Date
June 25, 2025, 8:08 a.m.
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_10_value
<8>[ 267.384052] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_10_value RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_8_value
<8>[ 267.292064] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_8_value RESULT=fail>
Failure - kunit - drm_test_framebuffer_create_YVU420Modifierforinexistentplane
<8>[ 261.567678] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_framebuffer_create_YVU420Modifierforinexistentplane RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_test_check_broadcast_rgb_value
<8>[ 267.200783] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_test_check_broadcast_rgb_value RESULT=fail>
Failure - kunit - drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_atomic_helper_connector_hdmi_check
<8>[ 267.106787] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_atomic_helper_connector_hdmi_check RESULT=fail>
Failure - kunit - drm_test_framebuffer_create_YVU420Differentmodifiersperplane
<8>[ 261.474043] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_framebuffer_create_YVU420Differentmodifiersperplane RESULT=fail>
Failure - kunit - drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_tmds_char_rate_rgb_12bpc
<8>[ 267.012744] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_tmds_char_rate_rgb_12bpc RESULT=fail>
Failure - kunit - drm_test_framebuffer_create_YVU420Validmodifier
<8>[ 261.381306] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_framebuffer_create_YVU420Validmodifier RESULT=fail>
Failure - kunit - drm_test_framebuffer_create_ABGR8888Width0
<8>[ 258.562620] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_framebuffer_create_ABGR8888Width0 RESULT=fail>
Failure - kunit - drm_test_framebuffer_create_Nopixelformat
<8>[ 258.470860] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_framebuffer_create_Nopixelformat RESULT=fail>
Failure - kunit - drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_tmds_char_rate_rgb_10bpc
<8>[ 266.917087] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_tmds_char_rate_rgb_10bpc RESULT=fail>
Failure - kunit - drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_tmds_char_rate_rgb_8bpc
<8>[ 266.823289] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_tmds_char_rate_rgb_8bpc RESULT=fail>
Failure - kunit - drm_test_framebuffer_create_ABGR8888Invalidbufferhandle
<8>[ 258.374709] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_framebuffer_create_ABGR8888Invalidbufferhandle RESULT=fail>
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 21.961990] ================================================================== [ 21.963220] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 21.963456] Write of size 4 at addr ffff88810257ea75 by task kunit_try_catch/203 [ 21.963670] [ 21.963749] CPU: 0 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 21.963795] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.963818] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.963839] Call Trace: [ 21.963852] <TASK> [ 21.963869] dump_stack_lvl+0x73/0xb0 [ 21.963894] print_report+0xd1/0x650 [ 21.963913] ? __virt_addr_valid+0x1db/0x2d0 [ 21.963936] ? kmalloc_oob_memset_4+0x166/0x330 [ 21.963967] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.963990] ? kmalloc_oob_memset_4+0x166/0x330 [ 21.964010] kasan_report+0x141/0x180 [ 21.964030] ? kmalloc_oob_memset_4+0x166/0x330 [ 21.964053] kasan_check_range+0x10c/0x1c0 [ 21.964074] __asan_memset+0x27/0x50 [ 21.964095] kmalloc_oob_memset_4+0x166/0x330 [ 21.964115] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 21.964137] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 21.964161] kunit_try_run_case+0x1a5/0x480 [ 21.964185] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.964258] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.964279] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.964303] ? __kthread_parkme+0x82/0x180 [ 21.964322] ? preempt_count_sub+0x50/0x80 [ 21.964352] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.964374] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.964397] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.964418] kthread+0x337/0x6f0 [ 21.964437] ? trace_preempt_on+0x20/0xc0 [ 21.964459] ? __pfx_kthread+0x10/0x10 [ 21.964478] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.964499] ? calculate_sigpending+0x7b/0xa0 [ 21.964521] ? __pfx_kthread+0x10/0x10 [ 21.964540] ret_from_fork+0x116/0x1d0 [ 21.964559] ? __pfx_kthread+0x10/0x10 [ 21.964577] ret_from_fork_asm+0x1a/0x30 [ 21.964606] </TASK> [ 21.964616] [ 21.974456] Allocated by task 203: [ 21.974630] kasan_save_stack+0x45/0x70 [ 21.974800] kasan_save_track+0x18/0x40 [ 21.975019] kasan_save_alloc_info+0x3b/0x50 [ 21.975163] __kasan_kmalloc+0xb7/0xc0 [ 21.975431] __kmalloc_cache_noprof+0x189/0x420 [ 21.975647] kmalloc_oob_memset_4+0xac/0x330 [ 21.975833] kunit_try_run_case+0x1a5/0x480 [ 21.975982] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.976148] kthread+0x337/0x6f0 [ 21.976302] ret_from_fork+0x116/0x1d0 [ 21.976501] ret_from_fork_asm+0x1a/0x30 [ 21.976689] [ 21.976775] The buggy address belongs to the object at ffff88810257ea00 [ 21.976775] which belongs to the cache kmalloc-128 of size 128 [ 21.977180] The buggy address is located 117 bytes inside of [ 21.977180] allocated 120-byte region [ffff88810257ea00, ffff88810257ea78) [ 21.977996] [ 21.978089] The buggy address belongs to the physical page: [ 21.978256] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10257e [ 21.978543] flags: 0x200000000000000(node=0|zone=2) [ 21.978913] page_type: f5(slab) [ 21.979135] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 21.979371] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.979593] page dumped because: kasan: bad access detected [ 21.979870] [ 21.979966] Memory state around the buggy address: [ 21.980265] ffff88810257e900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.980586] ffff88810257e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.980839] >ffff88810257ea00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.981061] ^ [ 21.981551] ffff88810257ea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.981751] ffff88810257eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.981958] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 21.929141] ================================================================== [ 21.929524] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 21.929753] Write of size 2 at addr ffff8881039c3577 by task kunit_try_catch/201 [ 21.930354] [ 21.930538] CPU: 1 UID: 0 PID: 201 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 21.930588] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.930600] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.930621] Call Trace: [ 21.930634] <TASK> [ 21.930650] dump_stack_lvl+0x73/0xb0 [ 21.930677] print_report+0xd1/0x650 [ 21.930697] ? __virt_addr_valid+0x1db/0x2d0 [ 21.930720] ? kmalloc_oob_memset_2+0x166/0x330 [ 21.930740] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.930764] ? kmalloc_oob_memset_2+0x166/0x330 [ 21.930783] kasan_report+0x141/0x180 [ 21.930803] ? kmalloc_oob_memset_2+0x166/0x330 [ 21.930932] kasan_check_range+0x10c/0x1c0 [ 21.930968] __asan_memset+0x27/0x50 [ 21.930989] kmalloc_oob_memset_2+0x166/0x330 [ 21.931009] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 21.931030] ? __schedule+0x10cc/0x2b60 [ 21.931054] ? __pfx_read_tsc+0x10/0x10 [ 21.931075] ? ktime_get_ts64+0x86/0x230 [ 21.931101] kunit_try_run_case+0x1a5/0x480 [ 21.931126] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.931147] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.931166] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.931190] ? __kthread_parkme+0x82/0x180 [ 21.931209] ? preempt_count_sub+0x50/0x80 [ 21.931232] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.931254] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.931275] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.931297] kthread+0x337/0x6f0 [ 21.931315] ? trace_preempt_on+0x20/0xc0 [ 21.931337] ? __pfx_kthread+0x10/0x10 [ 21.931356] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.931377] ? calculate_sigpending+0x7b/0xa0 [ 21.931399] ? __pfx_kthread+0x10/0x10 [ 21.931419] ret_from_fork+0x116/0x1d0 [ 21.931436] ? __pfx_kthread+0x10/0x10 [ 21.931455] ret_from_fork_asm+0x1a/0x30 [ 21.931483] </TASK> [ 21.931494] [ 21.944581] Allocated by task 201: [ 21.944715] kasan_save_stack+0x45/0x70 [ 21.945009] kasan_save_track+0x18/0x40 [ 21.945393] kasan_save_alloc_info+0x3b/0x50 [ 21.945794] __kasan_kmalloc+0xb7/0xc0 [ 21.946215] __kmalloc_cache_noprof+0x189/0x420 [ 21.946371] kmalloc_oob_memset_2+0xac/0x330 [ 21.946508] kunit_try_run_case+0x1a5/0x480 [ 21.946644] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.946857] kthread+0x337/0x6f0 [ 21.947260] ret_from_fork+0x116/0x1d0 [ 21.947623] ret_from_fork_asm+0x1a/0x30 [ 21.948087] [ 21.948280] The buggy address belongs to the object at ffff8881039c3500 [ 21.948280] which belongs to the cache kmalloc-128 of size 128 [ 21.949537] The buggy address is located 119 bytes inside of [ 21.949537] allocated 120-byte region [ffff8881039c3500, ffff8881039c3578) [ 21.950701] [ 21.950773] The buggy address belongs to the physical page: [ 21.951301] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039c3 [ 21.951676] flags: 0x200000000000000(node=0|zone=2) [ 21.951906] page_type: f5(slab) [ 21.952232] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 21.953038] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.953675] page dumped because: kasan: bad access detected [ 21.953891] [ 21.954054] Memory state around the buggy address: [ 21.954481] ffff8881039c3400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.955058] ffff8881039c3480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.955574] >ffff8881039c3500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.955870] ^ [ 21.956661] ffff8881039c3580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.957130] ffff8881039c3600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.958002] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 21.894620] ================================================================== [ 21.895923] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 21.896721] Write of size 128 at addr ffff88810257e900 by task kunit_try_catch/199 [ 21.897355] [ 21.897544] CPU: 0 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 21.897594] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.897607] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.897770] Call Trace: [ 21.897789] <TASK> [ 21.897808] dump_stack_lvl+0x73/0xb0 [ 21.897889] print_report+0xd1/0x650 [ 21.897912] ? __virt_addr_valid+0x1db/0x2d0 [ 21.897948] ? kmalloc_oob_in_memset+0x15f/0x320 [ 21.897971] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.897998] ? kmalloc_oob_in_memset+0x15f/0x320 [ 21.898021] kasan_report+0x141/0x180 [ 21.898043] ? kmalloc_oob_in_memset+0x15f/0x320 [ 21.898069] kasan_check_range+0x10c/0x1c0 [ 21.898093] __asan_memset+0x27/0x50 [ 21.898128] kmalloc_oob_in_memset+0x15f/0x320 [ 21.898151] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 21.898174] ? __schedule+0x10cc/0x2b60 [ 21.898200] ? __pfx_read_tsc+0x10/0x10 [ 21.898222] ? ktime_get_ts64+0x86/0x230 [ 21.898248] kunit_try_run_case+0x1a5/0x480 [ 21.898275] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.898299] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.898320] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.898346] ? __kthread_parkme+0x82/0x180 [ 21.898368] ? preempt_count_sub+0x50/0x80 [ 21.898393] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.898418] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.898441] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.898466] kthread+0x337/0x6f0 [ 21.898486] ? trace_preempt_on+0x20/0xc0 [ 21.898510] ? __pfx_kthread+0x10/0x10 [ 21.898532] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.898555] ? calculate_sigpending+0x7b/0xa0 [ 21.898580] ? __pfx_kthread+0x10/0x10 [ 21.898602] ret_from_fork+0x116/0x1d0 [ 21.898622] ? __pfx_kthread+0x10/0x10 [ 21.898643] ret_from_fork_asm+0x1a/0x30 [ 21.898673] </TASK> [ 21.898685] [ 21.911917] Allocated by task 199: [ 21.912268] kasan_save_stack+0x45/0x70 [ 21.912648] kasan_save_track+0x18/0x40 [ 21.913061] kasan_save_alloc_info+0x3b/0x50 [ 21.913442] __kasan_kmalloc+0xb7/0xc0 [ 21.913674] __kmalloc_cache_noprof+0x189/0x420 [ 21.913960] kmalloc_oob_in_memset+0xac/0x320 [ 21.914442] kunit_try_run_case+0x1a5/0x480 [ 21.914828] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.915300] kthread+0x337/0x6f0 [ 21.915541] ret_from_fork+0x116/0x1d0 [ 21.915665] ret_from_fork_asm+0x1a/0x30 [ 21.915793] [ 21.916143] The buggy address belongs to the object at ffff88810257e900 [ 21.916143] which belongs to the cache kmalloc-128 of size 128 [ 21.917371] The buggy address is located 0 bytes inside of [ 21.917371] allocated 120-byte region [ffff88810257e900, ffff88810257e978) [ 21.918063] [ 21.918166] The buggy address belongs to the physical page: [ 21.918663] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10257e [ 21.919234] flags: 0x200000000000000(node=0|zone=2) [ 21.919401] page_type: f5(slab) [ 21.919516] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 21.919736] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.920383] page dumped because: kasan: bad access detected [ 21.920998] [ 21.921152] Memory state around the buggy address: [ 21.921744] ffff88810257e800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.922505] ffff88810257e880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.923341] >ffff88810257e900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.924092] ^ [ 21.924868] ffff88810257e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.925265] ffff88810257ea00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.925824] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 21.858455] ================================================================== [ 21.859635] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x47b/0x4c0 [ 21.860141] Read of size 16 at addr ffff888102797f00 by task kunit_try_catch/197 [ 21.860927] [ 21.861346] CPU: 1 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 21.861401] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.861422] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.861443] Call Trace: [ 21.861457] <TASK> [ 21.861475] dump_stack_lvl+0x73/0xb0 [ 21.861506] print_report+0xd1/0x650 [ 21.861527] ? __virt_addr_valid+0x1db/0x2d0 [ 21.861550] ? kmalloc_uaf_16+0x47b/0x4c0 [ 21.861569] ? kasan_complete_mode_report_info+0x64/0x200 [ 21.861593] ? kmalloc_uaf_16+0x47b/0x4c0 [ 21.861611] kasan_report+0x141/0x180 [ 21.861632] ? kmalloc_uaf_16+0x47b/0x4c0 [ 21.861655] __asan_report_load16_noabort+0x18/0x20 [ 21.861677] kmalloc_uaf_16+0x47b/0x4c0 [ 21.861696] ? __pfx_kmalloc_uaf_16+0x10/0x10 [ 21.861715] ? __schedule+0x10cc/0x2b60 [ 21.861739] ? __pfx_read_tsc+0x10/0x10 [ 21.861761] ? ktime_get_ts64+0x86/0x230 [ 21.861786] kunit_try_run_case+0x1a5/0x480 [ 21.861811] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.861832] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.861852] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.861875] ? __kthread_parkme+0x82/0x180 [ 21.861894] ? preempt_count_sub+0x50/0x80 [ 21.861917] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.861950] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.861971] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.862029] kthread+0x337/0x6f0 [ 21.862047] ? trace_preempt_on+0x20/0xc0 [ 21.862069] ? __pfx_kthread+0x10/0x10 [ 21.862088] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.862110] ? calculate_sigpending+0x7b/0xa0 [ 21.862132] ? __pfx_kthread+0x10/0x10 [ 21.862152] ret_from_fork+0x116/0x1d0 [ 21.862169] ? __pfx_kthread+0x10/0x10 [ 21.862188] ret_from_fork_asm+0x1a/0x30 [ 21.862217] </TASK> [ 21.862227] [ 21.874738] Allocated by task 197: [ 21.875118] kasan_save_stack+0x45/0x70 [ 21.875542] kasan_save_track+0x18/0x40 [ 21.875985] kasan_save_alloc_info+0x3b/0x50 [ 21.876449] __kasan_kmalloc+0xb7/0xc0 [ 21.876796] __kmalloc_cache_noprof+0x189/0x420 [ 21.877238] kmalloc_uaf_16+0x15b/0x4c0 [ 21.877725] kunit_try_run_case+0x1a5/0x480 [ 21.878006] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.878220] kthread+0x337/0x6f0 [ 21.878545] ret_from_fork+0x116/0x1d0 [ 21.878903] ret_from_fork_asm+0x1a/0x30 [ 21.879369] [ 21.879719] Freed by task 197: [ 21.880017] kasan_save_stack+0x45/0x70 [ 21.880415] kasan_save_track+0x18/0x40 [ 21.880544] kasan_save_free_info+0x3f/0x60 [ 21.880680] __kasan_slab_free+0x56/0x70 [ 21.880807] kfree+0x222/0x3f0 [ 21.881173] kmalloc_uaf_16+0x1d6/0x4c0 [ 21.881596] kunit_try_run_case+0x1a5/0x480 [ 21.882042] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.882651] kthread+0x337/0x6f0 [ 21.883178] ret_from_fork+0x116/0x1d0 [ 21.883427] ret_from_fork_asm+0x1a/0x30 [ 21.883562] [ 21.883627] The buggy address belongs to the object at ffff888102797f00 [ 21.883627] which belongs to the cache kmalloc-16 of size 16 [ 21.884018] The buggy address is located 0 bytes inside of [ 21.884018] freed 16-byte region [ffff888102797f00, ffff888102797f10) [ 21.885175] [ 21.885413] The buggy address belongs to the physical page: [ 21.885718] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102797 [ 21.886141] flags: 0x200000000000000(node=0|zone=2) [ 21.886583] page_type: f5(slab) [ 21.886905] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 21.887678] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 21.888115] page dumped because: kasan: bad access detected [ 21.888289] [ 21.888365] Memory state around the buggy address: [ 21.888514] ffff888102797e00: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.888716] ffff888102797e80: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 21.888916] >ffff888102797f00: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.889512] ^ [ 21.889890] ffff888102797f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.890662] ffff888102798000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.891391] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 21.825356] ================================================================== [ 21.825955] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 21.826174] Write of size 16 at addr ffff8881016c5460 by task kunit_try_catch/195 [ 21.826391] [ 21.826475] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 21.826520] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.826532] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.826552] Call Trace: [ 21.826565] <TASK> [ 21.826581] dump_stack_lvl+0x73/0xb0 [ 21.826607] print_report+0xd1/0x650 [ 21.826626] ? __virt_addr_valid+0x1db/0x2d0 [ 21.826649] ? kmalloc_oob_16+0x452/0x4a0 [ 21.826667] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.826690] ? kmalloc_oob_16+0x452/0x4a0 [ 21.826709] kasan_report+0x141/0x180 [ 21.826728] ? kmalloc_oob_16+0x452/0x4a0 [ 21.826751] __asan_report_store16_noabort+0x1b/0x30 [ 21.826773] kmalloc_oob_16+0x452/0x4a0 [ 21.826792] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 21.826811] ? __schedule+0x10cc/0x2b60 [ 21.826834] ? __pfx_read_tsc+0x10/0x10 [ 21.826855] ? ktime_get_ts64+0x86/0x230 [ 21.826879] kunit_try_run_case+0x1a5/0x480 [ 21.826903] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.826924] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.827288] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.827321] ? __kthread_parkme+0x82/0x180 [ 21.827342] ? preempt_count_sub+0x50/0x80 [ 21.827364] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.827387] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.827583] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.827615] kthread+0x337/0x6f0 [ 21.827635] ? trace_preempt_on+0x20/0xc0 [ 21.827659] ? __pfx_kthread+0x10/0x10 [ 21.827678] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.827700] ? calculate_sigpending+0x7b/0xa0 [ 21.827722] ? __pfx_kthread+0x10/0x10 [ 21.827741] ret_from_fork+0x116/0x1d0 [ 21.827759] ? __pfx_kthread+0x10/0x10 [ 21.827778] ret_from_fork_asm+0x1a/0x30 [ 21.827830] </TASK> [ 21.827841] [ 21.844423] Allocated by task 195: [ 21.844902] kasan_save_stack+0x45/0x70 [ 21.845589] kasan_save_track+0x18/0x40 [ 21.845999] kasan_save_alloc_info+0x3b/0x50 [ 21.846559] __kasan_kmalloc+0xb7/0xc0 [ 21.847131] __kmalloc_cache_noprof+0x189/0x420 [ 21.847474] kmalloc_oob_16+0xa8/0x4a0 [ 21.847611] kunit_try_run_case+0x1a5/0x480 [ 21.847753] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.847928] kthread+0x337/0x6f0 [ 21.848098] ret_from_fork+0x116/0x1d0 [ 21.848278] ret_from_fork_asm+0x1a/0x30 [ 21.848491] [ 21.848643] The buggy address belongs to the object at ffff8881016c5460 [ 21.848643] which belongs to the cache kmalloc-16 of size 16 [ 21.849496] The buggy address is located 0 bytes inside of [ 21.849496] allocated 13-byte region [ffff8881016c5460, ffff8881016c546d) [ 21.850505] [ 21.850689] The buggy address belongs to the physical page: [ 21.851281] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1016c5 [ 21.852022] flags: 0x200000000000000(node=0|zone=2) [ 21.852186] page_type: f5(slab) [ 21.852302] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 21.852529] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 21.852748] page dumped because: kasan: bad access detected [ 21.852917] [ 21.852993] Memory state around the buggy address: [ 21.853198] ffff8881016c5300: 00 06 fc fc 00 06 fc fc fa fb fc fc fa fb fc fc [ 21.853431] ffff8881016c5380: fa fb fc fc fa fb fc fc fa fb fc fc 00 05 fc fc [ 21.853702] >ffff8881016c5400: fa fb fc fc fa fb fc fc fa fb fc fc 00 05 fc fc [ 21.854038] ^ [ 21.854402] ffff8881016c5480: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.854649] ffff8881016c5500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.854946] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 21.764096] ================================================================== [ 21.764856] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x1b8/0x5e0 [ 21.765124] Read of size 1 at addr ffff888100a8e000 by task kunit_try_catch/193 [ 21.765589] [ 21.765683] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 21.765735] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.765748] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.765767] Call Trace: [ 21.765779] <TASK> [ 21.765793] dump_stack_lvl+0x73/0xb0 [ 21.765820] print_report+0xd1/0x650 [ 21.765851] ? __virt_addr_valid+0x1db/0x2d0 [ 21.765874] ? krealloc_uaf+0x1b8/0x5e0 [ 21.765893] ? kasan_complete_mode_report_info+0x64/0x200 [ 21.765917] ? krealloc_uaf+0x1b8/0x5e0 [ 21.765969] kasan_report+0x141/0x180 [ 21.765991] ? krealloc_uaf+0x1b8/0x5e0 [ 21.766027] ? krealloc_uaf+0x1b8/0x5e0 [ 21.766047] __kasan_check_byte+0x3d/0x50 [ 21.766081] krealloc_noprof+0x3f/0x340 [ 21.766128] krealloc_uaf+0x1b8/0x5e0 [ 21.766147] ? __pfx_krealloc_uaf+0x10/0x10 [ 21.766166] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 21.766192] ? __pfx_krealloc_uaf+0x10/0x10 [ 