 33.119415] The buggy address belongs to the physical page: [ 33.119970] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 33.120439] flags: 0x200000000000000(node=0|zone=2) [ 33.120774] page_type: f5(slab) [ 33.121103] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 33.121785] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.122270] page dumped because: kasan: bad access detected [ 33.122594] [ 33.122765] Memory state around the buggy address: [ 33.123025] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.123366] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.123937] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.124509] ^ [ 33.125030] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.125726] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.126325] ================================================================== [ 32.552426] ================================================================== [ 32.553013] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4ba2/0x5450 [ 32.553794] Write of size 4 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 32.554317] [ 32.554506] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 32.554691] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.554725] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.554771] Call Trace: [ 32.554812] <TASK> [ 32.554877] dump_stack_lvl+0x73/0xb0 [ 32.554972] print_report+0xd1/0x650 [ 32.555051] ? __virt_addr_valid+0x1db/0x2d0 [ 32.555114] ? kasan_atomics_helper+0x4ba2/0x5450 [ 32.555168] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.555235] ? kasan_atomics_helper+0x4ba2/0x5450 [ 32.555296] kasan_report+0x141/0x180 [ 32.555358] ? kasan_atomics_helper+0x4ba2/0x5450 [ 32.555432] __asan_report_store4_noabort+0x1b/0x30 [ 32.555501] kasan_atomics_helper+0x4ba2/0x5450 [ 32.555581] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 32.555658] ? __kmalloc_cache_noprof+0x189/0x420 [ 32.555705] ? kasan_atomics+0x152/0x310 [ 32.555741] kasan_atomics+0x1dc/0x310 [ 32.555773] ? __pfx_kasan_atomics+0x10/0x10 [ 32.555805] ? __pfx_read_tsc+0x10/0x10 [ 32.555849] ? ktime_get_ts64+0x86/0x230 [ 32.555883] kunit_try_run_case+0x1a5/0x480 [ 32.555917] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.555948] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.555981] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.556014] ? __kthread_parkme+0x82/0x180 [ 32.556041] ? preempt_count_sub+0x50/0x80 [ 32.556072] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.556104] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.556136] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.556168] kthread+0x337/0x6f0 [ 32.556195] ? trace_preempt_on+0x20/0xc0 [ 32.556226] ? __pfx_kthread+0x10/0x10 [ 32.556253] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.556283] ? calculate_sigpending+0x7b/0xa0 [ 32.556314] ? __pfx_kthread+0x10/0x10 [ 32.556342] ret_from_fork+0x116/0x1d0 [ 32.556366] ? __pfx_kthread+0x10/0x10 [ 32.556393] ret_from_fork_asm+0x1a/0x30 [ 32.556432] </TASK> [ 32.556448] [ 32.572019] Allocated by task 295: [ 32.572403] kasan_save_stack+0x45/0x70 [ 32.572751] kasan_save_track+0x18/0x40 [ 32.573150] kasan_save_alloc_info+0x3b/0x50 [ 32.573423] __kasan_kmalloc+0xb7/0xc0 [ 32.573745] __kmalloc_cache_noprof+0x189/0x420 [ 32.574497] kasan_atomics+0x95/0x310 [ 32.575021] kunit_try_run_case+0x1a5/0x480 [ 32.575409] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.575797] kthread+0x337/0x6f0 [ 32.576175] ret_from_fork+0x116/0x1d0 [ 32.576519] ret_from_fork_asm+0x1a/0x30 [ 32.577004] [ 32.577203] The buggy address belongs to the object at ffff888102daa080 [ 32.577203] which belongs to the cache kmalloc-64 of size 64 [ 32.578014] The buggy address is located 0 bytes to the right of [ 32.578014] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 32.579032] [ 32.579183] The buggy address belongs to the physical page: [ 32.579692] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 32.580433] flags: 0x200000000000000(node=0|zone=2) [ 32.580807] page_type: f5(slab) [ 32.581198] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 32.581891] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.582366] page dumped because: kasan: bad access detected [ 32.582938] [ 32.583167] Memory state around the buggy address: [ 32.583705] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.584208] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.584738] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.585204] ^ [ 32.585691] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.586166] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.586596] ================================================================== [ 34.583907] ================================================================== [ 34.585144] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x2006/0x5450 [ 34.585891] Write of size 8 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 34.586582] [ 34.586853] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 34.586978] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.587014] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.587069] Call Trace: [ 34.587113] <TASK> [ 34.587159] dump_stack_lvl+0x73/0xb0 [ 34.587238] print_report+0xd1/0x650 [ 34.587303] ? __virt_addr_valid+0x1db/0x2d0 [ 34.587372] ? kasan_atomics_helper+0x2006/0x5450 [ 34.587435] ? kasan_complete_mode_report_info+0x2a/0x200 [ 34.587510] ? kasan_atomics_helper+0x2006/0x5450 [ 34.587594] kasan_report+0x141/0x180 [ 34.587679] ? kasan_atomics_helper+0x2006/0x5450 [ 34.587773] kasan_check_range+0x10c/0x1c0 [ 34.587857] __kasan_check_write+0x18/0x20 [ 34.587946] kasan_atomics_helper+0x2006/0x5450 [ 34.588029] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 34.588111] ? __kmalloc_cache_noprof+0x189/0x420 [ 34.588199] ? kasan_atomics+0x152/0x310 [ 34.588290] kasan_atomics+0x1dc/0x310 [ 34.588377] ? __pfx_kasan_atomics+0x10/0x10 [ 34.588442] ? __pfx_read_tsc+0x10/0x10 [ 34.588504] ? ktime_get_ts64+0x86/0x230 [ 34.588589] kunit_try_run_case+0x1a5/0x480 [ 34.588661] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.588729] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 34.588801] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 34.588864] ? __kthread_parkme+0x82/0x180 [ 34.588927] ? preempt_count_sub+0x50/0x80 [ 34.588995] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.589068] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.589142] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 34.589211] kthread+0x337/0x6f0 [ 34.589271] ? trace_preempt_on+0x20/0xc0 [ 34.589339] ? __pfx_kthread+0x10/0x10 [ 34.589402] ? _raw_spin_unlock_irq+0x47/0x80 [ 34.589468] ? calculate_sigpending+0x7b/0xa0 [ 34.589556] ? __pfx_kthread+0x10/0x10 [ 34.589621] ret_from_fork+0x116/0x1d0 [ 34.589671] ? __pfx_kthread+0x10/0x10 [ 34.589725] ret_from_fork_asm+0x1a/0x30 [ 34.589794] </TASK> [ 34.589820] [ 34.602727] Allocated by task 295: [ 34.603177] kasan_save_stack+0x45/0x70 [ 34.603672] kasan_save_track+0x18/0x40 [ 34.604131] kasan_save_alloc_info+0x3b/0x50 [ 34.604653] __kasan_kmalloc+0xb7/0xc0 [ 34.605082] __kmalloc_cache_noprof+0x189/0x420 [ 34.605551] kasan_atomics+0x95/0x310 [ 34.605986] kunit_try_run_case+0x1a5/0x480 [ 34.606317] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.606710] kthread+0x337/0x6f0 [ 34.607001] ret_from_fork+0x116/0x1d0 [ 34.607298] ret_from_fork_asm+0x1a/0x30 [ 34.607755] [ 34.607984] The buggy address belongs to the object at ffff888102daa080 [ 34.607984] which belongs to the cache kmalloc-64 of size 64 [ 34.609201] The buggy address is located 0 bytes to the right of [ 34.609201] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 34.610717] [ 34.610937] The buggy address belongs to the physical page: [ 34.611429] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 34.612062] flags: 0x200000000000000(node=0|zone=2) [ 34.612354] page_type: f5(slab) [ 34.612589] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 34.613332] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 34.614064] page dumped because: kasan: bad access detected [ 34.614645] [ 34.614838] Memory state around the buggy address: [ 34.615101] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.615440] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.617569] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 34.618660] ^ [ 34.619070] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.619628] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.620317] ================================================================== [ 33.985364] ================================================================== [ 33.985954] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x164f/0x5450 [ 33.986781] Write of size 8 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 33.987384] [ 33.987683] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 33.987889] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.987961] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.988043] Call Trace: [ 33.988091] <TASK> [ 33.988132] dump_stack_lvl+0x73/0xb0 [ 33.988217] print_report+0xd1/0x650 [ 33.988284] ? __virt_addr_valid+0x1db/0x2d0 [ 33.988351] ? kasan_atomics_helper+0x164f/0x5450 [ 33.988415] ? kasan_complete_mode_report_info+0x2a/0x200 [ 33.988492] ? kasan_atomics_helper+0x164f/0x5450 [ 33.988567] kasan_report+0x141/0x180 [ 33.988670] ? kasan_atomics_helper+0x164f/0x5450 [ 33.988747] kasan_check_range+0x10c/0x1c0 [ 33.988811] __kasan_check_write+0x18/0x20 [ 33.988875] kasan_atomics_helper+0x164f/0x5450 [ 33.989001] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 33.989067] ? __kmalloc_cache_noprof+0x189/0x420 [ 33.989134] ? kasan_atomics+0x152/0x310 [ 33.989246] kasan_atomics+0x1dc/0x310 [ 33.989310] ? __pfx_kasan_atomics+0x10/0x10 [ 33.989377] ? __pfx_read_tsc+0x10/0x10 [ 33.989432] ? ktime_get_ts64+0x86/0x230 [ 33.989471] kunit_try_run_case+0x1a5/0x480 [ 33.989508] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.989562] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 33.989601] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 33.989658] ? __kthread_parkme+0x82/0x180 [ 33.989694] ? preempt_count_sub+0x50/0x80 [ 33.989728] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.989762] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.989797] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.989831] kthread+0x337/0x6f0 [ 33.989859] ? trace_preempt_on+0x20/0xc0 [ 33.989894] ? __pfx_kthread+0x10/0x10 [ 33.989923] ? _raw_spin_unlock_irq+0x47/0x80 [ 33.989955] ? calculate_sigpending+0x7b/0xa0 [ 33.989988] ? __pfx_kthread+0x10/0x10 [ 33.990017] ret_from_fork+0x116/0x1d0 [ 33.990045] ? __pfx_kthread+0x10/0x10 [ 33.990074] ret_from_fork_asm+0x1a/0x30 [ 33.990115] </TASK> [ 33.990131] [ 34.002442] Allocated by task 295: [ 34.002851] kasan_save_stack+0x45/0x70 [ 34.003317] kasan_save_track+0x18/0x40 [ 34.003600] kasan_save_alloc_info+0x3b/0x50 [ 34.004100] __kasan_kmalloc+0xb7/0xc0 [ 34.004533] __kmalloc_cache_noprof+0x189/0x420 [ 34.005080] kasan_atomics+0x95/0x310 [ 34.005489] kunit_try_run_case+0x1a5/0x480 [ 34.005931] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.006414] kthread+0x337/0x6f0 [ 34.006687] ret_from_fork+0x116/0x1d0 [ 34.007187] ret_from_fork_asm+0x1a/0x30 [ 34.007628] [ 34.007838] The buggy address belongs to the object at ffff888102daa080 [ 34.007838] which belongs to the cache kmalloc-64 of size 64 [ 34.008385] The buggy address is located 0 bytes to the right of [ 34.008385] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 34.009400] [ 34.009635] The buggy address belongs to the physical page: [ 34.010419] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 34.011137] flags: 0x200000000000000(node=0|zone=2) [ 34.011607] page_type: f5(slab) [ 34.011843] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 34.013056] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 34.013703] page dumped because: kasan: bad access detected [ 34.013990] [ 34.014118] Memory state around the buggy address: [ 34.015090] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.016125] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.017056] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 34.017451] ^ [ 34.017959] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.018330] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.018991] ================================================================== [ 34.515306] ================================================================== [ 34.516896] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1f43/0x5450 [ 34.517484] Write of size 8 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 34.517985] [ 34.518166] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 34.518281] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.518332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.518403] Call Trace: [ 34.518450] <TASK> [ 34.518495] dump_stack_lvl+0x73/0xb0 [ 34.518595] print_report+0xd1/0x650 [ 34.518698] ? __virt_addr_valid+0x1db/0x2d0 [ 34.518767] ? kasan_atomics_helper+0x1f43/0x5450 [ 34.518824] ? kasan_complete_mode_report_info+0x2a/0x200 [ 34.518895] ? kasan_atomics_helper+0x1f43/0x5450 [ 34.518966] kasan_report+0x141/0x180 [ 34.519045] ? kasan_atomics_helper+0x1f43/0x5450 [ 34.519117] kasan_check_range+0x10c/0x1c0 [ 34.519184] __kasan_check_write+0x18/0x20 [ 34.519258] kasan_atomics_helper+0x1f43/0x5450 [ 34.519338] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 34.519405] ? __kmalloc_cache_noprof+0x189/0x420 [ 34.519460] ? kasan_atomics+0x152/0x310 [ 34.519500] kasan_atomics+0x1dc/0x310 [ 34.519533] ? __pfx_kasan_atomics+0x10/0x10 [ 34.519604] ? __pfx_read_tsc+0x10/0x10 [ 34.519703] ? ktime_get_ts64+0x86/0x230 [ 34.519781] kunit_try_run_case+0x1a5/0x480 [ 34.519883] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.519939] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 34.520009] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 34.520089] ? __kthread_parkme+0x82/0x180 [ 34.520156] ? preempt_count_sub+0x50/0x80 [ 34.520222] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.520288] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.520329] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 34.520364] kthread+0x337/0x6f0 [ 34.520394] ? trace_preempt_on+0x20/0xc0 [ 34.520428] ? __pfx_kthread+0x10/0x10 [ 34.520458] ? _raw_spin_unlock_irq+0x47/0x80 [ 34.520490] ? calculate_sigpending+0x7b/0xa0 [ 34.520526] ? __pfx_kthread+0x10/0x10 [ 34.520580] ret_from_fork+0x116/0x1d0 [ 34.520608] ? __pfx_kthread+0x10/0x10 [ 34.520662] ret_from_fork_asm+0x1a/0x30 [ 34.520707] </TASK> [ 34.520723] [ 34.535705] Allocated by task 295: [ 34.536143] kasan_save_stack+0x45/0x70 [ 34.536741] kasan_save_track+0x18/0x40 [ 34.537066] kasan_save_alloc_info+0x3b/0x50 [ 34.537503] __kasan_kmalloc+0xb7/0xc0 [ 34.538047] __kmalloc_cache_noprof+0x189/0x420 [ 34.538606] kasan_atomics+0x95/0x310 [ 34.538846] kunit_try_run_case+0x1a5/0x480 [ 34.539370] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.539951] kthread+0x337/0x6f0 [ 34.540372] ret_from_fork+0x116/0x1d0 [ 34.540815] ret_from_fork_asm+0x1a/0x30 [ 34.541238] [ 34.541376] The buggy address belongs to the object at ffff888102daa080 [ 34.541376] which belongs to the cache kmalloc-64 of size 64 [ 34.542232] The buggy address is located 0 bytes to the right of [ 34.542232] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 34.543831] [ 34.544107] The buggy address belongs to the physical page: [ 34.544731] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 34.545110] flags: 0x200000000000000(node=0|zone=2) [ 34.545572] page_type: f5(slab) [ 34.546006] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 34.546762] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 34.547226] page dumped because: kasan: bad access detected [ 34.547691] [ 34.548092] Memory state around the buggy address: [ 34.548454] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.549261] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.549596] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 34.550563] ^ [ 34.551100] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.551594] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.552089] ================================================================== [ 33.561342] ================================================================== [ 33.561856] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1148/0x5450 [ 33.562433] Write of size 4 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 33.563322] [ 33.563612] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 33.563765] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.563801] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.563867] Call Trace: [ 33.563923] <TASK> [ 33.563984] dump_stack_lvl+0x73/0xb0 [ 33.564068] print_report+0xd1/0x650 [ 33.564134] ? __virt_addr_valid+0x1db/0x2d0 [ 33.564204] ? kasan_atomics_helper+0x1148/0x5450 [ 33.564261] ? kasan_complete_mode_report_info+0x2a/0x200 [ 33.564329] ? kasan_atomics_helper+0x1148/0x5450 [ 33.564386] kasan_report+0x141/0x180 [ 33.564443] ? kasan_atomics_helper+0x1148/0x5450 [ 33.564512] kasan_check_range+0x10c/0x1c0 [ 33.564603] __kasan_check_write+0x18/0x20 [ 33.564712] kasan_atomics_helper+0x1148/0x5450 [ 33.564776] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 33.564838] ? __kmalloc_cache_noprof+0x189/0x420 [ 33.564899] ? kasan_atomics+0x152/0x310 [ 33.564977] kasan_atomics+0x1dc/0x310 [ 33.565062] ? __pfx_kasan_atomics+0x10/0x10 [ 33.565115] ? __pfx_read_tsc+0x10/0x10 [ 33.565151] ? ktime_get_ts64+0x86/0x230 [ 33.565189] kunit_try_run_case+0x1a5/0x480 [ 33.565226] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.565258] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 33.565294] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 33.565328] ? __kthread_parkme+0x82/0x180 [ 33.565357] ? preempt_count_sub+0x50/0x80 [ 33.565389] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.565422] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.565455] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.565488] kthread+0x337/0x6f0 [ 33.565515] ? trace_preempt_on+0x20/0xc0 [ 33.565569] ? __pfx_kthread+0x10/0x10 [ 33.565600] ? _raw_spin_unlock_irq+0x47/0x80 [ 33.565651] ? calculate_sigpending+0x7b/0xa0 [ 33.565706] ? __pfx_kthread+0x10/0x10 [ 33.565738] ret_from_fork+0x116/0x1d0 [ 33.565766] ? __pfx_kthread+0x10/0x10 [ 33.565795] ret_from_fork_asm+0x1a/0x30 [ 33.565838] </TASK> [ 33.565854] [ 33.578745] Allocated by task 295: [ 33.579166] kasan_save_stack+0x45/0x70 [ 33.579619] kasan_save_track+0x18/0x40 [ 33.579990] kasan_save_alloc_info+0x3b/0x50 [ 33.580428] __kasan_kmalloc+0xb7/0xc0 [ 33.580877] __kmalloc_cache_noprof+0x189/0x420 [ 33.581161] kasan_atomics+0x95/0x310 [ 33.581584] kunit_try_run_case+0x1a5/0x480 [ 33.582032] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.582458] kthread+0x337/0x6f0 [ 33.582804] ret_from_fork+0x116/0x1d0 [ 33.583231] ret_from_fork_asm+0x1a/0x30 [ 33.583694] [ 33.583896] The buggy address belongs to the object at ffff888102daa080 [ 33.583896] which belongs to the cache kmalloc-64 of size 64 [ 33.584748] The buggy address is located 0 bytes to the right of [ 33.584748] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 33.585376] [ 33.585523] The buggy address belongs to the physical page: [ 33.585820] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 33.586201] flags: 0x200000000000000(node=0|zone=2) [ 33.586554] page_type: f5(slab) [ 33.586990] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 33.587814] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.588893] page dumped because: kasan: bad access detected [ 33.589399] [ 33.589616] Memory state around the buggy address: [ 33.590066] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.590785] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.591335] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.591858] ^ [ 33.592291] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.592940] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.593444] ================================================================== [ 32.808463] ================================================================== [ 32.809248] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x565/0x5450 [ 32.809984] Write of size 4 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 32.810562] [ 32.810873] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 32.811012] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.811068] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.811120] Call Trace: [ 32.811163] <TASK> [ 32.811206] dump_stack_lvl+0x73/0xb0 [ 32.811306] print_report+0xd1/0x650 [ 32.811374] ? __virt_addr_valid+0x1db/0x2d0 [ 32.811440] ? kasan_atomics_helper+0x565/0x5450 [ 32.811500] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.811592] ? kasan_atomics_helper+0x565/0x5450 [ 32.811688] kasan_report+0x141/0x180 [ 32.811750] ? kasan_atomics_helper+0x565/0x5450 [ 32.811861] kasan_check_range+0x10c/0x1c0 [ 32.811940] __kasan_check_write+0x18/0x20 [ 32.812007] kasan_atomics_helper+0x565/0x5450 [ 32.812074] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 32.812140] ? __kmalloc_cache_noprof+0x189/0x420 [ 32.812204] ? kasan_atomics+0x152/0x310 [ 32.812301] kasan_atomics+0x1dc/0x310 [ 32.812366] ? __pfx_kasan_atomics+0x10/0x10 [ 32.812427] ? __pfx_read_tsc+0x10/0x10 [ 32.812488] ? ktime_get_ts64+0x86/0x230 [ 32.812567] kunit_try_run_case+0x1a5/0x480 [ 32.812608] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.812679] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.812720] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.812756] ? __kthread_parkme+0x82/0x180 [ 32.812786] ? preempt_count_sub+0x50/0x80 [ 32.812819] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.812853] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.812887] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.812920] kthread+0x337/0x6f0 [ 32.812949] ? trace_preempt_on+0x20/0xc0 [ 32.812981] ? __pfx_kthread+0x10/0x10 [ 32.813011] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.813043] ? calculate_sigpending+0x7b/0xa0 [ 32.813076] ? __pfx_kthread+0x10/0x10 [ 32.813105] ret_from_fork+0x116/0x1d0 [ 32.813132] ? __pfx_kthread+0x10/0x10 [ 32.813161] ret_from_fork_asm+0x1a/0x30 [ 32.813202] </TASK> [ 32.813219] [ 32.827558] Allocated by task 295: [ 32.827851] kasan_save_stack+0x45/0x70 [ 32.828132] kasan_save_track+0x18/0x40 [ 32.828380] kasan_save_alloc_info+0x3b/0x50 [ 32.828864] __kasan_kmalloc+0xb7/0xc0 [ 32.829172] __kmalloc_cache_noprof+0x189/0x420 [ 32.829490] kasan_atomics+0x95/0x310 [ 32.829865] kunit_try_run_case+0x1a5/0x480 [ 32.830230] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.830797] kthread+0x337/0x6f0 [ 32.831074] ret_from_fork+0x116/0x1d0 [ 32.831454] ret_from_fork_asm+0x1a/0x30 [ 32.831809] [ 32.832024] The buggy address belongs to the object at ffff888102daa080 [ 32.832024] which belongs to the cache kmalloc-64 of size 64 [ 32.832668] The buggy address is located 0 bytes to the right of [ 32.832668] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 32.833710] [ 32.833871] The buggy address belongs to the physical page: [ 32.834154] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 32.834903] flags: 0x200000000000000(node=0|zone=2) [ 32.835358] page_type: f5(slab) [ 32.835599] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 32.836298] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.836897] page dumped because: kasan: bad access detected [ 32.837361] [ 32.837563] Memory state around the buggy address: [ 32.837977] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.838391] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.838982] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.839445] ^ [ 32.839854] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.840253] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.840911] ================================================================== [ 33.594988] ================================================================== [ 33.595695] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a02/0x5450 [ 33.596332] Read of size 4 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 33.596841] [ 33.597174] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 33.597313] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.597352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.597409] Call Trace: [ 33.597456] <TASK> [ 33.597502] dump_stack_lvl+0x73/0xb0 [ 33.597603] print_report+0xd1/0x650 [ 33.597662] ? __virt_addr_valid+0x1db/0x2d0 [ 33.597726] ? kasan_atomics_helper+0x4a02/0x5450 [ 33.597779] ? kasan_complete_mode_report_info+0x2a/0x200 [ 33.597848] ? kasan_atomics_helper+0x4a02/0x5450 [ 33.597911] kasan_report+0x141/0x180 [ 33.597978] ? kasan_atomics_helper+0x4a02/0x5450 [ 33.598054] __asan_report_load4_noabort+0x18/0x20 [ 33.598137] kasan_atomics_helper+0x4a02/0x5450 [ 33.598221] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 33.598287] ? __kmalloc_cache_noprof+0x189/0x420 [ 33.598358] ? kasan_atomics+0x152/0x310 [ 33.598433] kasan_atomics+0x1dc/0x310 [ 33.598499] ? __pfx_kasan_atomics+0x10/0x10 [ 33.598585] ? __pfx_read_tsc+0x10/0x10 [ 33.598650] ? ktime_get_ts64+0x86/0x230 [ 33.598721] kunit_try_run_case+0x1a5/0x480 [ 33.598793] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.598858] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 33.598943] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 33.599009] ? __kthread_parkme+0x82/0x180 [ 33.599076] ? preempt_count_sub+0x50/0x80 [ 33.599157] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.599228] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.599293] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.599352] kthread+0x337/0x6f0 [ 33.599397] ? trace_preempt_on+0x20/0xc0 [ 33.599462] ? __pfx_kthread+0x10/0x10 [ 33.599517] ? _raw_spin_unlock_irq+0x47/0x80 [ 33.599605] ? calculate_sigpending+0x7b/0xa0 [ 33.599686] ? __pfx_kthread+0x10/0x10 [ 33.599748] ret_from_fork+0x116/0x1d0 [ 33.599800] ? __pfx_kthread+0x10/0x10 [ 33.599872] ret_from_fork_asm+0x1a/0x30 [ 33.599962] </TASK> [ 33.600009] [ 33.612592] Allocated by task 295: [ 33.612993] kasan_save_stack+0x45/0x70 [ 33.613438] kasan_save_track+0x18/0x40 [ 33.613806] kasan_save_alloc_info+0x3b/0x50 [ 33.614083] __kasan_kmalloc+0xb7/0xc0 [ 33.614305] __kmalloc_cache_noprof+0x189/0x420 [ 33.614604] kasan_atomics+0x95/0x310 [ 33.615255] kunit_try_run_case+0x1a5/0x480 [ 33.615754] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.616286] kthread+0x337/0x6f0 [ 33.616690] ret_from_fork+0x116/0x1d0 [ 33.617103] ret_from_fork_asm+0x1a/0x30 [ 33.617568] [ 33.617758] The buggy address belongs to the object at ffff888102daa080 [ 33.617758] which belongs to the cache kmalloc-64 of size 64 [ 33.618408] The buggy address is located 0 bytes to the right of [ 33.618408] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 33.619294] [ 33.619567] The buggy address belongs to the physical page: [ 33.620209] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 33.620973] flags: 0x200000000000000(node=0|zone=2) [ 33.621361] page_type: f5(slab) [ 33.621763] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 33.622157] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.622521] page dumped because: kasan: bad access detected [ 33.624420] [ 33.624641] Memory state around the buggy address: [ 33.625147] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.625899] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.626772] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.627326] ^ [ 33.627662] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.628459] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.629030] ================================================================== [ 32.588891] ================================================================== [ 32.589871] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b88/0x5450 [ 32.590671] Read of size 4 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 32.591222] [ 32.591710] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 32.591838] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.591873] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.591967] Call Trace: [ 32.592013] <TASK> [ 32.592057] dump_stack_lvl+0x73/0xb0 [ 32.592129] print_report+0xd1/0x650 [ 32.592188] ? __virt_addr_valid+0x1db/0x2d0 [ 32.592238] ? kasan_atomics_helper+0x4b88/0x5450 [ 32.592269] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.592305] ? kasan_atomics_helper+0x4b88/0x5450 [ 32.592334] kasan_report+0x141/0x180 [ 32.592364] ? kasan_atomics_helper+0x4b88/0x5450 [ 32.592398] __asan_report_load4_noabort+0x18/0x20 [ 32.592430] kasan_atomics_helper+0x4b88/0x5450 [ 32.592459] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 32.592488] ? __kmalloc_cache_noprof+0x189/0x420 [ 32.592520] ? kasan_atomics+0x152/0x310 [ 32.592577] kasan_atomics+0x1dc/0x310 [ 32.592608] ? __pfx_kasan_atomics+0x10/0x10 [ 32.592654] ? __pfx_read_tsc+0x10/0x10 [ 32.592689] ? ktime_get_ts64+0x86/0x230 [ 32.592731] kunit_try_run_case+0x1a5/0x480 [ 32.592766] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.592806] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.592841] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.592882] ? __kthread_parkme+0x82/0x180 [ 32.592911] ? preempt_count_sub+0x50/0x80 [ 32.592948] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.592985] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.593043] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.593088] kthread+0x337/0x6f0 [ 32.593118] ? trace_preempt_on+0x20/0xc0 [ 32.593155] ? __pfx_kthread+0x10/0x10 [ 32.593183] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.593214] ? calculate_sigpending+0x7b/0xa0 [ 32.593246] ? __pfx_kthread+0x10/0x10 [ 32.593274] ret_from_fork+0x116/0x1d0 [ 32.593300] ? __pfx_kthread+0x10/0x10 [ 32.593327] ret_from_fork_asm+0x1a/0x30 [ 32.593366] </TASK> [ 32.593380] [ 32.610251] Allocated by task 295: [ 32.610865] kasan_save_stack+0x45/0x70 [ 32.611316] kasan_save_track+0x18/0x40 [ 32.611904] kasan_save_alloc_info+0x3b/0x50 [ 32.612146] __kasan_kmalloc+0xb7/0xc0 [ 32.612618] __kmalloc_cache_noprof+0x189/0x420 [ 32.613342] kasan_atomics+0x95/0x310 [ 32.613933] kunit_try_run_case+0x1a5/0x480 [ 32.614478] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.614839] kthread+0x337/0x6f0 [ 32.615212] ret_from_fork+0x116/0x1d0 [ 32.615634] ret_from_fork_asm+0x1a/0x30 [ 32.616263] [ 32.616410] The buggy address belongs to the object at ffff888102daa080 [ 32.616410] which belongs to the cache kmalloc-64 of size 64 [ 32.617488] The buggy address is located 0 bytes to the right of [ 32.617488] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 32.618753] [ 32.618968] The buggy address belongs to the physical page: [ 32.619465] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 32.620274] flags: 0x200000000000000(node=0|zone=2) [ 32.620704] page_type: f5(slab) [ 32.621044] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 32.621653] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.622230] page dumped because: kasan: bad access detected [ 32.622513] [ 32.622801] Memory state around the buggy address: [ 32.623327] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.623990] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.624438] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.625115] ^ [ 32.625616] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.626221] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.626871] ================================================================== [ 34.802390] ================================================================== [ 34.802954] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x224c/0x5450 [ 34.803654] Write of size 8 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 34.804397] [ 34.804765] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 34.804892] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.804925] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.805024] Call Trace: [ 34.805071] <TASK> [ 34.805118] dump_stack_lvl+0x73/0xb0 [ 34.805250] print_report+0xd1/0x650 [ 34.805319] ? __virt_addr_valid+0x1db/0x2d0 [ 34.805388] ? kasan_atomics_helper+0x224c/0x5450 [ 34.805449] ? kasan_complete_mode_report_info+0x2a/0x200 [ 34.805518] ? kasan_atomics_helper+0x224c/0x5450 [ 34.805686] kasan_report+0x141/0x180 [ 34.805755] ? kasan_atomics_helper+0x224c/0x5450 [ 34.805821] kasan_check_range+0x10c/0x1c0 [ 34.805864] __kasan_check_write+0x18/0x20 [ 34.805901] kasan_atomics_helper+0x224c/0x5450 [ 34.805933] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 34.805964] ? __kmalloc_cache_noprof+0x189/0x420 [ 34.806000] ? kasan_atomics+0x152/0x310 [ 34.806036] kasan_atomics+0x1dc/0x310 [ 34.806067] ? __pfx_kasan_atomics+0x10/0x10 [ 34.806100] ? __pfx_read_tsc+0x10/0x10 [ 34.806131] ? ktime_get_ts64+0x86/0x230 [ 34.806164] kunit_try_run_case+0x1a5/0x480 [ 34.806199] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.806230] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 34.806265] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 34.806300] ? __kthread_parkme+0x82/0x180 [ 34.806329] ? preempt_count_sub+0x50/0x80 [ 34.806361] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.806394] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.806427] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 34.806460] kthread+0x337/0x6f0 [ 34.806488] ? trace_preempt_on+0x20/0xc0 [ 34.806521] ? __pfx_kthread+0x10/0x10 [ 34.806576] ? _raw_spin_unlock_irq+0x47/0x80 [ 34.806609] ? calculate_sigpending+0x7b/0xa0 [ 34.806684] ? __pfx_kthread+0x10/0x10 [ 34.806716] ret_from_fork+0x116/0x1d0 [ 34.806744] ? __pfx_kthread+0x10/0x10 [ 34.806774] ret_from_fork_asm+0x1a/0x30 [ 34.806816] </TASK> [ 34.806833] [ 34.820318] Allocated by task 295: [ 34.820801] kasan_save_stack+0x45/0x70 [ 34.821105] kasan_save_track+0x18/0x40 [ 34.821343] kasan_save_alloc_info+0x3b/0x50 [ 34.821670] __kasan_kmalloc+0xb7/0xc0 [ 34.822140] __kmalloc_cache_noprof+0x189/0x420 [ 34.822653] kasan_atomics+0x95/0x310 [ 34.823095] kunit_try_run_case+0x1a5/0x480 [ 34.823582] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.824148] kthread+0x337/0x6f0 [ 34.824573] ret_from_fork+0x116/0x1d0 [ 34.825023] ret_from_fork_asm+0x1a/0x30 [ 34.825488] [ 34.825774] The buggy address belongs to the object at ffff888102daa080 [ 34.825774] which belongs to the cache kmalloc-64 of size 64 [ 34.826672] The buggy address is located 0 bytes to the right of [ 34.826672] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 34.827470] [ 34.827717] The buggy address belongs to the physical page: [ 34.828333] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 34.829056] flags: 0x200000000000000(node=0|zone=2) [ 34.829527] page_type: f5(slab) [ 34.829935] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 34.830419] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 34.830800] page dumped because: kasan: bad access detected [ 34.831257] [ 34.831470] Memory state around the buggy address: [ 34.831941] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.832704] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.833319] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 34.833912] ^ [ 34.834183] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.834513] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.836281] ================================================================== [ 32.880256] ================================================================== [ 32.880846] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x697/0x5450 [ 32.881413] Write of size 4 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 32.882013] [ 32.882254] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 32.882374] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.882411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.882465] Call Trace: [ 32.882508] <TASK> [ 32.882576] dump_stack_lvl+0x73/0xb0 [ 32.882710] print_report+0xd1/0x650 [ 32.882774] ? __virt_addr_valid+0x1db/0x2d0 [ 32.882840] ? kasan_atomics_helper+0x697/0x5450 [ 32.882903] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.882975] ? kasan_atomics_helper+0x697/0x5450 [ 32.883032] kasan_report+0x141/0x180 [ 32.883094] ? kasan_atomics_helper+0x697/0x5450 [ 32.883173] kasan_check_range+0x10c/0x1c0 [ 32.883255] __kasan_check_write+0x18/0x20 [ 32.883320] kasan_atomics_helper+0x697/0x5450 [ 32.883379] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 32.883440] ? __kmalloc_cache_noprof+0x189/0x420 [ 32.883514] ? kasan_atomics+0x152/0x310 [ 32.883606] kasan_atomics+0x1dc/0x310 [ 32.883703] ? __pfx_kasan_atomics+0x10/0x10 [ 32.883767] ? __pfx_read_tsc+0x10/0x10 [ 32.883848] ? ktime_get_ts64+0x86/0x230 [ 32.883935] kunit_try_run_case+0x1a5/0x480 [ 32.884006] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.884099] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.884166] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.884218] ? __kthread_parkme+0x82/0x180 [ 32.884264] ? preempt_count_sub+0x50/0x80 [ 32.884315] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.884368] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.884419] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.884468] kthread+0x337/0x6f0 [ 32.884511] ? trace_preempt_on+0x20/0xc0 [ 32.884582] ? __pfx_kthread+0x10/0x10 [ 32.884614] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.884663] ? calculate_sigpending+0x7b/0xa0 [ 32.884700] ? __pfx_kthread+0x10/0x10 [ 32.884731] ret_from_fork+0x116/0x1d0 [ 32.884760] ? __pfx_kthread+0x10/0x10 [ 32.884789] ret_from_fork_asm+0x1a/0x30 [ 32.884830] </TASK> [ 32.884846] [ 32.900165] Allocated by task 295: [ 32.900616] kasan_save_stack+0x45/0x70 [ 32.901132] kasan_save_track+0x18/0x40 [ 32.901596] kasan_save_alloc_info+0x3b/0x50 [ 32.902128] __kasan_kmalloc+0xb7/0xc0 [ 32.902340] __kmalloc_cache_noprof+0x189/0x420 [ 32.902985] kasan_atomics+0x95/0x310 [ 32.903442] kunit_try_run_case+0x1a5/0x480 [ 32.903939] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.904361] kthread+0x337/0x6f0 [ 32.904818] ret_from_fork+0x116/0x1d0 [ 32.905267] ret_from_fork_asm+0x1a/0x30 [ 32.905785] [ 32.906048] The buggy address belongs to the object at ffff888102daa080 [ 32.906048] which belongs to the cache kmalloc-64 of size 64 [ 32.906848] The buggy address is located 0 bytes to the right of [ 32.906848] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 32.907212] [ 32.907286] The buggy address belongs to the physical page: [ 32.907436] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 32.908117] flags: 0x200000000000000(node=0|zone=2) [ 32.908618] page_type: f5(slab) [ 32.908981] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 32.909641] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.910009] page dumped because: kasan: bad access detected [ 32.910497] [ 32.910768] Memory state around the buggy address: [ 32.911194] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.911569] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.912239] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.912875] ^ [ 32.913406] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.913948] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.914654] ================================================================== [ 33.024765] ================================================================== [ 33.025374] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x8f9/0x5450 [ 33.025988] Write of size 4 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 33.026585] [ 33.026882] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 33.027000] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.027033] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.027125] Call Trace: [ 33.027204] <TASK> [ 33.027251] dump_stack_lvl+0x73/0xb0 [ 33.027342] print_report+0xd1/0x650 [ 33.027406] ? __virt_addr_valid+0x1db/0x2d0 [ 33.027493] ? kasan_atomics_helper+0x8f9/0x5450 [ 33.027587] ? kasan_complete_mode_report_info+0x2a/0x200 [ 33.027713] ? kasan_atomics_helper+0x8f9/0x5450 [ 33.027794] kasan_report+0x141/0x180 [ 33.027874] ? kasan_atomics_helper+0x8f9/0x5450 [ 33.027948] kasan_check_range+0x10c/0x1c0 [ 33.028025] __kasan_check_write+0x18/0x20 [ 33.028112] kasan_atomics_helper+0x8f9/0x5450 [ 33.028180] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 33.028246] ? __kmalloc_cache_noprof+0x189/0x420 [ 33.028316] ? kasan_atomics+0x152/0x310 [ 33.028392] kasan_atomics+0x1dc/0x310 [ 33.028456] ? __pfx_kasan_atomics+0x10/0x10 [ 33.028526] ? __pfx_read_tsc+0x10/0x10 [ 33.028607] ? ktime_get_ts64+0x86/0x230 [ 33.028701] kunit_try_run_case+0x1a5/0x480 [ 33.028741] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.028774] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 33.028811] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 33.028845] ? __kthread_parkme+0x82/0x180 [ 33.028874] ? preempt_count_sub+0x50/0x80 [ 33.028907] ? __pfx_kunit_try_run_case+0x10/0x10 [ 33.028940] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.028973] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 33.029007] kthread+0x337/0x6f0 [ 33.029035] ? trace_preempt_on+0x20/0xc0 [ 33.029068] ? __pfx_kthread+0x10/0x10 [ 33.029098] ? _raw_spin_unlock_irq+0x47/0x80 [ 33.029129] ? calculate_sigpending+0x7b/0xa0 [ 33.029162] ? __pfx_kthread+0x10/0x10 [ 33.029192] ret_from_fork+0x116/0x1d0 [ 33.029219] ? __pfx_kthread+0x10/0x10 [ 33.029248] ret_from_fork_asm+0x1a/0x30 [ 33.029288] </TASK> [ 33.029305] [ 33.044065] Allocated by task 295: [ 33.044556] kasan_save_stack+0x45/0x70 [ 33.045049] kasan_save_track+0x18/0x40 [ 33.045449] kasan_save_alloc_info+0x3b/0x50 [ 33.045922] __kasan_kmalloc+0xb7/0xc0 [ 33.046176] __kmalloc_cache_noprof+0x189/0x420 [ 33.046446] kasan_atomics+0x95/0x310 [ 33.046913] kunit_try_run_case+0x1a5/0x480 [ 33.047462] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.048072] kthread+0x337/0x6f0 [ 33.048439] ret_from_fork+0x116/0x1d0 [ 33.048931] ret_from_fork_asm+0x1a/0x30 [ 33.049379] [ 33.049614] The buggy address belongs to the object at ffff888102daa080 [ 33.049614] which belongs to the cache kmalloc-64 of size 64 [ 33.050195] The buggy address is located 0 bytes to the right of [ 33.050195] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 33.051415] [ 33.051730] The buggy address belongs to the physical page: [ 33.052300] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 33.052922] flags: 0x200000000000000(node=0|zone=2) [ 33.053407] page_type: f5(slab) [ 33.053858] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 33.054512] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.055284] page dumped because: kasan: bad access detected [ 33.055790] [ 33.056045] Memory state around the buggy address: [ 33.056576] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.057210] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.057885] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.058456] ^ [ 33.058797] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.059431] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.059997] ================================================================== [ 34.693437] ================================================================== [ 34.693948] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fb2/0x5450 [ 34.694498] Read of size 8 at addr ffff888102daa0b0 by task kunit_try_catch/295 [ 34.695213] [ 34.695472] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 34.695609] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.695670] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.695713] Call Trace: [ 34.695774] <TASK> [ 34.695815] dump_stack_lvl+0x73/0xb0 [ 34.695893] print_report+0xd1/0x650 [ 34.695942] ? __virt_addr_valid+0x1db/0x2d0 [ 34.695994] ? kasan_atomics_helper+0x4fb2/0x5450 [ 34.696039] ? kasan_complete_mode_report_info+0x2a/0x200 [ 34.696136] ? kasan_atomics_helper+0x4fb2/0x5450 [ 34.696197] kasan_report+0x141/0x180 [ 34.696306] ? kasan_atomics_helper+0x4fb2/0x5450 [ 34.696436] __asan_report_load8_noabort+0x18/0x20 [ 34.696530] kasan_atomics_helper+0x4fb2/0x5450 [ 34.696614] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 34.696714] ? __kmalloc_cache_noprof+0x189/0x420 [ 34.696784] ? kasan_atomics+0x152/0x310 [ 34.696890] kasan_atomics+0x1dc/0x310 [ 34.696959] ? __pfx_kasan_atomics+0x10/0x10 [ 34.697035] ? __pfx_read_tsc+0x10/0x10 [ 34.697115] ? ktime_get_ts64+0x86/0x230 [ 34.697181] kunit_try_run_case+0x1a5/0x480 [ 34.697246] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.697310] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 34.697378] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 34.697435] ? __kthread_parkme+0x82/0x180 [ 34.697484] ? preempt_count_sub+0x50/0x80 [ 34.697587] ? __pfx_kunit_try_run_case+0x10/0x10 [ 34.697680] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.697753] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 34.697820] kthread+0x337/0x6f0 [ 34.697937] ? trace_preempt_on+0x20/0xc0 [ 34.698033] ? __pfx_kthread+0x10/0x10 [ 34.698093] ? _raw_spin_unlock_irq+0x47/0x80 [ 34.698195] ? calculate_sigpending+0x7b/0xa0 [ 34.698279] ? __pfx_kthread+0x10/0x10 [ 34.698343] ret_from_fork+0x116/0x1d0 [ 34.698394] ? __pfx_kthread+0x10/0x10 [ 34.698438] ret_from_fork_asm+0x1a/0x30 [ 34.698482] </TASK> [ 34.698498] [ 34.713060] Allocated by task 295: [ 34.713328] kasan_save_stack+0x45/0x70 [ 34.713786] kasan_save_track+0x18/0x40 [ 34.714435] kasan_save_alloc_info+0x3b/0x50 [ 34.715021] __kasan_kmalloc+0xb7/0xc0 [ 34.715429] __kmalloc_cache_noprof+0x189/0x420 [ 34.716075] kasan_atomics+0x95/0x310 [ 34.716477] kunit_try_run_case+0x1a5/0x480 [ 34.717016] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.717683] kthread+0x337/0x6f0 [ 34.718172] ret_from_fork+0x116/0x1d0 [ 34.718617] ret_from_fork_asm+0x1a/0x30 [ 34.718963] [ 34.719245] The buggy address belongs to the object at ffff888102daa080 [ 34.719245] which belongs to the cache kmalloc-64 of size 64 [ 34.720255] The buggy address is located 0 bytes to the right of [ 34.720255] allocated 48-byte region [ffff888102daa080, ffff888102daa0b0) [ 34.721278] [ 34.721502] The buggy address belongs to the physical page: [ 34.722084] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102daa [ 34.722745] flags: 0x200000000000000(node=0|zone=2) [ 34.723079] page_type: f5(slab) [ 34.723457] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 34.724062] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 34.724810] page dumped because: kasan: bad access detected [ 34.725331] [ 34.725589] Memory state around the buggy address: [ 34.726001] ffff888102da9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.726748] ffff888102daa000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.727253] >ffff888102daa080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 34.727913] ^ [ 34.728343] ffff888102daa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.728944] ffff888102daa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.729519] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 32.209220] ================================================================== [ 32.209771] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 32.210899] Write of size 8 at addr ffff8881010ffca8 by task kunit_try_catch/291 [ 32.211498] [ 32.212304] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 32.212374] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.212391] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.212416] Call Trace: [ 32.212438] <TASK> [ 32.212460] dump_stack_lvl+0x73/0xb0 [ 32.212508] print_report+0xd1/0x650 [ 32.212564] ? __virt_addr_valid+0x1db/0x2d0 [ 32.212599] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 32.212661] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.212702] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 32.212738] kasan_report+0x141/0x180 [ 32.212768] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 32.212808] kasan_check_range+0x10c/0x1c0 [ 32.212839] __kasan_check_write+0x18/0x20 [ 32.212870] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 32.212906] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 32.212942] ? __kmalloc_cache_noprof+0x189/0x420 [ 32.212974] ? trace_hardirqs_on+0x37/0xe0 [ 32.213004] ? kasan_bitops_generic+0x92/0x1c0 [ 32.213039] kasan_bitops_generic+0x121/0x1c0 [ 32.213069] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 32.213101] ? __pfx_read_tsc+0x10/0x10 [ 32.213130] ? ktime_get_ts64+0x86/0x230 [ 32.213162] kunit_try_run_case+0x1a5/0x480 [ 32.213195] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.213224] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.213257] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.213291] ? __kthread_parkme+0x82/0x180 [ 32.213319] ? preempt_count_sub+0x50/0x80 [ 32.213351] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.213382] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.213413] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.213443] kthread+0x337/0x6f0 [ 32.213469] ? trace_preempt_on+0x20/0xc0 [ 32.213498] ? __pfx_kthread+0x10/0x10 [ 32.213525] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.213574] ? calculate_sigpending+0x7b/0xa0 [ 32.213605] ? __pfx_kthread+0x10/0x10 [ 32.213643] ret_from_fork+0x116/0x1d0 [ 32.213683] ? __pfx_kthread+0x10/0x10 [ 32.213712] ret_from_fork_asm+0x1a/0x30 [ 32.213752] </TASK> [ 32.213767] [ 32.229375] Allocated by task 291: [ 32.229759] kasan_save_stack+0x45/0x70 [ 32.230282] kasan_save_track+0x18/0x40 [ 32.230765] kasan_save_alloc_info+0x3b/0x50 [ 32.231188] __kasan_kmalloc+0xb7/0xc0 [ 32.231601] __kmalloc_cache_noprof+0x189/0x420 [ 32.232312] kasan_bitops_generic+0x92/0x1c0 [ 32.232689] kunit_try_run_case+0x1a5/0x480 [ 32.233007] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.233525] kthread+0x337/0x6f0 [ 32.233969] ret_from_fork+0x116/0x1d0 [ 32.234509] ret_from_fork_asm+0x1a/0x30 [ 32.234947] [ 32.235178] The buggy address belongs to the object at ffff8881010ffca0 [ 32.235178] which belongs to the cache kmalloc-16 of size 16 [ 32.236173] The buggy address is located 8 bytes inside of [ 32.236173] allocated 9-byte region [ffff8881010ffca0, ffff8881010ffca9) [ 32.236901] [ 32.237044] The buggy address belongs to the physical page: [ 32.237321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1010ff [ 32.238152] flags: 0x200000000000000(node=0|zone=2) [ 32.238763] page_type: f5(slab) [ 32.239108] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 32.239883] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.240572] page dumped because: kasan: bad access detected [ 32.241047] [ 32.241212] Memory state around the buggy address: [ 32.241674] ffff8881010ffb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.242264] ffff8881010ffc00: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 32.242903] >ffff8881010ffc80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 32.243250] ^ [ 32.243878] ffff8881010ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.245049] ffff8881010ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.245573] ================================================================== [ 32.246801] ================================================================== [ 32.247385] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 32.248214] Write of size 8 at addr ffff8881010ffca8 by task kunit_try_catch/291 [ 32.248987] [ 32.249294] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 32.249452] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.249489] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.249573] Call Trace: [ 32.249619] <TASK> [ 32.249693] dump_stack_lvl+0x73/0xb0 [ 32.249829] print_report+0xd1/0x650 [ 32.249896] ? __virt_addr_valid+0x1db/0x2d0 [ 32.249959] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 32.250069] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.250165] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 32.250253] kasan_report+0x141/0x180 [ 32.250305] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 32.250348] kasan_check_range+0x10c/0x1c0 [ 32.250380] __kasan_check_write+0x18/0x20 [ 32.250412] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 32.250447] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 32.250484] ? __kmalloc_cache_noprof+0x189/0x420 [ 32.250517] ? trace_hardirqs_on+0x37/0xe0 [ 32.250567] ? kasan_bitops_generic+0x92/0x1c0 [ 32.250603] kasan_bitops_generic+0x121/0x1c0 [ 32.250653] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 32.250691] ? __pfx_read_tsc+0x10/0x10 [ 32.250721] ? ktime_get_ts64+0x86/0x230 [ 32.250753] kunit_try_run_case+0x1a5/0x480 [ 32.250787] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.250818] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.250852] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.250887] ? __kthread_parkme+0x82/0x180 [ 32.250915] ? preempt_count_sub+0x50/0x80 [ 32.250946] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.250979] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.251011] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.251043] kthread+0x337/0x6f0 [ 32.251069] ? trace_preempt_on+0x20/0xc0 [ 32.251098] ? __pfx_kthread+0x10/0x10 [ 32.251125] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.251155] ? calculate_sigpending+0x7b/0xa0 [ 32.251186] ? __pfx_kthread+0x10/0x10 [ 32.251214] ret_from_fork+0x116/0x1d0 [ 32.251240] ? __pfx_kthread+0x10/0x10 [ 32.251267] ret_from_fork_asm+0x1a/0x30 [ 32.251306] </TASK> [ 32.251320] [ 32.268244] Allocated by task 291: [ 32.268709] kasan_save_stack+0x45/0x70 [ 32.269189] kasan_save_track+0x18/0x40 [ 32.269618] kasan_save_alloc_info+0x3b/0x50 [ 32.270079] __kasan_kmalloc+0xb7/0xc0 [ 32.270500] __kmalloc_cache_noprof+0x189/0x420 [ 32.271064] kasan_bitops_generic+0x92/0x1c0 [ 32.271459] kunit_try_run_case+0x1a5/0x480 [ 32.271806] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.272295] kthread+0x337/0x6f0 [ 32.273095] ret_from_fork+0x116/0x1d0 [ 32.273317] ret_from_fork_asm+0x1a/0x30 [ 32.274033] [ 32.274247] The buggy address belongs to the object at ffff8881010ffca0 [ 32.274247] which belongs to the cache kmalloc-16 of size 16 [ 32.275191] The buggy address is located 8 bytes inside of [ 32.275191] allocated 9-byte region [ffff8881010ffca0, ffff8881010ffca9) [ 32.275948] [ 32.276158] The buggy address belongs to the physical page: [ 32.276842] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1010ff [ 32.277301] flags: 0x200000000000000(node=0|zone=2) [ 32.277655] page_type: f5(slab) [ 32.277879] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 32.278452] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.279161] page dumped because: kasan: bad access detected [ 32.279587] [ 32.279802] Memory state around the buggy address: [ 32.280290] ffff8881010ffb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.280664] ffff8881010ffc00: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 32.281295] >ffff8881010ffc80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 32.281811] ^ [ 32.282671] ffff8881010ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.283371] ffff8881010ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.283727] ================================================================== [ 32.285083] ================================================================== [ 32.286167] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 32.286701] Write of size 8 at addr ffff8881010ffca8 by task kunit_try_catch/291 [ 32.287077] [ 32.287266] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 32.287607] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.287711] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.287793] Call Trace: [ 32.287845] <TASK> [ 32.287886] dump_stack_lvl+0x73/0xb0 [ 32.287959] print_report+0xd1/0x650 [ 32.288016] ? __virt_addr_valid+0x1db/0x2d0 [ 32.288078] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 32.288148] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.288214] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 32.288304] kasan_report+0x141/0x180 [ 32.288368] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 32.288455] kasan_check_range+0x10c/0x1c0 [ 32.288522] __kasan_check_write+0x18/0x20 [ 32.288595] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 32.288661] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 32.288704] ? __kmalloc_cache_noprof+0x189/0x420 [ 32.288738] ? trace_hardirqs_on+0x37/0xe0 [ 32.288771] ? kasan_bitops_generic+0x92/0x1c0 [ 32.288806] kasan_bitops_generic+0x121/0x1c0 [ 32.288838] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 32.288870] ? __pfx_read_tsc+0x10/0x10 [ 32.288900] ? ktime_get_ts64+0x86/0x230 [ 32.288932] kunit_try_run_case+0x1a5/0x480 [ 32.288966] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.288996] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.289029] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.289061] ? __kthread_parkme+0x82/0x180 [ 32.289089] ? preempt_count_sub+0x50/0x80 [ 32.289119] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.289151] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.289183] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.289215] kthread+0x337/0x6f0 [ 32.289240] ? trace_preempt_on+0x20/0xc0 [ 32.289269] ? __pfx_kthread+0x10/0x10 [ 32.289297] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.289326] ? calculate_sigpending+0x7b/0xa0 [ 32.289357] ? __pfx_kthread+0x10/0x10 [ 32.289385] ret_from_fork+0x116/0x1d0 [ 32.289411] ? __pfx_kthread+0x10/0x10 [ 32.289438] ret_from_fork_asm+0x1a/0x30 [ 32.289478] </TASK> [ 32.289492] [ 32.303561] Allocated by task 291: [ 32.304052] kasan_save_stack+0x45/0x70 [ 32.304373] kasan_save_track+0x18/0x40 [ 32.304846] kasan_save_alloc_info+0x3b/0x50 [ 32.305297] __kasan_kmalloc+0xb7/0xc0 [ 32.305750] __kmalloc_cache_noprof+0x189/0x420 [ 32.306097] kasan_bitops_generic+0x92/0x1c0 [ 32.306580] kunit_try_run_case+0x1a5/0x480 [ 32.306991] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.307437] kthread+0x337/0x6f0 [ 32.307763] ret_from_fork+0x116/0x1d0 [ 32.308202] ret_from_fork_asm+0x1a/0x30 [ 32.308611] [ 32.308857] The buggy address belongs to the object at ffff8881010ffca0 [ 32.308857] which belongs to the cache kmalloc-16 of size 16 [ 32.309529] The buggy address is located 8 bytes inside of [ 32.309529] allocated 9-byte region [ffff8881010ffca0, ffff8881010ffca9) [ 32.310099] [ 32.310233] The buggy address belongs to the physical page: [ 32.310681] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1010ff [ 32.311390] flags: 0x200000000000000(node=0|zone=2) [ 32.311914] page_type: f5(slab) [ 32.312251] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 32.312970] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.313689] page dumped because: kasan: bad access detected [ 32.314214] [ 32.314441] Memory state around the buggy address: [ 32.314963] ffff8881010ffb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.315470] ffff8881010ffc00: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 32.315953] >ffff8881010ffc80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 32.316621] ^ [ 32.317121] ffff8881010ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.317606] ffff8881010ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.318149] ================================================================== [ 32.161306] ================================================================== [ 32.162973] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 32.163964] Write of size 8 at addr ffff8881010ffca8 by task kunit_try_catch/291 [ 32.165457] [ 32.165922] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 32.166042] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.166072] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.166118] Call Trace: [ 32.166148] <TASK> [ 32.166181] dump_stack_lvl+0x73/0xb0 [ 32.166252] print_report+0xd1/0x650 [ 32.166286] ? __virt_addr_valid+0x1db/0x2d0 [ 32.166319] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 32.166355] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.166390] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 32.166425] kasan_report+0x141/0x180 [ 32.166454] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 32.166496] kasan_check_range+0x10c/0x1c0 [ 32.166527] __kasan_check_write+0x18/0x20 [ 32.166585] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 32.166622] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 32.166674] ? __kmalloc_cache_noprof+0x189/0x420 [ 32.166708] ? trace_hardirqs_on+0x37/0xe0 [ 32.166739] ? kasan_bitops_generic+0x92/0x1c0 [ 32.166774] kasan_bitops_generic+0x121/0x1c0 [ 32.166805] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 32.166837] ? __pfx_read_tsc+0x10/0x10 [ 32.166867] ? ktime_get_ts64+0x86/0x230 [ 32.166899] kunit_try_run_case+0x1a5/0x480 [ 32.166931] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.166961] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.166993] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.167027] ? __kthread_parkme+0x82/0x180 [ 32.167091] ? preempt_count_sub+0x50/0x80 [ 32.167160] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.167202] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.167237] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.167270] kthread+0x337/0x6f0 [ 32.167297] ? trace_preempt_on+0x20/0xc0 [ 32.167328] ? __pfx_kthread+0x10/0x10 [ 32.167356] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.167387] ? calculate_sigpending+0x7b/0xa0 [ 32.167418] ? __pfx_kthread+0x10/0x10 [ 32.167447] ret_from_fork+0x116/0x1d0 [ 32.167473] ? __pfx_kthread+0x10/0x10 [ 32.167501] ret_from_fork_asm+0x1a/0x30 [ 32.167563] </TASK> [ 32.167580] [ 32.188180] Allocated by task 291: [ 32.188321] kasan_save_stack+0x45/0x70 [ 32.188469] kasan_save_track+0x18/0x40 [ 32.188992] kasan_save_alloc_info+0x3b/0x50 [ 32.189687] __kasan_kmalloc+0xb7/0xc0 [ 32.190530] __kmalloc_cache_noprof+0x189/0x420 [ 32.191079] kasan_bitops_generic+0x92/0x1c0 [ 32.191419] kunit_try_run_case+0x1a5/0x480 [ 32.192043] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.192691] kthread+0x337/0x6f0 [ 32.192899] ret_from_fork+0x116/0x1d0 [ 32.193327] ret_from_fork_asm+0x1a/0x30 [ 32.193966] [ 32.194419] The buggy address belongs to the object at ffff8881010ffca0 [ 32.194419] which belongs to the cache kmalloc-16 of size 16 [ 32.195677] The buggy address is located 8 bytes inside of [ 32.195677] allocated 9-byte region [ffff8881010ffca0, ffff8881010ffca9) [ 32.196881] [ 32.197123] The buggy address belongs to the physical page: [ 32.197435] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1010ff [ 32.198159] flags: 0x200000000000000(node=0|zone=2) [ 32.199071] page_type: f5(slab) [ 32.199661] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 32.200391] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.201215] page dumped because: kasan: bad access detected [ 32.201696] [ 32.202342] Memory state around the buggy address: [ 32.202790] ffff8881010ffb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.203496] ffff8881010ffc00: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 32.204160] >ffff8881010ffc80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 32.205097] ^ [ 32.205649] ffff8881010ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.206204] ffff8881010ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.206609] ================================================================== [ 32.355081] ================================================================== [ 32.355765] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 32.356351] Write of size 8 at addr ffff8881010ffca8 by task kunit_try_catch/291 [ 32.357095] [ 32.357348] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 32.357488] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.357525] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.357587] Call Trace: [ 32.357658] <TASK> [ 32.357701] dump_stack_lvl+0x73/0xb0 [ 32.357788] print_report+0xd1/0x650 [ 32.357866] ? __virt_addr_valid+0x1db/0x2d0 [ 32.357929] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 32.357996] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.358060] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 32.358160] kasan_report+0x141/0x180 [ 32.358224] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 32.358299] kasan_check_range+0x10c/0x1c0 [ 32.358360] __kasan_check_write+0x18/0x20 [ 32.358433] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 32.358524] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 32.358609] ? __kmalloc_cache_noprof+0x189/0x420 [ 32.358706] ? trace_hardirqs_on+0x37/0xe0 [ 32.358776] ? kasan_bitops_generic+0x92/0x1c0 [ 32.358864] kasan_bitops_generic+0x121/0x1c0 [ 32.358929] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 32.358988] ? __pfx_read_tsc+0x10/0x10 [ 32.359036] ? ktime_get_ts64+0x86/0x230 [ 32.359092] kunit_try_run_case+0x1a5/0x480 [ 32.359158] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.359219] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.359284] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.359351] ? __kthread_parkme+0x82/0x180 [ 32.359411] ? preempt_count_sub+0x50/0x80 [ 32.359470] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.359536] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.359657] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.359728] kthread+0x337/0x6f0 [ 32.359791] ? trace_preempt_on+0x20/0xc0 [ 32.359879] ? __pfx_kthread+0x10/0x10 [ 32.359939] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.360004] ? calculate_sigpending+0x7b/0xa0 [ 32.360070] ? __pfx_kthread+0x10/0x10 [ 32.360131] ret_from_fork+0x116/0x1d0 [ 32.360188] ? __pfx_kthread+0x10/0x10 [ 32.360248] ret_from_fork_asm+0x1a/0x30 [ 32.360332] </TASK> [ 32.360362] [ 32.378903] Allocated by task 291: [ 32.379266] kasan_save_stack+0x45/0x70 [ 32.379653] kasan_save_track+0x18/0x40 [ 32.380470] kasan_save_alloc_info+0x3b/0x50 [ 32.381660] __kasan_kmalloc+0xb7/0xc0 [ 32.381871] __kmalloc_cache_noprof+0x189/0x420 [ 32.382351] kasan_bitops_generic+0x92/0x1c0 [ 32.382841] kunit_try_run_case+0x1a5/0x480 [ 32.383256] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.383741] kthread+0x337/0x6f0 [ 32.384361] ret_from_fork+0x116/0x1d0 [ 32.384780] ret_from_fork_asm+0x1a/0x30 [ 32.385456] [ 32.385610] The buggy address belongs to the object at ffff8881010ffca0 [ 32.385610] which belongs to the cache kmalloc-16 of size 16 [ 32.386945] The buggy address is located 8 bytes inside of [ 32.386945] allocated 9-byte region [ffff8881010ffca0, ffff8881010ffca9) [ 32.387843] [ 32.388054] The buggy address belongs to the physical page: [ 32.388457] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1010ff [ 32.388800] flags: 0x200000000000000(node=0|zone=2) [ 32.389478] page_type: f5(slab) [ 32.390241] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 32.390964] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.391353] page dumped because: kasan: bad access detected [ 32.392073] [ 32.392289] Memory state around the buggy address: [ 32.392657] ffff8881010ffb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.393160] ffff8881010ffc00: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 32.394244] >ffff8881010ffc80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 32.394796] ^ [ 32.395202] ffff8881010ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.395575] ffff8881010ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.396219] ================================================================== [ 32.473406] ================================================================== [ 32.473876] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 32.474648] Read of size 8 at addr ffff8881010ffca8 by task kunit_try_catch/291 [ 32.475120] [ 32.475378] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 32.475492] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.475524] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.475594] Call Trace: [ 32.475667] <TASK> [ 32.475711] dump_stack_lvl+0x73/0xb0 [ 32.475787] print_report+0xd1/0x650 [ 32.475861] ? __virt_addr_valid+0x1db/0x2d0 [ 32.475927] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 32.475998] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.476078] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 32.476170] kasan_report+0x141/0x180 [ 32.476235] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 32.476323] __asan_report_load8_noabort+0x18/0x20 [ 32.476394] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 32.476469] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 32.476561] ? __kmalloc_cache_noprof+0x189/0x420 [ 32.476663] ? trace_hardirqs_on+0x37/0xe0 [ 32.476732] ? kasan_bitops_generic+0x92/0x1c0 [ 32.476807] kasan_bitops_generic+0x121/0x1c0 [ 32.476876] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 32.476945] ? __pfx_read_tsc+0x10/0x10 [ 32.476997] ? ktime_get_ts64+0x86/0x230 [ 32.477042] kunit_try_run_case+0x1a5/0x480 [ 32.477077] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.477109] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.477144] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.477179] ? __kthread_parkme+0x82/0x180 [ 32.477207] ? preempt_count_sub+0x50/0x80 [ 32.477238] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.477270] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.477302] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.477334] kthread+0x337/0x6f0 [ 32.477360] ? trace_preempt_on+0x20/0xc0 [ 32.477390] ? __pfx_kthread+0x10/0x10 [ 32.477418] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.477447] ? calculate_sigpending+0x7b/0xa0 [ 32.477480] ? __pfx_kthread+0x10/0x10 [ 32.477508] ret_from_fork+0x116/0x1d0 [ 32.477533] ? __pfx_kthread+0x10/0x10 [ 32.477585] ret_from_fork_asm+0x1a/0x30 [ 32.477642] </TASK> [ 32.477679] [ 32.491119] Allocated by task 291: [ 32.491371] kasan_save_stack+0x45/0x70 [ 32.491832] kasan_save_track+0x18/0x40 [ 32.492194] kasan_save_alloc_info+0x3b/0x50 [ 32.492516] __kasan_kmalloc+0xb7/0xc0 [ 32.492875] __kmalloc_cache_noprof+0x189/0x420 [ 32.493308] kasan_bitops_generic+0x92/0x1c0 [ 32.493747] kunit_try_run_case+0x1a5/0x480 [ 32.494077] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.494505] kthread+0x337/0x6f0 [ 32.494833] ret_from_fork+0x116/0x1d0 [ 32.495137] ret_from_fork_asm+0x1a/0x30 [ 32.495533] [ 32.495734] The buggy address belongs to the object at ffff8881010ffca0 [ 32.495734] which belongs to the cache kmalloc-16 of size 16 [ 32.496661] The buggy address is located 8 bytes inside of [ 32.496661] allocated 9-byte region [ffff8881010ffca0, ffff8881010ffca9) [ 32.497437] [ 32.497692] The buggy address belongs to the physical page: [ 32.497973] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1010ff [ 32.498354] flags: 0x200000000000000(node=0|zone=2) [ 32.498872] page_type: f5(slab) [ 32.499229] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 32.499961] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.500454] page dumped because: kasan: bad access detected [ 32.500785] [ 32.500919] Memory state around the buggy address: [ 32.501167] ffff8881010ffb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.501501] ffff8881010ffc00: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 32.502177] >ffff8881010ffc80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 32.502851] ^ [ 32.503277] ffff8881010ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.503959] ffff8881010ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.504514] ================================================================== [ 32.397628] ================================================================== [ 32.398387] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 32.399913] Write of size 8 at addr ffff8881010ffca8 by task kunit_try_catch/291 [ 32.400286] [ 32.400435] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 32.400535] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.400586] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.400638] Call Trace: [ 32.400680] <TASK> [ 32.400716] dump_stack_lvl+0x73/0xb0 [ 32.400763] print_report+0xd1/0x650 [ 32.400794] ? __virt_addr_valid+0x1db/0x2d0 [ 32.400827] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 32.400864] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.400898] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 32.400934] kasan_report+0x141/0x180 [ 32.400962] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 32.401003] kasan_check_range+0x10c/0x1c0 [ 32.401034] __kasan_check_write+0x18/0x20 [ 32.401064] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 32.401099] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 32.401135] ? __kmalloc_cache_noprof+0x189/0x420 [ 32.401166] ? trace_hardirqs_on+0x37/0xe0 [ 32.401196] ? kasan_bitops_generic+0x92/0x1c0 [ 32.401231] kasan_bitops_generic+0x121/0x1c0 [ 32.401261] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 32.401293] ? __pfx_read_tsc+0x10/0x10 [ 32.401321] ? ktime_get_ts64+0x86/0x230 [ 32.401352] kunit_try_run_case+0x1a5/0x480 [ 32.401386] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.401416] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.401448] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.401480] ? __kthread_parkme+0x82/0x180 [ 32.401507] ? preempt_count_sub+0x50/0x80 [ 32.401570] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.401653] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.401719] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.401877] kthread+0x337/0x6f0 [ 32.402148] ? trace_preempt_on+0x20/0xc0 [ 32.402252] ? __pfx_kthread+0x10/0x10 [ 32.402314] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.402379] ? calculate_sigpending+0x7b/0xa0 [ 32.402444] ? __pfx_kthread+0x10/0x10 [ 32.402504] ret_from_fork+0x116/0x1d0 [ 32.402570] ? __pfx_kthread+0x10/0x10 [ 32.402671] ret_from_fork_asm+0x1a/0x30 [ 32.402749] </TASK> [ 32.402768] [ 32.416704] Allocated by task 291: [ 32.417101] kasan_save_stack+0x45/0x70 [ 32.417516] kasan_save_track+0x18/0x40 [ 32.417977] kasan_save_alloc_info+0x3b/0x50 [ 32.418338] __kasan_kmalloc+0xb7/0xc0 [ 32.418598] __kmalloc_cache_noprof+0x189/0x420 [ 32.418909] kasan_bitops_generic+0x92/0x1c0 [ 32.419164] kunit_try_run_case+0x1a5/0x480 [ 32.419610] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.420195] kthread+0x337/0x6f0 [ 32.420576] ret_from_fork+0x116/0x1d0 [ 32.421006] ret_from_fork_asm+0x1a/0x30 [ 32.421411] [ 32.421657] The buggy address belongs to the object at ffff8881010ffca0 [ 32.421657] which belongs to the cache kmalloc-16 of size 16 [ 32.422767] The buggy address is located 8 bytes inside of [ 32.422767] allocated 9-byte region [ffff8881010ffca0, ffff8881010ffca9) [ 32.423521] [ 32.423788] The buggy address belongs to the physical page: [ 32.424175] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1010ff [ 32.424574] flags: 0x200000000000000(node=0|zone=2) [ 32.425082] page_type: f5(slab) [ 32.425485] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 32.426234] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.426847] page dumped because: kasan: bad access detected [ 32.427134] [ 32.427261] Memory state around the buggy address: [ 32.427708] ffff8881010ffb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.428382] ffff8881010ffc00: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 32.429045] >ffff8881010ffc80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 32.429507] ^ [ 32.429981] ffff8881010ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.430444] ffff8881010ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.431011] ================================================================== [ 32.434081] ================================================================== [ 32.434667] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 32.435355] Read of size 8 at addr ffff8881010ffca8 by task kunit_try_catch/291 [ 32.435950] [ 32.436224] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 32.436336] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.436370] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.436421] Call Trace: [ 32.436462] <TASK> [ 32.436502] dump_stack_lvl+0x73/0xb0 [ 32.436621] print_report+0xd1/0x650 [ 32.436723] ? __virt_addr_valid+0x1db/0x2d0 [ 32.436790] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 32.436858] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.436923] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 32.436991] kasan_report+0x141/0x180 [ 32.437053] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 32.437130] kasan_check_range+0x10c/0x1c0 [ 32.437203] __kasan_check_read+0x15/0x20 [ 32.437284] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 32.437363] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 32.437437] ? __kmalloc_cache_noprof+0x189/0x420 [ 32.437474] ? trace_hardirqs_on+0x37/0xe0 [ 32.437508] ? kasan_bitops_generic+0x92/0x1c0 [ 32.437563] kasan_bitops_generic+0x121/0x1c0 [ 32.437597] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 32.437662] ? __pfx_read_tsc+0x10/0x10 [ 32.437698] ? ktime_get_ts64+0x86/0x230 [ 32.437732] kunit_try_run_case+0x1a5/0x480 [ 32.437767] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.437797] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.437830] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.437863] ? __kthread_parkme+0x82/0x180 [ 32.437890] ? preempt_count_sub+0x50/0x80 [ 32.437922] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.437954] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.437986] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.438018] kthread+0x337/0x6f0 [ 32.438044] ? trace_preempt_on+0x20/0xc0 [ 32.438074] ? __pfx_kthread+0x10/0x10 [ 32.438101] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.438131] ? calculate_sigpending+0x7b/0xa0 [ 32.438162] ? __pfx_kthread+0x10/0x10 [ 32.438190] ret_from_fork+0x116/0x1d0 [ 32.438215] ? __pfx_kthread+0x10/0x10 [ 32.438242] ret_from_fork_asm+0x1a/0x30 [ 32.438282] </TASK> [ 32.438297] [ 32.456609] Allocated by task 291: [ 32.456860] kasan_save_stack+0x45/0x70 [ 32.457331] kasan_save_track+0x18/0x40 [ 32.458285] kasan_save_alloc_info+0x3b/0x50 [ 32.458798] __kasan_kmalloc+0xb7/0xc0 [ 32.459077] __kmalloc_cache_noprof+0x189/0x420 [ 32.459569] kasan_bitops_generic+0x92/0x1c0 [ 32.460038] kunit_try_run_case+0x1a5/0x480 [ 32.460586] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.460937] kthread+0x337/0x6f0 [ 32.461296] ret_from_fork+0x116/0x1d0 [ 32.461760] ret_from_fork_asm+0x1a/0x30 [ 32.462214] [ 32.462480] The buggy address belongs to the object at ffff8881010ffca0 [ 32.462480] which belongs to the cache kmalloc-16 of size 16 [ 32.463659] The buggy address is located 8 bytes inside of [ 32.463659] allocated 9-byte region [ffff8881010ffca0, ffff8881010ffca9) [ 32.464378] [ 32.464636] The buggy address belongs to the physical page: [ 32.465145] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1010ff [ 32.465669] flags: 0x200000000000000(node=0|zone=2) [ 32.466184] page_type: f5(slab) [ 32.466502] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 32.467453] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.467940] page dumped because: kasan: bad access detected [ 32.468488] [ 32.468732] Memory state around the buggy address: [ 32.469028] ffff8881010ffb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.469721] ffff8881010ffc00: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 32.470297] >ffff8881010ffc80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 32.470809] ^ [ 32.471255] ffff8881010ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.471838] ffff8881010ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.472328] ================================================================== [ 32.319745] ================================================================== [ 32.320448] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 32.321316] Write of size 8 at addr ffff8881010ffca8 by task kunit_try_catch/291 [ 32.322046] [ 32.322282] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 32.322395] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.322425] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.322485] Call Trace: [ 32.322556] <TASK> [ 32.322597] dump_stack_lvl+0x73/0xb0 [ 32.322716] print_report+0xd1/0x650 [ 32.322782] ? __virt_addr_valid+0x1db/0x2d0 [ 32.322842] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 32.322922] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.323008] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 32.323081] kasan_report+0x141/0x180 [ 32.323145] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 32.323225] kasan_check_range+0x10c/0x1c0 [ 32.323282] __kasan_check_write+0x18/0x20 [ 32.323331] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 32.323397] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 32.323466] ? __kmalloc_cache_noprof+0x189/0x420 [ 32.323534] ? trace_hardirqs_on+0x37/0xe0 [ 32.323620] ? kasan_bitops_generic+0x92/0x1c0 [ 32.323722] kasan_bitops_generic+0x121/0x1c0 [ 32.323785] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 32.323869] ? __pfx_read_tsc+0x10/0x10 [ 32.323950] ? ktime_get_ts64+0x86/0x230 [ 32.324012] kunit_try_run_case+0x1a5/0x480 [ 32.324078] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.324148] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.324231] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.324292] ? __kthread_parkme+0x82/0x180 [ 32.324347] ? preempt_count_sub+0x50/0x80 [ 32.324405] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.324469] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.324562] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.324658] kthread+0x337/0x6f0 [ 32.324715] ? trace_preempt_on+0x20/0xc0 [ 32.324771] ? __pfx_kthread+0x10/0x10 [ 32.324829] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.324900] ? calculate_sigpending+0x7b/0xa0 [ 32.324980] ? __pfx_kthread+0x10/0x10 [ 32.325039] ret_from_fork+0x116/0x1d0 [ 32.325090] ? __pfx_kthread+0x10/0x10 [ 32.325145] ret_from_fork_asm+0x1a/0x30 [ 32.325233] </TASK> [ 32.325280] [ 32.338786] Allocated by task 291: [ 32.339163] kasan_save_stack+0x45/0x70 [ 32.339598] kasan_save_track+0x18/0x40 [ 32.340032] kasan_save_alloc_info+0x3b/0x50 [ 32.340491] __kasan_kmalloc+0xb7/0xc0 [ 32.340963] __kmalloc_cache_noprof+0x189/0x420 [ 32.341402] kasan_bitops_generic+0x92/0x1c0 [ 32.341750] kunit_try_run_case+0x1a5/0x480 [ 32.342173] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.342788] kthread+0x337/0x6f0 [ 32.343153] ret_from_fork+0x116/0x1d0 [ 32.343523] ret_from_fork_asm+0x1a/0x30 [ 32.343981] [ 32.344137] The buggy address belongs to the object at ffff8881010ffca0 [ 32.344137] which belongs to the cache kmalloc-16 of size 16 [ 32.344986] The buggy address is located 8 bytes inside of [ 32.344986] allocated 9-byte region [ffff8881010ffca0, ffff8881010ffca9) [ 32.345902] [ 32.346125] The buggy address belongs to the physical page: [ 32.346567] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1010ff [ 32.347152] flags: 0x200000000000000(node=0|zone=2) [ 32.347595] page_type: f5(slab) [ 32.347863] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 32.348226] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.348610] page dumped because: kasan: bad access detected [ 32.349176] [ 32.349381] Memory state around the buggy address: [ 32.349884] ffff8881010ffb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.350512] ffff8881010ffc00: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 32.351201] >ffff8881010ffc80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 32.351901] ^ [ 32.352304] ffff8881010ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.352958] ffff8881010ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.353432] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 31.904290] ================================================================== [ 31.905592] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 31.906534] Write of size 8 at addr ffff8881010ffca8 by task kunit_try_catch/291 [ 31.907020] [ 31.907412] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 31.907534] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.907582] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.907683] Call Trace: [ 31.907728] <TASK> [ 31.907771] dump_stack_lvl+0x73/0xb0 [ 31.907896] print_report+0xd1/0x650 [ 31.907971] ? __virt_addr_valid+0x1db/0x2d0 [ 31.908036] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 31.908253] ? kasan_complete_mode_report_info+0x2a/0x200 [ 31.908325] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 31.908397] kasan_report+0x141/0x180 [ 31.908457] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 31.908499] kasan_check_range+0x10c/0x1c0 [ 31.908532] __kasan_check_write+0x18/0x20 [ 31.908585] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 31.908619] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 31.908681] ? __kmalloc_cache_noprof+0x189/0x420 [ 31.908714] ? trace_hardirqs_on+0x37/0xe0 [ 31.908746] ? kasan_bitops_generic+0x92/0x1c0 [ 31.908781] kasan_bitops_generic+0x116/0x1c0 [ 31.908812] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 31.908845] ? __pfx_read_tsc+0x10/0x10 [ 31.908875] ? ktime_get_ts64+0x86/0x230 [ 31.908907] kunit_try_run_case+0x1a5/0x480 [ 