21.766216] kunit_try_run_case+0x1a5/0x480 [ 21.766239] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.766260] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.766279] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.766304] ? __kthread_parkme+0x82/0x180 [ 21.766323] ? preempt_count_sub+0x50/0x80 [ 21.766344] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.766367] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.766388] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.766409] kthread+0x337/0x6f0 [ 21.766427] ? trace_preempt_on+0x20/0xc0 [ 21.766448] ? __pfx_kthread+0x10/0x10 [ 21.766467] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.766488] ? calculate_sigpending+0x7b/0xa0 [ 21.766528] ? __pfx_kthread+0x10/0x10 [ 21.766547] ret_from_fork+0x116/0x1d0 [ 21.766566] ? __pfx_kthread+0x10/0x10 [ 21.766585] ret_from_fork_asm+0x1a/0x30 [ 21.766629] </TASK> [ 21.766639] [ 21.777322] Allocated by task 193: [ 21.777719] kasan_save_stack+0x45/0x70 [ 21.777882] kasan_save_track+0x18/0x40 [ 21.778353] kasan_save_alloc_info+0x3b/0x50 [ 21.778710] __kasan_kmalloc+0xb7/0xc0 [ 21.779036] __kmalloc_cache_noprof+0x189/0x420 [ 21.779326] krealloc_uaf+0xbb/0x5e0 [ 21.779485] kunit_try_run_case+0x1a5/0x480 [ 21.779696] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.780223] kthread+0x337/0x6f0 [ 21.780469] ret_from_fork+0x116/0x1d0 [ 21.780764] ret_from_fork_asm+0x1a/0x30 [ 21.781135] [ 21.781213] Freed by task 193: [ 21.781619] kasan_save_stack+0x45/0x70 [ 21.781773] kasan_save_track+0x18/0x40 [ 21.781967] kasan_save_free_info+0x3f/0x60 [ 21.782198] __kasan_slab_free+0x56/0x70 [ 21.782583] kfree+0x222/0x3f0 [ 21.782865] krealloc_uaf+0x13d/0x5e0 [ 21.783181] kunit_try_run_case+0x1a5/0x480 [ 21.783398] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.783747] kthread+0x337/0x6f0 [ 21.783992] ret_from_fork+0x116/0x1d0 [ 21.784239] ret_from_fork_asm+0x1a/0x30 [ 21.784583] [ 21.784659] The buggy address belongs to the object at ffff888100a8e000 [ 21.784659] which belongs to the cache kmalloc-256 of size 256 [ 21.785529] The buggy address is located 0 bytes inside of [ 21.785529] freed 256-byte region [ffff888100a8e000, ffff888100a8e100) [ 21.786066] [ 21.786252] The buggy address belongs to the physical page: [ 21.786470] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a8e [ 21.787126] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.787673] anon flags: 0x200000000000040(head|node=0|zone=2) [ 21.788083] page_type: f5(slab) [ 21.788337] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 21.788913] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.789363] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 21.789800] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.790325] head: 0200000000000001 ffffea000402a381 00000000ffffffff 00000000ffffffff [ 21.790632] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 21.791129] page dumped because: kasan: bad access detected [ 21.791482] [ 21.791618] Memory state around the buggy address: [ 21.791868] ffff888100a8df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.792449] ffff888100a8df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.792799] >ffff888100a8e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.793314] ^ [ 21.793513] ffff888100a8e080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.794042] ffff888100a8e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.794378] ================================================================== [ 21.795174] ================================================================== [ 21.795488] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x53c/0x5e0 [ 21.795782] Read of size 1 at addr ffff888100a8e000 by task kunit_try_catch/193 [ 21.796091] [ 21.796230] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 21.796674] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.796687] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.796706] Call Trace: [ 21.796720] <TASK> [ 21.796735] dump_stack_lvl+0x73/0xb0 [ 21.796760] print_report+0xd1/0x650 [ 21.796780] ? __virt_addr_valid+0x1db/0x2d0 [ 21.796801] ? krealloc_uaf+0x53c/0x5e0 [ 21.796820] ? kasan_complete_mode_report_info+0x64/0x200 [ 21.796843] ? krealloc_uaf+0x53c/0x5e0 [ 21.796862] kasan_report+0x141/0x180 [ 21.796882] ? krealloc_uaf+0x53c/0x5e0 [ 21.796905] __asan_report_load1_noabort+0x18/0x20 [ 21.796927] krealloc_uaf+0x53c/0x5e0 [ 21.796957] ? __pfx_krealloc_uaf+0x10/0x10 [ 21.796977] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 21.797013] ? __pfx_krealloc_uaf+0x10/0x10 [ 21.797036] kunit_try_run_case+0x1a5/0x480 [ 21.797058] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.797079] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.797098] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.797129] ? __kthread_parkme+0x82/0x180 [ 21.797147] ? preempt_count_sub+0x50/0x80 [ 21.797169] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.797191] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.797212] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.797234] kthread+0x337/0x6f0 [ 21.797251] ? trace_preempt_on+0x20/0xc0 [ 21.797273] ? __pfx_kthread+0x10/0x10 [ 21.797292] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.797313] ? calculate_sigpending+0x7b/0xa0 [ 21.797335] ? __pfx_kthread+0x10/0x10 [ 21.797355] ret_from_fork+0x116/0x1d0 [ 21.797372] ? __pfx_kthread+0x10/0x10 [ 21.797391] ret_from_fork_asm+0x1a/0x30 [ 21.797419] </TASK> [ 21.797428] [ 21.805934] Allocated by task 193: [ 21.806340] kasan_save_stack+0x45/0x70 [ 21.806530] kasan_save_track+0x18/0x40 [ 21.806769] kasan_save_alloc_info+0x3b/0x50 [ 21.807045] __kasan_kmalloc+0xb7/0xc0 [ 21.807514] __kmalloc_cache_noprof+0x189/0x420 [ 21.807745] krealloc_uaf+0xbb/0x5e0 [ 21.807992] kunit_try_run_case+0x1a5/0x480 [ 21.808395] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.808669] kthread+0x337/0x6f0 [ 21.808786] ret_from_fork+0x116/0x1d0 [ 21.809212] ret_from_fork_asm+0x1a/0x30 [ 21.809458] [ 21.809542] Freed by task 193: [ 21.809648] kasan_save_stack+0x45/0x70 [ 21.809835] kasan_save_track+0x18/0x40 [ 21.810058] kasan_save_free_info+0x3f/0x60 [ 21.810566] __kasan_slab_free+0x56/0x70 [ 21.810748] kfree+0x222/0x3f0 [ 21.811021] krealloc_uaf+0x13d/0x5e0 [ 21.811399] kunit_try_run_case+0x1a5/0x480 [ 21.811652] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.812018] kthread+0x337/0x6f0 [ 21.812177] ret_from_fork+0x116/0x1d0 [ 21.812584] ret_from_fork_asm+0x1a/0x30 [ 21.812737] [ 21.812983] The buggy address belongs to the object at ffff888100a8e000 [ 21.812983] which belongs to the cache kmalloc-256 of size 256 [ 21.813646] The buggy address is located 0 bytes inside of [ 21.813646] freed 256-byte region [ffff888100a8e000, ffff888100a8e100) [ 21.814444] [ 21.814581] The buggy address belongs to the physical page: [ 21.814787] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a8e [ 21.815184] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.815494] anon flags: 0x200000000000040(head|node=0|zone=2) [ 21.816097] page_type: f5(slab) [ 21.816243] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 21.816698] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.817208] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 21.817664] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.818075] head: 0200000000000001 ffffea000402a381 00000000ffffffff 00000000ffffffff [ 21.818344] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 21.818917] page dumped because: kasan: bad access detected [ 21.819164] [ 21.819412] Memory state around the buggy address: [ 21.819582] ffff888100a8df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.820006] ffff888100a8df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.820457] >ffff888100a8e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.820809] ^ [ 21.821110] ffff888100a8e080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.821512] ffff888100a8e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.822061] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 21.605093] ================================================================== [ 21.605383] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 21.606285] Write of size 1 at addr ffff88810038c8eb by task kunit_try_catch/187 [ 21.606715] [ 21.606820] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 21.606901] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.606913] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.606958] Call Trace: [ 21.606972] <TASK> [ 21.606990] dump_stack_lvl+0x73/0xb0 [ 21.607018] print_report+0xd1/0x650 [ 21.607039] ? __virt_addr_valid+0x1db/0x2d0 [ 21.607061] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 21.607083] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.607106] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 21.607128] kasan_report+0x141/0x180 [ 21.607165] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 21.607191] __asan_report_store1_noabort+0x1b/0x30 [ 21.607214] krealloc_less_oob_helper+0xd47/0x11d0 [ 21.607237] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 21.607258] ? finish_task_switch.isra.0+0x153/0x700 [ 21.607279] ? __switch_to+0x47/0xf50 [ 21.607304] ? __schedule+0x10cc/0x2b60 [ 21.607327] ? __pfx_read_tsc+0x10/0x10 [ 21.607351] krealloc_less_oob+0x1c/0x30 [ 21.607370] kunit_try_run_case+0x1a5/0x480 [ 21.607396] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.607435] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.607454] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.607477] ? __kthread_parkme+0x82/0x180 [ 21.607512] ? preempt_count_sub+0x50/0x80 [ 21.607534] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.607556] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.607578] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.607599] kthread+0x337/0x6f0 [ 21.607617] ? trace_preempt_on+0x20/0xc0 [ 21.607640] ? __pfx_kthread+0x10/0x10 [ 21.607659] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.607681] ? calculate_sigpending+0x7b/0xa0 [ 21.607703] ? __pfx_kthread+0x10/0x10 [ 21.607722] ret_from_fork+0x116/0x1d0 [ 21.607739] ? __pfx_kthread+0x10/0x10 [ 21.607758] ret_from_fork_asm+0x1a/0x30 [ 21.607786] </TASK> [ 21.607796] [ 21.615037] Allocated by task 187: [ 21.615308] kasan_save_stack+0x45/0x70 [ 21.615562] kasan_save_track+0x18/0x40 [ 21.615774] kasan_save_alloc_info+0x3b/0x50 [ 21.615976] __kasan_krealloc+0x190/0x1f0 [ 21.616196] krealloc_noprof+0xf3/0x340 [ 21.616360] krealloc_less_oob_helper+0x1aa/0x11d0 [ 21.616577] krealloc_less_oob+0x1c/0x30 [ 21.616760] kunit_try_run_case+0x1a5/0x480 [ 21.616964] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.617184] kthread+0x337/0x6f0 [ 21.617413] ret_from_fork+0x116/0x1d0 [ 21.617579] ret_from_fork_asm+0x1a/0x30 [ 21.617727] [ 21.617814] The buggy address belongs to the object at ffff88810038c800 [ 21.617814] which belongs to the cache kmalloc-256 of size 256 [ 21.618377] The buggy address is located 34 bytes to the right of [ 21.618377] allocated 201-byte region [ffff88810038c800, ffff88810038c8c9) [ 21.618850] [ 21.618950] The buggy address belongs to the physical page: [ 21.619212] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10038c [ 21.619566] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.619869] flags: 0x200000000000040(head|node=0|zone=2) [ 21.620142] page_type: f5(slab) [ 21.620273] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 21.620606] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.620917] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 21.621338] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.621640] head: 0200000000000001 ffffea000400e301 00000000ffffffff 00000000ffffffff [ 21.622003] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 21.622341] page dumped because: kasan: bad access detected [ 21.622642] [ 21.622730] Memory state around the buggy address: [ 21.622997] ffff88810038c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.623301] ffff88810038c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.623599] >ffff88810038c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 21.623854] ^ [ 21.624050] ffff88810038c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.624253] ffff88810038c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.624460] ================================================================== [ 21.742038] ================================================================== [ 21.742354] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 21.742678] Write of size 1 at addr ffff88810291e0eb by task kunit_try_catch/191 [ 21.743065] [ 21.743295] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 21.743365] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.743377] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.743396] Call Trace: [ 21.743426] <TASK> [ 21.743440] dump_stack_lvl+0x73/0xb0 [ 21.743464] print_report+0xd1/0x650 [ 21.743483] ? __virt_addr_valid+0x1db/0x2d0 [ 21.743505] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 21.743527] ? kasan_addr_to_slab+0x11/0xa0 [ 21.743545] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 21.743566] kasan_report+0x141/0x180 [ 21.743607] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 21.743632] __asan_report_store1_noabort+0x1b/0x30 [ 21.743655] krealloc_less_oob_helper+0xd47/0x11d0 [ 21.743678] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 21.743700] ? irqentry_exit+0x2a/0x60 [ 21.743718] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 21.743746] krealloc_large_less_oob+0x1c/0x30 [ 21.743766] kunit_try_run_case+0x1a5/0x480 [ 21.743790] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.743843] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.743864] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.743963] ? __kthread_parkme+0x82/0x180 [ 21.743997] ? preempt_count_sub+0x50/0x80 [ 21.744018] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.744041] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.744077] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.744112] kthread+0x337/0x6f0 [ 21.744130] ? trace_preempt_on+0x20/0xc0 [ 21.744164] ? __pfx_kthread+0x10/0x10 [ 21.744196] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.744218] ? calculate_sigpending+0x7b/0xa0 [ 21.744240] ? __pfx_kthread+0x10/0x10 [ 21.744260] ret_from_fork+0x116/0x1d0 [ 21.744278] ? __pfx_kthread+0x10/0x10 [ 21.744306] ret_from_fork_asm+0x1a/0x30 [ 21.744342] </TASK> [ 21.744352] [ 21.752736] The buggy address belongs to the physical page: [ 21.753449] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10291c [ 21.753814] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.754416] flags: 0x200000000000040(head|node=0|zone=2) [ 21.754714] page_type: f8(unknown) [ 21.755241] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.755548] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.755852] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.756108] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.756586] head: 0200000000000002 ffffea00040a4701 00000000ffffffff 00000000ffffffff [ 21.757049] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.757290] page dumped because: kasan: bad access detected [ 21.757645] [ 21.757757] Memory state around the buggy address: [ 21.758023] ffff88810291df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.758360] ffff88810291e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.758610] >ffff88810291e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 21.758951] ^ [ 21.759307] ffff88810291e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.759628] ffff88810291e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.760115] ================================================================== [ 21.671956] ================================================================== [ 21.672510] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 21.672814] Write of size 1 at addr ffff88810291e0c9 by task kunit_try_catch/191 [ 21.673290] [ 21.673389] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 21.673436] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.673448] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.673611] Call Trace: [ 21.673655] <TASK> [ 21.673671] dump_stack_lvl+0x73/0xb0 [ 21.673700] print_report+0xd1/0x650 [ 21.673720] ? __virt_addr_valid+0x1db/0x2d0 [ 21.673743] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 21.673764] ? kasan_addr_to_slab+0x11/0xa0 [ 21.673783] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 21.673805] kasan_report+0x141/0x180 [ 21.673825] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 21.673850] __asan_report_store1_noabort+0x1b/0x30 [ 21.673872] krealloc_less_oob_helper+0xd70/0x11d0 [ 21.673895] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 21.673917] ? irqentry_exit+0x2a/0x60 [ 21.673996] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 21.674025] krealloc_large_less_oob+0x1c/0x30 [ 21.674045] kunit_try_run_case+0x1a5/0x480 [ 21.674071] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.674092] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.674111] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.674135] ? __kthread_parkme+0x82/0x180 [ 21.674154] ? preempt_count_sub+0x50/0x80 [ 21.674176] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.674198] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.674220] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.674242] kthread+0x337/0x6f0 [ 21.674259] ? trace_preempt_on+0x20/0xc0 [ 21.674282] ? __pfx_kthread+0x10/0x10 [ 21.674301] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.674322] ? calculate_sigpending+0x7b/0xa0 [ 21.674344] ? __pfx_kthread+0x10/0x10 [ 21.674364] ret_from_fork+0x116/0x1d0 [ 21.674382] ? __pfx_kthread+0x10/0x10 [ 21.674401] ret_from_fork_asm+0x1a/0x30 [ 21.674430] </TASK> [ 21.674440] [ 21.682005] The buggy address belongs to the physical page: [ 21.682314] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10291c [ 21.682538] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.683077] flags: 0x200000000000040(head|node=0|zone=2) [ 21.683366] page_type: f8(unknown) [ 21.683617] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.684166] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.684530] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.684964] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.685460] head: 0200000000000002 ffffea00040a4701 00000000ffffffff 00000000ffffffff [ 21.685758] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.686256] page dumped because: kasan: bad access detected [ 21.686564] [ 21.686630] Memory state around the buggy address: [ 21.686830] ffff88810291df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.687074] ffff88810291e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.687274] >ffff88810291e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 21.687611] ^ [ 21.687914] ffff88810291e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.688393] ffff88810291e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.689127] ================================================================== [ 21.690243] ================================================================== [ 21.690613] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 21.691356] Write of size 1 at addr ffff88810291e0d0 by task kunit_try_catch/191 [ 21.691813] [ 21.692148] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 21.692198] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.692210] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.692229] Call Trace: [ 21.692244] <TASK> [ 21.692258] dump_stack_lvl+0x73/0xb0 [ 21.692283] print_report+0xd1/0x650 [ 21.692303] ? __virt_addr_valid+0x1db/0x2d0 [ 21.692324] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 21.692356] ? kasan_addr_to_slab+0x11/0xa0 [ 21.692375] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 21.692396] kasan_report+0x141/0x180 [ 21.692416] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 21.692442] __asan_report_store1_noabort+0x1b/0x30 [ 21.692466] krealloc_less_oob_helper+0xe23/0x11d0 [ 21.692490] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 21.692512] ? irqentry_exit+0x2a/0x60 [ 21.692530] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 21.692558] krealloc_large_less_oob+0x1c/0x30 [ 21.692578] kunit_try_run_case+0x1a5/0x480 [ 21.692603] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.692624] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.692643] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.692666] ? __kthread_parkme+0x82/0x180 [ 21.692685] ? preempt_count_sub+0x50/0x80 [ 21.692706] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.692728] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.692750] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.692772] kthread+0x337/0x6f0 [ 21.692790] ? trace_preempt_on+0x20/0xc0 [ 21.692814] ? __pfx_kthread+0x10/0x10 [ 21.692832] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.692854] ? calculate_sigpending+0x7b/0xa0 [ 21.692876] ? __pfx_kthread+0x10/0x10 [ 21.692895] ret_from_fork+0x116/0x1d0 [ 21.692913] ? __pfx_kthread+0x10/0x10 [ 21.692931] ret_from_fork_asm+0x1a/0x30 [ 21.692970] </TASK> [ 21.692980] [ 21.700518] The buggy address belongs to the physical page: [ 21.700697] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10291c [ 21.701223] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.701555] flags: 0x200000000000040(head|node=0|zone=2) [ 21.702258] page_type: f8(unknown) [ 21.702511] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.702839] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.703219] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.703554] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.703776] head: 0200000000000002 ffffea00040a4701 00000000ffffffff 00000000ffffffff [ 21.704008] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.704543] page dumped because: kasan: bad access detected [ 21.704885] [ 21.705005] Memory state around the buggy address: [ 21.705258] ffff88810291df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.705651] ffff88810291e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.706039] >ffff88810291e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 21.706351] ^ [ 21.706611] ffff88810291e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.706832] ffff88810291e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.707161] ================================================================== [ 21.582132] ================================================================== [ 21.582424] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 21.582700] Write of size 1 at addr ffff88810038c8ea by task kunit_try_catch/187 [ 21.582929] [ 21.583060] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 21.583106] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.583117] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.583321] Call Trace: [ 21.583347] <TASK> [ 21.583366] dump_stack_lvl+0x73/0xb0 [ 21.583395] print_report+0xd1/0x650 [ 21.583416] ? __virt_addr_valid+0x1db/0x2d0 [ 21.583438] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 21.583459] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.583483] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 21.583505] kasan_report+0x141/0x180 [ 21.583525] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 21.583550] __asan_report_store1_noabort+0x1b/0x30 [ 21.583572] krealloc_less_oob_helper+0xe90/0x11d0 [ 21.583596] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 21.583618] ? finish_task_switch.isra.0+0x153/0x700 [ 21.583639] ? __switch_to+0x47/0xf50 [ 21.583664] ? __schedule+0x10cc/0x2b60 [ 21.583687] ? __pfx_read_tsc+0x10/0x10 [ 21.583710] krealloc_less_oob+0x1c/0x30 [ 21.583729] kunit_try_run_case+0x1a5/0x480 [ 21.583754] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.583774] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.583793] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.583816] ? __kthread_parkme+0x82/0x180 [ 21.583834] ? preempt_count_sub+0x50/0x80 [ 21.583855] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.583877] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.583899] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.583920] kthread+0x337/0x6f0 [ 21.583950] ? trace_preempt_on+0x20/0xc0 [ 21.583972] ? __pfx_kthread+0x10/0x10 [ 21.583991] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.584012] ? calculate_sigpending+0x7b/0xa0 [ 21.584035] ? __pfx_kthread+0x10/0x10 [ 21.584054] ret_from_fork+0x116/0x1d0 [ 21.584071] ? __pfx_kthread+0x10/0x10 [ 21.584090] ret_from_fork_asm+0x1a/0x30 [ 21.584118] </TASK> [ 21.584140] [ 21.591506] Allocated by task 187: [ 21.591686] kasan_save_stack+0x45/0x70 [ 21.591881] kasan_save_track+0x18/0x40 [ 21.592078] kasan_save_alloc_info+0x3b/0x50 [ 21.592275] __kasan_krealloc+0x190/0x1f0 [ 21.592411] krealloc_noprof+0xf3/0x340 [ 21.592541] krealloc_less_oob_helper+0x1aa/0x11d0 [ 21.592691] krealloc_less_oob+0x1c/0x30 [ 21.592819] kunit_try_run_case+0x1a5/0x480 [ 21.592967] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.593403] kthread+0x337/0x6f0 [ 21.593567] ret_from_fork+0x116/0x1d0 [ 21.593745] ret_from_fork_asm+0x1a/0x30 [ 21.593930] [ 21.594028] The buggy address belongs to the object at ffff88810038c800 [ 21.594028] which belongs to the cache kmalloc-256 of size 256 [ 21.594928] The buggy address is located 33 bytes to the right of [ 21.594928] allocated 201-byte region [ffff88810038c800, ffff88810038c8c9) [ 21.596277] [ 21.596361] The buggy address belongs to the physical page: [ 21.596609] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10038c [ 21.597026] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.598401] flags: 0x200000000000040(head|node=0|zone=2) [ 21.598683] page_type: f5(slab) [ 21.598851] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 21.599590] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.600053] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 21.600382] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.600781] head: 0200000000000001 ffffea000400e301 00000000ffffffff 00000000ffffffff [ 21.601217] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 21.601538] page dumped because: kasan: bad access detected [ 21.601772] [ 21.601855] Memory state around the buggy address: [ 21.602129] ffff88810038c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.602447] ffff88810038c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.602747] >ffff88810038c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 21.603172] ^ [ 21.603452] ffff88810038c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.603764] ffff88810038c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.604383] ================================================================== [ 21.541308] ================================================================== [ 21.541655] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 21.542081] Write of size 1 at addr ffff88810038c8d0 by task kunit_try_catch/187 [ 21.542464] [ 21.542548] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 21.542595] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.542606] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.542625] Call Trace: [ 21.542637] <TASK> [ 21.542653] dump_stack_lvl+0x73/0xb0 [ 21.542680] print_report+0xd1/0x650 [ 21.542699] ? __virt_addr_valid+0x1db/0x2d0 [ 21.542722] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 21.542743] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.542766] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 21.542788] kasan_report+0x141/0x180 [ 21.542807] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 21.542833] __asan_report_store1_noabort+0x1b/0x30 [ 21.542855] krealloc_less_oob_helper+0xe23/0x11d0 [ 21.542878] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 21.542899] ? finish_task_switch.isra.0+0x153/0x700 [ 21.542920] ? __switch_to+0x47/0xf50 [ 21.542957] ? __schedule+0x10cc/0x2b60 [ 21.542980] ? __pfx_read_tsc+0x10/0x10 [ 21.543003] krealloc_less_oob+0x1c/0x30 [ 21.543022] kunit_try_run_case+0x1a5/0x480 [ 21.543046] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.543067] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.543086] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.543109] ? __kthread_parkme+0x82/0x180 [ 21.543177] ? preempt_count_sub+0x50/0x80 [ 21.543198] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.543220] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.543243] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.543265] kthread+0x337/0x6f0 [ 21.543282] ? trace_preempt_on+0x20/0xc0 [ 21.543306] ? __pfx_kthread+0x10/0x10 [ 21.543325] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.543349] ? calculate_sigpending+0x7b/0xa0 [ 21.543372] ? __pfx_kthread+0x10/0x10 [ 21.543392] ret_from_fork+0x116/0x1d0 [ 21.543410] ? __pfx_kthread+0x10/0x10 [ 21.543428] ret_from_fork_asm+0x1a/0x30 [ 21.543456] </TASK> [ 21.543466] [ 21.550996] Allocated by task 187: [ 21.551122] kasan_save_stack+0x45/0x70 [ 21.551256] kasan_save_track+0x18/0x40 [ 21.551379] kasan_save_alloc_info+0x3b/0x50 [ 21.551517] __kasan_krealloc+0x190/0x1f0 [ 21.551645] krealloc_noprof+0xf3/0x340 [ 21.551774] krealloc_less_oob_helper+0x1aa/0x11d0 [ 21.551923] krealloc_less_oob+0x1c/0x30 [ 21.552490] kunit_try_run_case+0x1a5/0x480 [ 21.552713] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.553228] kthread+0x337/0x6f0 [ 21.553394] ret_from_fork+0x116/0x1d0 [ 21.553571] ret_from_fork_asm+0x1a/0x30 [ 21.553736] [ 21.553859] The buggy address belongs to the object at ffff88810038c800 [ 21.553859] which belongs to the cache kmalloc-256 of size 256 [ 21.554352] The buggy address is located 7 bytes to the right of [ 21.554352] allocated 201-byte region [ffff88810038c800, ffff88810038c8c9) [ 21.554714] [ 21.554777] The buggy address belongs to the physical page: [ 21.555248] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10038c [ 21.555612] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.555843] flags: 0x200000000000040(head|node=0|zone=2) [ 21.556042] page_type: f5(slab) [ 21.556262] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 21.556592] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.556861] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 21.557095] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.557714] head: 0200000000000001 ffffea000400e301 00000000ffffffff 00000000ffffffff [ 21.558050] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 21.558270] page dumped because: kasan: bad access detected [ 21.558491] [ 21.558578] Memory state around the buggy address: [ 21.558797] ffff88810038c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.559164] ffff88810038c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.559478] >ffff88810038c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 21.559759] ^ [ 21.560271] ffff88810038c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.560494] ffff88810038c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.560698] ================================================================== [ 21.707765] ================================================================== [ 21.708209] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 21.708666] Write of size 1 at addr ffff88810291e0da by task kunit_try_catch/191 [ 21.709035] [ 21.709141] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 21.709185] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.709196] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.709217] Call Trace: [ 21.709232] <TASK> [ 21.709246] dump_stack_lvl+0x73/0xb0 [ 21.709271] print_report+0xd1/0x650 [ 21.709291] ? __virt_addr_valid+0x1db/0x2d0 [ 21.709312] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 21.709333] ? kasan_addr_to_slab+0x11/0xa0 [ 21.709352] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 21.709373] kasan_report+0x141/0x180 [ 21.709393] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 21.709418] __asan_report_store1_noabort+0x1b/0x30 [ 21.709440] krealloc_less_oob_helper+0xec6/0x11d0 [ 21.709486] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 21.709508] ? irqentry_exit+0x2a/0x60 [ 21.709527] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 21.709570] krealloc_large_less_oob+0x1c/0x30 [ 21.709591] kunit_try_run_case+0x1a5/0x480 [ 21.709617] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.709639] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.709658] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.709681] ? __kthread_parkme+0x82/0x180 [ 21.709700] ? preempt_count_sub+0x50/0x80 [ 21.709722] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.709744] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.709766] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.709788] kthread+0x337/0x6f0 [ 21.709806] ? trace_preempt_on+0x20/0xc0 [ 21.709827] ? __pfx_kthread+0x10/0x10 [ 21.709863] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.709897] ? calculate_sigpending+0x7b/0xa0 [ 21.709919] ? __pfx_kthread+0x10/0x10 [ 21.709960] ret_from_fork+0x116/0x1d0 [ 21.709992] ? __pfx_kthread+0x10/0x10 [ 21.710011] ret_from_fork_asm+0x1a/0x30 [ 21.710040] </TASK> [ 21.710063] [ 21.717869] The buggy address belongs to the physical page: [ 21.718192] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10291c [ 21.718604] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.719145] flags: 0x200000000000040(head|node=0|zone=2) [ 21.719349] page_type: f8(unknown) [ 21.719505] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.719754] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.720316] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.720629] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.721264] head: 0200000000000002 ffffea00040a4701 00000000ffffffff 00000000ffffffff [ 21.721638] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.721987] page dumped because: kasan: bad access detected [ 21.722227] [ 21.722352] Memory state around the buggy address: [ 21.722546] ffff88810291df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.722749] ffff88810291e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.723345] >ffff88810291e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 21.723645] ^ [ 21.723896] ffff88810291e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.724484] ffff88810291e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.724801] ================================================================== [ 21.725192] ================================================================== [ 21.725419] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 21.725692] Write of size 1 at addr ffff88810291e0ea by task kunit_try_catch/191 [ 21.726118] [ 21.726287] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 21.726351] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.726363] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.726382] Call Trace: [ 21.726396] <TASK> [ 21.726428] dump_stack_lvl+0x73/0xb0 [ 21.726452] print_report+0xd1/0x650 [ 21.726472] ? __virt_addr_valid+0x1db/0x2d0 [ 21.726493] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 21.726514] ? kasan_addr_to_slab+0x11/0xa0 [ 21.726535] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 21.726556] kasan_report+0x141/0x180 [ 21.726576] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 21.726601] __asan_report_store1_noabort+0x1b/0x30 [ 21.726624] krealloc_less_oob_helper+0xe90/0x11d0 [ 21.726647] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 21.726669] ? irqentry_exit+0x2a/0x60 [ 21.726688] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 21.726717] krealloc_large_less_oob+0x1c/0x30 [ 21.726738] kunit_try_run_case+0x1a5/0x480 [ 21.726762] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.726802] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.726859] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.726885] ? __kthread_parkme+0x82/0x180 [ 21.726924] ? preempt_count_sub+0x50/0x80 [ 21.726958] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.726980] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.727002] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.727024] kthread+0x337/0x6f0 [ 21.727042] ? trace_preempt_on+0x20/0xc0 [ 21.727063] ? __pfx_kthread+0x10/0x10 [ 21.727098] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.727129] ? calculate_sigpending+0x7b/0xa0 [ 21.727152] ? __pfx_kthread+0x10/0x10 [ 21.727172] ret_from_fork+0x116/0x1d0 [ 21.727189] ? __pfx_kthread+0x10/0x10 [ 21.727208] ret_from_fork_asm+0x1a/0x30 [ 21.727237] </TASK> [ 21.727247] [ 21.734835] The buggy address belongs to the physical page: [ 21.735091] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10291c [ 21.735564] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.735791] flags: 0x200000000000040(head|node=0|zone=2) [ 21.735962] page_type: f8(unknown) [ 21.736313] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.736658] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.737230] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.737590] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.738038] head: 0200000000000002 ffffea00040a4701 00000000ffffffff 00000000ffffffff [ 21.738389] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.738713] page dumped because: kasan: bad access detected [ 21.738969] [ 21.739053] Memory state around the buggy address: [ 21.739267] ffff88810291df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.739635] ffff88810291e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.739844] >ffff88810291e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 21.740054] ^ [ 21.740682] ffff88810291e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.741324] ffff88810291e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.741637] ================================================================== [ 21.521110] ================================================================== [ 21.521542] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 21.521850] Write of size 1 at addr ffff88810038c8c9 by task kunit_try_catch/187 [ 21.522428] [ 21.522528] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 21.522576] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.522588] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.522609] Call Trace: [ 21.522621] <TASK> [ 21.522636] dump_stack_lvl+0x73/0xb0 [ 21.522663] print_report+0xd1/0x650 [ 21.522683] ? __virt_addr_valid+0x1db/0x2d0 [ 21.522705] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 21.522726] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.522750] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 21.522772] kasan_report+0x141/0x180 [ 21.522791] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 21.522817] __asan_report_store1_noabort+0x1b/0x30 [ 21.522838] krealloc_less_oob_helper+0xd70/0x11d0 [ 21.522862] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 21.522883] ? finish_task_switch.isra.0+0x153/0x700 [ 21.522903] ? __switch_to+0x47/0xf50 [ 21.522956] ? __schedule+0x10cc/0x2b60 [ 21.522980] ? __pfx_read_tsc+0x10/0x10 [ 21.523004] krealloc_less_oob+0x1c/0x30 [ 21.523023] kunit_try_run_case+0x1a5/0x480 [ 21.523047] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.523068] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.523088] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.523112] ? __kthread_parkme+0x82/0x180 [ 21.523130] ? preempt_count_sub+0x50/0x80 [ 21.523152] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.523175] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.523196] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.523218] kthread+0x337/0x6f0 [ 21.523236] ? trace_preempt_on+0x20/0xc0 [ 21.523258] ? __pfx_kthread+0x10/0x10 [ 21.523277] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.523298] ? calculate_sigpending+0x7b/0xa0 [ 21.523320] ? __pfx_kthread+0x10/0x10 [ 21.523340] ret_from_fork+0x116/0x1d0 [ 21.523357] ? __pfx_kthread+0x10/0x10 [ 21.523429] ret_from_fork_asm+0x1a/0x30 [ 21.523463] </TASK> [ 21.523473] [ 21.530959] Allocated by task 187: [ 21.531311] kasan_save_stack+0x45/0x70 [ 21.531484] kasan_save_track+0x18/0x40 [ 21.531642] kasan_save_alloc_info+0x3b/0x50 [ 21.531812] __kasan_krealloc+0x190/0x1f0 [ 21.532001] krealloc_noprof+0xf3/0x340 [ 21.532231] krealloc_less_oob_helper+0x1aa/0x11d0 [ 21.532463] krealloc_less_oob+0x1c/0x30 [ 21.532590] kunit_try_run_case+0x1a5/0x480 [ 21.532761] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.533277] kthread+0x337/0x6f0 [ 21.533449] ret_from_fork+0x116/0x1d0 [ 21.533619] ret_from_fork_asm+0x1a/0x30 [ 21.533768] [ 21.533856] The buggy address belongs to the object at ffff88810038c800 [ 21.533856] which belongs to the cache kmalloc-256 of size 256 [ 21.534381] The buggy address is located 0 bytes to the right of [ 21.534381] allocated 201-byte region [ffff88810038c800, ffff88810038c8c9) [ 21.534865] [ 21.534928] The buggy address belongs to the physical page: [ 21.535101] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10038c [ 21.535439] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.535781] flags: 0x200000000000040(head|node=0|zone=2) [ 21.535980] page_type: f5(slab) [ 21.536094] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 21.536514] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.536839] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 21.537166] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.537422] head: 0200000000000001 ffffea000400e301 00000000ffffffff 00000000ffffffff [ 21.537751] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 21.538045] page dumped because: kasan: bad access detected [ 21.538341] [ 21.538406] Memory state around the buggy address: [ 21.538597] ffff88810038c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.538802] ffff88810038c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.539018] >ffff88810038c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 21.539365] ^ [ 21.539614] ffff88810038c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.539918] ffff88810038c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.540222] ================================================================== [ 21.561181] ================================================================== [ 21.561771] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 21.562130] Write of size 1 at addr ffff88810038c8da by task kunit_try_catch/187 [ 21.562456] [ 21.562557] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 21.562601] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.562612] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.562632] Call Trace: [ 21.562649] <TASK> [ 21.562664] dump_stack_lvl+0x73/0xb0 [ 21.562687] print_report+0xd1/0x650 [ 21.562707] ? __virt_addr_valid+0x1db/0x2d0 [ 21.562728] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 21.562749] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.562773] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 21.562794] kasan_report+0x141/0x180 [ 21.562814] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 21.562839] __asan_report_store1_noabort+0x1b/0x30 [ 21.562861] krealloc_less_oob_helper+0xec6/0x11d0 [ 21.562884] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 21.562906] ? finish_task_switch.isra.0+0x153/0x700 [ 21.562925] ? __switch_to+0x47/0xf50 [ 21.562961] ? __schedule+0x10cc/0x2b60 [ 21.562984] ? __pfx_read_tsc+0x10/0x10 [ 21.563007] krealloc_less_oob+0x1c/0x30 [ 21.563026] kunit_try_run_case+0x1a5/0x480 [ 21.563049] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.563070] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.563089] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.563112] ? __kthread_parkme+0x82/0x180 [ 21.563187] ? preempt_count_sub+0x50/0x80 [ 21.563208] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.563231] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.563252] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.563274] kthread+0x337/0x6f0 [ 21.563292] ? trace_preempt_on+0x20/0xc0 [ 21.563314] ? __pfx_kthread+0x10/0x10 [ 21.563332] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.563354] ? calculate_sigpending+0x7b/0xa0 [ 21.563376] ? __pfx_kthread+0x10/0x10 [ 21.563395] ret_from_fork+0x116/0x1d0 [ 21.563412] ? __pfx_kthread+0x10/0x10 [ 21.563431] ret_from_fork_asm+0x1a/0x30 [ 21.563458] </TASK> [ 21.563468] [ 21.571260] Allocated by task 187: [ 21.571500] kasan_save_stack+0x45/0x70 [ 21.571638] kasan_save_track+0x18/0x40 [ 21.571762] kasan_save_alloc_info+0x3b/0x50 [ 21.571900] __kasan_krealloc+0x190/0x1f0 [ 21.572041] krealloc_noprof+0xf3/0x340 [ 21.572198] krealloc_less_oob_helper+0x1aa/0x11d0 [ 21.572608] krealloc_less_oob+0x1c/0x30 [ 21.572801] kunit_try_run_case+0x1a5/0x480 [ 21.573016] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.573346] kthread+0x337/0x6f0 [ 21.573457] ret_from_fork+0x116/0x1d0 [ 21.573577] ret_from_fork_asm+0x1a/0x30 [ 21.573703] [ 21.573765] The buggy address belongs to the object at ffff88810038c800 [ 21.573765] which belongs to the cache kmalloc-256 of size 256 [ 21.574115] The buggy address is located 17 bytes to the right of [ 21.574115] allocated 201-byte region [ffff88810038c800, ffff88810038c8c9) [ 21.575200] [ 21.575296] The buggy address belongs to the physical page: [ 21.575542] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10038c [ 21.575893] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.576230] flags: 0x200000000000040(head|node=0|zone=2) [ 21.576400] page_type: f5(slab) [ 21.576561] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 21.576780] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.577598] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 21.578057] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.578761] head: 0200000000000001 ffffea000400e301 00000000ffffffff 00000000ffffffff [ 21.579073] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 21.579420] page dumped because: kasan: bad access detected [ 21.579616] [ 21.579702] Memory state around the buggy address: [ 21.579872] ffff88810038c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.580088] ffff88810038c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.580296] >ffff88810038c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 21.580504] ^ [ 21.580866] ffff88810038c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.581282] ffff88810038c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.581593] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 21.632354] ================================================================== [ 21.632827] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 21.633469] Write of size 1 at addr ffff888102cce0eb by task kunit_try_catch/189 [ 21.633795] [ 21.633910] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 21.633994] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.634007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.634139] Call Trace: [ 21.634155] <TASK> [ 21.634172] dump_stack_lvl+0x73/0xb0 [ 21.634225] print_report+0xd1/0x650 [ 21.634249] ? __virt_addr_valid+0x1db/0x2d0 [ 21.634274] ? krealloc_more_oob_helper+0x821/0x930 [ 21.634296] ? kasan_addr_to_slab+0x11/0xa0 [ 21.634316] ? krealloc_more_oob_helper+0x821/0x930 [ 21.634339] kasan_report+0x141/0x180 [ 21.634362] ? krealloc_more_oob_helper+0x821/0x930 [ 21.634396] __asan_report_store1_noabort+0x1b/0x30 [ 21.634419] krealloc_more_oob_helper+0x821/0x930 [ 21.634440] ? __schedule+0x10cc/0x2b60 [ 21.634467] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 21.634490] ? finish_task_switch.isra.0+0x153/0x700 [ 21.634511] ? __switch_to+0x47/0xf50 [ 21.634543] ? __schedule+0x10cc/0x2b60 [ 21.634567] ? __pfx_read_tsc+0x10/0x10 [ 21.634596] krealloc_large_more_oob+0x1c/0x30 [ 21.634617] kunit_try_run_case+0x1a5/0x480 [ 21.634643] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.634664] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.634685] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.634710] ? __kthread_parkme+0x82/0x180 [ 21.634731] ? preempt_count_sub+0x50/0x80 [ 21.634757] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.634781] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.634804] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.634890] kthread+0x337/0x6f0 [ 21.634911] ? trace_preempt_on+0x20/0xc0 [ 21.634947] ? __pfx_kthread+0x10/0x10 [ 21.634968] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.634991] ? calculate_sigpending+0x7b/0xa0 [ 21.635015] ? __pfx_kthread+0x10/0x10 [ 21.635038] ret_from_fork+0x116/0x1d0 [ 21.635056] ? __pfx_kthread+0x10/0x10 [ 21.635077] ret_from_fork_asm+0x1a/0x30 [ 21.635129] </TASK> [ 21.635140] [ 21.643055] The buggy address belongs to the physical page: [ 21.643321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ccc [ 21.643681] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.644154] flags: 0x200000000000040(head|node=0|zone=2) [ 21.644360] page_type: f8(unknown) [ 21.644484] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.644834] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.645414] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.645743] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.646166] head: 0200000000000002 ffffea00040b3301 00000000ffffffff 00000000ffffffff [ 21.646641] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.647021] page dumped because: kasan: bad access detected [ 21.647247] [ 21.647308] Memory state around the buggy address: [ 21.647575] ffff888102ccdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.647873] ffff888102cce000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.648143] >ffff888102cce080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 21.648344] ^ [ 21.648697] ffff888102cce100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.649322] ffff888102cce180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.649617] ================================================================== [ 21.649915] ================================================================== [ 21.650271] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 21.650673] Write of size 1 at addr ffff888102cce0f0 by task kunit_try_catch/189 [ 21.651297] [ 21.651401] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 21.651447] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.651459] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.651479] Call Trace: [ 21.651492] <TASK> [ 21.651506] dump_stack_lvl+0x73/0xb0 [ 21.651532] print_report+0xd1/0x650 [ 21.651554] ? __virt_addr_valid+0x1db/0x2d0 [ 21.651578] ? krealloc_more_oob_helper+0x7eb/0x930 [ 21.651599] ? kasan_addr_to_slab+0x11/0xa0 [ 21.651619] ? krealloc_more_oob_helper+0x7eb/0x930 [ 21.651643] kasan_report+0x141/0x180 [ 21.651666] ? krealloc_more_oob_helper+0x7eb/0x930 [ 21.651700] __asan_report_store1_noabort+0x1b/0x30 [ 21.651723] krealloc_more_oob_helper+0x7eb/0x930 [ 21.651744] ? __schedule+0x10cc/0x2b60 [ 21.651770] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 21.651793] ? finish_task_switch.isra.0+0x153/0x700 [ 21.651813] ? __switch_to+0x47/0xf50 [ 21.651903] ? __schedule+0x10cc/0x2b60 [ 21.651929] ? __pfx_read_tsc+0x10/0x10 [ 21.651970] krealloc_large_more_oob+0x1c/0x30 [ 21.651992] kunit_try_run_case+0x1a5/0x480 [ 21.652018] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.652059] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.652093] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.652118] ? __kthread_parkme+0x82/0x180 [ 21.652151] ? preempt_count_sub+0x50/0x80 [ 21.652192] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.652218] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.652242] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.652279] kthread+0x337/0x6f0 [ 21.652312] ? trace_preempt_on+0x20/0xc0 [ 21.652342] ? __pfx_kthread+0x10/0x10 [ 21.652376] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.652413] ? calculate_sigpending+0x7b/0xa0 [ 21.652437] ? __pfx_kthread+0x10/0x10 [ 21.652460] ret_from_fork+0x116/0x1d0 [ 21.652478] ? __pfx_kthread+0x10/0x10 [ 21.652498] ret_from_fork_asm+0x1a/0x30 [ 21.652540] </TASK> [ 21.652550] [ 21.660959] The buggy address belongs to the physical page: [ 21.661240] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ccc [ 21.661610] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.661951] flags: 0x200000000000040(head|node=0|zone=2) [ 21.662262] page_type: f8(unknown) [ 21.662426] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.662685] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.662895] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.663378] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.663965] head: 0200000000000002 ffffea00040b3301 00000000ffffffff 00000000ffffffff [ 21.664347] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.664583] page dumped because: kasan: bad access detected [ 21.664802] [ 21.664929] Memory state around the buggy address: [ 21.665232] ffff888102ccdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.665558] ffff888102cce000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.665912] >ffff888102cce080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 21.666203] ^ [ 21.666521] ffff888102cce100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.666846] ffff888102cce180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.667333] ================================================================== [ 21.492553] ================================================================== [ 21.492978] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 21.493542] Write of size 1 at addr ffff88810038c6f0 by task kunit_try_catch/185 [ 21.494131] [ 21.494233] CPU: 0 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 21.494278] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.494290] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.494309] Call Trace: [ 21.494321] <TASK> [ 21.494335] dump_stack_lvl+0x73/0xb0 [ 21.494359] print_report+0xd1/0x650 [ 21.494378] ? __virt_addr_valid+0x1db/0x2d0 [ 21.494399] ? krealloc_more_oob_helper+0x7eb/0x930 [ 21.494428] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.494452] ? krealloc_more_oob_helper+0x7eb/0x930 [ 21.494473] kasan_report+0x141/0x180 [ 21.494493] ? krealloc_more_oob_helper+0x7eb/0x930 [ 21.494518] __asan_report_store1_noabort+0x1b/0x30 [ 21.494540] krealloc_more_oob_helper+0x7eb/0x930 [ 21.494560] ? __schedule+0x10cc/0x2b60 [ 21.494584] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 21.494606] ? finish_task_switch.isra.0+0x153/0x700 [ 21.494626] ? __switch_to+0x47/0xf50 [ 21.494649] ? __schedule+0x10cc/0x2b60 [ 21.494672] ? __pfx_read_tsc+0x10/0x10 [ 21.494695] krealloc_more_oob+0x1c/0x30 [ 21.494715] kunit_try_run_case+0x1a5/0x480 [ 21.494739] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.494760] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.494779] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.494802] ? __kthread_parkme+0x82/0x180 [ 21.494864] ? preempt_count_sub+0x50/0x80 [ 21.494885] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.494907] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.494929] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.494964] kthread+0x337/0x6f0 [ 21.494982] ? trace_preempt_on+0x20/0xc0 [ 21.495003] ? __pfx_kthread+0x10/0x10 [ 21.495022] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.495043] ? calculate_sigpending+0x7b/0xa0 [ 21.495065] ? __pfx_kthread+0x10/0x10 [ 21.495085] ret_from_fork+0x116/0x1d0 [ 21.495102] ? __pfx_kthread+0x10/0x10 [ 21.495121] ret_from_fork_asm+0x1a/0x30 [ 21.495148] </TASK> [ 21.495158] [ 21.503646] Allocated by task 185: [ 21.503873] kasan_save_stack+0x45/0x70 [ 21.504195] kasan_save_track+0x18/0x40 [ 21.504389] kasan_save_alloc_info+0x3b/0x50 [ 21.504575] __kasan_krealloc+0x190/0x1f0 [ 21.504751] krealloc_noprof+0xf3/0x340 [ 21.505023] krealloc_more_oob_helper+0x1a9/0x930 [ 21.505327] krealloc_more_oob+0x1c/0x30 [ 21.505459] kunit_try_run_case+0x1a5/0x480 [ 21.505661] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.505976] kthread+0x337/0x6f0 [ 21.506094] ret_from_fork+0x116/0x1d0 [ 21.506402] ret_from_fork_asm+0x1a/0x30 [ 21.507290] [ 21.507651] The buggy address belongs to the object at ffff88810038c600 [ 21.507651] which belongs to the cache kmalloc-256 of size 256 [ 21.508234] The buggy address is located 5 bytes to the right of [ 21.508234] allocated 235-byte region [ffff88810038c600, ffff88810038c6eb) [ 21.508666] [ 21.508760] The buggy address belongs to the physical page: [ 21.509022] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10038c [ 21.509370] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.509695] flags: 0x200000000000040(head|node=0|zone=2) [ 21.509986] page_type: f5(slab) [ 21.510165] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 21.510430] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.510744] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 21.511115] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.511386] head: 0200000000000001 ffffea000400e301 00000000ffffffff 00000000ffffffff [ 21.511609] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 21.511851] page dumped because: kasan: bad access detected [ 21.512101] [ 21.512186] Memory state around the buggy address: [ 21.512402] ffff88810038c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.512715] ffff88810038c600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.513025] >ffff88810038c680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 21.513496] ^ [ 21.513705] ffff88810038c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.514305] ffff88810038c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.514617] ================================================================== [ 21.471339] ================================================================== [ 21.472531] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 21.472970] Write of size 1 at addr ffff88810038c6eb by task kunit_try_catch/185 [ 21.473291] [ 21.473397] CPU: 0 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 21.473443] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.473455] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.473475] Call Trace: [ 21.473488] <TASK> [ 21.473502] dump_stack_lvl+0x73/0xb0 [ 21.473528] print_report+0xd1/0x650 [ 21.473548] ? __virt_addr_valid+0x1db/0x2d0 [ 21.473570] ? krealloc_more_oob_helper+0x821/0x930 [ 21.473591] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.473614] ? krealloc_more_oob_helper+0x821/0x930 [ 21.473635] kasan_report+0x141/0x180 [ 21.473655] ? krealloc_more_oob_helper+0x821/0x930 [ 21.473680] __asan_report_store1_noabort+0x1b/0x30 [ 21.473702] krealloc_more_oob_helper+0x821/0x930 [ 21.473722] ? __schedule+0x10cc/0x2b60 [ 21.473745] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 21.473767] ? finish_task_switch.isra.0+0x153/0x700 [ 21.473788] ? __switch_to+0x47/0xf50 [ 21.473813] ? __schedule+0x10cc/0x2b60 [ 21.473834] ? __pfx_read_tsc+0x10/0x10 [ 21.473857] krealloc_more_oob+0x1c/0x30 [ 21.473877] kunit_try_run_case+0x1a5/0x480 [ 21.473901] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.473922] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.473952] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.473975] ? __kthread_parkme+0x82/0x180 [ 21.473993] ? preempt_count_sub+0x50/0x80 [ 21.474013] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.474036] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.474057] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.474079] kthread+0x337/0x6f0 [ 21.474096] ? trace_preempt_on+0x20/0xc0 [ 21.474118] ? __pfx_kthread+0x10/0x10 [ 21.474154] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.474175] ? calculate_sigpending+0x7b/0xa0 [ 21.474197] ? __pfx_kthread+0x10/0x10 [ 21.474217] ret_from_fork+0x116/0x1d0 [ 21.474234] ? __pfx_kthread+0x10/0x10 [ 21.474253] ret_from_fork_asm+0x1a/0x30 [ 21.474281] </TASK> [ 21.474291] [ 21.481914] Allocated by task 185: [ 21.482101] kasan_save_stack+0x45/0x70 [ 21.482353] kasan_save_track+0x18/0x40 [ 21.482536] kasan_save_alloc_info+0x3b/0x50 [ 21.482706] __kasan_krealloc+0x190/0x1f0 [ 21.482834] krealloc_noprof+0xf3/0x340 [ 21.483067] krealloc_more_oob_helper+0x1a9/0x930 [ 21.483286] krealloc_more_oob+0x1c/0x30 [ 21.483473] kunit_try_run_case+0x1a5/0x480 [ 21.483661] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.483824] kthread+0x337/0x6f0 [ 21.484092] ret_from_fork+0x116/0x1d0 [ 21.484284] ret_from_fork_asm+0x1a/0x30 [ 21.484437] [ 21.484506] The buggy address belongs to the object at ffff88810038c600 [ 21.484506] which belongs to the cache kmalloc-256 of size 256 [ 21.484849] The buggy address is located 0 bytes to the right of [ 21.484849] allocated 235-byte region [ffff88810038c600, ffff88810038c6eb) [ 21.485682] [ 21.485776] The buggy address belongs to the physical page: [ 21.486028] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10038c [ 21.486766] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.487204] flags: 0x200000000000040(head|node=0|zone=2) [ 21.487374] page_type: f5(slab) [ 21.487485] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 21.487738] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.488075] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 21.488441] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.488822] head: 0200000000000001 ffffea000400e301 00000000ffffffff 00000000ffffffff [ 21.489192] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 21.489539] page dumped because: kasan: bad access detected [ 21.489794] [ 21.489916] Memory state around the buggy address: [ 21.490118] ffff88810038c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.490342] ffff88810038c600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.490549] >ffff88810038c680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 21.490857] ^ [ 21.491149] ffff88810038c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.491425] ffff88810038c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.491697] ==================================================================
Failure - kunit - drm_atomic_helper_connector_hdmi_check_drm_test_check_broadcast_rgb_full_cea_mode
<8>[ 264.454079] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_check_drm_test_check_broadcast_rgb_full_cea_mode RESULT=fail>
Failure - kunit - drm_test_connector_helper_tv_get_modes_check_None
<8>[ 271.231570] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_connector_helper_tv_get_modes_check_None RESULT=fail>
Failure - kunit - drm_modes_analog_tv_drm_modes_analog_tv
<8>[ 269.733369] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_modes_analog_tv_drm_modes_analog_tv RESULT=fail>
Failure - kunit - drm_modes_analog_tv_drm_test_modes_analog_tv_pal_576i_inlined
<8>[ 269.641775] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_modes_analog_tv_drm_test_modes_analog_tv_pal_576i_inlined RESULT=fail>
Failure - kunit - drm_modes_analog_tv_drm_test_modes_analog_tv_pal_576i
<8>[ 269.547476] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_modes_analog_tv_drm_test_modes_analog_tv_pal_576i RESULT=fail>
Failure - kunit - drm_modes_analog_tv_drm_test_modes_analog_tv_ntsc_480i_inlined
<8>[ 269.454179] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_modes_analog_tv_drm_test_modes_analog_tv_ntsc_480i_inlined RESULT=fail>
Failure - kunit - drm_modes_analog_tv_drm_test_modes_analog_tv_ntsc_480i
<8>[ 269.356669] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_modes_analog_tv_drm_test_modes_analog_tv_ntsc_480i RESULT=fail>
Failure - kunit - drm_modes_analog_tv_drm_test_modes_analog_tv_mono_576i
<8>[ 269.265080] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_modes_analog_tv_drm_test_modes_analog_tv_mono_576i RESULT=fail>
Failure - log-parser-boot - bug-bug-kernel-null-pointer-dereference-address
[ 178.851318] BUG: kernel NULL pointer dereference, address: 0000000000000690 [ 178.912154] BUG: kernel NULL pointer dereference, address: 0000000000000690 [ 178.875568] BUG: kernel NULL pointer dereference, address: 0000000000000690 [ 178.935300] BUG: kernel NULL pointer dereference, address: 0000000000000690
Failure - log-parser-boot - oops-oops-oops-smp-kasan-pti
[ 178.852777] Oops: Oops: 0002 [#49] SMP KASAN PTI [ 178.937913] Oops: Oops: 0002 [#52] SMP KASAN PTI [ 178.877358] Oops: Oops: 0002 [#50] SMP KASAN PTI [ 178.913088] Oops: Oops: 0002 [#51] SMP KASAN PTI
Failure - log-parser-boot - oops-oops-general-protection-fault-probably-for-non-canonical-address-smp-kasan-pti
[ 178.986360] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#54] SMP KASAN PTI [ 178.238150] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#25] SMP KASAN PTI [ 178.333110] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#29] SMP KASAN PTI [ 178.308392] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#28] SMP KASAN PTI [ 178.579988] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#38] SMP KASAN PTI [ 178.632354] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#40] SMP KASAN PTI [ 177.780312] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#9] SMP KASAN PTI [ 179.057523] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#57] SMP KASAN PTI [ 177.658368] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#4] SMP KASAN PTI [ 177.873483] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#12] SMP KASAN PTI [ 179.112988] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#59] SMP KASAN PTI [ 177.732674] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#7] SMP KASAN PTI [ 179.010001] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#55] SMP KASAN PTI [ 179.085202] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#58] SMP KASAN PTI [ 178.499187] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#35] SMP KASAN PTI [ 178.377448] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#31] SMP KASAN PTI [ 178.962486] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#53] SMP KASAN PTI [ 177.931315] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#14] SMP KASAN PTI [ 177.839187] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#11] SMP KASAN PTI [ 178.610794] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#39] SMP KASAN PTI [ 178.748242] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#45] SMP KASAN PTI [ 178.073488] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#19] SMP KASAN PTI [ 178.528424] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#36] SMP KASAN PTI [ 179.030979] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#56] SMP KASAN PTI [ 118.098740] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI [ 178.052276] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#18] SMP KASAN PTI [ 178.027476] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#17] SMP KASAN PTI [ 177.802747] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#10] SMP KASAN PTI [ 178.151130] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#22] SMP KASAN PTI [ 178.773122] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#46] SMP KASAN PTI [ 176.936344] Oops: general protection fault, probably for non-canonical address 0xe0b07c17000000d2: 0000 [#2] SMP KASAN PTI [ 178.127516] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#21] SMP KASAN PTI [ 178.282421] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#27] SMP KASAN PTI [ 178.698280] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#43] SMP KASAN PTI [ 178.199096] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#24] SMP KASAN PTI [ 178.725536] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#44] SMP KASAN PTI [ 178.823652] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#48] SMP KASAN PTI [ 177.710178] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#6] SMP KASAN PTI [ 178.464049] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#34] SMP KASAN PTI [ 177.683503] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#5] SMP KASAN PTI [ 178.177297] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#23] SMP KASAN PTI [ 178.353568] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#30] SMP KASAN PTI [ 178.678090] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#42] SMP KASAN PTI [ 177.757446] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#8] SMP KASAN PTI [ 178.406519] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#32] SMP KASAN PTI [ 178.260555] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#26] SMP KASAN PTI [ 178.555609] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#37] SMP KASAN PTI [ 177.900456] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#13] SMP KASAN PTI [ 177.995237] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#16] SMP KASAN PTI [ 178.653945] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#41] SMP KASAN PTI [ 178.798016] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#47] SMP KASAN PTI [ 178.442332] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#33] SMP KASAN PTI [ 177.959079] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#15] SMP KASAN PTI [ 177.631701] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#3] SMP KASAN PTI [ 178.102956] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#20] SMP KASAN PTI