31.908939] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.908969] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.909002] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.909034] ? __kthread_parkme+0x82/0x180 [ 31.909089] ? preempt_count_sub+0x50/0x80 [ 31.909151] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.909200] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.909247] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.909295] kthread+0x337/0x6f0 [ 31.909333] ? trace_preempt_on+0x20/0xc0 [ 31.909378] ? __pfx_kthread+0x10/0x10 [ 31.909417] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.909465] ? calculate_sigpending+0x7b/0xa0 [ 31.909511] ? __pfx_kthread+0x10/0x10 [ 31.909573] ret_from_fork+0x116/0x1d0 [ 31.909617] ? __pfx_kthread+0x10/0x10 [ 31.909670] ret_from_fork_asm+0x1a/0x30 [ 31.909714] </TASK> [ 31.909729] [ 31.929789] Allocated by task 291: [ 31.930578] kasan_save_stack+0x45/0x70 [ 31.931197] kasan_save_track+0x18/0x40 [ 31.931674] kasan_save_alloc_info+0x3b/0x50 [ 31.932220] __kasan_kmalloc+0xb7/0xc0 [ 31.932485] __kmalloc_cache_noprof+0x189/0x420 [ 31.932823] kasan_bitops_generic+0x92/0x1c0 [ 31.933323] kunit_try_run_case+0x1a5/0x480 [ 31.933851] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.934783] kthread+0x337/0x6f0 [ 31.935325] ret_from_fork+0x116/0x1d0 [ 31.935772] ret_from_fork_asm+0x1a/0x30 [ 31.936346] [ 31.936594] The buggy address belongs to the object at ffff8881010ffca0 [ 31.936594] which belongs to the cache kmalloc-16 of size 16 [ 31.937768] The buggy address is located 8 bytes inside of [ 31.937768] allocated 9-byte region [ffff8881010ffca0, ffff8881010ffca9) [ 31.939245] [ 31.939455] The buggy address belongs to the physical page: [ 31.939976] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1010ff [ 31.940757] flags: 0x200000000000000(node=0|zone=2) [ 31.941376] page_type: f5(slab) [ 31.941771] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 31.942702] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 31.943425] page dumped because: kasan: bad access detected [ 31.943857] [ 31.944198] Memory state around the buggy address: [ 31.944722] ffff8881010ffb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 31.945498] ffff8881010ffc00: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 31.946155] >ffff8881010ffc80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 31.946832] ^ [ 31.947328] ffff8881010ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.948086] ffff8881010ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.948669] ================================================================== [ 31.815726] ================================================================== [ 31.816393] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 31.818007] Write of size 8 at addr ffff8881010ffca8 by task kunit_try_catch/291 [ 31.818461] [ 31.818879] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 31.818999] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.819033] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.819081] Call Trace: [ 31.819234] <TASK> [ 31.819286] dump_stack_lvl+0x73/0xb0 [ 31.819372] print_report+0xd1/0x650 [ 31.819415] ? __virt_addr_valid+0x1db/0x2d0 [ 31.819453] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 31.819487] ? kasan_complete_mode_report_info+0x2a/0x200 [ 31.819522] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 31.819578] kasan_report+0x141/0x180 [ 31.819608] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 31.819661] kasan_check_range+0x10c/0x1c0 [ 31.819695] __kasan_check_write+0x18/0x20 [ 31.819725] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 31.819758] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 31.819793] ? __kmalloc_cache_noprof+0x189/0x420 [ 31.819836] ? trace_hardirqs_on+0x37/0xe0 [ 31.819868] ? kasan_bitops_generic+0x92/0x1c0 [ 31.819903] kasan_bitops_generic+0x116/0x1c0 [ 31.819935] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 31.819966] ? __pfx_read_tsc+0x10/0x10 [ 31.819997] ? ktime_get_ts64+0x86/0x230 [ 31.820030] kunit_try_run_case+0x1a5/0x480 [ 31.820080] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.820132] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.820190] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.820237] ? __kthread_parkme+0x82/0x180 [ 31.820268] ? preempt_count_sub+0x50/0x80 [ 31.820300] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.820333] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.820366] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.820398] kthread+0x337/0x6f0 [ 31.820425] ? trace_preempt_on+0x20/0xc0 [ 31.820454] ? __pfx_kthread+0x10/0x10 [ 31.820481] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.820512] ? calculate_sigpending+0x7b/0xa0 [ 31.820564] ? __pfx_kthread+0x10/0x10 [ 31.820594] ret_from_fork+0x116/0x1d0 [ 31.820621] ? __pfx_kthread+0x10/0x10 [ 31.820683] ret_from_fork_asm+0x1a/0x30 [ 31.820727] </TASK> [ 31.820744] [ 31.840095] Allocated by task 291: [ 31.840490] kasan_save_stack+0x45/0x70 [ 31.840813] kasan_save_track+0x18/0x40 [ 31.841066] kasan_save_alloc_info+0x3b/0x50 [ 31.841486] __kasan_kmalloc+0xb7/0xc0 [ 31.842487] __kmalloc_cache_noprof+0x189/0x420 [ 31.843019] kasan_bitops_generic+0x92/0x1c0 [ 31.843571] kunit_try_run_case+0x1a5/0x480 [ 31.844190] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.844576] kthread+0x337/0x6f0 [ 31.844993] ret_from_fork+0x116/0x1d0 [ 31.845435] ret_from_fork_asm+0x1a/0x30 [ 31.845972] [ 31.846484] The buggy address belongs to the object at ffff8881010ffca0 [ 31.846484] which belongs to the cache kmalloc-16 of size 16 [ 31.848293] The buggy address is located 8 bytes inside of [ 31.848293] allocated 9-byte region [ffff8881010ffca0, ffff8881010ffca9) [ 31.849633] [ 31.849949] The buggy address belongs to the physical page: [ 31.850197] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1010ff [ 31.851370] flags: 0x200000000000000(node=0|zone=2) [ 31.852096] page_type: f5(slab) [ 31.852361] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 31.853505] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 31.854474] page dumped because: kasan: bad access detected [ 31.855000] [ 31.855141] Memory state around the buggy address: [ 31.856025] ffff8881010ffb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 31.856662] ffff8881010ffc00: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 31.857516] >ffff8881010ffc80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 31.858237] ^ [ 31.858989] ffff8881010ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.859724] ffff8881010ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.860431] ================================================================== [ 32.117234] ================================================================== [ 32.118046] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 32.119038] Write of size 8 at addr ffff8881010ffca8 by task kunit_try_catch/291 [ 32.119693] [ 32.119999] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 32.120112] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.120143] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.120194] Call Trace: [ 32.120227] <TASK> [ 32.120266] dump_stack_lvl+0x73/0xb0 [ 32.120342] print_report+0xd1/0x650 [ 32.120826] ? __virt_addr_valid+0x1db/0x2d0 [ 32.120916] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 32.120956] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.120993] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 32.121027] kasan_report+0x141/0x180 [ 32.121064] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 32.121164] kasan_check_range+0x10c/0x1c0 [ 32.121223] __kasan_check_write+0x18/0x20 [ 32.121259] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 32.121295] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 32.121330] ? __kmalloc_cache_noprof+0x189/0x420 [ 32.121364] ? trace_hardirqs_on+0x37/0xe0 [ 32.121397] ? kasan_bitops_generic+0x92/0x1c0 [ 32.121431] kasan_bitops_generic+0x116/0x1c0 [ 32.121462] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 32.121495] ? __pfx_read_tsc+0x10/0x10 [ 32.121523] ? ktime_get_ts64+0x86/0x230 [ 32.121579] kunit_try_run_case+0x1a5/0x480 [ 32.121616] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.121681] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.121716] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.121749] ? __kthread_parkme+0x82/0x180 [ 32.121777] ? preempt_count_sub+0x50/0x80 [ 32.121808] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.121839] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.121870] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.121901] kthread+0x337/0x6f0 [ 32.121928] ? trace_preempt_on+0x20/0xc0 [ 32.121958] ? __pfx_kthread+0x10/0x10 [ 32.121985] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.122014] ? calculate_sigpending+0x7b/0xa0 [ 32.122045] ? __pfx_kthread+0x10/0x10 [ 32.122091] ret_from_fork+0x116/0x1d0 [ 32.122136] ? __pfx_kthread+0x10/0x10 [ 32.122178] ret_from_fork_asm+0x1a/0x30 [ 32.122220] </TASK> [ 32.122235] [ 32.141358] Allocated by task 291: [ 32.141824] kasan_save_stack+0x45/0x70 [ 32.142313] kasan_save_track+0x18/0x40 [ 32.142796] kasan_save_alloc_info+0x3b/0x50 [ 32.143321] __kasan_kmalloc+0xb7/0xc0 [ 32.143767] __kmalloc_cache_noprof+0x189/0x420 [ 32.144727] kasan_bitops_generic+0x92/0x1c0 [ 32.145189] kunit_try_run_case+0x1a5/0x480 [ 32.145530] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.146416] kthread+0x337/0x6f0 [ 32.146822] ret_from_fork+0x116/0x1d0 [ 32.147300] ret_from_fork_asm+0x1a/0x30 [ 32.147808] [ 32.147990] The buggy address belongs to the object at ffff8881010ffca0 [ 32.147990] which belongs to the cache kmalloc-16 of size 16 [ 32.149491] The buggy address is located 8 bytes inside of [ 32.149491] allocated 9-byte region [ffff8881010ffca0, ffff8881010ffca9) [ 32.150483] [ 32.150754] The buggy address belongs to the physical page: [ 32.151291] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1010ff [ 32.151963] flags: 0x200000000000000(node=0|zone=2) [ 32.152782] page_type: f5(slab) [ 32.153305] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 32.153892] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.154453] page dumped because: kasan: bad access detected [ 32.154881] [ 32.155047] Memory state around the buggy address: [ 32.155401] ffff8881010ffb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.156584] ffff8881010ffc00: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 32.157334] >ffff8881010ffc80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 32.158123] ^ [ 32.158861] ffff8881010ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.159528] ffff8881010ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.160298] ================================================================== [ 32.036411] ================================================================== [ 32.036935] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 32.037416] Write of size 8 at addr ffff8881010ffca8 by task kunit_try_catch/291 [ 32.038009] [ 32.038263] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 32.038376] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.038406] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.038451] Call Trace: [ 32.038487] <TASK> [ 32.038551] dump_stack_lvl+0x73/0xb0 [ 32.038624] print_report+0xd1/0x650 [ 32.038683] ? __virt_addr_valid+0x1db/0x2d0 [ 32.038744] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 32.038805] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.038866] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 32.038927] kasan_report+0x141/0x180 [ 32.038989] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 32.039069] kasan_check_range+0x10c/0x1c0 [ 32.039135] __kasan_check_write+0x18/0x20 [ 32.039200] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 32.039271] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 32.039342] ? __kmalloc_cache_noprof+0x189/0x420 [ 32.039409] ? trace_hardirqs_on+0x37/0xe0 [ 32.039473] ? kasan_bitops_generic+0x92/0x1c0 [ 32.039584] kasan_bitops_generic+0x116/0x1c0 [ 32.039652] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 32.039710] ? __pfx_read_tsc+0x10/0x10 [ 32.039761] ? ktime_get_ts64+0x86/0x230 [ 32.039817] kunit_try_run_case+0x1a5/0x480 [ 32.039885] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.039937] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.039996] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.040029] ? __kthread_parkme+0x82/0x180 [ 32.040063] ? preempt_count_sub+0x50/0x80 [ 32.040134] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.040184] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.040219] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.040251] kthread+0x337/0x6f0 [ 32.040279] ? trace_preempt_on+0x20/0xc0 [ 32.040310] ? __pfx_kthread+0x10/0x10 [ 32.040337] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.040367] ? calculate_sigpending+0x7b/0xa0 [ 32.040400] ? __pfx_kthread+0x10/0x10 [ 32.040428] ret_from_fork+0x116/0x1d0 [ 32.040453] ? __pfx_kthread+0x10/0x10 [ 32.040480] ret_from_fork_asm+0x1a/0x30 [ 32.040520] </TASK> [ 32.040534] [ 32.055457] Allocated by task 291: [ 32.055888] kasan_save_stack+0x45/0x70 [ 32.056323] kasan_save_track+0x18/0x40 [ 32.056711] kasan_save_alloc_info+0x3b/0x50 [ 32.057021] __kasan_kmalloc+0xb7/0xc0 [ 32.057404] __kmalloc_cache_noprof+0x189/0x420 [ 32.058008] kasan_bitops_generic+0x92/0x1c0 [ 32.058285] kunit_try_run_case+0x1a5/0x480 [ 32.058560] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.059060] kthread+0x337/0x6f0 [ 32.059463] ret_from_fork+0x116/0x1d0 [ 32.059905] ret_from_fork_asm+0x1a/0x30 [ 32.060266] [ 32.060455] The buggy address belongs to the object at ffff8881010ffca0 [ 32.060455] which belongs to the cache kmalloc-16 of size 16 [ 32.061220] The buggy address is located 8 bytes inside of [ 32.061220] allocated 9-byte region [ffff8881010ffca0, ffff8881010ffca9) [ 32.061904] [ 32.062113] The buggy address belongs to the physical page: [ 32.062652] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1010ff [ 32.063331] flags: 0x200000000000000(node=0|zone=2) [ 32.063919] page_type: f5(slab) [ 32.064141] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 32.064497] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.065165] page dumped because: kasan: bad access detected [ 32.066661] [ 32.066863] Memory state around the buggy address: [ 32.067420] ffff8881010ffb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.068087] ffff8881010ffc00: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 32.068629] >ffff8881010ffc80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 32.068973] ^ [ 32.069253] ffff8881010ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.070614] ffff8881010ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.071351] ================================================================== [ 31.861898] ================================================================== [ 31.863117] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 31.863656] Write of size 8 at addr ffff8881010ffca8 by task kunit_try_catch/291 [ 31.864734] [ 31.865562] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 31.865639] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.865663] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.865690] Call Trace: [ 31.865708] <TASK> [ 31.865732] dump_stack_lvl+0x73/0xb0 [ 31.865779] print_report+0xd1/0x650 [ 31.865812] ? __virt_addr_valid+0x1db/0x2d0 [ 31.865845] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 31.865878] ? kasan_complete_mode_report_info+0x2a/0x200 [ 31.865912] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 31.865946] kasan_report+0x141/0x180 [ 31.865974] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 31.866012] kasan_check_range+0x10c/0x1c0 [ 31.866041] __kasan_check_write+0x18/0x20 [ 31.866092] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 31.866148] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 31.866197] ? __kmalloc_cache_noprof+0x189/0x420 [ 31.866246] ? trace_hardirqs_on+0x37/0xe0 [ 31.866294] ? kasan_bitops_generic+0x92/0x1c0 [ 31.866350] kasan_bitops_generic+0x116/0x1c0 [ 31.866401] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 31.866685] ? __pfx_read_tsc+0x10/0x10 [ 31.866779] ? ktime_get_ts64+0x86/0x230 [ 31.866841] kunit_try_run_case+0x1a5/0x480 [ 31.866883] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.866915] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.866949] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.866993] ? __kthread_parkme+0x82/0x180 [ 31.867036] ? preempt_count_sub+0x50/0x80 [ 31.867103] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.867137] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.867170] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.867202] kthread+0x337/0x6f0 [ 31.867228] ? trace_preempt_on+0x20/0xc0 [ 31.867259] ? __pfx_kthread+0x10/0x10 [ 31.867286] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.867316] ? calculate_sigpending+0x7b/0xa0 [ 31.867347] ? __pfx_kthread+0x10/0x10 [ 31.867375] ret_from_fork+0x116/0x1d0 [ 31.867401] ? __pfx_kthread+0x10/0x10 [ 31.867429] ret_from_fork_asm+0x1a/0x30 [ 31.867468] </TASK> [ 31.867482] [ 31.885040] Allocated by task 291: [ 31.885614] kasan_save_stack+0x45/0x70 [ 31.886255] kasan_save_track+0x18/0x40 [ 31.886607] kasan_save_alloc_info+0x3b/0x50 [ 31.886915] __kasan_kmalloc+0xb7/0xc0 [ 31.887673] __kmalloc_cache_noprof+0x189/0x420 [ 31.888294] kasan_bitops_generic+0x92/0x1c0 [ 31.888800] kunit_try_run_case+0x1a5/0x480 [ 31.889232] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.889899] kthread+0x337/0x6f0 [ 31.890414] ret_from_fork+0x116/0x1d0 [ 31.891056] ret_from_fork_asm+0x1a/0x30 [ 31.891622] [ 31.891839] The buggy address belongs to the object at ffff8881010ffca0 [ 31.891839] which belongs to the cache kmalloc-16 of size 16 [ 31.893063] The buggy address is located 8 bytes inside of [ 31.893063] allocated 9-byte region [ffff8881010ffca0, ffff8881010ffca9) [ 31.895006] [ 31.895272] The buggy address belongs to the physical page: [ 31.896151] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1010ff [ 31.896905] flags: 0x200000000000000(node=0|zone=2) [ 31.897373] page_type: f5(slab) [ 31.897824] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 31.898393] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 31.899021] page dumped because: kasan: bad access detected [ 31.899288] [ 31.899491] Memory state around the buggy address: [ 31.899977] ffff8881010ffb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 31.900450] ffff8881010ffc00: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 31.901462] >ffff8881010ffc80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 31.901758] ^ [ 31.901912] ffff8881010ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.902313] ffff8881010ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.902987] ================================================================== [ 31.949767] ================================================================== [ 31.950692] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 31.951294] Write of size 8 at addr ffff8881010ffca8 by task kunit_try_catch/291 [ 31.952267] [ 31.952456] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 31.952589] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.952655] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.952735] Call Trace: [ 31.952777] <TASK> [ 31.952815] dump_stack_lvl+0x73/0xb0 [ 31.952920] print_report+0xd1/0x650 [ 31.952983] ? __virt_addr_valid+0x1db/0x2d0 [ 31.953261] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 31.953357] ? kasan_complete_mode_report_info+0x2a/0x200 [ 31.953432] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 31.953504] kasan_report+0x141/0x180 [ 31.953577] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 31.953680] kasan_check_range+0x10c/0x1c0 [ 31.953750] __kasan_check_write+0x18/0x20 [ 31.953793] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 31.953828] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 31.953864] ? __kmalloc_cache_noprof+0x189/0x420 [ 31.953897] ? trace_hardirqs_on+0x37/0xe0 [ 31.953928] ? kasan_bitops_generic+0x92/0x1c0 [ 31.953963] kasan_bitops_generic+0x116/0x1c0 [ 31.953993] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 31.954025] ? __pfx_read_tsc+0x10/0x10 [ 31.954097] ? ktime_get_ts64+0x86/0x230 [ 31.954154] kunit_try_run_case+0x1a5/0x480 [ 31.954210] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.954306] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.954365] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.954412] ? __kthread_parkme+0x82/0x180 [ 31.954442] ? preempt_count_sub+0x50/0x80 [ 31.954475] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.954508] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.954564] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.954598] kthread+0x337/0x6f0 [ 31.954625] ? trace_preempt_on+0x20/0xc0 [ 31.954678] ? __pfx_kthread+0x10/0x10 [ 31.954706] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.954737] ? calculate_sigpending+0x7b/0xa0 [ 31.954769] ? __pfx_kthread+0x10/0x10 [ 31.954797] ret_from_fork+0x116/0x1d0 [ 31.954823] ? __pfx_kthread+0x10/0x10 [ 31.954852] ret_from_fork_asm+0x1a/0x30 [ 31.954892] </TASK> [ 31.954906] [ 31.973311] Allocated by task 291: [ 31.973705] kasan_save_stack+0x45/0x70 [ 31.974393] kasan_save_track+0x18/0x40 [ 31.974830] kasan_save_alloc_info+0x3b/0x50 [ 31.975491] __kasan_kmalloc+0xb7/0xc0 [ 31.975951] __kmalloc_cache_noprof+0x189/0x420 [ 31.976328] kasan_bitops_generic+0x92/0x1c0 [ 31.976791] kunit_try_run_case+0x1a5/0x480 [ 31.977497] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.978327] kthread+0x337/0x6f0 [ 31.978585] ret_from_fork+0x116/0x1d0 [ 31.978978] ret_from_fork_asm+0x1a/0x30 [ 31.979557] [ 31.979759] The buggy address belongs to the object at ffff8881010ffca0 [ 31.979759] which belongs to the cache kmalloc-16 of size 16 [ 31.980533] The buggy address is located 8 bytes inside of [ 31.980533] allocated 9-byte region [ffff8881010ffca0, ffff8881010ffca9) [ 31.981687] [ 31.981834] The buggy address belongs to the physical page: [ 31.982688] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1010ff [ 31.983519] flags: 0x200000000000000(node=0|zone=2) [ 31.983890] page_type: f5(slab) [ 31.984111] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 31.985417] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 31.986043] page dumped because: kasan: bad access detected [ 31.986489] [ 31.986811] Memory state around the buggy address: [ 31.987562] ffff8881010ffb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 31.988094] ffff8881010ffc00: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 31.988678] >ffff8881010ffc80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 31.989821] ^ [ 31.990135] ffff8881010ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.990734] ffff8881010ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.991399] ================================================================== [ 32.072279] ================================================================== [ 32.072929] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 32.073326] Write of size 8 at addr ffff8881010ffca8 by task kunit_try_catch/291 [ 32.074490] [ 32.074759] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 32.074870] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.074902] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.074953] Call Trace: [ 32.074995] <TASK> [ 32.075035] dump_stack_lvl+0x73/0xb0 [ 32.075105] print_report+0xd1/0x650 [ 32.075160] ? __virt_addr_valid+0x1db/0x2d0 [ 32.075222] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 32.075281] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.075346] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 32.075406] kasan_report+0x141/0x180 [ 32.075465] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 32.075535] kasan_check_range+0x10c/0x1c0 [ 32.075619] __kasan_check_write+0x18/0x20 [ 32.075804] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 32.075895] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 32.075956] ? __kmalloc_cache_noprof+0x189/0x420 [ 32.076007] ? trace_hardirqs_on+0x37/0xe0 [ 32.076064] ? kasan_bitops_generic+0x92/0x1c0 [ 32.076130] kasan_bitops_generic+0x116/0x1c0 [ 32.076188] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 32.076255] ? __pfx_read_tsc+0x10/0x10 [ 32.076314] ? ktime_get_ts64+0x86/0x230 [ 32.076386] kunit_try_run_case+0x1a5/0x480 [ 32.076452] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.076514] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.076603] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.076672] ? __kthread_parkme+0x82/0x180 [ 32.076729] ? preempt_count_sub+0x50/0x80 [ 32.076795] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.076864] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.076934] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.077000] kthread+0x337/0x6f0 [ 32.077425] ? trace_preempt_on+0x20/0xc0 [ 32.077514] ? __pfx_kthread+0x10/0x10 [ 32.077597] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.077660] ? calculate_sigpending+0x7b/0xa0 [ 32.077722] ? __pfx_kthread+0x10/0x10 [ 32.077775] ret_from_fork+0x116/0x1d0 [ 32.077832] ? __pfx_kthread+0x10/0x10 [ 32.077883] ret_from_fork_asm+0x1a/0x30 [ 32.077958] </TASK> [ 32.077988] [ 32.095655] Allocated by task 291: [ 32.095947] kasan_save_stack+0x45/0x70 [ 32.096389] kasan_save_track+0x18/0x40 [ 32.096978] kasan_save_alloc_info+0x3b/0x50 [ 32.097319] __kasan_kmalloc+0xb7/0xc0 [ 32.097939] __kmalloc_cache_noprof+0x189/0x420 [ 32.098271] kasan_bitops_generic+0x92/0x1c0 [ 32.099589] kunit_try_run_case+0x1a5/0x480 [ 32.100002] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.100424] kthread+0x337/0x6f0 [ 32.100904] ret_from_fork+0x116/0x1d0 [ 32.101330] ret_from_fork_asm+0x1a/0x30 [ 32.101937] [ 32.102144] The buggy address belongs to the object at ffff8881010ffca0 [ 32.102144] which belongs to the cache kmalloc-16 of size 16 [ 32.103567] The buggy address is located 8 bytes inside of [ 32.103567] allocated 9-byte region [ffff8881010ffca0, ffff8881010ffca9) [ 32.104955] [ 32.105203] The buggy address belongs to the physical page: [ 32.105747] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1010ff [ 32.106781] flags: 0x200000000000000(node=0|zone=2) [ 32.107561] page_type: f5(slab) [ 32.107959] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 32.108792] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.109203] page dumped because: kasan: bad access detected [ 32.110045] [ 32.110248] Memory state around the buggy address: [ 32.110930] ffff8881010ffb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.111855] ffff8881010ffc00: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 32.112351] >ffff8881010ffc80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 32.112995] ^ [ 32.113348] ffff8881010ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.114027] ffff8881010ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.114773] ================================================================== [ 31.992399] ================================================================== [ 31.992769] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 31.993205] Write of size 8 at addr ffff8881010ffca8 by task kunit_try_catch/291 [ 31.994249] [ 31.994461] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 31.994597] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.994644] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.994697] Call Trace: [ 31.994737] <TASK> [ 31.994781] dump_stack_lvl+0x73/0xb0 [ 31.994857] print_report+0xd1/0x650 [ 31.994919] ? __virt_addr_valid+0x1db/0x2d0 [ 31.994987] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 31.995057] ? kasan_complete_mode_report_info+0x2a/0x200 [ 31.995129] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 31.995200] kasan_report+0x141/0x180 [ 31.995257] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 31.995328] kasan_check_range+0x10c/0x1c0 [ 31.995390] __kasan_check_write+0x18/0x20 [ 31.995448] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 31.995506] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 31.995584] ? __kmalloc_cache_noprof+0x189/0x420 [ 31.995646] ? trace_hardirqs_on+0x37/0xe0 [ 31.995704] ? kasan_bitops_generic+0x92/0x1c0 [ 31.995792] kasan_bitops_generic+0x116/0x1c0 [ 31.995855] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 31.995889] ? __pfx_read_tsc+0x10/0x10 [ 31.995922] ? ktime_get_ts64+0x86/0x230 [ 31.995954] kunit_try_run_case+0x1a5/0x480 [ 31.995988] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.996018] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.996065] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.996190] ? __kthread_parkme+0x82/0x180 [ 31.996246] ? preempt_count_sub+0x50/0x80 [ 31.996309] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.996379] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.996445] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.996482] kthread+0x337/0x6f0 [ 31.996510] ? trace_preempt_on+0x20/0xc0 [ 31.996569] ? __pfx_kthread+0x10/0x10 [ 31.996598] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.996635] ? calculate_sigpending+0x7b/0xa0 [ 31.996693] ? __pfx_kthread+0x10/0x10 [ 31.996723] ret_from_fork+0x116/0x1d0 [ 31.996750] ? __pfx_kthread+0x10/0x10 [ 31.996779] ret_from_fork_asm+0x1a/0x30 [ 31.996820] </TASK> [ 31.996837] [ 32.016598] Allocated by task 291: [ 32.016902] kasan_save_stack+0x45/0x70 [ 32.017494] kasan_save_track+0x18/0x40 [ 32.017771] kasan_save_alloc_info+0x3b/0x50 [ 32.018417] __kasan_kmalloc+0xb7/0xc0 [ 32.018981] __kmalloc_cache_noprof+0x189/0x420 [ 32.019872] kasan_bitops_generic+0x92/0x1c0 [ 32.020375] kunit_try_run_case+0x1a5/0x480 [ 32.020967] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.021736] kthread+0x337/0x6f0 [ 32.022115] ret_from_fork+0x116/0x1d0 [ 32.022874] ret_from_fork_asm+0x1a/0x30 [ 32.023435] [ 32.023596] The buggy address belongs to the object at ffff8881010ffca0 [ 32.023596] which belongs to the cache kmalloc-16 of size 16 [ 32.025178] The buggy address is located 8 bytes inside of [ 32.025178] allocated 9-byte region [ffff8881010ffca0, ffff8881010ffca9) [ 32.026048] [ 32.026191] The buggy address belongs to the physical page: [ 32.027232] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1010ff [ 32.027983] flags: 0x200000000000000(node=0|zone=2) [ 32.028394] page_type: f5(slab) [ 32.028834] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 32.029783] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.030527] page dumped because: kasan: bad access detected [ 32.031136] [ 32.031365] Memory state around the buggy address: [ 32.031933] ffff8881010ffb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.032917] ffff8881010ffc00: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 32.033617] >ffff8881010ffc80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 32.033816] ^ [ 32.033946] ffff8881010ffd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.034576] ffff8881010ffd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.035071] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 31.765530] ================================================================== [ 31.765907] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80 [ 31.766509] Read of size 1 at addr ffff888103b4da50 by task kunit_try_catch/289 [ 31.767111] [ 31.767288] CPU: 1 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 31.767403] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.767432] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.767480] Call Trace: [ 31.767524] <TASK> [ 31.767671] dump_stack_lvl+0x73/0xb0 [ 31.767761] print_report+0xd1/0x650 [ 31.767836] ? __virt_addr_valid+0x1db/0x2d0 [ 31.767894] ? strnlen+0x73/0x80 [ 31.767943] ? kasan_complete_mode_report_info+0x64/0x200 [ 31.768012] ? strnlen+0x73/0x80 [ 31.768064] kasan_report+0x141/0x180 [ 31.768207] ? strnlen+0x73/0x80 [ 31.768311] __asan_report_load1_noabort+0x18/0x20 [ 31.768401] strnlen+0x73/0x80 [ 31.768474] kasan_strings+0x615/0xe80 [ 31.768560] ? trace_hardirqs_on+0x37/0xe0 [ 31.768626] ? __pfx_kasan_strings+0x10/0x10 [ 31.768673] ? finish_task_switch.isra.0+0x153/0x700 [ 31.768727] ? __switch_to+0x47/0xf50 [ 31.768793] ? __schedule+0x10cc/0x2b60 [ 31.768859] ? __pfx_read_tsc+0x10/0x10 [ 31.768916] ? ktime_get_ts64+0x86/0x230 [ 31.768972] kunit_try_run_case+0x1a5/0x480 [ 31.769037] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.769196] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.769300] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.769368] ? __kthread_parkme+0x82/0x180 [ 31.769433] ? preempt_count_sub+0x50/0x80 [ 31.769470] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.769506] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.769558] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.769592] kthread+0x337/0x6f0 [ 31.769619] ? trace_preempt_on+0x20/0xc0 [ 31.769665] ? __pfx_kthread+0x10/0x10 [ 31.769693] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.769724] ? calculate_sigpending+0x7b/0xa0 [ 31.769757] ? __pfx_kthread+0x10/0x10 [ 31.769786] ret_from_fork+0x116/0x1d0 [ 31.769812] ? __pfx_kthread+0x10/0x10 [ 31.769839] ret_from_fork_asm+0x1a/0x30 [ 31.769877] </TASK> [ 31.769892] [ 31.785820] Allocated by task 289: [ 31.786351] kasan_save_stack+0x45/0x70 [ 31.786836] kasan_save_track+0x18/0x40 [ 31.787404] kasan_save_alloc_info+0x3b/0x50 [ 31.787887] __kasan_kmalloc+0xb7/0xc0 [ 31.788327] __kmalloc_cache_noprof+0x189/0x420 [ 31.788870] kasan_strings+0xc0/0xe80 [ 31.789307] kunit_try_run_case+0x1a5/0x480 [ 31.789820] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.790177] kthread+0x337/0x6f0 [ 31.790530] ret_from_fork+0x116/0x1d0 [ 31.791565] ret_from_fork_asm+0x1a/0x30 [ 31.792012] [ 31.792356] Freed by task 289: [ 31.792654] kasan_save_stack+0x45/0x70 [ 31.793188] kasan_save_track+0x18/0x40 [ 31.793562] kasan_save_free_info+0x3f/0x60 [ 31.794034] __kasan_slab_free+0x56/0x70 [ 31.794555] kfree+0x222/0x3f0 [ 31.794949] kasan_strings+0x2aa/0xe80 [ 31.795418] kunit_try_run_case+0x1a5/0x480 [ 31.795885] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.796292] kthread+0x337/0x6f0 [ 31.797141] ret_from_fork+0x116/0x1d0 [ 31.797578] ret_from_fork_asm+0x1a/0x30 [ 31.797913] [ 31.798252] The buggy address belongs to the object at ffff888103b4da40 [ 31.798252] which belongs to the cache kmalloc-32 of size 32 [ 31.799252] The buggy address is located 16 bytes inside of [ 31.799252] freed 32-byte region [ffff888103b4da40, ffff888103b4da60) [ 31.800596] [ 31.800720] The buggy address belongs to the physical page: [ 31.801191] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103b4d [ 31.801762] flags: 0x200000000000000(node=0|zone=2) [ 31.802402] page_type: f5(slab) [ 31.802791] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 31.803574] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 31.804207] page dumped because: kasan: bad access detected [ 31.804792] [ 31.805175] Memory state around the buggy address: [ 31.805558] ffff888103b4d900: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 31.805921] ffff888103b4d980: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 31.806233] >ffff888103b4da00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 31.806875] ^ [ 31.807643] ffff888103b4da80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 31.808465] ffff888103b4db00: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 31.809199] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strlen
[ 31.720607] ================================================================== [ 31.721207] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 31.721787] Read of size 1 at addr ffff888103b4da50 by task kunit_try_catch/289 [ 31.722531] [ 31.722800] CPU: 1 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 31.722916] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.722947] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.722998] Call Trace: [ 31.723041] <TASK> [ 31.723220] dump_stack_lvl+0x73/0xb0 [ 31.723317] print_report+0xd1/0x650 [ 31.723381] ? __virt_addr_valid+0x1db/0x2d0 [ 31.723445] ? strlen+0x8f/0xb0 [ 31.723500] ? kasan_complete_mode_report_info+0x64/0x200 [ 31.723581] ? strlen+0x8f/0xb0 [ 31.723662] kasan_report+0x141/0x180 [ 31.723723] ? strlen+0x8f/0xb0 [ 31.723798] __asan_report_load1_noabort+0x18/0x20 [ 31.723892] strlen+0x8f/0xb0 [ 31.723958] kasan_strings+0x57b/0xe80 [ 31.724028] ? trace_hardirqs_on+0x37/0xe0 [ 31.724252] ? __pfx_kasan_strings+0x10/0x10 [ 31.724289] ? finish_task_switch.isra.0+0x153/0x700 [ 31.724322] ? __switch_to+0x47/0xf50 [ 31.724357] ? __schedule+0x10cc/0x2b60 [ 31.724391] ? __pfx_read_tsc+0x10/0x10 [ 31.724421] ? ktime_get_ts64+0x86/0x230 [ 31.724453] kunit_try_run_case+0x1a5/0x480 [ 31.724488] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.724517] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.724570] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.724604] ? __kthread_parkme+0x82/0x180 [ 31.724664] ? preempt_count_sub+0x50/0x80 [ 31.724701] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.724733] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.724765] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.724798] kthread+0x337/0x6f0 [ 31.724824] ? trace_preempt_on+0x20/0xc0 [ 31.724855] ? __pfx_kthread+0x10/0x10 [ 31.724881] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.724914] ? calculate_sigpending+0x7b/0xa0 [ 31.724945] ? __pfx_kthread+0x10/0x10 [ 31.724974] ret_from_fork+0x116/0x1d0 [ 31.725000] ? __pfx_kthread+0x10/0x10 [ 31.725026] ret_from_fork_asm+0x1a/0x30 [ 31.725078] </TASK> [ 31.725101] [ 31.741296] Allocated by task 289: [ 31.741729] kasan_save_stack+0x45/0x70 [ 31.742135] kasan_save_track+0x18/0x40 [ 31.742563] kasan_save_alloc_info+0x3b/0x50 [ 31.742863] __kasan_kmalloc+0xb7/0xc0 [ 31.743368] __kmalloc_cache_noprof+0x189/0x420 [ 31.743843] kasan_strings+0xc0/0xe80 [ 31.744178] kunit_try_run_case+0x1a5/0x480 [ 31.744662] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.745167] kthread+0x337/0x6f0 [ 31.746126] ret_from_fork+0x116/0x1d0 [ 31.746775] ret_from_fork_asm+0x1a/0x30 [ 31.747038] [ 31.747210] Freed by task 289: [ 31.747661] kasan_save_stack+0x45/0x70 [ 31.748073] kasan_save_track+0x18/0x40 [ 31.748464] kasan_save_free_info+0x3f/0x60 [ 31.749048] __kasan_slab_free+0x56/0x70 [ 31.749457] kfree+0x222/0x3f0 [ 31.749875] kasan_strings+0x2aa/0xe80 [ 31.750206] kunit_try_run_case+0x1a5/0x480 [ 31.750476] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.751430] kthread+0x337/0x6f0 [ 31.751841] ret_from_fork+0x116/0x1d0 [ 31.752427] ret_from_fork_asm+0x1a/0x30 [ 31.752843] [ 31.753073] The buggy address belongs to the object at ffff888103b4da40 [ 31.753073] which belongs to the cache kmalloc-32 of size 32 [ 31.754015] The buggy address is located 16 bytes inside of [ 31.754015] freed 32-byte region [ffff888103b4da40, ffff888103b4da60) [ 31.755058] [ 31.755356] The buggy address belongs to the physical page: [ 31.755870] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103b4d [ 31.756311] flags: 0x200000000000000(node=0|zone=2) [ 31.756835] page_type: f5(slab) [ 31.757190] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 31.758416] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 31.759023] page dumped because: kasan: bad access detected [ 31.759678] [ 31.759863] Memory state around the buggy address: [ 31.760245] ffff888103b4d900: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 31.760907] ffff888103b4d980: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 31.761595] >ffff888103b4da00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 31.762169] ^ [ 31.763138] ffff888103b4da80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 31.763790] ffff888103b4db00: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 31.764571] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 31.673458] ================================================================== [ 31.674237] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80 [ 31.674692] Read of size 1 at addr ffff888103b4da50 by task kunit_try_catch/289 [ 31.675497] [ 31.675798] CPU: 1 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 31.675947] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.675983] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.676032] Call Trace: [ 31.676207] <TASK> [ 31.676261] dump_stack_lvl+0x73/0xb0 [ 31.676341] print_report+0xd1/0x650 [ 31.676404] ? __virt_addr_valid+0x1db/0x2d0 [ 31.676457] ? kasan_strings+0xcbc/0xe80 [ 31.676511] ? kasan_complete_mode_report_info+0x64/0x200 [ 31.676619] ? kasan_strings+0xcbc/0xe80 [ 31.676714] kasan_report+0x141/0x180 [ 31.676774] ? kasan_strings+0xcbc/0xe80 [ 31.676842] __asan_report_load1_noabort+0x18/0x20 [ 31.676932] kasan_strings+0xcbc/0xe80 [ 31.676986] ? trace_hardirqs_on+0x37/0xe0 [ 31.677045] ? __pfx_kasan_strings+0x10/0x10 [ 31.677132] ? finish_task_switch.isra.0+0x153/0x700 [ 31.677189] ? __switch_to+0x47/0xf50 [ 31.677247] ? __schedule+0x10cc/0x2b60 [ 31.677290] ? __pfx_read_tsc+0x10/0x10 [ 31.677322] ? ktime_get_ts64+0x86/0x230 [ 31.677354] kunit_try_run_case+0x1a5/0x480 [ 31.677389] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.677418] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.677449] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.677481] ? __kthread_parkme+0x82/0x180 [ 31.677508] ? preempt_count_sub+0x50/0x80 [ 31.677559] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.677594] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.677639] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.677693] kthread+0x337/0x6f0 [ 31.677721] ? trace_preempt_on+0x20/0xc0 [ 31.677750] ? __pfx_kthread+0x10/0x10 [ 31.677780] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.677809] ? calculate_sigpending+0x7b/0xa0 [ 31.677840] ? __pfx_kthread+0x10/0x10 [ 31.677869] ret_from_fork+0x116/0x1d0 [ 31.677894] ? __pfx_kthread+0x10/0x10 [ 31.677921] ret_from_fork_asm+0x1a/0x30 [ 31.677962] </TASK> [ 31.677976] [ 31.695202] Allocated by task 289: [ 31.695610] kasan_save_stack+0x45/0x70 [ 31.696567] kasan_save_track+0x18/0x40 [ 31.697040] kasan_save_alloc_info+0x3b/0x50 [ 31.697534] __kasan_kmalloc+0xb7/0xc0 [ 31.697952] __kmalloc_cache_noprof+0x189/0x420 [ 31.698556] kasan_strings+0xc0/0xe80 [ 31.698995] kunit_try_run_case+0x1a5/0x480 [ 31.699478] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.699890] kthread+0x337/0x6f0 [ 31.700384] ret_from_fork+0x116/0x1d0 [ 31.700954] ret_from_fork_asm+0x1a/0x30 [ 31.701227] [ 31.701848] Freed by task 289: [ 31.702458] kasan_save_stack+0x45/0x70 [ 31.702918] kasan_save_track+0x18/0x40 [ 31.703172] kasan_save_free_info+0x3f/0x60 [ 31.703883] __kasan_slab_free+0x56/0x70 [ 31.704346] kfree+0x222/0x3f0 [ 31.704718] kasan_strings+0x2aa/0xe80 [ 31.705001] kunit_try_run_case+0x1a5/0x480 [ 31.705425] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.705968] kthread+0x337/0x6f0 [ 31.706486] ret_from_fork+0x116/0x1d0 [ 31.706865] ret_from_fork_asm+0x1a/0x30 [ 31.707766] [ 31.707895] The buggy address belongs to the object at ffff888103b4da40 [ 31.707895] which belongs to the cache kmalloc-32 of size 32 [ 31.708969] The buggy address is located 16 bytes inside of [ 31.708969] freed 32-byte region [ffff888103b4da40, ffff888103b4da60) [ 31.709964] [ 31.710327] The buggy address belongs to the physical page: [ 31.710813] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103b4d [ 31.711521] flags: 0x200000000000000(node=0|zone=2) [ 31.712478] page_type: f5(slab) [ 31.712826] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 31.713511] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 31.714291] page dumped because: kasan: bad access detected [ 31.714744] [ 31.714932] Memory state around the buggy address: [ 31.715462] ffff888103b4d900: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 31.715834] ffff888103b4d980: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 31.716599] >ffff888103b4da00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 31.717364] ^ [ 31.717669] ffff888103b4da80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 31.718719] ffff888103b4db00: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 31.719469] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 31.626261] ================================================================== [ 31.628209] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0 [ 31.628620] Read of size 1 at addr ffff888103b4da50 by task kunit_try_catch/289 [ 31.629302] [ 31.629535] CPU: 1 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 31.629761] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.629795] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.629845] Call Trace: [ 31.629875] <TASK> [ 31.629913] dump_stack_lvl+0x73/0xb0 [ 31.629990] print_report+0xd1/0x650 [ 31.630051] ? __virt_addr_valid+0x1db/0x2d0 [ 31.630118] ? strcmp+0xb0/0xc0 [ 31.630172] ? kasan_complete_mode_report_info+0x64/0x200 [ 31.630237] ? strcmp+0xb0/0xc0 [ 31.630281] kasan_report+0x141/0x180 [ 31.630339] ? strcmp+0xb0/0xc0 [ 31.630395] __asan_report_load1_noabort+0x18/0x20 [ 31.630460] strcmp+0xb0/0xc0 [ 31.630511] kasan_strings+0x431/0xe80 [ 31.630683] ? trace_hardirqs_on+0x37/0xe0 [ 31.630758] ? __pfx_kasan_strings+0x10/0x10 [ 31.630813] ? finish_task_switch.isra.0+0x153/0x700 [ 31.630876] ? __switch_to+0x47/0xf50 [ 31.630920] ? __schedule+0x10cc/0x2b60 [ 31.630957] ? __pfx_read_tsc+0x10/0x10 [ 31.630987] ? ktime_get_ts64+0x86/0x230 [ 31.631020] kunit_try_run_case+0x1a5/0x480 [ 31.631056] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.631138] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.631187] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.631221] ? __kthread_parkme+0x82/0x180 [ 31.631250] ? preempt_count_sub+0x50/0x80 [ 31.631281] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.631313] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.631344] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.631376] kthread+0x337/0x6f0 [ 31.631403] ? trace_preempt_on+0x20/0xc0 [ 31.631434] ? __pfx_kthread+0x10/0x10 [ 31.631460] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.631489] ? calculate_sigpending+0x7b/0xa0 [ 31.631520] ? __pfx_kthread+0x10/0x10 [ 31.631572] ret_from_fork+0x116/0x1d0 [ 31.631600] ? __pfx_kthread+0x10/0x10 [ 31.631638] ret_from_fork_asm+0x1a/0x30 [ 31.631691] </TASK> [ 31.631708] [ 31.648259] Allocated by task 289: [ 31.648748] kasan_save_stack+0x45/0x70 [ 31.649584] kasan_save_track+0x18/0x40 [ 31.650033] kasan_save_alloc_info+0x3b/0x50 [ 31.650499] __kasan_kmalloc+0xb7/0xc0 [ 31.650994] __kmalloc_cache_noprof+0x189/0x420 [ 31.651711] kasan_strings+0xc0/0xe80 [ 31.652221] kunit_try_run_case+0x1a5/0x480 [ 31.652767] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.653342] kthread+0x337/0x6f0 [ 31.653733] ret_from_fork+0x116/0x1d0 [ 31.654300] ret_from_fork_asm+0x1a/0x30 [ 31.654734] [ 31.654944] Freed by task 289: [ 31.655261] kasan_save_stack+0x45/0x70 [ 31.655629] kasan_save_track+0x18/0x40 [ 31.656031] kasan_save_free_info+0x3f/0x60 [ 31.656465] __kasan_slab_free+0x56/0x70 [ 31.656876] kfree+0x222/0x3f0 [ 31.657263] kasan_strings+0x2aa/0xe80 [ 31.657759] kunit_try_run_case+0x1a5/0x480 [ 31.658345] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.658917] kthread+0x337/0x6f0 [ 31.659400] ret_from_fork+0x116/0x1d0 [ 31.659810] ret_from_fork_asm+0x1a/0x30 [ 31.660194] [ 31.660399] The buggy address belongs to the object at ffff888103b4da40 [ 31.660399] which belongs to the cache kmalloc-32 of size 32 [ 31.661666] The buggy address is located 16 bytes inside of [ 31.661666] freed 32-byte region [ffff888103b4da40, ffff888103b4da60) [ 31.662876] [ 31.663201] The buggy address belongs to the physical page: [ 31.663685] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103b4d [ 31.664453] flags: 0x200000000000000(node=0|zone=2) [ 31.664872] page_type: f5(slab) [ 31.665432] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 31.666322] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 31.666524] page dumped because: kasan: bad access detected [ 31.667013] [ 31.667360] Memory state around the buggy address: [ 31.667745] ffff888103b4d900: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 31.668458] ffff888103b4d980: fa fb fb fb fc fc fc fc 00 00 07 fc fc fc fc fc [ 31.669316] >ffff888103b4da00: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 31.670097] ^ [ 31.670651] ffff888103b4da80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 31.671041] ffff888103b4db00: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 31.671993] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 31.574662] ================================================================== [ 31.575297] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 31.576409] Read of size 1 at addr ffff888102df3898 by task kunit_try_catch/287 [ 31.576863] [ 31.577584] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 31.577731] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.577769] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.577819] Call Trace: [ 31.577848] <TASK> [ 31.577876] dump_stack_lvl+0x73/0xb0 [ 31.577917] print_report+0xd1/0x650 [ 31.577946] ? __virt_addr_valid+0x1db/0x2d0 [ 31.577987] ? memcmp+0x1b4/0x1d0 [ 31.578027] ? kasan_complete_mode_report_info+0x2a/0x200 [ 31.578073] ? memcmp+0x1b4/0x1d0 [ 31.578126] kasan_report+0x141/0x180 [ 31.578172] ? memcmp+0x1b4/0x1d0 [ 31.578224] __asan_report_load1_noabort+0x18/0x20 [ 31.578257] memcmp+0x1b4/0x1d0 [ 31.578284] kasan_memcmp+0x18f/0x390 [ 31.578310] ? trace_hardirqs_on+0x37/0xe0 [ 31.578339] ? __pfx_kasan_memcmp+0x10/0x10 [ 31.578364] ? finish_task_switch.isra.0+0x153/0x700 [ 31.578392] ? __switch_to+0x47/0xf50 [ 31.578427] ? __pfx_read_tsc+0x10/0x10 [ 31.578454] ? ktime_get_ts64+0x86/0x230 [ 31.578483] kunit_try_run_case+0x1a5/0x480 [ 31.578514] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.578565] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.578598] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.578633] ? __kthread_parkme+0x82/0x180 [ 31.578668] ? preempt_count_sub+0x50/0x80 [ 31.578698] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.578727] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.578756] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.578786] kthread+0x337/0x6f0 [ 31.578809] ? trace_preempt_on+0x20/0xc0 [ 31.578836] ? __pfx_kthread+0x10/0x10 [ 31.578860] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.578888] ? calculate_sigpending+0x7b/0xa0 [ 31.578918] ? __pfx_kthread+0x10/0x10 [ 31.578944] ret_from_fork+0x116/0x1d0 [ 31.578967] ? __pfx_kthread+0x10/0x10 [ 31.578991] ret_from_fork_asm+0x1a/0x30 [ 31.579029] </TASK> [ 31.579044] [ 31.595465] Allocated by task 287: [ 31.596211] kasan_save_stack+0x45/0x70 [ 31.596945] kasan_save_track+0x18/0x40 [ 31.597330] kasan_save_alloc_info+0x3b/0x50 [ 31.597687] __kasan_kmalloc+0xb7/0xc0 [ 31.598092] __kmalloc_cache_noprof+0x189/0x420 [ 31.598524] kasan_memcmp+0xb7/0x390 [ 31.599576] kunit_try_run_case+0x1a5/0x480 [ 31.600037] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.600871] kthread+0x337/0x6f0 [ 31.601086] ret_from_fork+0x116/0x1d0 [ 31.601795] ret_from_fork_asm+0x1a/0x30 [ 31.602016] [ 31.602229] The buggy address belongs to the object at ffff888102df3880 [ 31.602229] which belongs to the cache kmalloc-32 of size 32 [ 31.603389] The buggy address is located 0 bytes to the right of [ 31.603389] allocated 24-byte region [ffff888102df3880, ffff888102df3898) [ 31.604779] [ 31.604976] The buggy address belongs to the physical page: [ 31.605464] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102df3 [ 31.606494] flags: 0x200000000000000(node=0|zone=2) [ 31.607038] page_type: f5(slab) [ 31.607747] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 31.608441] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 31.609008] page dumped because: kasan: bad access detected [ 31.609943] [ 31.610142] Memory state around the buggy address: [ 31.610397] ffff888102df3780: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 31.611248] ffff888102df3800: 00 00 00 04 fc fc fc fc 00 00 07 fc fc fc fc fc [ 31.611686] >ffff888102df3880: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.612741] ^ [ 31.613465] ffff888102df3900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.614016] ffff888102df3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.614692] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 31.531352] ================================================================== [ 31.532066] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 31.533337] Read of size 1 at addr ffff888102a57c4a by task kunit_try_catch/283 [ 31.534197] [ 31.534380] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 31.534674] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.534714] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.534763] Call Trace: [ 31.534786] <TASK> [ 31.534814] dump_stack_lvl+0x73/0xb0 [ 31.534863] print_report+0xd1/0x650 [ 31.534895] ? __virt_addr_valid+0x1db/0x2d0 [ 31.534940] ? kasan_alloca_oob_right+0x329/0x390 [ 31.534987] ? kasan_addr_to_slab+0x11/0xa0 [ 31.535035] ? kasan_alloca_oob_right+0x329/0x390 [ 31.535093] kasan_report+0x141/0x180 [ 31.535150] ? kasan_alloca_oob_right+0x329/0x390 [ 31.535209] __asan_report_load1_noabort+0x18/0x20 [ 31.535264] kasan_alloca_oob_right+0x329/0x390 [ 31.535294] ? __kasan_check_write+0x18/0x20 [ 31.535325] ? __pfx_sched_clock_cpu+0x10/0x10 [ 31.535357] ? finish_task_switch.isra.0+0x153/0x700 [ 31.535387] ? up+0xbe/0x180 [ 31.535412] ? trace_hardirqs_on+0x37/0xe0 [ 31.535443] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 31.535474] ? __schedule+0x10cc/0x2b60 [ 31.535503] ? __pfx_read_tsc+0x10/0x10 [ 31.535529] ? ktime_get_ts64+0x86/0x230 [ 31.535585] kunit_try_run_case+0x1a5/0x480 [ 31.535619] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.535661] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.535692] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.535722] ? __kthread_parkme+0x82/0x180 [ 31.535746] ? preempt_count_sub+0x50/0x80 [ 31.535776] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.535805] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.535844] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.535874] kthread+0x337/0x6f0 [ 31.535898] ? trace_preempt_on+0x20/0xc0 [ 31.535924] ? __pfx_kthread+0x10/0x10 [ 31.535949] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.535977] ? calculate_sigpending+0x7b/0xa0 [ 31.536007] ? __pfx_kthread+0x10/0x10 [ 31.536033] ret_from_fork+0x116/0x1d0 [ 31.536082] ? __pfx_kthread+0x10/0x10 [ 31.536129] ret_from_fork_asm+0x1a/0x30 [ 31.536194] </TASK> [ 31.536222] [ 31.552806] The buggy address belongs to stack of task kunit_try_catch/283 [ 31.553287] [ 31.553430] The buggy address belongs to the physical page: [ 31.553823] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a57 [ 31.555220] flags: 0x200000000000000(node=0|zone=2) [ 31.555801] raw: 0200000000000000 dead000000000100 dead000000000122 0000000000000000 [ 31.556405] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 31.557186] page dumped because: kasan: bad access detected [ 31.557915] [ 31.558111] Memory state around the buggy address: [ 31.558892] ffff888102a57b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.559581] ffff888102a57b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.560157] >ffff888102a57c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 31.560732] ^ [ 31.561306] ffff888102a57c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 31.562341] ffff888102a57d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 31.562879] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 31.495923] ================================================================== [ 31.497153] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x320/0x380 [ 31.497858] Read of size 1 at addr ffff888102a4fc3f by task kunit_try_catch/281 [ 31.498338] [ 31.498520] CPU: 1 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 31.498656] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.498691] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.498780] Call Trace: [ 31.498817] <TASK> [ 31.498855] dump_stack_lvl+0x73/0xb0 [ 31.498930] print_report+0xd1/0x650 [ 31.498988] ? __virt_addr_valid+0x1db/0x2d0 [ 31.499065] ? kasan_alloca_oob_left+0x320/0x380 [ 31.499124] ? kasan_addr_to_slab+0x11/0xa0 [ 31.499178] ? kasan_alloca_oob_left+0x320/0x380 [ 31.499235] kasan_report+0x141/0x180 [ 31.499289] ? kasan_alloca_oob_left+0x320/0x380 [ 31.499353] __asan_report_load1_noabort+0x18/0x20 [ 31.499417] kasan_alloca_oob_left+0x320/0x380 [ 31.499483] ? __pfx_sched_clock_cpu+0x10/0x10 [ 31.499704] ? finish_task_switch.isra.0+0x153/0x700 [ 31.499761] ? up+0xbe/0x180 [ 31.499790] ? trace_hardirqs_on+0x37/0xe0 [ 31.499838] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 31.499872] ? __schedule+0x10cc/0x2b60 [ 