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 58.036712] ================================================================== [ 58.037104] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0 [ 58.037104] [ 58.037444] Use-after-free read at 0x(____ptrval____) (in kfence-#134): [ 58.038064] test_krealloc+0x6fc/0xbe0 [ 58.038262] kunit_try_run_case+0x1a5/0x480 [ 58.038476] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 58.038700] kthread+0x337/0x6f0 [ 58.038862] ret_from_fork+0x116/0x1d0 [ 58.039043] ret_from_fork_asm+0x1a/0x30 [ 58.039610] [ 58.039705] kfence-#134: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 58.039705] [ 58.040257] allocated by task 366 on cpu 1 at 58.036120s (0.004134s ago): [ 58.040724] test_alloc+0x364/0x10f0 [ 58.040976] test_krealloc+0xad/0xbe0 [ 58.041248] kunit_try_run_case+0x1a5/0x480 [ 58.041504] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 58.041824] kthread+0x337/0x6f0 [ 58.041972] ret_from_fork+0x116/0x1d0 [ 58.042186] ret_from_fork_asm+0x1a/0x30 [ 58.042469] [ 58.042561] freed by task 366 on cpu 1 at 58.036348s (0.006210s ago): [ 58.042837] krealloc_noprof+0x108/0x340 [ 58.043025] test_krealloc+0x226/0xbe0 [ 58.043473] kunit_try_run_case+0x1a5/0x480 [ 58.043659] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 58.043894] kthread+0x337/0x6f0 [ 58.044262] ret_from_fork+0x116/0x1d0 [ 58.044452] ret_from_fork_asm+0x1a/0x30 [ 58.044735] [ 58.044854] CPU: 1 UID: 0 PID: 366 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 58.045531] Tainted: [B]=BAD_PAGE, [N]=TEST [ 58.045724] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 58.046088] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 57.952941] ================================================================== [ 57.953628] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 57.953628] [ 57.953971] Use-after-free read at 0x(____ptrval____) (in kfence-#133): [ 57.954501] test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 57.954723] kunit_try_run_case+0x1a5/0x480 [ 57.954869] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 57.955162] kthread+0x337/0x6f0 [ 57.955331] ret_from_fork+0x116/0x1d0 [ 57.955504] ret_from_fork_asm+0x1a/0x30 [ 57.955710] [ 57.955809] kfence-#133: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 57.955809] [ 57.956153] allocated by task 364 on cpu 1 at 57.932074s (0.024077s ago): [ 57.956515] test_alloc+0x2a6/0x10f0 [ 57.956718] test_memcache_typesafe_by_rcu+0x16f/0x670 [ 57.956903] kunit_try_run_case+0x1a5/0x480 [ 57.957105] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 57.957372] kthread+0x337/0x6f0 [ 57.957485] ret_from_fork+0x116/0x1d0 [ 57.957610] ret_from_fork_asm+0x1a/0x30 [ 57.957817] [ 57.957907] freed by task 364 on cpu 1 at 57.932183s (0.025722s ago): [ 57.958271] test_memcache_typesafe_by_rcu+0x1bf/0x670 [ 57.958529] kunit_try_run_case+0x1a5/0x480 [ 57.958717] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 57.958912] kthread+0x337/0x6f0 [ 57.959088] ret_from_fork+0x116/0x1d0 [ 57.959306] ret_from_fork_asm+0x1a/0x30 [ 57.959436] [ 57.959525] CPU: 1 UID: 0 PID: 364 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 57.960272] Tainted: [B]=BAD_PAGE, [N]=TEST [ 57.960455] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 57.960717] ==================================================================
Failure - kunit - drm_managed_drm_managed
<8>[ 268.519948] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_managed_drm_managed RESULT=fail>
Failure - log-parser-boot - kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 32.984231] ================================================================== [ 32.984719] BUG: KFENCE: invalid read in test_invalid_access+0xf0/0x210 [ 32.984719] [ 32.985248] Invalid read at 0x(____ptrval____): [ 32.985579] test_invalid_access+0xf0/0x210 [ 32.985724] kunit_try_run_case+0x1a5/0x480 [ 32.986000] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.986408] kthread+0x337/0x6f0 [ 32.986527] ret_from_fork+0x116/0x1d0 [ 32.986699] ret_from_fork_asm+0x1a/0x30 [ 32.986949] [ 32.987110] CPU: 1 UID: 0 PID: 360 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 32.987692] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.987861] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.988356] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 32.764641] ================================================================== [ 32.765067] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x24f/0x340 [ 32.765067] [ 32.765462] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#129): [ 32.766091] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 32.766350] kunit_try_run_case+0x1a5/0x480 [ 32.766521] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.766764] kthread+0x337/0x6f0 [ 32.766928] ret_from_fork+0x116/0x1d0 [ 32.767118] ret_from_fork_asm+0x1a/0x30 [ 32.767279] [ 32.767369] kfence-#129: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 32.767369] [ 32.767711] allocated by task 354 on cpu 1 at 32.764371s (0.003337s ago): [ 32.768033] test_alloc+0x364/0x10f0 [ 32.768216] test_kmalloc_aligned_oob_write+0xc8/0x340 [ 32.768462] kunit_try_run_case+0x1a5/0x480 [ 32.768632] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.768890] kthread+0x337/0x6f0 [ 32.769052] ret_from_fork+0x116/0x1d0 [ 32.769242] ret_from_fork_asm+0x1a/0x30 [ 32.769377] [ 32.769440] freed by task 354 on cpu 1 at 32.764516s (0.004921s ago): [ 32.769682] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 32.769915] kunit_try_run_case+0x1a5/0x480 [ 32.770093] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.770639] kthread+0x337/0x6f0 [ 32.770797] ret_from_fork+0x116/0x1d0 [ 32.770985] ret_from_fork_asm+0x1a/0x30 [ 32.771201] [ 32.771326] CPU: 1 UID: 0 PID: 354 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 32.771835] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.772046] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.772345] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 32.452402] ================================================================== [ 32.452784] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x27e/0x560 [ 32.452784] [ 32.453363] Out-of-bounds read at 0x(____ptrval____) (105B right of kfence-#126): [ 32.453651] test_kmalloc_aligned_oob_read+0x27e/0x560 [ 32.453844] kunit_try_run_case+0x1a5/0x480 [ 32.454046] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.454238] kthread+0x337/0x6f0 [ 32.454367] ret_from_fork+0x116/0x1d0 [ 32.454561] ret_from_fork_asm+0x1a/0x30 [ 32.454758] [ 32.454837] kfence-#126: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 32.454837] [ 32.455174] allocated by task 352 on cpu 1 at 32.452168s (0.003004s ago): [ 32.455506] test_alloc+0x364/0x10f0 [ 32.455681] test_kmalloc_aligned_oob_read+0x105/0x560 [ 32.455916] kunit_try_run_case+0x1a5/0x480 [ 32.456077] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.456244] kthread+0x337/0x6f0 [ 32.456385] ret_from_fork+0x116/0x1d0 [ 32.456563] ret_from_fork_asm+0x1a/0x30 [ 32.456750] [ 32.456874] CPU: 1 UID: 0 PID: 352 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 32.457485] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.457661] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.457969] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-test_corruption
[ 28.396190] ================================================================== [ 28.396571] BUG: KFENCE: memory corruption in test_corruption+0x131/0x3e0 [ 28.396571] [ 28.396922] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#87): [ 28.397576] test_corruption+0x131/0x3e0 [ 28.397746] kunit_try_run_case+0x1a5/0x480 [ 28.397926] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.398198] kthread+0x337/0x6f0 [ 28.398363] ret_from_fork+0x116/0x1d0 [ 28.398537] ret_from_fork_asm+0x1a/0x30 [ 28.398717] [ 28.398786] kfence-#87: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 28.398786] [ 28.399252] allocated by task 342 on cpu 1 at 28.396060s (0.003189s ago): [ 28.399536] test_alloc+0x2a6/0x10f0 [ 28.399665] test_corruption+0xe6/0x3e0 [ 28.399794] kunit_try_run_case+0x1a5/0x480 [ 28.399968] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.400267] kthread+0x337/0x6f0 [ 28.400485] ret_from_fork+0x116/0x1d0 [ 28.400751] ret_from_fork_asm+0x1a/0x30 [ 28.400898] [ 28.400971] freed by task 342 on cpu 1 at 28.396111s (0.004857s ago): [ 28.401169] test_corruption+0x131/0x3e0 [ 28.401294] kunit_try_run_case+0x1a5/0x480 [ 28.401474] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.401728] kthread+0x337/0x6f0 [ 28.401906] ret_from_fork+0x116/0x1d0 [ 28.402115] ret_from_fork_asm+0x1a/0x30 [ 28.402346] [ 28.402483] CPU: 1 UID: 0 PID: 342 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 28.403125] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.403322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.403671] ================================================================== [ 28.188511] ================================================================== [ 28.188893] BUG: KFENCE: memory corruption in test_corruption+0x2df/0x3e0 [ 28.188893] [ 28.189187] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#85): [ 28.189573] test_corruption+0x2df/0x3e0 [ 28.189756] kunit_try_run_case+0x1a5/0x480 [ 28.189947] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.190122] kthread+0x337/0x6f0 [ 28.190290] ret_from_fork+0x116/0x1d0 [ 28.190487] ret_from_fork_asm+0x1a/0x30 [ 28.190720] [ 28.190813] kfence-#85: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 28.190813] [ 28.191252] allocated by task 340 on cpu 0 at 28.188255s (0.002995s ago): [ 28.191472] test_alloc+0x364/0x10f0 [ 28.191630] test_corruption+0x1cb/0x3e0 [ 28.191818] kunit_try_run_case+0x1a5/0x480 [ 28.192035] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.192321] kthread+0x337/0x6f0 [ 28.192477] ret_from_fork+0x116/0x1d0 [ 28.192627] ret_from_fork_asm+0x1a/0x30 [ 28.192816] [ 28.192887] freed by task 340 on cpu 0 at 28.188335s (0.004549s ago): [ 28.193208] test_corruption+0x2df/0x3e0 [ 28.193360] kunit_try_run_case+0x1a5/0x480 [ 28.193499] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.193664] kthread+0x337/0x6f0 [ 28.193781] ret_from_fork+0x116/0x1d0 [ 28.193970] ret_from_fork_asm+0x1a/0x30 [ 28.194157] [ 28.194268] CPU: 0 UID: 0 PID: 340 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 28.194635] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.194769] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.195268] ================================================================== [ 28.604291] ================================================================== [ 28.604677] BUG: KFENCE: memory corruption in test_corruption+0x216/0x3e0 [ 28.604677] [ 28.605095] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#89): [ 28.605516] test_corruption+0x216/0x3e0 [ 28.605657] kunit_try_run_case+0x1a5/0x480 [ 28.605820] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.606110] kthread+0x337/0x6f0 [ 28.606298] ret_from_fork+0x116/0x1d0 [ 28.606532] ret_from_fork_asm+0x1a/0x30 [ 28.606737] [ 28.606805] kfence-#89: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 28.606805] [ 28.607135] allocated by task 342 on cpu 1 at 28.604160s (0.002965s ago): [ 28.607481] test_alloc+0x2a6/0x10f0 [ 28.607700] test_corruption+0x1cb/0x3e0 [ 28.607956] kunit_try_run_case+0x1a5/0x480 [ 28.608100] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.608575] kthread+0x337/0x6f0 [ 28.608769] ret_from_fork+0x116/0x1d0 [ 28.608996] ret_from_fork_asm+0x1a/0x30 [ 28.609179] [ 28.609288] freed by task 342 on cpu 1 at 28.604208s (0.005077s ago): [ 28.609597] test_corruption+0x216/0x3e0 [ 28.609808] kunit_try_run_case+0x1a5/0x480 [ 28.610034] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.610330] kthread+0x337/0x6f0 [ 28.610523] ret_from_fork+0x116/0x1d0 [ 28.610667] ret_from_fork_asm+0x1a/0x30 [ 28.610903] [ 28.611019] CPU: 1 UID: 0 PID: 342 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 28.611574] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.611780] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.612182] ================================================================== [ 28.084421] ================================================================== [ 28.084814] BUG: KFENCE: memory corruption in test_corruption+0x2d2/0x3e0 [ 28.084814] [ 28.085108] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#84): [ 28.085865] test_corruption+0x2d2/0x3e0 [ 28.086032] kunit_try_run_case+0x1a5/0x480 [ 28.086225] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.086472] kthread+0x337/0x6f0 [ 28.086592] ret_from_fork+0x116/0x1d0 [ 28.086749] ret_from_fork_asm+0x1a/0x30 [ 28.086947] [ 28.087037] kfence-#84: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 28.087037] [ 28.087410] allocated by task 340 on cpu 0 at 28.084172s (0.003236s ago): [ 28.087716] test_alloc+0x364/0x10f0 [ 28.087866] test_corruption+0xe6/0x3e0 [ 28.088062] kunit_try_run_case+0x1a5/0x480 [ 28.088312] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.088533] kthread+0x337/0x6f0 [ 28.088688] ret_from_fork+0x116/0x1d0 [ 28.088824] ret_from_fork_asm+0x1a/0x30 [ 28.089012] [ 28.089102] freed by task 340 on cpu 0 at 28.084253s (0.004845s ago): [ 28.089534] test_corruption+0x2d2/0x3e0 [ 28.089704] kunit_try_run_case+0x1a5/0x480 [ 28.089839] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.090051] kthread+0x337/0x6f0 [ 28.090207] ret_from_fork+0x116/0x1d0 [ 28.090438] ret_from_fork_asm+0x1a/0x30 [ 28.090604] [ 28.090704] CPU: 0 UID: 0 PID: 340 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 28.091089] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.091398] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.091794] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 27.980235] ================================================================== [ 27.980621] BUG: KFENCE: invalid free in test_invalid_addr_free+0xfb/0x260 [ 27.980621] [ 27.981020] Invalid free of 0x(____ptrval____) (in kfence-#83): [ 27.981377] test_invalid_addr_free+0xfb/0x260 [ 27.981565] kunit_try_run_case+0x1a5/0x480 [ 27.981772] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.982005] kthread+0x337/0x6f0 [ 27.982144] ret_from_fork+0x116/0x1d0 [ 27.982353] ret_from_fork_asm+0x1a/0x30 [ 27.982496] [ 27.982564] kfence-#83: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 27.982564] [ 27.982969] allocated by task 338 on cpu 1 at 27.980128s (0.002839s ago): [ 27.983432] test_alloc+0x2a6/0x10f0 [ 27.983629] test_invalid_addr_free+0xdb/0x260 [ 27.983813] kunit_try_run_case+0x1a5/0x480 [ 27.984004] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.984180] kthread+0x337/0x6f0 [ 27.984321] ret_from_fork+0x116/0x1d0 [ 27.984540] ret_from_fork_asm+0x1a/0x30 [ 27.984672] [ 27.984806] CPU: 1 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 27.985350] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.985483] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.985878] ================================================================== [ 27.876256] ================================================================== [ 27.876725] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1e1/0x260 [ 27.876725] [ 27.877010] Invalid free of 0x(____ptrval____) (in kfence-#82): [ 27.877531] test_invalid_addr_free+0x1e1/0x260 [ 27.877732] kunit_try_run_case+0x1a5/0x480 [ 27.877913] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.878234] kthread+0x337/0x6f0 [ 27.878356] ret_from_fork+0x116/0x1d0 [ 27.878483] ret_from_fork_asm+0x1a/0x30 [ 27.878734] [ 27.878892] kfence-#82: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 27.878892] [ 27.879412] allocated by task 336 on cpu 1 at 27.876136s (0.003274s ago): [ 27.879625] test_alloc+0x364/0x10f0 [ 27.879746] test_invalid_addr_free+0xdb/0x260 [ 27.880041] kunit_try_run_case+0x1a5/0x480 [ 27.880396] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.880600] kthread+0x337/0x6f0 [ 27.880733] ret_from_fork+0x116/0x1d0 [ 27.880856] ret_from_fork_asm+0x1a/0x30 [ 27.880999] [ 27.881102] CPU: 1 UID: 0 PID: 336 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 27.881635] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.881828] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.882215] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-free-in-test_double_free
[ 27.772401] ================================================================== [ 27.772754] BUG: KFENCE: invalid free in test_double_free+0x112/0x260 [ 27.772754] [ 27.773479] Invalid free of 0x(____ptrval____) (in kfence-#81): [ 27.773746] test_double_free+0x112/0x260 [ 27.773888] kunit_try_run_case+0x1a5/0x480 [ 27.774041] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.774253] kthread+0x337/0x6f0 [ 27.774373] ret_from_fork+0x116/0x1d0 [ 27.774559] ret_from_fork_asm+0x1a/0x30 [ 27.774728] [ 27.774795] kfence-#81: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 27.774795] [ 27.775247] allocated by task 334 on cpu 0 at 27.772149s (0.003095s ago): [ 27.775511] test_alloc+0x2a6/0x10f0 [ 27.775673] test_double_free+0xdb/0x260 [ 27.775821] kunit_try_run_case+0x1a5/0x480 [ 27.776033] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.776388] kthread+0x337/0x6f0 [ 27.776543] ret_from_fork+0x116/0x1d0 [ 27.776697] ret_from_fork_asm+0x1a/0x30 [ 27.776828] [ 27.776893] freed by task 334 on cpu 0 at 27.772207s (0.004683s ago): [ 27.777187] test_double_free+0xfa/0x260 [ 27.777379] kunit_try_run_case+0x1a5/0x480 [ 27.777706] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.777895] kthread+0x337/0x6f0 [ 27.778047] ret_from_fork+0x116/0x1d0 [ 27.778230] ret_from_fork_asm+0x1a/0x30 [ 27.778431] [ 27.778532] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 27.778995] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.779131] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.779451] ================================================================== [ 27.668468] ================================================================== [ 27.668918] BUG: KFENCE: invalid free in test_double_free+0x1d3/0x260 [ 27.668918] [ 27.669327] Invalid free of 0x(____ptrval____) (in kfence-#80): [ 27.669624] test_double_free+0x1d3/0x260 [ 27.669767] kunit_try_run_case+0x1a5/0x480 [ 27.669976] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.670336] kthread+0x337/0x6f0 [ 27.670453] ret_from_fork+0x116/0x1d0 [ 27.670578] ret_from_fork_asm+0x1a/0x30 [ 27.670797] [ 27.670908] kfence-#80: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 27.670908] [ 27.672001] allocated by task 332 on cpu 1 at 27.668205s (0.003791s ago): [ 27.672407] test_alloc+0x364/0x10f0 [ 27.672610] test_double_free+0xdb/0x260 [ 27.672810] kunit_try_run_case+0x1a5/0x480 [ 27.673376] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.673621] kthread+0x337/0x6f0 [ 27.673800] ret_from_fork+0x116/0x1d0 [ 27.674191] ret_from_fork_asm+0x1a/0x30 [ 27.674408] [ 27.674672] freed by task 332 on cpu 1 at 27.668267s (0.006401s ago): [ 27.674999] test_double_free+0x1e0/0x260 [ 27.675293] kunit_try_run_case+0x1a5/0x480 [ 27.675503] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.675857] kthread+0x337/0x6f0 [ 27.676143] ret_from_fork+0x116/0x1d0 [ 27.676320] ret_from_fork_asm+0x1a/0x30 [ 27.676678] [ 27.676905] CPU: 1 UID: 0 PID: 332 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 27.677480] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.677779] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.678292] ==================================================================
Failure - kunit - drm_managed_drm_test_managed_run_action
<8>[ 268.428093] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_managed_drm_test_managed_run_action RESULT=fail>
Failure - kunit - drm_managed_drm_test_managed_release_action
<8>[ 268.337653] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_managed_drm_test_managed_release_action RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_mode_valid_drm_atomic_helper_connector_hdmi_mode_valid
<8>[ 268.228536] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_mode_valid_drm_atomic_helper_connector_hdmi_mode_valid RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid_reject_max_clock
<8>[ 268.131936] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid_reject_max_clock RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid_reject_rate
<8>[ 268.038527] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid_reject_rate RESULT=fail>