31.499905] ? __pfx_read_tsc+0x10/0x10 [ 31.499935] ? ktime_get_ts64+0x86/0x230 [ 31.499968] kunit_try_run_case+0x1a5/0x480 [ 31.500002] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.500033] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.500076] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.500142] ? __kthread_parkme+0x82/0x180 [ 31.500187] ? preempt_count_sub+0x50/0x80 [ 31.500237] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.500291] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.500344] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.500399] kthread+0x337/0x6f0 [ 31.500440] ? trace_preempt_on+0x20/0xc0 [ 31.500473] ? __pfx_kthread+0x10/0x10 [ 31.500502] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.500533] ? calculate_sigpending+0x7b/0xa0 [ 31.500588] ? __pfx_kthread+0x10/0x10 [ 31.500617] ret_from_fork+0x116/0x1d0 [ 31.500659] ? __pfx_kthread+0x10/0x10 [ 31.500689] ret_from_fork_asm+0x1a/0x30 [ 31.500728] </TASK> [ 31.500743] [ 31.513871] The buggy address belongs to stack of task kunit_try_catch/281 [ 31.514655] [ 31.514866] The buggy address belongs to the physical page: [ 31.515496] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a4f [ 31.516662] flags: 0x200000000000000(node=0|zone=2) [ 31.517292] raw: 0200000000000000 dead000000000100 dead000000000122 0000000000000000 [ 31.517838] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 31.518374] page dumped because: kasan: bad access detected [ 31.518879] [ 31.519193] Memory state around the buggy address: [ 31.519660] ffff888102a4fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.520720] ffff888102a4fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.521221] >ffff888102a4fc00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 31.521752] ^ [ 31.522343] ffff888102a4fc80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 31.523019] ffff888102a4fd00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 31.523729] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 31.451901] ================================================================== [ 31.452920] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2b5/0x300 [ 31.454295] Read of size 1 at addr ffff888102a37d02 by task kunit_try_catch/279 [ 31.454909] [ 31.455111] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 31.455229] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.455262] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.455464] Call Trace: [ 31.455513] <TASK> [ 31.455570] dump_stack_lvl+0x73/0xb0 [ 31.455690] print_report+0xd1/0x650 [ 31.455753] ? __virt_addr_valid+0x1db/0x2d0 [ 31.455858] ? kasan_stack_oob+0x2b5/0x300 [ 31.455918] ? kasan_addr_to_slab+0x11/0xa0 [ 31.455978] ? kasan_stack_oob+0x2b5/0x300 [ 31.456040] kasan_report+0x141/0x180 [ 31.456335] ? kasan_stack_oob+0x2b5/0x300 [ 31.456408] __asan_report_load1_noabort+0x18/0x20 [ 31.456473] kasan_stack_oob+0x2b5/0x300 [ 31.456522] ? __pfx_kasan_stack_oob+0x10/0x10 [ 31.456582] ? finish_task_switch.isra.0+0x153/0x700 [ 31.456801] ? __switch_to+0x47/0xf50 [ 31.456857] ? __schedule+0x10cc/0x2b60 [ 31.456895] ? __pfx_read_tsc+0x10/0x10 [ 31.456926] ? ktime_get_ts64+0x86/0x230 [ 31.456959] kunit_try_run_case+0x1a5/0x480 [ 31.456994] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.457025] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.457063] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.457142] ? __kthread_parkme+0x82/0x180 [ 31.457184] ? preempt_count_sub+0x50/0x80 [ 31.457217] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.457250] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.457284] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.457315] kthread+0x337/0x6f0 [ 31.457342] ? trace_preempt_on+0x20/0xc0 [ 31.457374] ? __pfx_kthread+0x10/0x10 [ 31.457401] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.457431] ? calculate_sigpending+0x7b/0xa0 [ 31.457462] ? __pfx_kthread+0x10/0x10 [ 31.457491] ret_from_fork+0x116/0x1d0 [ 31.457516] ? __pfx_kthread+0x10/0x10 [ 31.457566] ret_from_fork_asm+0x1a/0x30 [ 31.457608] </TASK> [ 31.457622] [ 31.474564] The buggy address belongs to stack of task kunit_try_catch/279 [ 31.475522] and is located at offset 138 in frame: [ 31.475921] kasan_stack_oob+0x0/0x300 [ 31.477046] [ 31.477413] This frame has 4 objects: [ 31.477971] [48, 49) '__assertion' [ 31.478046] [64, 72) 'array' [ 31.478564] [96, 112) '__assertion' [ 31.478977] [128, 138) 'stack_array' [ 31.479529] [ 31.480137] The buggy address belongs to the physical page: [ 31.480665] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a37 [ 31.481748] flags: 0x200000000000000(node=0|zone=2) [ 31.483020] raw: 0200000000000000 dead000000000100 dead000000000122 0000000000000000 [ 31.483619] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 31.484477] page dumped because: kasan: bad access detected [ 31.485009] [ 31.485277] Memory state around the buggy address: [ 31.485662] ffff888102a37c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 31.486746] ffff888102a37c80: f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 [ 31.487488] >ffff888102a37d00: 02 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 31.488525] ^ [ 31.489081] ffff888102a37d80: f1 f1 f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 [ 31.489681] ffff888102a37e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.490002] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 31.415728] ================================================================== [ 31.416531] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x286/0x2d0 [ 31.417091] Read of size 1 at addr ffffffffa1aa8ecd by task kunit_try_catch/275 [ 31.417650] [ 31.417905] CPU: 0 UID: 0 PID: 275 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 31.418029] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.418060] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.418108] Call Trace: [ 31.418137] <TASK> [ 31.418176] dump_stack_lvl+0x73/0xb0 [ 31.418287] print_report+0xd1/0x650 [ 31.418367] ? __virt_addr_valid+0x1db/0x2d0 [ 31.418434] ? kasan_global_oob_right+0x286/0x2d0 [ 31.418516] ? kasan_addr_to_slab+0x11/0xa0 [ 31.418595] ? kasan_global_oob_right+0x286/0x2d0 [ 31.418683] kasan_report+0x141/0x180 [ 31.418717] ? kasan_global_oob_right+0x286/0x2d0 [ 31.418753] __asan_report_load1_noabort+0x18/0x20 [ 31.418804] kasan_global_oob_right+0x286/0x2d0 [ 31.418844] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 31.418877] ? __schedule+0x10cc/0x2b60 [ 31.418913] ? __pfx_read_tsc+0x10/0x10 [ 31.418943] ? ktime_get_ts64+0x86/0x230 [ 31.418977] kunit_try_run_case+0x1a5/0x480 [ 31.419010] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.419041] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.419073] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.419104] ? __kthread_parkme+0x82/0x180 [ 31.419133] ? preempt_count_sub+0x50/0x80 [ 31.419164] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.419196] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.419228] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.419259] kthread+0x337/0x6f0 [ 31.419285] ? trace_preempt_on+0x20/0xc0 [ 31.419317] ? __pfx_kthread+0x10/0x10 [ 31.419344] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.419374] ? calculate_sigpending+0x7b/0xa0 [ 31.419405] ? __pfx_kthread+0x10/0x10 [ 31.419433] ret_from_fork+0x116/0x1d0 [ 31.419458] ? __pfx_kthread+0x10/0x10 [ 31.419485] ret_from_fork_asm+0x1a/0x30 [ 31.419525] </TASK> [ 31.419558] [ 31.431757] The buggy address belongs to the variable: [ 31.432288] global_array+0xd/0x40 [ 31.432774] [ 31.433028] The buggy address belongs to the physical page: [ 31.433561] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2daa8 [ 31.434049] flags: 0x100000000002000(reserved|node=0|zone=1) [ 31.434432] raw: 0100000000002000 ffffea0000b6aa08 ffffea0000b6aa08 0000000000000000 [ 31.435160] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 31.435874] page dumped because: kasan: bad access detected [ 31.436364] [ 31.436582] Memory state around the buggy address: [ 31.437003] ffffffffa1aa8d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.437453] ffffffffa1aa8e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.438159] >ffffffffa1aa8e80: 00 00 00 00 00 00 00 00 00 02 f9 f9 f9 f9 f9 f9 [ 31.438722] ^ [ 31.439118] ffffffffa1aa8f00: 00 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 [ 31.439801] ffffffffa1aa8f80: 02 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 [ 31.440342] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 31.319854] ================================================================== [ 31.320613] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 31.321159] Free of addr ffff888102df6201 by task kunit_try_catch/271 [ 31.321735] [ 31.321985] CPU: 0 UID: 0 PID: 271 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 31.322103] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.322136] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.322181] Call Trace: [ 31.322210] <TASK> [ 31.322250] dump_stack_lvl+0x73/0xb0 [ 31.322329] print_report+0xd1/0x650 [ 31.322392] ? __virt_addr_valid+0x1db/0x2d0 [ 31.322463] ? kasan_complete_mode_report_info+0x2a/0x200 [ 31.322534] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 31.322759] kasan_report_invalid_free+0x10a/0x130 [ 31.322856] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 31.322933] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 31.322998] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 31.323060] check_slab_allocation+0x11f/0x130 [ 31.323135] __kasan_mempool_poison_object+0x91/0x1d0 [ 31.323215] mempool_free+0x2ec/0x380 [ 31.323280] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 31.323338] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 31.323377] ? __pfx_sched_clock_cpu+0x10/0x10 [ 31.323410] ? finish_task_switch.isra.0+0x153/0x700 [ 31.323508] mempool_kmalloc_invalid_free+0xed/0x140 [ 31.323580] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 31.323641] ? __pfx_mempool_kmalloc+0x10/0x10 [ 31.323691] ? __pfx_mempool_kfree+0x10/0x10 [ 31.323748] ? __pfx_read_tsc+0x10/0x10 [ 31.323798] ? ktime_get_ts64+0x86/0x230 [ 31.323878] kunit_try_run_case+0x1a5/0x480 [ 31.323923] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.323955] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.323991] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.324023] ? __kthread_parkme+0x82/0x180 [ 31.324052] ? preempt_count_sub+0x50/0x80 [ 31.324109] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.324167] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.324234] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.324270] kthread+0x337/0x6f0 [ 31.324298] ? trace_preempt_on+0x20/0xc0 [ 31.324333] ? __pfx_kthread+0x10/0x10 [ 31.324361] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.324392] ? calculate_sigpending+0x7b/0xa0 [ 31.324424] ? __pfx_kthread+0x10/0x10 [ 31.324453] ret_from_fork+0x116/0x1d0 [ 31.324480] ? __pfx_kthread+0x10/0x10 [ 31.324507] ret_from_fork_asm+0x1a/0x30 [ 31.324571] </TASK> [ 31.324588] [ 31.346963] Allocated by task 271: [ 31.347163] kasan_save_stack+0x45/0x70 [ 31.348142] kasan_save_track+0x18/0x40 [ 31.348623] kasan_save_alloc_info+0x3b/0x50 [ 31.349117] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 31.350108] remove_element+0x11e/0x190 [ 31.350407] mempool_alloc_preallocated+0x4d/0x90 [ 31.351006] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 31.351496] mempool_kmalloc_invalid_free+0xed/0x140 [ 31.352234] kunit_try_run_case+0x1a5/0x480 [ 31.352590] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.352981] kthread+0x337/0x6f0 [ 31.353245] ret_from_fork+0x116/0x1d0 [ 31.353514] ret_from_fork_asm+0x1a/0x30 [ 31.354857] [ 31.355068] The buggy address belongs to the object at ffff888102df6200 [ 31.355068] which belongs to the cache kmalloc-128 of size 128 [ 31.355851] The buggy address is located 1 bytes inside of [ 31.355851] 128-byte region [ffff888102df6200, ffff888102df6280) [ 31.356801] [ 31.357026] The buggy address belongs to the physical page: [ 31.357480] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102df6 [ 31.358027] flags: 0x200000000000000(node=0|zone=2) [ 31.358661] page_type: f5(slab) [ 31.359003] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 31.359897] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.360473] page dumped because: kasan: bad access detected [ 31.361439] [ 31.361621] Memory state around the buggy address: [ 31.362232] ffff888102df6100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.362747] ffff888102df6180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.363410] >ffff888102df6200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.364050] ^ [ 31.364835] ffff888102df6280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.365454] ffff888102df6300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.366020] ================================================================== [ 31.372508] ================================================================== [ 31.373580] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 31.374405] Free of addr ffff888103be0001 by task kunit_try_catch/273 [ 31.375257] [ 31.375425] CPU: 1 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 31.375561] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.375596] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.376019] Call Trace: [ 31.376058] <TASK> [ 31.376116] dump_stack_lvl+0x73/0xb0 [ 31.376194] print_report+0xd1/0x650 [ 31.376230] ? __virt_addr_valid+0x1db/0x2d0 [ 31.376267] ? kasan_addr_to_slab+0x11/0xa0 [ 31.376295] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 31.376329] kasan_report_invalid_free+0x10a/0x130 [ 31.376361] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 31.376397] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 31.376429] __kasan_mempool_poison_object+0x102/0x1d0 [ 31.376461] mempool_free+0x2ec/0x380 [ 31.376495] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 31.376528] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 31.376586] ? __pfx_sched_clock_cpu+0x10/0x10 [ 31.376618] ? finish_task_switch.isra.0+0x153/0x700 [ 31.376688] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 31.376723] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 31.376758] ? __pfx_mempool_kmalloc+0x10/0x10 [ 31.376788] ? __pfx_mempool_kfree+0x10/0x10 [ 31.376820] ? __pfx_read_tsc+0x10/0x10 [ 31.376849] ? ktime_get_ts64+0x86/0x230 [ 31.376883] kunit_try_run_case+0x1a5/0x480 [ 31.376917] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.376947] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.376981] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.377013] ? __kthread_parkme+0x82/0x180 [ 31.377039] ? preempt_count_sub+0x50/0x80 [ 31.377087] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.377142] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.377195] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.377249] kthread+0x337/0x6f0 [ 31.377295] ? trace_preempt_on+0x20/0xc0 [ 31.377346] ? __pfx_kthread+0x10/0x10 [ 31.377395] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.377434] ? calculate_sigpending+0x7b/0xa0 [ 31.377468] ? __pfx_kthread+0x10/0x10 [ 31.377497] ret_from_fork+0x116/0x1d0 [ 31.377523] ? __pfx_kthread+0x10/0x10 [ 31.377576] ret_from_fork_asm+0x1a/0x30 [ 31.377618] </TASK> [ 31.377638] [ 31.396399] The buggy address belongs to the physical page: [ 31.397075] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103be0 [ 31.398080] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 31.398847] flags: 0x200000000000040(head|node=0|zone=2) [ 31.399318] page_type: f8(unknown) [ 31.399641] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 31.400154] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 31.400855] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 31.401275] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 31.402580] head: 0200000000000002 ffffea00040ef801 00000000ffffffff 00000000ffffffff [ 31.402991] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 31.403892] page dumped because: kasan: bad access detected [ 31.404483] [ 31.404744] Memory state around the buggy address: [ 31.405209] ffff888103bdff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.405976] ffff888103bdff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.406689] >ffff888103be0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.407134] ^ [ 31.407473] ffff888103be0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.408602] ffff888103be0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.409189] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 31.234973] ================================================================== [ 31.235961] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 31.236449] Free of addr ffff888102d80000 by task kunit_try_catch/267 [ 31.236963] [ 31.237157] CPU: 0 UID: 0 PID: 267 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 31.237274] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.237309] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.237359] Call Trace: [ 31.237391] <TASK> [ 31.237429] dump_stack_lvl+0x73/0xb0 [ 31.237507] print_report+0xd1/0x650 [ 31.237829] ? __virt_addr_valid+0x1db/0x2d0 [ 31.237912] ? kasan_addr_to_slab+0x11/0xa0 [ 31.237967] ? mempool_double_free_helper+0x184/0x370 [ 31.238026] kasan_report_invalid_free+0x10a/0x130 [ 31.238239] ? mempool_double_free_helper+0x184/0x370 [ 31.238310] ? mempool_double_free_helper+0x184/0x370 [ 31.238366] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 31.238432] mempool_free+0x2ec/0x380 [ 31.238509] mempool_double_free_helper+0x184/0x370 [ 31.238596] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 31.238685] ? __kasan_check_write+0x18/0x20 [ 31.238720] ? __pfx_sched_clock_cpu+0x10/0x10 [ 31.238752] ? finish_task_switch.isra.0+0x153/0x700 [ 31.238790] mempool_kmalloc_large_double_free+0xed/0x140 [ 31.238823] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 31.238858] ? __pfx_mempool_kmalloc+0x10/0x10 [ 31.238888] ? __pfx_mempool_kfree+0x10/0x10 [ 31.238920] ? __pfx_read_tsc+0x10/0x10 [ 31.238949] ? ktime_get_ts64+0x86/0x230 [ 31.238983] kunit_try_run_case+0x1a5/0x480 [ 31.239019] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.239064] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.239153] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.239209] ? __kthread_parkme+0x82/0x180 [ 31.239258] ? preempt_count_sub+0x50/0x80 [ 31.239308] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.239363] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.239418] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.239452] kthread+0x337/0x6f0 [ 31.239480] ? trace_preempt_on+0x20/0xc0 [ 31.239514] ? __pfx_kthread+0x10/0x10 [ 31.239565] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.239598] ? calculate_sigpending+0x7b/0xa0 [ 31.239647] ? __pfx_kthread+0x10/0x10 [ 31.239696] ret_from_fork+0x116/0x1d0 [ 31.239723] ? __pfx_kthread+0x10/0x10 [ 31.239752] ret_from_fork_asm+0x1a/0x30 [ 31.239795] </TASK> [ 31.239810] [ 31.256474] The buggy address belongs to the physical page: [ 31.257035] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d80 [ 31.258351] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 31.258925] flags: 0x200000000000040(head|node=0|zone=2) [ 31.259378] page_type: f8(unknown) [ 31.259790] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 31.260618] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 31.261731] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 31.262482] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 31.263326] head: 0200000000000002 ffffea00040b6001 00000000ffffffff 00000000ffffffff [ 31.263768] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 31.264488] page dumped because: kasan: bad access detected [ 31.265002] [ 31.265575] Memory state around the buggy address: [ 31.265865] ffff888102d7ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.266442] ffff888102d7ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.266941] >ffff888102d80000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.267438] ^ [ 31.267985] ffff888102d80080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.268745] ffff888102d80100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.269589] ================================================================== [ 31.276757] ================================================================== [ 31.277722] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 31.279079] Free of addr ffff888103be0000 by task kunit_try_catch/269 [ 31.279576] [ 31.280226] CPU: 1 UID: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 31.280354] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.280399] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.280469] Call Trace: [ 31.280505] <TASK> [ 31.280560] dump_stack_lvl+0x73/0xb0 [ 31.280611] print_report+0xd1/0x650 [ 31.280644] ? __virt_addr_valid+0x1db/0x2d0 [ 31.280679] ? kasan_addr_to_slab+0x11/0xa0 [ 31.280709] ? mempool_double_free_helper+0x184/0x370 [ 31.280753] kasan_report_invalid_free+0x10a/0x130 [ 31.280786] ? mempool_double_free_helper+0x184/0x370 [ 31.280820] ? mempool_double_free_helper+0x184/0x370 [ 31.280851] __kasan_mempool_poison_pages+0x115/0x130 [ 31.280882] mempool_free+0x290/0x380 [ 31.280915] mempool_double_free_helper+0x184/0x370 [ 31.280945] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 31.280977] ? __kasan_check_write+0x18/0x20 [ 31.281008] ? __pfx_sched_clock_cpu+0x10/0x10 [ 31.281037] ? finish_task_switch.isra.0+0x153/0x700 [ 31.281092] mempool_page_alloc_double_free+0xe8/0x140 [ 31.281148] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 31.281193] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 31.281224] ? __pfx_mempool_free_pages+0x10/0x10 [ 31.281257] ? __pfx_read_tsc+0x10/0x10 [ 31.281289] ? ktime_get_ts64+0x86/0x230 [ 31.281323] kunit_try_run_case+0x1a5/0x480 [ 31.281357] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.281386] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.281419] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.281451] ? __kthread_parkme+0x82/0x180 [ 31.281477] ? preempt_count_sub+0x50/0x80 [ 31.281507] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.281556] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.281590] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.281622] kthread+0x337/0x6f0 [ 31.281647] ? trace_preempt_on+0x20/0xc0 [ 31.281678] ? __pfx_kthread+0x10/0x10 [ 31.281706] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.281750] ? calculate_sigpending+0x7b/0xa0 [ 31.281781] ? __pfx_kthread+0x10/0x10 [ 31.281809] ret_from_fork+0x116/0x1d0 [ 31.281834] ? __pfx_kthread+0x10/0x10 [ 31.281861] ret_from_fork_asm+0x1a/0x30 [ 31.281900] </TASK> [ 31.281914] [ 31.303513] The buggy address belongs to the physical page: [ 31.303982] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103be0 [ 31.304816] flags: 0x200000000000000(node=0|zone=2) [ 31.305209] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 31.305757] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 31.307068] page dumped because: kasan: bad access detected [ 31.307525] [ 31.307754] Memory state around the buggy address: [ 31.308609] ffff888103bdff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.309288] ffff888103bdff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.309485] >ffff888103be0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.309786] ^ [ 31.310271] ffff888103be0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.311606] ffff888103be0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.312441] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 28.225498] ================================================================== [ 28.226832] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 28.227680] Read of size 1 at addr ffff888102ce0000 by task kunit_try_catch/184 [ 28.228572] [ 28.228884] CPU: 0 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 28.229024] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.229066] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.229116] Call Trace: [ 28.229148] <TASK> [ 28.229185] dump_stack_lvl+0x73/0xb0 [ 28.229257] print_report+0xd1/0x650 [ 28.229311] ? __virt_addr_valid+0x1db/0x2d0 [ 28.229373] ? page_alloc_uaf+0x356/0x3d0 [ 28.229422] ? kasan_addr_to_slab+0x11/0xa0 [ 28.229500] ? page_alloc_uaf+0x356/0x3d0 [ 28.229564] kasan_report+0x141/0x180 [ 28.229614] ? page_alloc_uaf+0x356/0x3d0 [ 28.229685] __asan_report_load1_noabort+0x18/0x20 [ 28.229720] page_alloc_uaf+0x356/0x3d0 [ 28.229748] ? __pfx_page_alloc_uaf+0x10/0x10 [ 28.229780] ? __pfx_page_alloc_uaf+0x10/0x10 [ 28.229813] kunit_try_run_case+0x1a5/0x480 [ 28.229846] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.229875] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.229907] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.229939] ? __kthread_parkme+0x82/0x180 [ 28.229969] ? preempt_count_sub+0x50/0x80 [ 28.229999] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.230030] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.230082] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.230138] kthread+0x337/0x6f0 [ 28.230175] ? trace_preempt_on+0x20/0xc0 [ 28.230208] ? __pfx_kthread+0x10/0x10 [ 28.230236] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.230266] ? calculate_sigpending+0x7b/0xa0 [ 28.230297] ? __pfx_kthread+0x10/0x10 [ 28.230324] ret_from_fork+0x116/0x1d0 [ 28.230350] ? __pfx_kthread+0x10/0x10 [ 28.230377] ret_from_fork_asm+0x1a/0x30 [ 28.230416] </TASK> [ 28.230430] [ 28.245171] The buggy address belongs to the physical page: [ 28.245846] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ce0 [ 28.246784] flags: 0x200000000000000(node=0|zone=2) [ 28.247306] page_type: f0(buddy) [ 28.247436] raw: 0200000000000000 ffff88817fffb4a8 ffff88817fffb4a8 0000000000000000 [ 28.248231] raw: 0000000000000000 0000000000000005 00000000f0000000 0000000000000000 [ 28.249186] page dumped because: kasan: bad access detected [ 28.249470] [ 28.249696] Memory state around the buggy address: [ 28.250344] ffff888102cdff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.251288] ffff888102cdff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.251866] >ffff888102ce0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.252538] ^ [ 28.252910] ffff888102ce0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.253805] ffff888102ce0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.254419] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-kfree
[ 28.181467] ================================================================== [ 28.182151] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 28.183140] Free of addr ffff888102d60001 by task kunit_try_catch/180 [ 28.183905] [ 28.184076] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 28.184223] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.184258] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.184302] Call Trace: [ 28.184331] <TASK> [ 28.184369] dump_stack_lvl+0x73/0xb0 [ 28.184442] print_report+0xd1/0x650 [ 28.184495] ? __virt_addr_valid+0x1db/0x2d0 [ 28.184566] ? kasan_addr_to_slab+0x11/0xa0 [ 28.184618] ? kfree+0x274/0x3f0 [ 28.184674] kasan_report_invalid_free+0x10a/0x130 [ 28.184742] ? kfree+0x274/0x3f0 [ 28.184806] ? kfree+0x274/0x3f0 [ 28.184855] __kasan_kfree_large+0x86/0xd0 [ 28.184900] free_large_kmalloc+0x52/0x110 [ 28.184932] kfree+0x274/0x3f0 [ 28.184965] kmalloc_large_invalid_free+0x120/0x2b0 [ 28.184996] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 28.185029] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 28.185075] kunit_try_run_case+0x1a5/0x480 [ 28.185144] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.185185] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.185220] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.185253] ? __kthread_parkme+0x82/0x180 [ 28.185281] ? preempt_count_sub+0x50/0x80 [ 28.185312] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.185343] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.185374] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.185404] kthread+0x337/0x6f0 [ 28.185429] ? trace_preempt_on+0x20/0xc0 [ 28.185459] ? __pfx_kthread+0x10/0x10 [ 28.185485] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.185514] ? calculate_sigpending+0x7b/0xa0 [ 28.185564] ? __pfx_kthread+0x10/0x10 [ 28.185593] ret_from_fork+0x116/0x1d0 [ 28.185619] ? __pfx_kthread+0x10/0x10 [ 28.185660] ret_from_fork_asm+0x1a/0x30 [ 28.185701] </TASK> [ 28.185716] [ 28.201741] The buggy address belongs to the physical page: [ 28.202333] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d60 [ 28.203159] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.203857] flags: 0x200000000000040(head|node=0|zone=2) [ 28.204492] page_type: f8(unknown) [ 28.205017] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.205836] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 28.206440] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.207419] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 28.207950] head: 0200000000000002 ffffea00040b5801 00000000ffffffff 00000000ffffffff [ 28.208675] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 28.209357] page dumped because: kasan: bad access detected [ 28.209880] [ 28.210082] Memory state around the buggy address: [ 28.210726] ffff888102d5ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.211112] ffff888102d5ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.211755] >ffff888102d60000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.212254] ^ [ 28.212699] ffff888102d60080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.213341] ffff888102d60100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.214200] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 28.145808] ================================================================== [ 28.146498] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f1/0x340 [ 28.147090] Read of size 1 at addr ffff8881029f4000 by task kunit_try_catch/178 [ 28.147660] [ 28.147983] CPU: 1 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 28.148096] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.148127] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.148173] Call Trace: [ 28.148209] <TASK> [ 28.148245] dump_stack_lvl+0x73/0xb0 [ 28.148365] print_report+0xd1/0x650 [ 28.148419] ? __virt_addr_valid+0x1db/0x2d0 [ 28.148476] ? kmalloc_large_uaf+0x2f1/0x340 [ 28.148528] ? kasan_addr_to_slab+0x11/0xa0 [ 28.148597] ? kmalloc_large_uaf+0x2f1/0x340 [ 28.148697] kasan_report+0x141/0x180 [ 28.148759] ? kmalloc_large_uaf+0x2f1/0x340 [ 28.148824] __asan_report_load1_noabort+0x18/0x20 [ 28.148884] kmalloc_large_uaf+0x2f1/0x340 [ 28.148938] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 28.149003] ? __schedule+0x10cc/0x2b60 [ 28.149104] ? __pfx_read_tsc+0x10/0x10 [ 28.149162] ? ktime_get_ts64+0x86/0x230 [ 28.149216] kunit_try_run_case+0x1a5/0x480 [ 28.149272] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.149321] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.149374] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.149427] ? __kthread_parkme+0x82/0x180 [ 28.149476] ? preempt_count_sub+0x50/0x80 [ 28.149527] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.149603] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.149659] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.149696] kthread+0x337/0x6f0 [ 28.149725] ? trace_preempt_on+0x20/0xc0 [ 28.149757] ? __pfx_kthread+0x10/0x10 [ 28.149783] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.149813] ? calculate_sigpending+0x7b/0xa0 [ 28.149843] ? __pfx_kthread+0x10/0x10 [ 28.149871] ret_from_fork+0x116/0x1d0 [ 28.149896] ? __pfx_kthread+0x10/0x10 [ 28.149922] ret_from_fork_asm+0x1a/0x30 [ 28.149961] </TASK> [ 28.149975] [ 28.166446] The buggy address belongs to the physical page: [ 28.167937] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029f4 [ 28.168725] flags: 0x200000000000000(node=0|zone=2) [ 28.169124] raw: 0200000000000000 ffffea00040a7e08 ffff88815b139fc0 0000000000000000 [ 28.169597] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 28.170560] page dumped because: kasan: bad access detected [ 28.170845] [ 28.171063] Memory state around the buggy address: [ 28.171515] ffff8881029f3f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.172212] ffff8881029f3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.172863] >ffff8881029f4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.173340] ^ [ 28.173746] ffff8881029f4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.174754] ffff8881029f4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.175394] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 28.106788] ================================================================== [ 28.107739] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 28.108661] Write of size 1 at addr ffff888102d6200a by task kunit_try_catch/176 [ 28.109196] [ 28.109382] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 28.109491] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.109521] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.109583] Call Trace: [ 28.109612] <TASK> [ 28.109648] dump_stack_lvl+0x73/0xb0 [ 28.109726] print_report+0xd1/0x650 [ 28.109783] ? __virt_addr_valid+0x1db/0x2d0 [ 28.109846] ? kmalloc_large_oob_right+0x2e9/0x330 [ 28.109942] ? kasan_addr_to_slab+0x11/0xa0 [ 28.110022] ? kmalloc_large_oob_right+0x2e9/0x330 [ 28.110081] kasan_report+0x141/0x180 [ 28.110142] ? kmalloc_large_oob_right+0x2e9/0x330 [ 28.110210] __asan_report_store1_noabort+0x1b/0x30 [ 28.110277] kmalloc_large_oob_right+0x2e9/0x330 [ 28.110339] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 28.110400] ? __schedule+0x10cc/0x2b60 [ 28.110469] ? __pfx_read_tsc+0x10/0x10 [ 28.110529] ? ktime_get_ts64+0x86/0x230 [ 28.110612] kunit_try_run_case+0x1a5/0x480 [ 28.110678] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.110732] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.110771] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.110804] ? __kthread_parkme+0x82/0x180 [ 28.110832] ? preempt_count_sub+0x50/0x80 [ 28.110864] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.110895] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.110926] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.110957] kthread+0x337/0x6f0 [ 28.110982] ? trace_preempt_on+0x20/0xc0 [ 28.111013] ? __pfx_kthread+0x10/0x10 [ 28.111039] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.111111] ? calculate_sigpending+0x7b/0xa0 [ 28.111173] ? __pfx_kthread+0x10/0x10 [ 28.111219] ret_from_fork+0x116/0x1d0 [ 28.111262] ? __pfx_kthread+0x10/0x10 [ 28.111307] ret_from_fork_asm+0x1a/0x30 [ 28.111376] </TASK> [ 28.111400] [ 28.126733] The buggy address belongs to the physical page: [ 28.127349] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d60 [ 28.127955] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.128956] flags: 0x200000000000040(head|node=0|zone=2) [ 28.129500] page_type: f8(unknown) [ 28.129879] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.130519] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 28.131289] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.131945] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 28.132615] head: 0200000000000002 ffffea00040b5801 00000000ffffffff 00000000ffffffff [ 28.133306] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 28.133876] page dumped because: kasan: bad access detected [ 28.134732] [ 28.134902] Memory state around the buggy address: [ 28.135446] ffff888102d61f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.136043] ffff888102d61f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.137120] >ffff888102d62000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.137810] ^ [ 28.138158] ffff888102d62080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.138501] ffff888102d62100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.139135] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 28.056589] ================================================================== [ 28.057262] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 28.058452] Write of size 1 at addr ffff888102c69f00 by task kunit_try_catch/174 [ 28.058823] [ 28.058992] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 28.059097] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.059122] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.059164] Call Trace: [ 28.059192] <TASK> [ 28.059229] dump_stack_lvl+0x73/0xb0 [ 28.059301] print_report+0xd1/0x650 [ 28.059357] ? __virt_addr_valid+0x1db/0x2d0 [ 28.059416] ? kmalloc_big_oob_right+0x316/0x370 [ 28.059471] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.059531] ? kmalloc_big_oob_right+0x316/0x370 [ 28.059603] kasan_report+0x141/0x180 [ 28.059651] ? kmalloc_big_oob_right+0x316/0x370 [ 28.059707] __asan_report_store1_noabort+0x1b/0x30 [ 28.059761] kmalloc_big_oob_right+0x316/0x370 [ 28.059810] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 28.059873] ? __schedule+0x10cc/0x2b60 [ 28.059930] ? __pfx_read_tsc+0x10/0x10 [ 28.059988] ? ktime_get_ts64+0x86/0x230 [ 28.060050] kunit_try_run_case+0x1a5/0x480 [ 28.060106] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.060149] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.060202] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.060253] ? __kthread_parkme+0x82/0x180 [ 28.060301] ? preempt_count_sub+0x50/0x80 [ 28.060351] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.060403] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.060453] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.060505] kthread+0x337/0x6f0 [ 28.061088] ? trace_preempt_on+0x20/0xc0 [ 28.061244] ? __pfx_kthread+0x10/0x10 [ 28.061307] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.061362] ? calculate_sigpending+0x7b/0xa0 [ 28.061419] ? __pfx_kthread+0x10/0x10 [ 28.061468] ret_from_fork+0x116/0x1d0 [ 28.061515] ? __pfx_kthread+0x10/0x10 [ 28.061585] ret_from_fork_asm+0x1a/0x30 [ 28.061783] </TASK> [ 28.061842] [ 28.078861] Allocated by task 174: [ 28.079377] kasan_save_stack+0x45/0x70 [ 28.079879] kasan_save_track+0x18/0x40 [ 28.080687] kasan_save_alloc_info+0x3b/0x50 [ 28.080998] __kasan_kmalloc+0xb7/0xc0 [ 28.081280] __kmalloc_cache_noprof+0x189/0x420 [ 28.081913] kmalloc_big_oob_right+0xa9/0x370 [ 28.082396] kunit_try_run_case+0x1a5/0x480 [ 28.082816] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.083420] kthread+0x337/0x6f0 [ 28.083818] ret_from_fork+0x116/0x1d0 [ 28.084497] ret_from_fork_asm+0x1a/0x30 [ 28.084963] [ 28.085303] The buggy address belongs to the object at ffff888102c68000 [ 28.085303] which belongs to the cache kmalloc-8k of size 8192 [ 28.086298] The buggy address is located 0 bytes to the right of [ 28.086298] allocated 7936-byte region [ffff888102c68000, ffff888102c69f00) [ 28.087189] [ 28.087391] The buggy address belongs to the physical page: [ 28.087948] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c68 [ 28.088932] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.089526] flags: 0x200000000000040(head|node=0|zone=2) [ 28.090169] page_type: f5(slab) [ 28.090525] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 28.091225] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 28.091788] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 28.092423] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 28.092898] head: 0200000000000003 ffffea00040b1a01 00000000ffffffff 00000000ffffffff [ 28.093472] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 28.094467] page dumped because: kasan: bad access detected [ 28.094906] [ 28.095111] Memory state around the buggy address: [ 28.095602] ffff888102c69e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.096320] ffff888102c69e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.096932] >ffff888102c69f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.097801] ^ [ 28.098268] ffff888102c69f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.098792] ffff888102c6a000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.099478] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 28.016875] ================================================================== [ 28.017425] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 28.018245] Write of size 1 at addr ffff888102dcf878 by task kunit_try_catch/172 [ 28.018705] [ 28.018880] CPU: 0 UID: 0 PID: 172 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 28.018993] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.019023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.019057] Call Trace: [ 28.019074] <TASK> [ 28.019096] dump_stack_lvl+0x73/0xb0 [ 28.019137] print_report+0xd1/0x650 [ 28.019167] ? __virt_addr_valid+0x1db/0x2d0 [ 28.019214] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 28.019269] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.019327] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 28.019390] kasan_report+0x141/0x180 [ 28.019452] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 28.019528] __asan_report_store1_noabort+0x1b/0x30 [ 28.019608] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 28.019671] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 28.019739] ? __schedule+0x10cc/0x2b60 [ 28.019807] ? __pfx_read_tsc+0x10/0x10 [ 28.019877] ? ktime_get_ts64+0x86/0x230 [ 28.019937] kunit_try_run_case+0x1a5/0x480 [ 28.020001] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.020048] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.020083] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.020116] ? __kthread_parkme+0x82/0x180 [ 28.020144] ? preempt_count_sub+0x50/0x80 [ 28.020174] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.020205] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.020236] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.020266] kthread+0x337/0x6f0 [ 28.020292] ? trace_preempt_on+0x20/0xc0 [ 28.020323] ? __pfx_kthread+0x10/0x10 [ 28.020351] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.020382] ? calculate_sigpending+0x7b/0xa0 [ 28.020412] ? __pfx_kthread+0x10/0x10 [ 28.020439] ret_from_fork+0x116/0x1d0 [ 28.020464] ? __pfx_kthread+0x10/0x10 [ 28.020491] ret_from_fork_asm+0x1a/0x30 [ 28.020529] </TASK> [ 28.020562] [ 28.033182] Allocated by task 172: [ 28.033615] kasan_save_stack+0x45/0x70 [ 28.034294] kasan_save_track+0x18/0x40 [ 28.034756] kasan_save_alloc_info+0x3b/0x50 [ 28.035275] __kasan_kmalloc+0xb7/0xc0 [ 28.035776] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 28.036422] kmalloc_track_caller_oob_right+0x19a/0x520 [ 28.036779] kunit_try_run_case+0x1a5/0x480 [ 28.037040] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.037333] kthread+0x337/0x6f0 [ 28.037722] ret_from_fork+0x116/0x1d0 [ 28.038394] ret_from_fork_asm+0x1a/0x30 [ 28.038907] [ 28.039112] The buggy address belongs to the object at ffff888102dcf800 [ 28.039112] which belongs to the cache kmalloc-128 of size 128 [ 28.040597] The buggy address is located 0 bytes to the right of [ 28.040597] allocated 120-byte region [ffff888102dcf800, ffff888102dcf878) [ 28.041853] [ 28.042068] The buggy address belongs to the physical page: [ 28.042712] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102dcf [ 28.043471] flags: 0x200000000000000(node=0|zone=2) [ 28.043982] page_type: f5(slab) [ 28.044341] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.045048] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.045663] page dumped because: kasan: bad access detected [ 28.046030] [ 28.046167] Memory state around the buggy address: [ 28.046661] ffff888102dcf700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.047331] ffff888102dcf780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.047893] >ffff888102dcf800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.048364] ^ [ 28.048917] ffff888102dcf880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.049466] ffff888102dcf900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.050044] ================================================================== [ 27.978706] ================================================================== [ 27.979222] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 27.980658] Write of size 1 at addr ffff888102dcf778 by task kunit_try_catch/172 [ 27.981162] [ 27.981340] CPU: 0 UID: 0 PID: 172 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 27.981446] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.981477] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.981524] Call Trace: [ 27.981575] <TASK> [ 27.981613] dump_stack_lvl+0x73/0xb0 [ 27.981690] print_report+0xd1/0x650 [ 27.981743] ? __virt_addr_valid+0x1db/0x2d0 [ 27.981798] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 27.981854] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.981919] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 27.981986] kasan_report+0x141/0x180 [ 27.982046] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 27.982112] __asan_report_store1_noabort+0x1b/0x30 [ 27.982171] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 27.982234] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 27.982302] ? __schedule+0x10cc/0x2b60 [ 27.982351] ? __pfx_read_tsc+0x10/0x10 [ 27.982383] ? ktime_get_ts64+0x86/0x230 [ 27.982415] kunit_try_run_case+0x1a5/0x480 [ 27.982449] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.982480] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.982511] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.982564] ? __kthread_parkme+0x82/0x180 [ 27.982596] ? preempt_count_sub+0x50/0x80 [ 27.982628] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.982675] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.982707] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.982738] kthread+0x337/0x6f0 [ 27.982764] ? trace_preempt_on+0x20/0xc0 [ 27.982795] ? __pfx_kthread+0x10/0x10 [ 27.982821] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.982851] ? calculate_sigpending+0x7b/0xa0 [ 27.982884] ? __pfx_kthread+0x10/0x10 [ 27.982911] ret_from_fork+0x116/0x1d0 [ 27.982937] ? __pfx_kthread+0x10/0x10 [ 27.982963] ret_from_fork_asm+0x1a/0x30 [ 27.983002] </TASK> [ 27.983015] [ 27.997139] Allocated by task 172: [ 27.997508] kasan_save_stack+0x45/0x70 [ 27.998185] kasan_save_track+0x18/0x40 [ 27.998438] kasan_save_alloc_info+0x3b/0x50 [ 27.998820] __kasan_kmalloc+0xb7/0xc0 [ 27.999342] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 27.999919] kmalloc_track_caller_oob_right+0x99/0x520 [ 28.000426] kunit_try_run_case+0x1a5/0x480 [ 28.000784] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.001462] kthread+0x337/0x6f0 [ 28.001862] ret_from_fork+0x116/0x1d0 [ 28.002377] ret_from_fork_asm+0x1a/0x30 [ 28.002681] [ 28.002853] The buggy address belongs to the object at ffff888102dcf700 [ 28.002853] which belongs to the cache kmalloc-128 of size 128 [ 28.004010] The buggy address is located 0 bytes to the right of [ 28.004010] allocated 120-byte region [ffff888102dcf700, ffff888102dcf778) [ 28.004907] [ 28.005232] The buggy address belongs to the physical page: [ 28.005755] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102dcf [ 28.006418] flags: 0x200000000000000(node=0|zone=2) [ 28.006904] page_type: f5(slab) [ 28.007233] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.007904] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.008611] page dumped because: kasan: bad access detected [ 28.009306] [ 28.009463] Memory state around the buggy address: [ 28.009919] ffff888102dcf600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.010587] ffff888102dcf680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.011221] >ffff888102dcf700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.011921] ^ [ 28.012602] ffff888102dcf780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.013418] ffff888102dcf800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.013985] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 27.929521] ================================================================== [ 27.930216] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0 [ 27.931458] Read of size 1 at addr ffff888103b5f000 by task kunit_try_catch/170 [ 27.932204] [ 27.932411] CPU: 0 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 27.932525] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.932575] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.932638] Call Trace: [ 27.932669] <TASK> [ 27.932707] dump_stack_lvl+0x73/0xb0 [ 27.932778] print_report+0xd1/0x650 [ 27.932831] ? __virt_addr_valid+0x1db/0x2d0 [ 27.932891] ? kmalloc_node_oob_right+0x369/0x3c0 [ 27.932949] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.933017] ? kmalloc_node_oob_right+0x369/0x3c0 [ 27.933170] kasan_report+0x141/0x180 [ 27.933241] ? kmalloc_node_oob_right+0x369/0x3c0 [ 27.933321] __asan_report_load1_noabort+0x18/0x20 [ 27.933387] kmalloc_node_oob_right+0x369/0x3c0 [ 27.933452] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 27.933518] ? __schedule+0x10cc/0x2b60 [ 27.933601] ? __pfx_read_tsc+0x10/0x10 [ 27.933697] ? ktime_get_ts64+0x86/0x230 [ 27.933767] kunit_try_run_case+0x1a5/0x480 [ 27.933835] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.933887] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.933966] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.934008] ? __kthread_parkme+0x82/0x180 [ 27.934038] ? preempt_count_sub+0x50/0x80 [ 27.934100] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.934155] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.934252] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.934306] kthread+0x337/0x6f0 [ 27.934353] ? trace_preempt_on+0x20/0xc0 [ 27.934404] ? __pfx_kthread+0x10/0x10 [ 27.934443] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.934475] ? calculate_sigpending+0x7b/0xa0 [ 27.934506] ? __pfx_kthread+0x10/0x10 [ 27.934534] ret_from_fork+0x116/0x1d0 [ 27.934587] ? __pfx_kthread+0x10/0x10 [ 27.934615] ret_from_fork_asm+0x1a/0x30 [ 27.934671] </TASK> [ 27.934686] [ 27.950895] Allocated by task 170: [ 27.951299] kasan_save_stack+0x45/0x70 [ 27.951736] kasan_save_track+0x18/0x40 [ 27.952131] kasan_save_alloc_info+0x3b/0x50 [ 27.952641] __kasan_kmalloc+0xb7/0xc0 [ 27.952889] __kmalloc_cache_node_noprof+0x188/0x420 [ 27.953348] kmalloc_node_oob_right+0xab/0x3c0 [ 27.953834] kunit_try_run_case+0x1a5/0x480 [ 27.954508] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.955397] kthread+0x337/0x6f0 [ 27.955793] ret_from_fork+0x116/0x1d0 [ 27.956032] ret_from_fork_asm+0x1a/0x30 [ 27.956449] [ 27.956611] The buggy address belongs to the object at ffff888103b5e000 [ 27.956611] which belongs to the cache kmalloc-4k of size 4096 [ 27.957360] The buggy address is located 0 bytes to the right of [ 27.957360] allocated 4096-byte region [ffff888103b5e000, ffff888103b5f000) [ 27.958579] [ 27.958805] The buggy address belongs to the physical page: [ 27.959588] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103b58 [ 27.960836] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 27.961584] flags: 0x200000000000040(head|node=0|zone=2) [ 27.962367] page_type: f5(slab) [ 27.962708] raw: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 27.963716] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 27.964343] head: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 27.965037] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 27.965723] head: 0200000000000003 ffffea00040ed601 00000000ffffffff 00000000ffffffff [ 27.966450] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 27.967445] page dumped because: kasan: bad access detected [ 27.967997] [ 27.968189] Memory state around the buggy address: [ 27.968490] ffff888103b5ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.969348] ffff888103b5ef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.969919] >ffff888103b5f000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.970694] ^ [ 27.971044] ffff888103b5f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.971938] ffff888103b5f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.972420] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 27.872357] ================================================================== [ 27.873247] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 27.874293] Read of size 1 at addr ffff8881022bd67f by task kunit_try_catch/168 [ 27.875030] [ 27.875320] CPU: 1 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 27.875442] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.875474] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.875521] Call Trace: [ 27.875569] <TASK> [ 27.875607] dump_stack_lvl+0x73/0xb0 [ 27.875788] print_report+0xd1/0x650 [ 27.875869] ? __virt_addr_valid+0x1db/0x2d0 [ 27.875933] ? kmalloc_oob_left+0x361/0x3c0 [ 27.875988] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.876084] ? kmalloc_oob_left+0x361/0x3c0 [ 27.876145] kasan_report+0x141/0x180 [ 27.876206] ? kmalloc_oob_left+0x361/0x3c0 [ 27.876273] __asan_report_load1_noabort+0x18/0x20 [ 27.876336] kmalloc_oob_left+0x361/0x3c0 [ 27.876389] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 27.876442] ? __schedule+0x10cc/0x2b60 [ 27.876510] ? __pfx_read_tsc+0x10/0x10 [ 27.876590] ? ktime_get_ts64+0x86/0x230 [ 27.876699] kunit_try_run_case+0x1a5/0x480 [ 27.876848] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.876910] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.876974] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.877038] ? __kthread_parkme+0x82/0x180 [ 27.877111] ? preempt_count_sub+0x50/0x80 [ 27.877177] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.877244] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.877310] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.877402] kthread+0x337/0x6f0 [ 27.877465] ? trace_preempt_on+0x20/0xc0 [ 27.877511] ? __pfx_kthread+0x10/0x10 [ 27.877561] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.877595] ? calculate_sigpending+0x7b/0xa0 [ 27.877627] ? __pfx_kthread+0x10/0x10 [ 27.877679] ret_from_fork+0x116/0x1d0 [ 27.877707] ? __pfx_kthread+0x10/0x10 [ 27.877734] ret_from_fork_asm+0x1a/0x30 [ 27.877776] </TASK> [ 27.877791] [ 27.894489] Allocated by task 21: [ 27.894820] kasan_save_stack+0x45/0x70 [ 27.895480] kasan_save_track+0x18/0x40 [ 27.896187] kasan_save_alloc_info+0x3b/0x50 [ 27.896796] __kasan_kmalloc+0xb7/0xc0 [ 27.897308] __kmalloc_cache_node_noprof+0x188/0x420 [ 27.897778] build_sched_domains+0x38c/0x5dd0 [ 27.898411] partition_sched_domains+0x471/0x9c0 [ 27.898825] rebuild_sched_domains_locked+0x97d/0xd50 [ 27.899611] cpuset_update_active_cpus+0x80f/0x1a90 [ 27.900269] sched_cpu_activate+0x2bf/0x330 [ 27.900685] cpuhp_invoke_callback+0x2a1/0xf00 [ 27.901188] cpuhp_thread_fun+0x2ce/0x5c0 [ 27.901572] smpboot_thread_fn+0x2bc/0x730 [ 27.902110] kthread+0x337/0x6f0 [ 27.902556] ret_from_fork+0x116/0x1d0 [ 27.903006] ret_from_fork_asm+0x1a/0x30 [ 27.903662] [ 27.904209] Freed by task 21: [ 27.904475] kasan_save_stack+0x45/0x70 [ 27.904886] kasan_save_track+0x18/0x40 [ 27.905341] kasan_save_free_info+0x3f/0x60 [ 27.905849] __kasan_slab_free+0x56/0x70 [ 27.906738] kfree+0x222/0x3f0 [ 27.907399] build_sched_domains+0x1fff/0x5dd0 [ 27.907787] partition_sched_domains+0x471/0x9c0 [ 27.908332] rebuild_sched_domains_locked+0x97d/0xd50 [ 27.908659] cpuset_update_active_cpus+0x80f/0x1a90 [ 27.909233] sched_cpu_activate+0x2bf/0x330 [ 27.909639] cpuhp_invoke_callback+0x2a1/0xf00 [ 27.910305] cpuhp_thread_fun+0x2ce/0x5c0 [ 27.910702] smpboot_thread_fn+0x2bc/0x730 [ 27.911323] kthread+0x337/0x6f0 [ 27.911877] ret_from_fork+0x116/0x1d0 [ 27.912138] ret_from_fork_asm+0x1a/0x30 [ 27.912709] [ 27.912941] The buggy address belongs to the object at ffff8881022bd660 [ 27.912941] which belongs to the cache kmalloc-16 of size 16 [ 27.913872] The buggy address is located 15 bytes to the right of [ 27.913872] allocated 16-byte region [ffff8881022bd660, ffff8881022bd670) [ 27.914819] [ 27.915083] The buggy address belongs to the physical page: [ 27.915976] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022bd [ 27.916838] flags: 0x200000000000000(node=0|zone=2) [ 27.917390] page_type: f5(slab) [ 27.917761] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 27.918474] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.919267] page dumped because: kasan: bad access detected [ 27.919767] [ 27.919955] Memory state around the buggy address: [ 27.920309] ffff8881022bd500: fa fb fc fc 00 06 fc fc 00 06 fc fc 00 06 fc fc [ 27.920725] ffff8881022bd580: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 27.921309] >ffff8881022bd600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.922523] ^ [ 27.923228] ffff8881022bd680: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.923791] ffff8881022bd700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.924222] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 27.832407] ================================================================== [ 27.832978] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 