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 27.356416] ================================================================== [ 27.356820] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 27.356820] [ 27.357182] Use-after-free read at 0x(____ptrval____) (in kfence-#77): [ 27.357454] test_use_after_free_read+0x129/0x270 [ 27.357684] kunit_try_run_case+0x1a5/0x480 [ 27.357920] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.358096] kthread+0x337/0x6f0 [ 27.358278] ret_from_fork+0x116/0x1d0 [ 27.358465] ret_from_fork_asm+0x1a/0x30 [ 27.358668] [ 27.358759] kfence-#77: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 27.358759] [ 27.359035] allocated by task 326 on cpu 0 at 27.356261s (0.002771s ago): [ 27.359345] test_alloc+0x2a6/0x10f0 [ 27.359569] test_use_after_free_read+0xdc/0x270 [ 27.359751] kunit_try_run_case+0x1a5/0x480 [ 27.359889] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.360116] kthread+0x337/0x6f0 [ 27.360292] ret_from_fork+0x116/0x1d0 [ 27.360514] ret_from_fork_asm+0x1a/0x30 [ 27.360739] [ 27.360820] freed by task 326 on cpu 0 at 27.356322s (0.004495s ago): [ 27.361114] test_use_after_free_read+0xfb/0x270 [ 27.361355] kunit_try_run_case+0x1a5/0x480 [ 27.361550] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.361755] kthread+0x337/0x6f0 [ 27.361929] ret_from_fork+0x116/0x1d0 [ 27.362086] ret_from_fork_asm+0x1a/0x30 [ 27.362338] [ 27.362455] CPU: 0 UID: 0 PID: 326 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 27.362809] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.362947] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.363336] ================================================================== [ 27.252487] ================================================================== [ 27.252919] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 27.252919] [ 27.253526] Use-after-free read at 0x(____ptrval____) (in kfence-#76): [ 27.253768] test_use_after_free_read+0x129/0x270 [ 27.254127] kunit_try_run_case+0x1a5/0x480 [ 27.254373] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.254585] kthread+0x337/0x6f0 [ 27.254797] ret_from_fork+0x116/0x1d0 [ 27.255048] ret_from_fork_asm+0x1a/0x30 [ 27.255257] [ 27.255378] kfence-#76: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 27.255378] [ 27.255797] allocated by task 324 on cpu 1 at 27.252235s (0.003560s ago): [ 27.256025] test_alloc+0x364/0x10f0 [ 27.256145] test_use_after_free_read+0xdc/0x270 [ 27.256325] kunit_try_run_case+0x1a5/0x480 [ 27.256576] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.256901] kthread+0x337/0x6f0 [ 27.257181] ret_from_fork+0x116/0x1d0 [ 27.257450] ret_from_fork_asm+0x1a/0x30 [ 27.257682] [ 27.257923] freed by task 324 on cpu 1 at 27.252318s (0.005508s ago): [ 27.258890] test_use_after_free_read+0x1e7/0x270 [ 27.259586] kunit_try_run_case+0x1a5/0x480 [ 27.259787] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.259997] kthread+0x337/0x6f0 [ 27.260160] ret_from_fork+0x116/0x1d0 [ 27.260374] ret_from_fork_asm+0x1a/0x30 [ 27.260634] [ 27.260766] CPU: 1 UID: 0 PID: 324 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 27.261271] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.261457] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.261860] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 26.836304] ================================================================== [ 26.836704] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 26.836704] [ 26.837218] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#72): [ 26.837550] test_out_of_bounds_write+0x10d/0x260 [ 26.837756] kunit_try_run_case+0x1a5/0x480 [ 26.838019] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.838262] kthread+0x337/0x6f0 [ 26.838421] ret_from_fork+0x116/0x1d0 [ 26.838558] ret_from_fork_asm+0x1a/0x30 [ 26.838687] [ 26.839199] kfence-#72: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 26.839199] [ 26.839639] allocated by task 320 on cpu 1 at 26.836166s (0.003471s ago): [ 26.839929] test_alloc+0x364/0x10f0 [ 26.840061] test_out_of_bounds_write+0xd4/0x260 [ 26.840335] kunit_try_run_case+0x1a5/0x480 [ 26.840511] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.840762] kthread+0x337/0x6f0 [ 26.840876] ret_from_fork+0x116/0x1d0 [ 26.841059] ret_from_fork_asm+0x1a/0x30 [ 26.841263] [ 26.841377] CPU: 1 UID: 0 PID: 320 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 26.841915] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.842295] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.842666] ================================================================== [ 27.148227] ================================================================== [ 27.148633] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 27.148633] [ 27.149089] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#75): [ 27.149436] test_out_of_bounds_write+0x10d/0x260 [ 27.149622] kunit_try_run_case+0x1a5/0x480 [ 27.149769] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.150030] kthread+0x337/0x6f0 [ 27.150304] ret_from_fork+0x116/0x1d0 [ 27.150470] ret_from_fork_asm+0x1a/0x30 [ 27.150605] [ 27.150672] kfence-#75: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 27.150672] [ 27.151060] allocated by task 322 on cpu 0 at 27.148158s (0.002899s ago): [ 27.151375] test_alloc+0x2a6/0x10f0 [ 27.151497] test_out_of_bounds_write+0xd4/0x260 [ 27.151642] kunit_try_run_case+0x1a5/0x480 [ 27.151925] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.152282] kthread+0x337/0x6f0 [ 27.152465] ret_from_fork+0x116/0x1d0 [ 27.152702] ret_from_fork_asm+0x1a/0x30 [ 27.152876] [ 27.152995] CPU: 0 UID: 0 PID: 322 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 27.153446] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.153641] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.154015] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 26.316426] ================================================================== [ 26.316832] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 26.316832] [ 26.317304] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#67): [ 26.317625] test_out_of_bounds_read+0x216/0x4e0 [ 26.317860] kunit_try_run_case+0x1a5/0x480 [ 26.318078] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.318393] kthread+0x337/0x6f0 [ 26.318517] ret_from_fork+0x116/0x1d0 [ 26.318697] ret_from_fork_asm+0x1a/0x30 [ 26.318959] [ 26.319076] kfence-#67: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 26.319076] [ 26.319512] allocated by task 316 on cpu 0 at 26.316165s (0.003344s ago): [ 26.319760] test_alloc+0x364/0x10f0 [ 26.319949] test_out_of_bounds_read+0x1e2/0x4e0 [ 26.320115] kunit_try_run_case+0x1a5/0x480 [ 26.320345] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.320594] kthread+0x337/0x6f0 [ 26.320718] ret_from_fork+0x116/0x1d0 [ 26.320922] ret_from_fork_asm+0x1a/0x30 [ 26.321080] [ 26.321210] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 26.321680] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.321832] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.322236] ================================================================== [ 26.420219] ================================================================== [ 26.420608] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 26.420608] [ 26.421084] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#68): [ 26.421343] test_out_of_bounds_read+0x126/0x4e0 [ 26.421554] kunit_try_run_case+0x1a5/0x480 [ 26.421698] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.421864] kthread+0x337/0x6f0 [ 26.422043] ret_from_fork+0x116/0x1d0 [ 26.422316] ret_from_fork_asm+0x1a/0x30 [ 26.422492] [ 26.422562] kfence-#68: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 26.422562] [ 26.422916] allocated by task 318 on cpu 1 at 26.420150s (0.002763s ago): [ 26.423323] test_alloc+0x2a6/0x10f0 [ 26.423481] test_out_of_bounds_read+0xed/0x4e0 [ 26.423668] kunit_try_run_case+0x1a5/0x480 [ 26.423808] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.423987] kthread+0x337/0x6f0 [ 26.424151] ret_from_fork+0x116/0x1d0 [ 26.424336] ret_from_fork_asm+0x1a/0x30 [ 26.424529] [ 26.424646] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 26.425226] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.425398] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.425701] ================================================================== [ 26.732217] ================================================================== [ 26.732609] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 26.732609] [ 26.733080] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#71): [ 26.733341] test_out_of_bounds_read+0x216/0x4e0 [ 26.733565] kunit_try_run_case+0x1a5/0x480 [ 26.733745] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.733958] kthread+0x337/0x6f0 [ 26.734076] ret_from_fork+0x116/0x1d0 [ 26.734222] ret_from_fork_asm+0x1a/0x30 [ 26.734416] [ 26.734504] kfence-#71: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 26.734504] [ 26.734827] allocated by task 318 on cpu 1 at 26.732157s (0.002667s ago): [ 26.735149] test_alloc+0x2a6/0x10f0 [ 26.735323] test_out_of_bounds_read+0x1e2/0x4e0 [ 26.735536] kunit_try_run_case+0x1a5/0x480 [ 26.735705] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.735871] kthread+0x337/0x6f0 [ 26.736003] ret_from_fork+0x116/0x1d0 [ 26.736181] ret_from_fork_asm+0x1a/0x30 [ 26.736393] [ 26.736508] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 26.736957] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.737157] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.737467] ================================================================== [ 26.109257] ================================================================== [ 26.109783] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 26.109783] [ 26.111003] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#65): [ 26.111460] test_out_of_bounds_read+0x126/0x4e0 [ 26.111699] kunit_try_run_case+0x1a5/0x480 [ 26.112096] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.112434] kthread+0x337/0x6f0 [ 26.112588] ret_from_fork+0x116/0x1d0 [ 26.112790] ret_from_fork_asm+0x1a/0x30 [ 26.113282] [ 26.113574] kfence-#65: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 26.113574] [ 26.114113] allocated by task 316 on cpu 0 at 26.108179s (0.005837s ago): [ 26.114631] test_alloc+0x364/0x10f0 [ 26.114816] test_out_of_bounds_read+0xed/0x4e0 [ 26.115018] kunit_try_run_case+0x1a5/0x480 [ 26.115281] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.115530] kthread+0x337/0x6f0 [ 26.115696] ret_from_fork+0x116/0x1d0 [ 26.115885] ret_from_fork_asm+0x1a/0x30 [ 26.116161] [ 26.116318] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 26.116832] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.117045] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.117414] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-drm_encoder_cleanup
[ 176.896720] ================================================================== [ 176.897498] BUG: KASAN: slab-use-after-free in drm_encoder_cleanup+0x265/0x270 [ 176.898263] Read of size 8 at addr ffff88810336bc70 by task kunit_try_catch/1678 [ 176.899029] [ 176.899184] CPU: 1 UID: 0 PID: 1678 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 176.899234] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 176.899248] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 176.899265] Call Trace: [ 176.899280] <TASK> [ 176.899301] dump_stack_lvl+0x73/0xb0 [ 176.899332] print_report+0xd1/0x650 [ 176.899357] ? __virt_addr_valid+0x1db/0x2d0 [ 176.899381] ? drm_encoder_cleanup+0x265/0x270 [ 176.899404] ? kasan_complete_mode_report_info+0x64/0x200 [ 176.899427] ? drm_encoder_cleanup+0x265/0x270 [ 176.899449] kasan_report+0x141/0x180 [ 176.899470] ? drm_encoder_cleanup+0x265/0x270 [ 176.899496] __asan_report_load8_noabort+0x18/0x20 [ 176.899519] drm_encoder_cleanup+0x265/0x270 [ 176.899542] drmm_encoder_alloc_release+0x36/0x60 [ 176.899561] drm_managed_release+0x15c/0x470 [ 176.899580] ? simple_release_fs+0x86/0xb0 [ 176.899605] drm_dev_put.part.0+0xa1/0x100 [ 176.899625] ? __pfx_devm_drm_dev_init_release+0x10/0x10 [ 176.899644] devm_drm_dev_init_release+0x17/0x30 [ 176.899663] devm_action_release+0x50/0x80 [ 176.899690] devres_release_all+0x186/0x240 [ 176.899710] ? __pfx_devres_release_all+0x10/0x10 [ 176.899729] ? kernfs_remove_by_name_ns+0x166/0x1d0 [ 176.899753] ? sysfs_remove_file_ns+0x56/0xa0 [ 176.899775] device_unbind_cleanup+0x1b/0x1b0 [ 176.899798] device_release_driver_internal+0x3e4/0x540 [ 176.899820] ? klist_devices_put+0x35/0x50 [ 176.899842] device_release_driver+0x16/0x20 [ 176.899863] bus_remove_device+0x1e9/0x3d0 [ 176.899887] device_del+0x397/0x980 [ 176.899925] ? __pfx_device_del+0x10/0x10 [ 176.899946] ? __kasan_check_write+0x18/0x20 [ 176.899966] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 176.899987] ? __pfx_device_unregister_wrapper+0x10/0x10 [ 176.900013] device_unregister+0x1b/0xa0 [ 176.900034] device_unregister_wrapper+0x12/0x20 [ 176.900054] __kunit_action_free+0x57/0x70 [ 176.900078] kunit_remove_resource+0x133/0x200 [ 176.900125] ? preempt_count_sub+0x50/0x80 [ 176.900158] kunit_cleanup+0x7a/0x120 [ 176.900183] kunit_try_run_case_cleanup+0xbd/0xf0 [ 176.900205] ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [ 176.900226] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 176.900248] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 176.900268] kthread+0x337/0x6f0 [ 176.900440] ? trace_preempt_on+0x20/0xc0 [ 176.900469] ? __pfx_kthread+0x10/0x10 [ 176.900489] ? _raw_spin_unlock_irq+0x47/0x80 [ 176.900512] ? calculate_sigpending+0x7b/0xa0 [ 176.900535] ? __pfx_kthread+0x10/0x10 [ 176.900555] ret_from_fork+0x116/0x1d0 [ 176.900574] ? __pfx_kthread+0x10/0x10 [ 176.900594] ret_from_fork_asm+0x1a/0x30 [ 176.900624] </TASK> [ 176.900636] [ 176.915078] Allocated by task 1677: [ 176.915458] kasan_save_stack+0x45/0x70 [ 176.915666] kasan_save_track+0x18/0x40 [ 176.916090] kasan_save_alloc_info+0x3b/0x50 [ 176.916300] __kasan_kmalloc+0xb7/0xc0 [ 176.916564] __kmalloc_noprof+0x1c9/0x500 [ 176.916873] __devm_drm_bridge_alloc+0x33/0x170 [ 176.917177] drm_test_bridge_init+0x188/0x5c0 [ 176.917391] drm_test_drm_bridge_get_current_state_atomic+0xea/0x870 [ 176.917814] kunit_try_run_case+0x1a5/0x480 [ 176.918267] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 176.918728] kthread+0x337/0x6f0 [ 176.918865] ret_from_fork+0x116/0x1d0 [ 176.919380] ret_from_fork_asm+0x1a/0x30 [ 176.919525] [ 176.919617] Freed by task 1678: [ 176.919775] kasan_save_stack+0x45/0x70 [ 176.920304] kasan_save_track+0x18/0x40 [ 176.920600] kasan_save_free_info+0x3f/0x60 [ 176.920967] __kasan_slab_free+0x56/0x70 [ 176.921289] kfree+0x222/0x3f0 [ 176.921553] drm_bridge_put.part.0+0xc7/0x100 [ 176.921959] drm_bridge_put_void+0x17/0x30 [ 176.922251] devm_action_release+0x50/0x80 [ 176.922543] devres_release_all+0x186/0x240 [ 176.922730] device_unbind_cleanup+0x1b/0x1b0 [ 176.922955] device_release_driver_internal+0x3e4/0x540 [ 176.923306] device_release_driver+0x16/0x20 [ 176.923520] bus_remove_device+0x1e9/0x3d0 [ 176.923708] device_del+0x397/0x980 [ 176.923835] device_unregister+0x1b/0xa0 [ 176.924084] device_unregister_wrapper+0x12/0x20 [ 176.924492] __kunit_action_free+0x57/0x70 [ 176.924653] kunit_remove_resource+0x133/0x200 [ 176.924984] kunit_cleanup+0x7a/0x120 [ 176.925268] kunit_try_run_case_cleanup+0xbd/0xf0 [ 176.925510] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 176.925746] kthread+0x337/0x6f0 [ 176.925987] ret_from_fork+0x116/0x1d0 [ 176.926214] ret_from_fork_asm+0x1a/0x30 [ 176.926424] [ 176.926532] The buggy address belongs to the object at ffff88810336bc00 [ 176.926532] which belongs to the cache kmalloc-512 of size 512 [ 176.927133] The buggy address is located 112 bytes inside of [ 176.927133] freed 512-byte region [ffff88810336bc00, ffff88810336be00) [ 176.927637] [ 176.927730] The buggy address belongs to the physical page: [ 176.928038] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103368 [ 176.928560] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 176.929102] flags: 0x200000000000040(head|node=0|zone=2) [ 176.929482] page_type: f5(slab) [ 176.929706] raw: 0200000000000040 ffff888100041c80 dead000000000122 0000000000000000 [ 176.930079] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 176.930567] head: 0200000000000040 ffff888100041c80 dead000000000122 0000000000000000 [ 176.930923] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 176.931437] head: 0200000000000002 ffffea00040cda01 00000000ffffffff 00000000ffffffff [ 176.931781] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 176.932256] page dumped because: kasan: bad access detected [ 176.932515] [ 176.932594] Memory state around the buggy address: [ 176.932809] ffff88810336bb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 176.933168] ffff88810336bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 176.933444] >ffff88810336bc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 176.933802] ^ [ 176.934059] ffff88810336bc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 176.934379] ffff88810336bd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 176.934712] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 25.878926] ================================================================== [ 25.879535] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 25.880221] Write of size 1 at addr ffff888102597c78 by task kunit_try_catch/314 [ 25.880483] [ 25.880595] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.880643] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.880698] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.880743] Call Trace: [ 25.880764] <TASK> [ 25.880782] dump_stack_lvl+0x73/0xb0 [ 25.880810] print_report+0xd1/0x650 [ 25.880833] ? __virt_addr_valid+0x1db/0x2d0 [ 25.880858] ? strncpy_from_user+0x1a5/0x1d0 [ 25.880883] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.880951] ? strncpy_from_user+0x1a5/0x1d0 [ 25.880976] kasan_report+0x141/0x180 [ 25.880997] ? strncpy_from_user+0x1a5/0x1d0 [ 25.881025] __asan_report_store1_noabort+0x1b/0x30 [ 25.881080] strncpy_from_user+0x1a5/0x1d0 [ 25.881107] copy_user_test_oob+0x760/0x10f0 [ 25.881133] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.881155] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 25.881182] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.881239] kunit_try_run_case+0x1a5/0x480 [ 25.881266] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.881289] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.881311] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.881336] ? __kthread_parkme+0x82/0x180 [ 25.881387] ? preempt_count_sub+0x50/0x80 [ 25.881411] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.881436] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.881459] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.881483] kthread+0x337/0x6f0 [ 25.881532] ? trace_preempt_on+0x20/0xc0 [ 25.881557] ? __pfx_kthread+0x10/0x10 [ 25.881578] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.881601] ? calculate_sigpending+0x7b/0xa0 [ 25.881625] ? __pfx_kthread+0x10/0x10 [ 25.881646] ret_from_fork+0x116/0x1d0 [ 25.881696] ? __pfx_kthread+0x10/0x10 [ 25.881716] ret_from_fork_asm+0x1a/0x30 [ 25.881746] </TASK> [ 25.881758] [ 25.888946] Allocated by task 314: [ 25.889171] kasan_save_stack+0x45/0x70 [ 25.889382] kasan_save_track+0x18/0x40 [ 25.889510] kasan_save_alloc_info+0x3b/0x50 [ 25.889746] __kasan_kmalloc+0xb7/0xc0 [ 25.889926] __kmalloc_noprof+0x1c9/0x500 [ 25.890129] kunit_kmalloc_array+0x25/0x60 [ 25.890368] copy_user_test_oob+0xab/0x10f0 [ 25.890566] kunit_try_run_case+0x1a5/0x480 [ 25.890791] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.891074] kthread+0x337/0x6f0 [ 25.891278] ret_from_fork+0x116/0x1d0 [ 25.891453] ret_from_fork_asm+0x1a/0x30 [ 25.891677] [ 25.891747] The buggy address belongs to the object at ffff888102597c00 [ 25.891747] which belongs to the cache kmalloc-128 of size 128 [ 25.892336] The buggy address is located 0 bytes to the right of [ 25.892336] allocated 120-byte region [ffff888102597c00, ffff888102597c78) [ 25.892852] [ 25.892986] The buggy address belongs to the physical page: [ 25.893288] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102597 [ 25.893637] flags: 0x200000000000000(node=0|zone=2) [ 25.893870] page_type: f5(slab) [ 25.894022] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.894434] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.894745] page dumped because: kasan: bad access detected [ 25.895000] [ 25.895092] Memory state around the buggy address: [ 25.895343] ffff888102597b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.895741] ffff888102597b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.895959] >ffff888102597c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.896164] ^ [ 25.896403] ffff888102597c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.896705] ffff888102597d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.897044] ================================================================== [ 25.860778] ================================================================== [ 25.861133] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 25.861545] Write of size 121 at addr ffff888102597c00 by task kunit_try_catch/314 [ 25.861883] [ 25.862009] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.862061] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.862075] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.862097] Call Trace: [ 25.862119] <TASK> [ 25.862140] dump_stack_lvl+0x73/0xb0 [ 25.862167] print_report+0xd1/0x650 [ 25.862190] ? __virt_addr_valid+0x1db/0x2d0 [ 25.862215] ? strncpy_from_user+0x2e/0x1d0 [ 25.862253] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.862279] ? strncpy_from_user+0x2e/0x1d0 [ 25.862303] kasan_report+0x141/0x180 [ 25.862362] ? strncpy_from_user+0x2e/0x1d0 [ 25.862389] kasan_check_range+0x10c/0x1c0 [ 25.862413] __kasan_check_write+0x18/0x20 [ 25.862436] strncpy_from_user+0x2e/0x1d0 [ 25.862458] ? __kasan_check_read+0x15/0x20 [ 25.862509] copy_user_test_oob+0x760/0x10f0 [ 25.862535] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.862557] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 25.862585] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.862611] kunit_try_run_case+0x1a5/0x480 [ 25.862639] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.862662] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.862684] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.862710] ? __kthread_parkme+0x82/0x180 [ 25.862731] ? preempt_count_sub+0x50/0x80 [ 25.862755] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.862780] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.862803] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.862827] kthread+0x337/0x6f0 [ 25.862847] ? trace_preempt_on+0x20/0xc0 [ 25.862870] ? __pfx_kthread+0x10/0x10 [ 25.862891] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.862914] ? calculate_sigpending+0x7b/0xa0 [ 25.862948] ? __pfx_kthread+0x10/0x10 [ 25.862969] ret_from_fork+0x116/0x1d0 [ 25.862989] ? __pfx_kthread+0x10/0x10 [ 25.863010] ret_from_fork_asm+0x1a/0x30 [ 25.863041] </TASK> [ 25.863052] [ 25.870000] Allocated by task 314: [ 25.870279] kasan_save_stack+0x45/0x70 [ 25.870538] kasan_save_track+0x18/0x40 [ 25.870675] kasan_save_alloc_info+0x3b/0x50 [ 25.870834] __kasan_kmalloc+0xb7/0xc0 [ 25.871016] __kmalloc_noprof+0x1c9/0x500 [ 25.871332] kunit_kmalloc_array+0x25/0x60 [ 25.871499] copy_user_test_oob+0xab/0x10f0 [ 25.871635] kunit_try_run_case+0x1a5/0x480 [ 25.871776] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.872029] kthread+0x337/0x6f0 [ 25.872360] ret_from_fork+0x116/0x1d0 [ 25.872525] ret_from_fork_asm+0x1a/0x30 [ 25.872723] [ 25.872799] The buggy address belongs to the object at ffff888102597c00 [ 25.872799] which belongs to the cache kmalloc-128 of size 128 [ 25.873473] The buggy address is located 0 bytes inside of [ 25.873473] allocated 120-byte region [ffff888102597c00, ffff888102597c78) [ 25.873992] [ 25.874108] The buggy address belongs to the physical page: [ 25.874346] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102597 [ 25.874718] flags: 0x200000000000000(node=0|zone=2) [ 25.874962] page_type: f5(slab) [ 25.875113] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.875445] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.875787] page dumped because: kasan: bad access detected [ 25.876041] [ 25.876133] Memory state around the buggy address: [ 25.876364] ffff888102597b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.876649] ffff888102597b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.876856] >ffff888102597c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.877134] ^ [ 25.877432] ffff888102597c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.877911] ffff888102597d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.878242] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 25.819244] ================================================================== [ 25.819563] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 25.820037] Write of size 121 at addr ffff888102597c00 by task kunit_try_catch/314 [ 25.820482] [ 25.820610] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.820665] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.820679] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.820704] Call Trace: [ 25.820726] <TASK> [ 25.820747] dump_stack_lvl+0x73/0xb0 [ 25.820778] print_report+0xd1/0x650 [ 25.820800] ? __virt_addr_valid+0x1db/0x2d0 [ 25.820824] ? copy_user_test_oob+0x557/0x10f0 [ 25.820848] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.820874] ? copy_user_test_oob+0x557/0x10f0 [ 25.820897] kasan_report+0x141/0x180 [ 25.820919] ? copy_user_test_oob+0x557/0x10f0 [ 25.820980] kasan_check_range+0x10c/0x1c0 [ 25.821005] __kasan_check_write+0x18/0x20 [ 25.821028] copy_user_test_oob+0x557/0x10f0 [ 25.821053] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.821076] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 25.821103] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.821130] kunit_try_run_case+0x1a5/0x480 [ 25.821157] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.821180] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.821201] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.821227] ? __kthread_parkme+0x82/0x180 [ 25.821248] ? preempt_count_sub+0x50/0x80 [ 25.821272] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.821296] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.821319] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.821344] kthread+0x337/0x6f0 [ 25.821364] ? trace_preempt_on+0x20/0xc0 [ 25.821388] ? __pfx_kthread+0x10/0x10 [ 25.821408] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.821431] ? calculate_sigpending+0x7b/0xa0 [ 25.821456] ? __pfx_kthread+0x10/0x10 [ 25.821478] ret_from_fork+0x116/0x1d0 [ 25.821499] ? __pfx_kthread+0x10/0x10 [ 25.821520] ret_from_fork_asm+0x1a/0x30 [ 25.821551] </TASK> [ 25.821565] [ 25.828165] Allocated by task 314: [ 25.828350] kasan_save_stack+0x45/0x70 [ 25.828568] kasan_save_track+0x18/0x40 [ 25.828711] kasan_save_alloc_info+0x3b/0x50 [ 25.828852] __kasan_kmalloc+0xb7/0xc0 [ 25.828990] __kmalloc_noprof+0x1c9/0x500 [ 25.829266] kunit_kmalloc_array+0x25/0x60 [ 25.829491] copy_user_test_oob+0xab/0x10f0 [ 25.829711] kunit_try_run_case+0x1a5/0x480 [ 25.829912] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.830177] kthread+0x337/0x6f0 [ 25.830321] ret_from_fork+0x116/0x1d0 [ 25.830494] ret_from_fork_asm+0x1a/0x30 [ 25.830637] [ 25.830702] The buggy address belongs to the object at ffff888102597c00 [ 25.830702] which belongs to the cache kmalloc-128 of size 128 [ 25.831124] The buggy address is located 0 bytes inside of [ 25.831124] allocated 120-byte region [ffff888102597c00, ffff888102597c78) [ 25.831661] [ 25.831733] The buggy address belongs to the physical page: [ 25.831900] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102597 [ 25.832521] flags: 0x200000000000000(node=0|zone=2) [ 25.832756] page_type: f5(slab) [ 25.832946] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.833258] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.833521] page dumped because: kasan: bad access detected [ 25.833684] [ 25.833747] Memory state around the buggy address: [ 25.833899] ffff888102597b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.834237] ffff888102597b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.834540] >ffff888102597c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.835107] ^ [ 25.835380] ffff888102597c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.835587] ffff888102597d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.835789] ================================================================== [ 25.771657] ================================================================== [ 25.772184] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 25.772683] Write of size 121 at addr ffff888102597c00 by task kunit_try_catch/314 [ 25.773202] [ 25.773469] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.773550] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.773566] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.773590] Call Trace: [ 25.773610] <TASK> [ 25.773630] dump_stack_lvl+0x73/0xb0 [ 25.773661] print_report+0xd1/0x650 [ 25.773684] ? __virt_addr_valid+0x1db/0x2d0 [ 25.773708] ? copy_user_test_oob+0x3fd/0x10f0 [ 25.773732] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.773758] ? copy_user_test_oob+0x3fd/0x10f0 [ 25.773781] kasan_report+0x141/0x180 [ 25.773803] ? copy_user_test_oob+0x3fd/0x10f0 [ 25.773830] kasan_check_range+0x10c/0x1c0 [ 25.773853] __kasan_check_write+0x18/0x20 [ 25.773876] copy_user_test_oob+0x3fd/0x10f0 [ 25.773900] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.773923] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 25.773962] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.773989] kunit_try_run_case+0x1a5/0x480 [ 25.774017] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.774040] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.774061] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.774087] ? __kthread_parkme+0x82/0x180 [ 25.774108] ? preempt_count_sub+0x50/0x80 [ 25.774133] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.774157] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.774181] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.774205] kthread+0x337/0x6f0 [ 25.774225] ? trace_preempt_on+0x20/0xc0 [ 25.774250] ? __pfx_kthread+0x10/0x10 [ 25.774271] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.774294] ? calculate_sigpending+0x7b/0xa0 [ 25.774320] ? __pfx_kthread+0x10/0x10 [ 25.774342] ret_from_fork+0x116/0x1d0 [ 25.774362] ? __pfx_kthread+0x10/0x10 [ 25.774383] ret_from_fork_asm+0x1a/0x30 [ 25.774414] </TASK> [ 25.774426] [ 25.783138] Allocated by task 314: [ 25.783504] kasan_save_stack+0x45/0x70 [ 25.783771] kasan_save_track+0x18/0x40 [ 25.783949] kasan_save_alloc_info+0x3b/0x50 [ 25.784352] __kasan_kmalloc+0xb7/0xc0 [ 25.784526] __kmalloc_noprof+0x1c9/0x500 [ 25.784709] kunit_kmalloc_array+0x25/0x60 [ 25.784900] copy_user_test_oob+0xab/0x10f0 [ 25.785102] kunit_try_run_case+0x1a5/0x480 [ 25.785581] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.785774] kthread+0x337/0x6f0 [ 25.786091] ret_from_fork+0x116/0x1d0 [ 25.786399] ret_from_fork_asm+0x1a/0x30 [ 25.786558] [ 25.786784] The buggy address belongs to the object at ffff888102597c00 [ 25.786784] which belongs to the cache kmalloc-128 of size 128 [ 25.787555] The buggy address is located 0 bytes inside of [ 25.787555] allocated 120-byte region [ffff888102597c00, ffff888102597c78) [ 25.788210] [ 25.788300] The buggy address belongs to the physical page: [ 25.788674] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102597 [ 25.789088] flags: 0x200000000000000(node=0|zone=2) [ 25.789435] page_type: f5(slab) [ 25.789572] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.790043] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.790516] page dumped because: kasan: bad access detected [ 25.790835] [ 25.790915] Memory state around the buggy address: [ 25.791264] ffff888102597b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.791551] ffff888102597b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.791854] >ffff888102597c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.792394] ^ [ 25.792692] ffff888102597c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.793043] ffff888102597d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.793432] ================================================================== [ 25.794370] ================================================================== [ 25.795069] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 25.795421] Read of size 121 at addr ffff888102597c00 by task kunit_try_catch/314 [ 25.795714] [ 25.796133] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.796192] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.796379] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.796407] Call Trace: [ 25.796431] <TASK> [ 25.796453] dump_stack_lvl+0x73/0xb0 [ 25.796483] print_report+0xd1/0x650 [ 25.796507] ? __virt_addr_valid+0x1db/0x2d0 [ 25.796532] ? copy_user_test_oob+0x4aa/0x10f0 [ 25.796555] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.796581] ? copy_user_test_oob+0x4aa/0x10f0 [ 25.796604] kasan_report+0x141/0x180 [ 25.796627] ? copy_user_test_oob+0x4aa/0x10f0 [ 25.796654] kasan_check_range+0x10c/0x1c0 [ 25.796677] __kasan_check_read+0x15/0x20 [ 25.796699] copy_user_test_oob+0x4aa/0x10f0 [ 25.796724] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.796746] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 25.796775] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.796802] kunit_try_run_case+0x1a5/0x480 [ 25.796830] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.796853] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.796874] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.796900] ? __kthread_parkme+0x82/0x180 [ 25.796921] ? preempt_count_sub+0x50/0x80 [ 25.796956] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.796981] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.797004] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.797029] kthread+0x337/0x6f0 [ 25.797049] ? trace_preempt_on+0x20/0xc0 [ 25.797073] ? __pfx_kthread+0x10/0x10 [ 25.797094] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.797126] ? calculate_sigpending+0x7b/0xa0 [ 25.797151] ? __pfx_kthread+0x10/0x10 [ 25.797172] ret_from_fork+0x116/0x1d0 [ 25.797192] ? __pfx_kthread+0x10/0x10 [ 25.797213] ret_from_fork_asm+0x1a/0x30 [ 25.797244] </TASK> [ 25.797256] [ 25.806783] Allocated by task 314: [ 25.807168] kasan_save_stack+0x45/0x70 [ 25.807495] kasan_save_track+0x18/0x40 [ 25.807768] kasan_save_alloc_info+0x3b/0x50 [ 25.808074] __kasan_kmalloc+0xb7/0xc0 [ 25.808464] __kmalloc_noprof+0x1c9/0x500 [ 25.808621] kunit_kmalloc_array+0x25/0x60 [ 25.809022] copy_user_test_oob+0xab/0x10f0 [ 25.809448] kunit_try_run_case+0x1a5/0x480 [ 25.809660] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.809893] kthread+0x337/0x6f0 [ 25.810066] ret_from_fork+0x116/0x1d0 [ 25.810484] ret_from_fork_asm+0x1a/0x30 [ 25.810659] [ 25.810918] The buggy address belongs to the object at ffff888102597c00 [ 25.810918] which belongs to the cache kmalloc-128 of size 128 [ 25.811665] The buggy address is located 0 bytes inside of [ 25.811665] allocated 120-byte region [ffff888102597c00, ffff888102597c78) [ 25.812411] [ 25.812503] The buggy address belongs to the physical page: [ 25.812923] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102597 [ 25.813436] flags: 0x200000000000000(node=0|zone=2) [ 25.813676] page_type: f5(slab) [ 25.813844] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.814436] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.814738] page dumped because: kasan: bad access detected [ 25.815072] [ 25.815168] Memory state around the buggy address: [ 25.815583] ffff888102597b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.815990] ffff888102597b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.816393] >ffff888102597c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.816792] ^ [ 25.817190] ffff888102597c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.817690] ffff888102597d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.818085] ================================================================== [ 25.837040] ================================================================== [ 25.837766] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 25.838636] Read of size 121 at addr ffff888102597c00 by task kunit_try_catch/314 [ 25.839239] [ 25.839502] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.839556] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.839571] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.839680] Call Trace: [ 25.839706] <TASK> [ 25.839843] dump_stack_lvl+0x73/0xb0 [ 25.839878] print_report+0xd1/0x650 [ 25.839901] ? __virt_addr_valid+0x1db/0x2d0 [ 25.839926] ? copy_user_test_oob+0x604/0x10f0 [ 25.839963] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.839989] ? copy_user_test_oob+0x604/0x10f0 [ 25.840012] kasan_report+0x141/0x180 [ 25.840034] ? copy_user_test_oob+0x604/0x10f0 [ 25.840061] kasan_check_range+0x10c/0x1c0 [ 25.840084] __kasan_check_read+0x15/0x20 [ 25.840107] copy_user_test_oob+0x604/0x10f0 [ 25.840142] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.840165] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 25.840192] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.840219] kunit_try_run_case+0x1a5/0x480 [ 25.840247] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.840270] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.840291] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.840317] ? __kthread_parkme+0x82/0x180 [ 25.840345] ? preempt_count_sub+0x50/0x80 [ 25.840368] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.840392] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.840416] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.840439] kthread+0x337/0x6f0 [ 25.840459] ? trace_preempt_on+0x20/0xc0 [ 25.840484] ? __pfx_kthread+0x10/0x10 [ 25.840504] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.840527] ? calculate_sigpending+0x7b/0xa0 [ 25.840551] ? __pfx_kthread+0x10/0x10 [ 25.840573] ret_from_fork+0x116/0x1d0 [ 25.840593] ? __pfx_kthread+0x10/0x10 [ 25.840613] ret_from_fork_asm+0x1a/0x30 [ 25.840644] </TASK> [ 25.840655] [ 25.849713] Allocated by task 314: [ 25.850055] kasan_save_stack+0x45/0x70 [ 25.850417] kasan_save_track+0x18/0x40 [ 25.850670] kasan_save_alloc_info+0x3b/0x50 [ 25.850958] __kasan_kmalloc+0xb7/0xc0 [ 25.851232] __kmalloc_noprof+0x1c9/0x500 [ 25.851435] kunit_kmalloc_array+0x25/0x60 [ 25.851631] copy_user_test_oob+0xab/0x10f0 [ 25.851831] kunit_try_run_case+0x1a5/0x480 [ 25.852032] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.852561] kthread+0x337/0x6f0 [ 25.852718] ret_from_fork+0x116/0x1d0 [ 25.853084] ret_from_fork_asm+0x1a/0x30 [ 25.853484] [ 25.853594] The buggy address belongs to the object at ffff888102597c00 [ 25.853594] which belongs to the cache kmalloc-128 of size 128 [ 25.854426] The buggy address is located 0 bytes inside of [ 25.854426] allocated 120-byte region [ffff888102597c00, ffff888102597c78) [ 25.855018] [ 25.855118] The buggy address belongs to the physical page: [ 25.855580] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102597 [ 25.855963] flags: 0x200000000000000(node=0|zone=2) [ 25.856321] page_type: f5(slab) [ 25.856680] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.857023] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.857546] page dumped because: kasan: bad access detected [ 25.857785] [ 25.857865] Memory state around the buggy address: [ 25.858098] ffff888102597b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.858396] ffff888102597b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.858672] >ffff888102597c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.859002] ^ [ 25.859389] ffff888102597c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.859625] ffff888102597d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.859971] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-_copy_to_user
[ 25.745908] ================================================================== [ 25.746326] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70 [ 25.746620] Read of size 121 at addr ffff888102597c00 by task kunit_try_catch/314 [ 25.747064] [ 25.747196] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.747284] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.747299] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.747322] Call Trace: [ 25.747344] <TASK> [ 25.747367] dump_stack_lvl+0x73/0xb0 [ 25.747397] print_report+0xd1/0x650 [ 25.747421] ? __virt_addr_valid+0x1db/0x2d0 [ 25.747445] ? _copy_to_user+0x3c/0x70 [ 25.747469] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.747496] ? _copy_to_user+0x3c/0x70 [ 25.747516] kasan_report+0x141/0x180 [ 25.747538] ? _copy_to_user+0x3c/0x70 [ 25.747562] kasan_check_range+0x10c/0x1c0 [ 25.747586] __kasan_check_read+0x15/0x20 [ 25.747608] _copy_to_user+0x3c/0x70 [ 25.747629] copy_user_test_oob+0x364/0x10f0 [ 25.747654] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.747676] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 25.747704] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.747730] kunit_try_run_case+0x1a5/0x480 [ 25.747755] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.747778] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.747798] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.747824] ? __kthread_parkme+0x82/0x180 [ 25.747845] ? preempt_count_sub+0x50/0x80 [ 25.747869] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.747893] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.747917] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.747955] kthread+0x337/0x6f0 [ 25.747997] ? trace_preempt_on+0x20/0xc0 [ 25.748023] ? __pfx_kthread+0x10/0x10 [ 25.748044] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.748067] ? calculate_sigpending+0x7b/0xa0 [ 25.748091] ? __pfx_kthread+0x10/0x10 [ 25.748113] ret_from_fork+0x116/0x1d0 [ 25.748145] ? __pfx_kthread+0x10/0x10 [ 25.748166] ret_from_fork_asm+0x1a/0x30 [ 25.748197] </TASK> [ 25.748208] [ 25.756885] Allocated by task 314: [ 25.757050] kasan_save_stack+0x45/0x70 [ 25.757393] kasan_save_track+0x18/0x40 [ 25.757659] kasan_save_alloc_info+0x3b/0x50 [ 25.757814] __kasan_kmalloc+0xb7/0xc0 [ 25.758160] __kmalloc_noprof+0x1c9/0x500 [ 25.758445] kunit_kmalloc_array+0x25/0x60 [ 25.758594] copy_user_test_oob+0xab/0x10f0 [ 25.758927] kunit_try_run_case+0x1a5/0x480 [ 25.759235] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.759427] kthread+0x337/0x6f0 [ 25.759676] ret_from_fork+0x116/0x1d0 [ 25.759842] ret_from_fork_asm+0x1a/0x30 [ 25.760028] [ 25.760111] The buggy address belongs to the object at ffff888102597c00 [ 25.760111] which belongs to the cache kmalloc-128 of size 128 [ 25.760601] The buggy address is located 0 bytes inside of [ 25.760601] allocated 120-byte region [ffff888102597c00, ffff888102597c78) [ 25.761472] [ 25.761568] The buggy address belongs to the physical page: [ 25.761879] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102597 [ 25.762379] flags: 0x200000000000000(node=0|zone=2) [ 25.762687] page_type: f5(slab) [ 25.762815] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.763310] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.763679] page dumped because: kasan: bad access detected [ 25.764019] [ 25.764096] Memory state around the buggy address: [ 25.764525] ffff888102597b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.764897] ffff888102597b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.765339] >ffff888102597c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.765672] ^ [ 25.765962] ffff888102597c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.766349] ffff888102597d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.766766] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-_copy_from_user
[ 25.719221] ================================================================== [ 25.719783] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 25.720093] Write of size 121 at addr ffff888102597c00 by task kunit_try_catch/314 [ 25.720834] [ 25.720979] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.721038] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.721053] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.721080] Call Trace: [ 25.721096] <TASK> [ 25.721121] dump_stack_lvl+0x73/0xb0 [ 25.721155] print_report+0xd1/0x650 [ 25.721183] ? __virt_addr_valid+0x1db/0x2d0 [ 25.721210] ? _copy_from_user+0x32/0x90 [ 25.721233] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.721259] ? _copy_from_user+0x32/0x90 [ 25.721279] kasan_report+0x141/0x180 [ 25.721301] ? _copy_from_user+0x32/0x90 [ 25.721326] kasan_check_range+0x10c/0x1c0 [ 25.721349] __kasan_check_write+0x18/0x20 [ 25.721372] _copy_from_user+0x32/0x90 [ 25.721393] copy_user_test_oob+0x2be/0x10f0 [ 25.721419] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.721442] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 25.721471] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.721497] kunit_try_run_case+0x1a5/0x480 [ 25.721522] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.721546] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.721568] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.721594] ? __kthread_parkme+0x82/0x180 [ 25.721617] ? preempt_count_sub+0x50/0x80 [ 25.721641] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.721666] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.721690] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.721715] kthread+0x337/0x6f0 [ 25.721735] ? trace_preempt_on+0x20/0xc0 [ 25.721761] ? __pfx_kthread+0x10/0x10 [ 25.721782] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.721806] ? calculate_sigpending+0x7b/0xa0 [ 25.721831] ? __pfx_kthread+0x10/0x10 [ 25.721853] ret_from_fork+0x116/0x1d0 [ 25.721873] ? __pfx_kthread+0x10/0x10 [ 25.721894] ret_from_fork_asm+0x1a/0x30 [ 25.721925] </TASK> [ 25.721949] [ 25.730523] Allocated by task 314: [ 25.730743] kasan_save_stack+0x45/0x70 [ 25.730963] kasan_save_track+0x18/0x40 [ 25.731119] kasan_save_alloc_info+0x3b/0x50 [ 25.731285] __kasan_kmalloc+0xb7/0xc0 [ 25.731467] __kmalloc_noprof+0x1c9/0x500 [ 25.731660] kunit_kmalloc_array+0x25/0x60 [ 25.731852] copy_user_test_oob+0xab/0x10f0 [ 25.732052] kunit_try_run_case+0x1a5/0x480 [ 25.732253] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.732533] kthread+0x337/0x6f0 [ 25.732651] ret_from_fork+0x116/0x1d0 [ 25.732777] ret_from_fork_asm+0x1a/0x30 [ 25.732910] [ 25.733008] The buggy address belongs to the object at ffff888102597c00 [ 25.733008] which belongs to the cache kmalloc-128 of size 128 [ 25.733870] The buggy address is located 0 bytes inside of [ 25.733870] allocated 120-byte region [ffff888102597c00, ffff888102597c78) [ 25.734887] [ 25.735057] The buggy address belongs to the physical page: [ 25.735707] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102597 [ 25.736439] flags: 0x200000000000000(node=0|zone=2) [ 25.736905] page_type: f5(slab) [ 25.737257] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.737924] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.738536] page dumped because: kasan: bad access detected [ 25.738706] [ 25.738769] Memory state around the buggy address: [ 25.738926] ffff888102597b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.739171] ffff888102597b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.739584] >ffff888102597c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.739877] ^ [ 25.740194] ffff888102597c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.741088] ffff888102597d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.741385] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 25.654336] ================================================================== [ 25.654833] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 25.655796] Read of size 8 at addr ffff888102597b78 by task kunit_try_catch/310 [ 25.656612] [ 25.656855] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.656914] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.656929] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.656965] Call Trace: [ 25.656981] <TASK> [ 25.657001] dump_stack_lvl+0x73/0xb0 [ 25.657032] print_report+0xd1/0x650 [ 25.657057] ? __virt_addr_valid+0x1db/0x2d0 [ 25.657134] ? copy_to_kernel_nofault+0x225/0x260 [ 25.657160] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.657185] ? copy_to_kernel_nofault+0x225/0x260 [ 25.657208] kasan_report+0x141/0x180 [ 25.657230] ? copy_to_kernel_nofault+0x225/0x260 [ 25.657257] __asan_report_load8_noabort+0x18/0x20 [ 25.657281] copy_to_kernel_nofault+0x225/0x260 [ 25.657305] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 25.657329] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 