27.833917] Read of size 1 at addr ffff888102dcf680 by task kunit_try_catch/166 [ 27.834380] [ 27.834577] CPU: 0 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 27.834683] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.834715] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.834760] Call Trace: [ 27.834799] <TASK> [ 27.834839] dump_stack_lvl+0x73/0xb0 [ 27.834910] print_report+0xd1/0x650 [ 27.834963] ? __virt_addr_valid+0x1db/0x2d0 [ 27.835023] ? kmalloc_oob_right+0x68a/0x7f0 [ 27.835079] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.835146] ? kmalloc_oob_right+0x68a/0x7f0 [ 27.835202] kasan_report+0x141/0x180 [ 27.835261] ? kmalloc_oob_right+0x68a/0x7f0 [ 27.835331] __asan_report_load1_noabort+0x18/0x20 [ 27.835395] kmalloc_oob_right+0x68a/0x7f0 [ 27.835453] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 27.835571] ? __schedule+0x10cc/0x2b60 [ 27.835641] ? __pfx_read_tsc+0x10/0x10 [ 27.835698] ? ktime_get_ts64+0x86/0x230 [ 27.835763] kunit_try_run_case+0x1a5/0x480 [ 27.835839] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.835898] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.835962] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.836029] ? __kthread_parkme+0x82/0x180 [ 27.836086] ? preempt_count_sub+0x50/0x80 [ 27.836149] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.836215] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.836281] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.836346] kthread+0x337/0x6f0 [ 27.836400] ? trace_preempt_on+0x20/0xc0 [ 27.836462] ? __pfx_kthread+0x10/0x10 [ 27.836520] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.836599] ? calculate_sigpending+0x7b/0xa0 [ 27.836664] ? __pfx_kthread+0x10/0x10 [ 27.836723] ret_from_fork+0x116/0x1d0 [ 27.836777] ? __pfx_kthread+0x10/0x10 [ 27.836850] ret_from_fork_asm+0x1a/0x30 [ 27.836916] </TASK> [ 27.836933] [ 27.851073] Allocated by task 166: [ 27.851453] kasan_save_stack+0x45/0x70 [ 27.851765] kasan_save_track+0x18/0x40 [ 27.852161] kasan_save_alloc_info+0x3b/0x50 [ 27.852589] __kasan_kmalloc+0xb7/0xc0 [ 27.852981] __kmalloc_cache_noprof+0x189/0x420 [ 27.853360] kmalloc_oob_right+0xa9/0x7f0 [ 27.853761] kunit_try_run_case+0x1a5/0x480 [ 27.854128] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.854493] kthread+0x337/0x6f0 [ 27.854800] ret_from_fork+0x116/0x1d0 [ 27.855194] ret_from_fork_asm+0x1a/0x30 [ 27.855604] [ 27.855849] The buggy address belongs to the object at ffff888102dcf600 [ 27.855849] which belongs to the cache kmalloc-128 of size 128 [ 27.856667] The buggy address is located 13 bytes to the right of [ 27.856667] allocated 115-byte region [ffff888102dcf600, ffff888102dcf673) [ 27.857476] [ 27.857704] The buggy address belongs to the physical page: [ 27.858141] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102dcf [ 27.858712] flags: 0x200000000000000(node=0|zone=2) [ 27.859164] page_type: f5(slab) [ 27.859396] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.860002] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.860354] page dumped because: kasan: bad access detected [ 27.860891] [ 27.861079] Memory state around the buggy address: [ 27.861525] ffff888102dcf580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.862139] ffff888102dcf600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 27.862657] >ffff888102dcf680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.863148] ^ [ 27.863404] ffff888102dcf700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.863962] ffff888102dcf780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.864348] ================================================================== [ 27.752697] ================================================================== [ 27.753972] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 27.755068] Write of size 1 at addr ffff888102dcf673 by task kunit_try_catch/166 [ 27.755914] [ 27.757956] CPU: 0 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 27.758512] Tainted: [N]=TEST [ 27.758584] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.758880] Call Trace: [ 27.758971] <TASK> [ 27.759218] dump_stack_lvl+0x73/0xb0 [ 27.759352] print_report+0xd1/0x650 [ 27.759396] ? __virt_addr_valid+0x1db/0x2d0 [ 27.759433] ? kmalloc_oob_right+0x6f0/0x7f0 [ 27.759461] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.759495] ? kmalloc_oob_right+0x6f0/0x7f0 [ 27.759523] kasan_report+0x141/0x180 [ 27.759573] ? kmalloc_oob_right+0x6f0/0x7f0 [ 27.759609] __asan_report_store1_noabort+0x1b/0x30 [ 27.759662] kmalloc_oob_right+0x6f0/0x7f0 [ 27.759695] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 27.759725] ? __schedule+0x10cc/0x2b60 [ 27.759758] ? __pfx_read_tsc+0x10/0x10 [ 27.759789] ? ktime_get_ts64+0x86/0x230 [ 27.759834] kunit_try_run_case+0x1a5/0x480 [ 27.759871] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.759900] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.759932] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.759964] ? __kthread_parkme+0x82/0x180 [ 27.759992] ? preempt_count_sub+0x50/0x80 [ 27.760023] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.760058] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.760179] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.760212] kthread+0x337/0x6f0 [ 27.760239] ? trace_preempt_on+0x20/0xc0 [ 27.760272] ? __pfx_kthread+0x10/0x10 [ 27.760299] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.760330] ? calculate_sigpending+0x7b/0xa0 [ 27.760362] ? __pfx_kthread+0x10/0x10 [ 27.760389] ret_from_fork+0x116/0x1d0 [ 27.760415] ? __pfx_kthread+0x10/0x10 [ 27.760441] ret_from_fork_asm+0x1a/0x30 [ 27.760520] </TASK> [ 27.760633] [ 27.773526] Allocated by task 166: [ 27.774797] kasan_save_stack+0x45/0x70 [ 27.775447] kasan_save_track+0x18/0x40 [ 27.775903] kasan_save_alloc_info+0x3b/0x50 [ 27.776338] __kasan_kmalloc+0xb7/0xc0 [ 27.776633] __kmalloc_cache_noprof+0x189/0x420 [ 27.777140] kmalloc_oob_right+0xa9/0x7f0 [ 27.777672] kunit_try_run_case+0x1a5/0x480 [ 27.778627] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.779196] kthread+0x337/0x6f0 [ 27.779508] ret_from_fork+0x116/0x1d0 [ 27.779943] ret_from_fork_asm+0x1a/0x30 [ 27.780498] [ 27.780854] The buggy address belongs to the object at ffff888102dcf600 [ 27.780854] which belongs to the cache kmalloc-128 of size 128 [ 27.781977] The buggy address is located 0 bytes to the right of [ 27.781977] allocated 115-byte region [ffff888102dcf600, ffff888102dcf673) [ 27.783691] [ 27.784217] The buggy address belongs to the physical page: [ 27.785184] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102dcf [ 27.786173] flags: 0x200000000000000(node=0|zone=2) [ 27.787382] page_type: f5(slab) [ 27.788497] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.789417] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.790115] page dumped because: kasan: bad access detected [ 27.790743] [ 27.790905] Memory state around the buggy address: [ 27.792357] ffff888102dcf500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.793239] ffff888102dcf580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.793822] >ffff888102dcf600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 27.794715] ^ [ 27.795844] ffff888102dcf680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.796379] ffff888102dcf700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.797317] ================================================================== [ 27.799472] ================================================================== [ 27.800097] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 27.801442] Write of size 1 at addr ffff888102dcf678 by task kunit_try_catch/166 [ 27.802090] [ 27.802293] CPU: 0 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 27.802447] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.802498] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.802573] Call Trace: [ 27.802610] <TASK> [ 27.802703] dump_stack_lvl+0x73/0xb0 [ 27.802804] print_report+0xd1/0x650 [ 27.802858] ? __virt_addr_valid+0x1db/0x2d0 [ 27.802894] ? kmalloc_oob_right+0x6bd/0x7f0 [ 27.802923] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.802957] ? kmalloc_oob_right+0x6bd/0x7f0 [ 27.802985] kasan_report+0x141/0x180 [ 27.803013] ? kmalloc_oob_right+0x6bd/0x7f0 [ 27.803046] __asan_report_store1_noabort+0x1b/0x30 [ 27.803077] kmalloc_oob_right+0x6bd/0x7f0 [ 27.803105] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 27.803133] ? __schedule+0x10cc/0x2b60 [ 27.803165] ? __pfx_read_tsc+0x10/0x10 [ 27.803193] ? ktime_get_ts64+0x86/0x230 [ 27.803224] kunit_try_run_case+0x1a5/0x480 [ 27.803256] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.803284] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.803315] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.803345] ? __kthread_parkme+0x82/0x180 [ 27.803372] ? preempt_count_sub+0x50/0x80 [ 27.803401] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.803432] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.803461] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.803491] kthread+0x337/0x6f0 [ 27.803516] ? trace_preempt_on+0x20/0xc0 [ 27.803567] ? __pfx_kthread+0x10/0x10 [ 27.803599] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.803643] ? calculate_sigpending+0x7b/0xa0 [ 27.803699] ? __pfx_kthread+0x10/0x10 [ 27.803728] ret_from_fork+0x116/0x1d0 [ 27.803754] ? __pfx_kthread+0x10/0x10 [ 27.803781] ret_from_fork_asm+0x1a/0x30 [ 27.803820] </TASK> [ 27.803845] [ 27.816082] Allocated by task 166: [ 27.816327] kasan_save_stack+0x45/0x70 [ 27.816627] kasan_save_track+0x18/0x40 [ 27.816864] kasan_save_alloc_info+0x3b/0x50 [ 27.817273] __kasan_kmalloc+0xb7/0xc0 [ 27.817685] __kmalloc_cache_noprof+0x189/0x420 [ 27.818172] kmalloc_oob_right+0xa9/0x7f0 [ 27.818673] kunit_try_run_case+0x1a5/0x480 [ 27.819124] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.819767] kthread+0x337/0x6f0 [ 27.820161] ret_from_fork+0x116/0x1d0 [ 27.820572] ret_from_fork_asm+0x1a/0x30 [ 27.821033] [ 27.821239] The buggy address belongs to the object at ffff888102dcf600 [ 27.821239] which belongs to the cache kmalloc-128 of size 128 [ 27.822075] The buggy address is located 5 bytes to the right of [ 27.822075] allocated 115-byte region [ffff888102dcf600, ffff888102dcf673) [ 27.822744] [ 27.822953] The buggy address belongs to the physical page: [ 27.823489] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102dcf [ 27.824315] flags: 0x200000000000000(node=0|zone=2) [ 27.824873] page_type: f5(slab) [ 27.825275] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.825870] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.826402] page dumped because: kasan: bad access detected [ 27.826910] [ 27.827158] Memory state around the buggy address: [ 27.827534] ffff888102dcf500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.828205] ffff888102dcf580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.828663] >ffff888102dcf600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 27.829255] ^ [ 27.829710] ffff888102dcf680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.830431] ffff888102dcf700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.831138] ==================================================================
Failure - log-parser-boot - exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_vscale
------------[ cut here ]------------ [ 202.428987] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#0: kunit_try_catch/2860 [ 202.430452] Modules linked in: [ 202.430838] CPU: 0 UID: 0 PID: 2860 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 202.432040] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 202.432447] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 202.433498] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 202.433984] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 c0 02 21 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 202.435337] RSP: 0000:ffff88810976fc78 EFLAGS: 00010286 [ 202.435878] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 202.436589] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff9fa5cfb4 [ 202.437171] RBP: ffff88810976fca0 R08: 0000000000000000 R09: ffffed1020a59680 [ 202.438834] R10: ffff8881052cb407 R11: 0000000000000000 R12: ffffffff9fa5cfa0 [ 202.439464] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810976fd38 [ 202.440553] FS: 0000000000000000(0000) GS:ffff8881b962f000(0000) knlGS:0000000000000000 [ 202.441180] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 202.441523] CR2: dffffc00000000c5 CR3: 000000002c6bc000 CR4: 00000000000006f0 [ 202.442223] DR0: ffffffffa1a97480 DR1: ffffffffa1a97481 DR2: ffffffffa1a97482 [ 202.443377] DR3: ffffffffa1a97483 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 202.443985] Call Trace: [ 202.444167] <TASK> [ 202.444321] drm_test_rect_calc_vscale+0x108/0x270 [ 202.445612] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 202.446129] ? __schedule+0x10cc/0x2b60 [ 202.446778] ? __pfx_read_tsc+0x10/0x10 [ 202.446988] ? ktime_get_ts64+0x86/0x230 [ 202.447671] kunit_try_run_case+0x1a5/0x480 [ 202.448615] ? __pfx_kunit_try_run_case+0x10/0x10 [ 202.449027] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 202.450058] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 202.450501] ? __kthread_parkme+0x82/0x180 [ 202.450796] ? preempt_count_sub+0x50/0x80 [ 202.451551] ? __pfx_kunit_try_run_case+0x10/0x10 [ 202.452085] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 202.452849] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 202.453706] kthread+0x337/0x6f0 [ 202.453986] ? trace_preempt_on+0x20/0xc0 [ 202.454818] ? __pfx_kthread+0x10/0x10 [ 202.455268] ? _raw_spin_unlock_irq+0x47/0x80 [ 202.455897] ? calculate_sigpending+0x7b/0xa0 [ 202.456370] ? __pfx_kthread+0x10/0x10 [ 202.457249] ret_from_fork+0x116/0x1d0 [ 202.457953] ? __pfx_kthread+0x10/0x10 [ 202.458484] ret_from_fork_asm+0x1a/0x30 [ 202.458821] </TASK> [ 202.458999] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 202.393297] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#0: kunit_try_catch/2858 [ 202.394863] Modules linked in: [ 202.395160] CPU: 0 UID: 0 PID: 2858 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 202.396008] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 202.396404] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 202.397766] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 202.398826] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 c0 02 21 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 202.400814] RSP: 0000:ffff8881099afc78 EFLAGS: 00010286 [ 202.401502] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 202.401977] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff9fa5cf7c [ 202.402776] RBP: ffff8881099afca0 R08: 0000000000000000 R09: ffffed1020a59640 [ 202.403595] R10: ffff8881052cb207 R11: 0000000000000000 R12: ffffffff9fa5cf68 [ 202.404039] R13: 0000000000000000 R14: 000000007fffffff R15: ffff8881099afd38 [ 202.405296] FS: 0000000000000000(0000) GS:ffff8881b962f000(0000) knlGS:0000000000000000 [ 202.405893] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 202.406384] CR2: dffffc00000000c5 CR3: 000000002c6bc000 CR4: 00000000000006f0 [ 202.407213] DR0: ffffffffa1a97480 DR1: ffffffffa1a97481 DR2: ffffffffa1a97482 [ 202.407809] DR3: ffffffffa1a97483 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 202.408402] Call Trace: [ 202.408803] <TASK> [ 202.409624] drm_test_rect_calc_vscale+0x108/0x270 [ 202.409995] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 202.410634] ? __schedule+0x10cc/0x2b60 [ 202.411324] ? __pfx_read_tsc+0x10/0x10 [ 202.411730] ? ktime_get_ts64+0x86/0x230 [ 202.412349] kunit_try_run_case+0x1a5/0x480 [ 202.412709] ? __pfx_kunit_try_run_case+0x10/0x10 [ 202.413341] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 202.413794] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 202.414361] ? __kthread_parkme+0x82/0x180 [ 202.414965] ? preempt_count_sub+0x50/0x80 [ 202.415550] ? __pfx_kunit_try_run_case+0x10/0x10 [ 202.416445] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 202.417038] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 202.417656] kthread+0x337/0x6f0 [ 202.418019] ? trace_preempt_on+0x20/0xc0 [ 202.418498] ? __pfx_kthread+0x10/0x10 [ 202.418734] ? _raw_spin_unlock_irq+0x47/0x80 [ 202.419211] ? calculate_sigpending+0x7b/0xa0 [ 202.419675] ? __pfx_kthread+0x10/0x10 [ 202.420077] ret_from_fork+0x116/0x1d0 [ 202.420367] ? __pfx_kthread+0x10/0x10 [ 202.421217] ret_from_fork_asm+0x1a/0x30 [ 202.421641] </TASK> [ 202.421804] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_hscale
------------[ cut here ]------------ [ 202.336004] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#0: kunit_try_catch/2848 [ 202.336804] Modules linked in: [ 202.337222] CPU: 0 UID: 0 PID: 2848 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 202.339670] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 202.340065] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 202.341215] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 202.341852] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 202.343443] RSP: 0000:ffff88810982fc78 EFLAGS: 00010286 [ 202.344393] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 202.345079] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffff9fa5cfb8 [ 202.346174] RBP: ffff88810982fca0 R08: 0000000000000000 R09: ffffed1020a58f80 [ 202.346818] R10: ffff8881052c7c07 R11: 0000000000000000 R12: ffffffff9fa5cfa0 [ 202.347685] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810982fd38 [ 202.348463] FS: 0000000000000000(0000) GS:ffff8881b962f000(0000) knlGS:0000000000000000 [ 202.349481] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 202.349945] CR2: dffffc00000000c5 CR3: 000000002c6bc000 CR4: 00000000000006f0 [ 202.350535] DR0: ffffffffa1a97480 DR1: ffffffffa1a97481 DR2: ffffffffa1a97482 [ 202.351038] DR3: ffffffffa1a97483 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 202.352045] Call Trace: [ 202.352472] <TASK> [ 202.352694] drm_test_rect_calc_hscale+0x108/0x270 [ 202.353959] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 202.355130] ? __schedule+0x10cc/0x2b60 [ 202.355499] ? __pfx_read_tsc+0x10/0x10 [ 202.356215] ? ktime_get_ts64+0x86/0x230 [ 202.356509] kunit_try_run_case+0x1a5/0x480 [ 202.356867] ? __pfx_kunit_try_run_case+0x10/0x10 [ 202.357640] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 202.358157] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 202.358970] ? __kthread_parkme+0x82/0x180 [ 202.359729] ? preempt_count_sub+0x50/0x80 [ 202.359993] ? __pfx_kunit_try_run_case+0x10/0x10 [ 202.360817] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 202.361491] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 202.362298] kthread+0x337/0x6f0 [ 202.362549] ? trace_preempt_on+0x20/0xc0 [ 202.362949] ? __pfx_kthread+0x10/0x10 [ 202.363920] ? _raw_spin_unlock_irq+0x47/0x80 [ 202.364519] ? calculate_sigpending+0x7b/0xa0 [ 202.364927] ? __pfx_kthread+0x10/0x10 [ 202.365504] ret_from_fork+0x116/0x1d0 [ 202.366255] ? __pfx_kthread+0x10/0x10 [ 202.366836] ret_from_fork_asm+0x1a/0x30 [ 202.367710] </TASK> [ 202.367945] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 202.300986] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#1: kunit_try_catch/2846 [ 202.302012] Modules linked in: [ 202.303466] CPU: 1 UID: 0 PID: 2846 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 202.304544] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 202.304872] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 202.305790] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 202.306467] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 202.307880] RSP: 0000:ffff888109107c78 EFLAGS: 00010286 [ 202.308724] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 202.309503] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffff9fa5cf80 [ 202.309975] RBP: ffff888109107ca0 R08: 0000000000000000 R09: ffffed1020c8e400 [ 202.310928] R10: ffff888106472007 R11: 0000000000000000 R12: ffffffff9fa5cf68 [ 202.311881] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888109107d38 [ 202.312571] FS: 0000000000000000(0000) GS:ffff8881b972f000(0000) knlGS:0000000000000000 [ 202.313694] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 202.314102] CR2: dffffc00000000c5 CR3: 000000002c6bc000 CR4: 00000000000006f0 [ 202.315045] DR0: ffffffffa1a97480 DR1: ffffffffa1a97481 DR2: ffffffffa1a97483 [ 202.315652] DR3: ffffffffa1a97485 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 202.315861] Call Trace: [ 202.315960] <TASK> [ 202.316065] drm_test_rect_calc_hscale+0x108/0x270 [ 202.317354] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 202.317936] ? __schedule+0x10cc/0x2b60 [ 202.318581] ? __pfx_read_tsc+0x10/0x10 [ 202.318877] ? ktime_get_ts64+0x86/0x230 [ 202.319572] kunit_try_run_case+0x1a5/0x480 [ 202.319992] ? __pfx_kunit_try_run_case+0x10/0x10 [ 202.320490] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 202.321038] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 202.321501] ? __kthread_parkme+0x82/0x180 [ 202.321952] ? preempt_count_sub+0x50/0x80 [ 202.322453] ? __pfx_kunit_try_run_case+0x10/0x10 [ 202.322918] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 202.323654] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 202.324124] kthread+0x337/0x6f0 [ 202.324715] ? trace_preempt_on+0x20/0xc0 [ 202.325171] ? __pfx_kthread+0x10/0x10 [ 202.325714] ? _raw_spin_unlock_irq+0x47/0x80 [ 202.326331] ? calculate_sigpending+0x7b/0xa0 [ 202.326735] ? __pfx_kthread+0x10/0x10 [ 202.326944] ret_from_fork+0x116/0x1d0 [ 202.327223] ? __pfx_kthread+0x10/0x10 [ 202.328674] ret_from_fork_asm+0x1a/0x30 [ 202.328925] </TASK> [ 202.329555] ---[ end trace 0000000000000000 ]---
Failure - kunit - drm_managed_drm_test_managed_release_action
<8>[ 400.698825] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_managed_drm_test_managed_release_action RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_mode_valid_drm_atomic_helper_connector_hdmi_mode_valid
<8>[ 400.529539] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_mode_valid_drm_atomic_helper_connector_hdmi_mode_valid RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid_reject_max_clock
<8>[ 400.350948] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid_reject_max_clock RESULT=fail>
Failure - kunit - drm_test_framebuffer_create_drm_test_framebuffer_lookup
<8>[ 390.839809] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_framebuffer_create_drm_test_framebuffer_lookup RESULT=fail>
Failure - log-parser-boot - exception-warning-libmathint_log-at-intlog10
------------[ cut here ]------------ [ 150.139127] WARNING: lib/math/int_log.c:120 at intlog10+0x2a/0x40, CPU#1: kunit_try_catch/688 [ 150.139793] Modules linked in: [ 150.140590] CPU: 1 UID: 0 PID: 688 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 150.141435] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 150.142611] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 150.142971] RIP: 0010:intlog10+0x2a/0x40 [ 150.143203] Code: f3 0f 1e fa 0f 1f 44 00 00 85 ff 74 1c 55 48 89 e5 e8 ca fe ff ff 5d 89 c0 48 69 c0 a1 26 88 26 48 c1 e8 1f e9 07 5a 8d 02 90 <0f> 0b 90 31 c0 e9 fc 59 8d 02 66 2e 0f 1f 84 00 00 00 00 00 66 90 [ 150.145672] RSP: 0000:ffff8881030efcb0 EFLAGS: 00010246 [ 150.146077] RAX: 0000000000000000 RBX: ffff88810039fae8 RCX: 1ffff1102061dfb4 [ 150.146970] RDX: 1ffffffff3f13154 RSI: 1ffff1102061dfb3 RDI: 0000000000000000 [ 150.147850] RBP: ffff8881030efd60 R08: 0000000000000000 R09: ffffed1020b7e940 [ 150.148581] R10: ffff888105bf4a07 R11: 0000000000000000 R12: 1ffff1102061df97 [ 150.148974] R13: ffffffff9f898aa0 R14: 0000000000000000 R15: ffff8881030efd38 [ 150.149972] FS: 0000000000000000(0000) GS:ffff8881b972f000(0000) knlGS:0000000000000000 [ 150.150895] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 150.151434] CR2: dffffc0000000000 CR3: 000000002c6bc000 CR4: 00000000000006f0 [ 150.152286] DR0: ffffffffa1a97480 DR1: ffffffffa1a97481 DR2: ffffffffa1a97483 [ 150.152650] DR3: ffffffffa1a97485 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 150.153248] Call Trace: [ 150.153877] <TASK> [ 150.154597] ? intlog10_test+0xf2/0x220 [ 150.154940] ? __pfx_intlog10_test+0x10/0x10 [ 150.155420] ? __schedule+0x10cc/0x2b60 [ 150.155883] ? __pfx_read_tsc+0x10/0x10 [ 150.156704] ? ktime_get_ts64+0x86/0x230 [ 150.157152] kunit_try_run_case+0x1a5/0x480 [ 150.157524] ? __pfx_kunit_try_run_case+0x10/0x10 [ 150.157887] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 150.158333] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 150.159274] ? __kthread_parkme+0x82/0x180 [ 150.159691] ? preempt_count_sub+0x50/0x80 [ 150.160029] ? __pfx_kunit_try_run_case+0x10/0x10 [ 150.160913] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 150.161514] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 150.162023] kthread+0x337/0x6f0 [ 150.162641] ? trace_preempt_on+0x20/0xc0 [ 150.162875] ? __pfx_kthread+0x10/0x10 [ 150.163454] ? _raw_spin_unlock_irq+0x47/0x80 [ 150.163857] ? calculate_sigpending+0x7b/0xa0 [ 150.164291] ? __pfx_kthread+0x10/0x10 [ 150.164636] ret_from_fork+0x116/0x1d0 [ 150.164911] ? __pfx_kthread+0x10/0x10 [ 150.165256] ret_from_fork_asm+0x1a/0x30 [ 150.165719] </TASK> [ 150.165924] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-warning-libmathint_log-at-intlog2
------------[ cut here ]------------ [ 150.070018] WARNING: lib/math/int_log.c:63 at intlog2+0xdf/0x110, CPU#1: kunit_try_catch/670 [ 150.070835] Modules linked in: [ 150.071303] CPU: 1 UID: 0 PID: 670 Comm: kunit_try_catch Tainted: G B D N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 150.072014] Tainted: [B]=BAD_PAGE, [D]=DIE, [N]=TEST [ 150.072898] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 150.073805] RIP: 0010:intlog2+0xdf/0x110 [ 150.074553] Code: 89 9f c1 e0 18 48 83 c4 08 89 d1 c1 e2 08 29 cb 01 d0 0f b7 db 41 0f af dc c1 eb 0f 01 d8 5b 41 5c 41 5d 5d c3 cc cc cc cc 90 <0f> 0b 90 31 c0 c3 cc cc cc cc 89 45 e4 e8 ff e2 55 ff 8b 45 e4 eb [ 150.075884] RSP: 0000:ffff8881038a7cb0 EFLAGS: 00010246 [ 150.076341] RAX: 0000000000000000 RBX: ffff88810039fae8 RCX: 1ffff11020714fb4 [ 150.076970] RDX: 1ffffffff3f131a8 RSI: 1ffff11020714fb3 RDI: 0000000000000000 [ 150.078029] RBP: ffff8881038a7d60 R08: 0000000000000000 R09: ffffed1020bc0a60 [ 150.078678] R10: ffff888105e05307 R11: 0000000000000000 R12: 1ffff11020714f97 [ 150.079290] R13: ffffffff9f898d40 R14: 0000000000000000 R15: ffff8881038a7d38 [ 150.079829] FS: 0000000000000000(0000) GS:ffff8881b972f000(0000) knlGS:0000000000000000 [ 150.080476] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 150.080949] CR2: dffffc0000000000 CR3: 000000002c6bc000 CR4: 00000000000006f0 [ 150.081665] DR0: ffffffffa1a97480 DR1: ffffffffa1a97481 DR2: ffffffffa1a97483 [ 150.082347] DR3: ffffffffa1a97485 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 150.082984] Call Trace: [ 150.083435] <TASK> [ 150.083794] ? intlog2_test+0xf2/0x220 [ 150.084365] ? __pfx_intlog2_test+0x10/0x10 [ 150.084824] ? __schedule+0x10cc/0x2b60 [ 150.085288] ? __pfx_read_tsc+0x10/0x10 [ 150.085735] ? ktime_get_ts64+0x86/0x230 [ 150.086356] kunit_try_run_case+0x1a5/0x480 [ 150.086758] ? __pfx_kunit_try_run_case+0x10/0x10 [ 150.087318] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 150.087686] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 150.088301] ? __kthread_parkme+0x82/0x180 [ 150.088755] ? preempt_count_sub+0x50/0x80 [ 150.089191] ? __pfx_kunit_try_run_case+0x10/0x10 [ 150.089717] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 150.090333] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 150.090909] kthread+0x337/0x6f0 [ 150.091306] ? trace_preempt_on+0x20/0xc0 [ 150.091770] ? __pfx_kthread+0x10/0x10 [ 150.092312] ? _raw_spin_unlock_irq+0x47/0x80 [ 150.092683] ? calculate_sigpending+0x7b/0xa0 [ 150.093204] ? __pfx_kthread+0x10/0x10 [ 150.093692] ret_from_fork+0x116/0x1d0 [ 150.094269] ? __pfx_kthread+0x10/0x10 [ 150.094675] ret_from_fork_asm+0x1a/0x30 [ 150.095225] </TASK> [ 150.095629] ---[ end trace 0000000000000000 ]---
Failure - kunit - drm_test_sysfb_build_fourcc_list_drm_sysfb_modeset_test
<8>[ 417.474413] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_sysfb_build_fourcc_list_drm_sysfb_modeset_test RESULT=fail>
Failure - kunit - drm_test_sysfb_build_fourcc_list_drm_test_sysfb_build_fourcc_list
<8>[ 417.301346] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_sysfb_build_fourcc_list_drm_test_sysfb_build_fourcc_list RESULT=fail>