25.657352] ? finish_task_switch.isra.0+0x153/0x700 [ 25.657375] ? __schedule+0x10cc/0x2b60 [ 25.657400] ? trace_hardirqs_on+0x37/0xe0 [ 25.657431] ? __pfx_read_tsc+0x10/0x10 [ 25.657454] ? ktime_get_ts64+0x86/0x230 [ 25.657479] kunit_try_run_case+0x1a5/0x480 [ 25.657507] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.657529] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.657551] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.657576] ? __kthread_parkme+0x82/0x180 [ 25.657597] ? preempt_count_sub+0x50/0x80 [ 25.657619] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.657644] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.657668] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.657692] kthread+0x337/0x6f0 [ 25.657712] ? trace_preempt_on+0x20/0xc0 [ 25.657733] ? __pfx_kthread+0x10/0x10 [ 25.657754] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.657777] ? calculate_sigpending+0x7b/0xa0 [ 25.657818] ? __pfx_kthread+0x10/0x10 [ 25.657840] ret_from_fork+0x116/0x1d0 [ 25.657859] ? __pfx_kthread+0x10/0x10 [ 25.657880] ret_from_fork_asm+0x1a/0x30 [ 25.657911] </TASK> [ 25.657923] [ 25.671002] Allocated by task 310: [ 25.671354] kasan_save_stack+0x45/0x70 [ 25.671771] kasan_save_track+0x18/0x40 [ 25.672189] kasan_save_alloc_info+0x3b/0x50 [ 25.672666] __kasan_kmalloc+0xb7/0xc0 [ 25.673086] __kmalloc_cache_noprof+0x189/0x420 [ 25.673606] copy_to_kernel_nofault_oob+0x12f/0x560 [ 25.674140] kunit_try_run_case+0x1a5/0x480 [ 25.674625] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.675190] kthread+0x337/0x6f0 [ 25.675548] ret_from_fork+0x116/0x1d0 [ 25.675966] ret_from_fork_asm+0x1a/0x30 [ 25.676380] [ 25.676579] The buggy address belongs to the object at ffff888102597b00 [ 25.676579] which belongs to the cache kmalloc-128 of size 128 [ 25.677785] The buggy address is located 0 bytes to the right of [ 25.677785] allocated 120-byte region [ffff888102597b00, ffff888102597b78) [ 25.678926] [ 25.679142] The buggy address belongs to the physical page: [ 25.679683] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102597 [ 25.680445] flags: 0x200000000000000(node=0|zone=2) [ 25.680976] page_type: f5(slab) [ 25.681303] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.681669] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.682114] page dumped because: kasan: bad access detected [ 25.682449] [ 25.682534] Memory state around the buggy address: [ 25.682686] ffff888102597a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.682977] ffff888102597a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.683203] >ffff888102597b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.683781] ^ [ 25.684475] ffff888102597b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.685251] ffff888102597c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.685516] ================================================================== [ 25.686395] ================================================================== [ 25.686667] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 25.687301] Write of size 8 at addr ffff888102597b78 by task kunit_try_catch/310 [ 25.687954] [ 25.688126] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.688179] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.688193] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.688216] Call Trace: [ 25.688230] <TASK> [ 25.688251] dump_stack_lvl+0x73/0xb0 [ 25.688279] print_report+0xd1/0x650 [ 25.688303] ? __virt_addr_valid+0x1db/0x2d0 [ 25.688327] ? copy_to_kernel_nofault+0x99/0x260 [ 25.688354] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.688381] ? copy_to_kernel_nofault+0x99/0x260 [ 25.688403] kasan_report+0x141/0x180 [ 25.688424] ? copy_to_kernel_nofault+0x99/0x260 [ 25.688451] kasan_check_range+0x10c/0x1c0 [ 25.688475] __kasan_check_write+0x18/0x20 [ 25.688497] copy_to_kernel_nofault+0x99/0x260 [ 25.688521] copy_to_kernel_nofault_oob+0x288/0x560 [ 25.688544] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 25.688567] ? finish_task_switch.isra.0+0x153/0x700 [ 25.688604] ? __schedule+0x10cc/0x2b60 [ 25.688645] ? trace_hardirqs_on+0x37/0xe0 [ 25.688675] ? __pfx_read_tsc+0x10/0x10 [ 25.688698] ? ktime_get_ts64+0x86/0x230 [ 25.688723] kunit_try_run_case+0x1a5/0x480 [ 25.688750] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.688773] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.688795] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.688820] ? __kthread_parkme+0x82/0x180 [ 25.688841] ? preempt_count_sub+0x50/0x80 [ 25.688864] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.688888] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.688929] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.688963] kthread+0x337/0x6f0 [ 25.688983] ? trace_preempt_on+0x20/0xc0 [ 25.689005] ? __pfx_kthread+0x10/0x10 [ 25.689025] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.689048] ? calculate_sigpending+0x7b/0xa0 [ 25.689072] ? __pfx_kthread+0x10/0x10 [ 25.689093] ret_from_fork+0x116/0x1d0 [ 25.689112] ? __pfx_kthread+0x10/0x10 [ 25.689139] ret_from_fork_asm+0x1a/0x30 [ 25.689170] </TASK> [ 25.689183] [ 25.696650] Allocated by task 310: [ 25.696831] kasan_save_stack+0x45/0x70 [ 25.697077] kasan_save_track+0x18/0x40 [ 25.697282] kasan_save_alloc_info+0x3b/0x50 [ 25.697448] __kasan_kmalloc+0xb7/0xc0 [ 25.697584] __kmalloc_cache_noprof+0x189/0x420 [ 25.697731] copy_to_kernel_nofault_oob+0x12f/0x560 [ 25.697928] kunit_try_run_case+0x1a5/0x480 [ 25.698138] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.698436] kthread+0x337/0x6f0 [ 25.698559] ret_from_fork+0x116/0x1d0 [ 25.698791] ret_from_fork_asm+0x1a/0x30 [ 25.698924] [ 25.698999] The buggy address belongs to the object at ffff888102597b00 [ 25.698999] which belongs to the cache kmalloc-128 of size 128 [ 25.699596] The buggy address is located 0 bytes to the right of [ 25.699596] allocated 120-byte region [ffff888102597b00, ffff888102597b78) [ 25.700189] [ 25.700265] The buggy address belongs to the physical page: [ 25.700473] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102597 [ 25.701019] flags: 0x200000000000000(node=0|zone=2) [ 25.701228] page_type: f5(slab) [ 25.701377] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.701627] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.702049] page dumped because: kasan: bad access detected [ 25.702279] [ 25.702359] Memory state around the buggy address: [ 25.702547] ffff888102597a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.703088] ffff888102597a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.703400] >ffff888102597b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.703621] ^ [ 25.703827] ffff888102597b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.704043] ffff888102597c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.704251] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 24.881342] ================================================================== [ 24.881616] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a1c/0x5450 [ 24.882408] Read of size 4 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 24.882925] [ 24.883113] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.883222] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.883240] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.883263] Call Trace: [ 24.883285] <TASK> [ 24.883305] dump_stack_lvl+0x73/0xb0 [ 24.883333] print_report+0xd1/0x650 [ 24.883354] ? __virt_addr_valid+0x1db/0x2d0 [ 24.883379] ? kasan_atomics_helper+0x4a1c/0x5450 [ 24.883400] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.883425] ? kasan_atomics_helper+0x4a1c/0x5450 [ 24.883448] kasan_report+0x141/0x180 [ 24.883470] ? kasan_atomics_helper+0x4a1c/0x5450 [ 24.883497] __asan_report_load4_noabort+0x18/0x20 [ 24.883523] kasan_atomics_helper+0x4a1c/0x5450 [ 24.883545] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.883566] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.883593] ? kasan_atomics+0x152/0x310 [ 24.883619] kasan_atomics+0x1dc/0x310 [ 24.883641] ? __pfx_kasan_atomics+0x10/0x10 [ 24.883662] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 24.883685] ? __pfx_read_tsc+0x10/0x10 [ 24.883707] ? ktime_get_ts64+0x86/0x230 [ 24.883733] kunit_try_run_case+0x1a5/0x480 [ 24.883761] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.883784] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 24.883805] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.883830] ? __kthread_parkme+0x82/0x180 [ 24.883851] ? preempt_count_sub+0x50/0x80 [ 24.883875] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.883899] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.883923] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.883958] kthread+0x337/0x6f0 [ 24.883978] ? trace_preempt_on+0x20/0xc0 [ 24.884001] ? __pfx_kthread+0x10/0x10 [ 24.884021] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.884044] ? calculate_sigpending+0x7b/0xa0 [ 24.884068] ? __pfx_kthread+0x10/0x10 [ 24.884089] ret_from_fork+0x116/0x1d0 [ 24.884108] ? __pfx_kthread+0x10/0x10 [ 24.884140] ret_from_fork_asm+0x1a/0x30 [ 24.884171] </TASK> [ 24.884182] [ 24.893481] Allocated by task 294: [ 24.893642] kasan_save_stack+0x45/0x70 [ 24.893916] kasan_save_track+0x18/0x40 [ 24.894114] kasan_save_alloc_info+0x3b/0x50 [ 24.894403] __kasan_kmalloc+0xb7/0xc0 [ 24.894573] __kmalloc_cache_noprof+0x189/0x420 [ 24.894764] kasan_atomics+0x95/0x310 [ 24.894928] kunit_try_run_case+0x1a5/0x480 [ 24.895117] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.895690] kthread+0x337/0x6f0 [ 24.895847] ret_from_fork+0x116/0x1d0 [ 24.896015] ret_from_fork_asm+0x1a/0x30 [ 24.896347] [ 24.896502] The buggy address belongs to the object at ffff8881039e9700 [ 24.896502] which belongs to the cache kmalloc-64 of size 64 [ 24.897170] The buggy address is located 0 bytes to the right of [ 24.897170] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 24.897681] [ 24.897843] The buggy address belongs to the physical page: [ 24.898121] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 24.898606] flags: 0x200000000000000(node=0|zone=2) [ 24.898893] page_type: f5(slab) [ 24.899072] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.899508] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.899867] page dumped because: kasan: bad access detected [ 24.900089] [ 24.900210] Memory state around the buggy address: [ 24.900599] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.900962] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.901276] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.901686] ^ [ 24.901991] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.902294] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.902624] ================================================================== [ 25.059634] ================================================================== [ 25.060249] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1467/0x5450 [ 25.060908] Write of size 8 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 25.061587] [ 25.061814] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.061863] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.061877] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.061899] Call Trace: [ 25.061919] <TASK> [ 25.061947] dump_stack_lvl+0x73/0xb0 [ 25.061976] print_report+0xd1/0x650 [ 25.061998] ? __virt_addr_valid+0x1db/0x2d0 [ 25.062021] ? kasan_atomics_helper+0x1467/0x5450 [ 25.062042] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.062067] ? kasan_atomics_helper+0x1467/0x5450 [ 25.062088] kasan_report+0x141/0x180 [ 25.062110] ? kasan_atomics_helper+0x1467/0x5450 [ 25.062135] kasan_check_range+0x10c/0x1c0 [ 25.062158] __kasan_check_write+0x18/0x20 [ 25.062180] kasan_atomics_helper+0x1467/0x5450 [ 25.062202] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.062223] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.062248] ? kasan_atomics+0x152/0x310 [ 25.062273] kasan_atomics+0x1dc/0x310 [ 25.062294] ? __pfx_kasan_atomics+0x10/0x10 [ 25.062315] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.062338] ? __pfx_read_tsc+0x10/0x10 [ 25.062361] ? ktime_get_ts64+0x86/0x230 [ 25.062386] kunit_try_run_case+0x1a5/0x480 [ 25.062411] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.062446] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.062467] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.062492] ? __kthread_parkme+0x82/0x180 [ 25.062523] ? preempt_count_sub+0x50/0x80 [ 25.062546] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.062570] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.062594] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.062617] kthread+0x337/0x6f0 [ 25.062637] ? trace_preempt_on+0x20/0xc0 [ 25.062661] ? __pfx_kthread+0x10/0x10 [ 25.062682] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.062705] ? calculate_sigpending+0x7b/0xa0 [ 25.062730] ? __pfx_kthread+0x10/0x10 [ 25.062750] ret_from_fork+0x116/0x1d0 [ 25.062770] ? __pfx_kthread+0x10/0x10 [ 25.062789] ret_from_fork_asm+0x1a/0x30 [ 25.062819] </TASK> [ 25.062830] [ 25.074913] Allocated by task 294: [ 25.075115] kasan_save_stack+0x45/0x70 [ 25.075365] kasan_save_track+0x18/0x40 [ 25.075544] kasan_save_alloc_info+0x3b/0x50 [ 25.075768] __kasan_kmalloc+0xb7/0xc0 [ 25.075897] __kmalloc_cache_noprof+0x189/0x420 [ 25.076054] kasan_atomics+0x95/0x310 [ 25.076214] kunit_try_run_case+0x1a5/0x480 [ 25.076420] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.076668] kthread+0x337/0x6f0 [ 25.076920] ret_from_fork+0x116/0x1d0 [ 25.077056] ret_from_fork_asm+0x1a/0x30 [ 25.077371] [ 25.077469] The buggy address belongs to the object at ffff8881039e9700 [ 25.077469] which belongs to the cache kmalloc-64 of size 64 [ 25.077831] The buggy address is located 0 bytes to the right of [ 25.077831] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 25.078474] [ 25.078541] The buggy address belongs to the physical page: [ 25.078767] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 25.079066] flags: 0x200000000000000(node=0|zone=2) [ 25.079294] page_type: f5(slab) [ 25.079523] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.079750] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.079982] page dumped because: kasan: bad access detected [ 25.080274] [ 25.080342] Memory state around the buggy address: [ 25.080492] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.080699] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.080923] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.081393] ^ [ 25.081611] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.081923] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.082239] ================================================================== [ 24.538201] ================================================================== [ 24.538576] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x8f9/0x5450 [ 24.539228] Write of size 4 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 24.539575] [ 24.539670] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.539721] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.539735] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.539759] Call Trace: [ 24.540088] <TASK> [ 24.540111] dump_stack_lvl+0x73/0xb0 [ 24.540142] print_report+0xd1/0x650 [ 24.540165] ? __virt_addr_valid+0x1db/0x2d0 [ 24.540189] ? kasan_atomics_helper+0x8f9/0x5450 [ 24.540210] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.540236] ? kasan_atomics_helper+0x8f9/0x5450 [ 24.540257] kasan_report+0x141/0x180 [ 24.540279] ? kasan_atomics_helper+0x8f9/0x5450 [ 24.540304] kasan_check_range+0x10c/0x1c0 [ 24.540326] __kasan_check_write+0x18/0x20 [ 24.540354] kasan_atomics_helper+0x8f9/0x5450 [ 24.540376] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.540398] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.540422] ? kasan_atomics+0x152/0x310 [ 24.540447] kasan_atomics+0x1dc/0x310 [ 24.540469] ? __pfx_kasan_atomics+0x10/0x10 [ 24.540490] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 24.540514] ? __pfx_read_tsc+0x10/0x10 [ 24.540537] ? ktime_get_ts64+0x86/0x230 [ 24.540563] kunit_try_run_case+0x1a5/0x480 [ 24.540591] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.540614] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 24.540635] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.540660] ? __kthread_parkme+0x82/0x180 [ 24.540681] ? preempt_count_sub+0x50/0x80 [ 24.540705] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.540729] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.540752] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.540777] kthread+0x337/0x6f0 [ 24.540796] ? trace_preempt_on+0x20/0xc0 [ 24.540839] ? __pfx_kthread+0x10/0x10 [ 24.540862] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.540885] ? calculate_sigpending+0x7b/0xa0 [ 24.540909] ? __pfx_kthread+0x10/0x10 [ 24.540931] ret_from_fork+0x116/0x1d0 [ 24.540961] ? __pfx_kthread+0x10/0x10 [ 24.540982] ret_from_fork_asm+0x1a/0x30 [ 24.541012] </TASK> [ 24.541024] [ 24.552457] Allocated by task 294: [ 24.552647] kasan_save_stack+0x45/0x70 [ 24.553140] kasan_save_track+0x18/0x40 [ 24.553400] kasan_save_alloc_info+0x3b/0x50 [ 24.553700] __kasan_kmalloc+0xb7/0xc0 [ 24.554017] __kmalloc_cache_noprof+0x189/0x420 [ 24.554258] kasan_atomics+0x95/0x310 [ 24.554398] kunit_try_run_case+0x1a5/0x480 [ 24.554925] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.555368] kthread+0x337/0x6f0 [ 24.555531] ret_from_fork+0x116/0x1d0 [ 24.555703] ret_from_fork_asm+0x1a/0x30 [ 24.556209] [ 24.556335] The buggy address belongs to the object at ffff8881039e9700 [ 24.556335] which belongs to the cache kmalloc-64 of size 64 [ 24.557263] The buggy address is located 0 bytes to the right of [ 24.557263] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 24.558085] [ 24.558175] The buggy address belongs to the physical page: [ 24.558642] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 24.559305] flags: 0x200000000000000(node=0|zone=2) [ 24.559590] page_type: f5(slab) [ 24.559903] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.560446] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.560757] page dumped because: kasan: bad access detected [ 24.561241] [ 24.561342] Memory state around the buggy address: [ 24.561793] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.562084] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.562399] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.563141] ^ [ 24.563542] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.564126] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.564441] ================================================================== [ 24.811326] ================================================================== [ 24.811693] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xfa9/0x5450 [ 24.811945] Write of size 4 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 24.812170] [ 24.812279] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.812486] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.812503] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.812528] Call Trace: [ 24.812551] <TASK> [ 24.812573] dump_stack_lvl+0x73/0xb0 [ 24.812604] print_report+0xd1/0x650 [ 24.812626] ? __virt_addr_valid+0x1db/0x2d0 [ 24.812649] ? kasan_atomics_helper+0xfa9/0x5450 [ 24.812670] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.812696] ? kasan_atomics_helper+0xfa9/0x5450 [ 24.812716] kasan_report+0x141/0x180 [ 24.812739] ? kasan_atomics_helper+0xfa9/0x5450 [ 24.812764] kasan_check_range+0x10c/0x1c0 [ 24.812787] __kasan_check_write+0x18/0x20 [ 24.812809] kasan_atomics_helper+0xfa9/0x5450 [ 24.812831] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.812852] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.812877] ? kasan_atomics+0x152/0x310 [ 24.812902] kasan_atomics+0x1dc/0x310 [ 24.812923] ? __pfx_kasan_atomics+0x10/0x10 [ 24.812957] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 24.813479] ? __pfx_read_tsc+0x10/0x10 [ 24.813517] ? ktime_get_ts64+0x86/0x230 [ 24.813545] kunit_try_run_case+0x1a5/0x480 [ 24.813574] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.813597] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 24.813619] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.813644] ? __kthread_parkme+0x82/0x180 [ 24.813666] ? preempt_count_sub+0x50/0x80 [ 24.813690] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.813714] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.813737] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.813761] kthread+0x337/0x6f0 [ 24.813780] ? trace_preempt_on+0x20/0xc0 [ 24.813804] ? __pfx_kthread+0x10/0x10 [ 24.813825] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.813849] ? calculate_sigpending+0x7b/0xa0 [ 24.813873] ? __pfx_kthread+0x10/0x10 [ 24.813896] ret_from_fork+0x116/0x1d0 [ 24.813916] ? __pfx_kthread+0x10/0x10 [ 24.813949] ret_from_fork_asm+0x1a/0x30 [ 24.813981] </TASK> [ 24.813993] [ 24.824579] Allocated by task 294: [ 24.825027] kasan_save_stack+0x45/0x70 [ 24.825343] kasan_save_track+0x18/0x40 [ 24.825533] kasan_save_alloc_info+0x3b/0x50 [ 24.825746] __kasan_kmalloc+0xb7/0xc0 [ 24.825918] __kmalloc_cache_noprof+0x189/0x420 [ 24.826155] kasan_atomics+0x95/0x310 [ 24.826360] kunit_try_run_case+0x1a5/0x480 [ 24.826732] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.826981] kthread+0x337/0x6f0 [ 24.827159] ret_from_fork+0x116/0x1d0 [ 24.827556] ret_from_fork_asm+0x1a/0x30 [ 24.827741] [ 24.827819] The buggy address belongs to the object at ffff8881039e9700 [ 24.827819] which belongs to the cache kmalloc-64 of size 64 [ 24.828274] The buggy address is located 0 bytes to the right of [ 24.828274] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 24.828784] [ 24.828863] The buggy address belongs to the physical page: [ 24.829310] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 24.829624] flags: 0x200000000000000(node=0|zone=2) [ 24.829781] page_type: f5(slab) [ 24.829896] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.830641] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.830910] page dumped because: kasan: bad access detected [ 24.831357] [ 24.831458] Memory state around the buggy address: [ 24.831825] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.832281] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.832700] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.832977] ^ [ 24.833420] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.833703] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.834139] ================================================================== [ 24.290349] ================================================================== [ 24.290722] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df/0x5450 [ 24.291460] Read of size 4 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 24.291767] [ 24.291972] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.292036] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.292050] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.292073] Call Trace: [ 24.292095] <TASK> [ 24.292115] dump_stack_lvl+0x73/0xb0 [ 24.292143] print_report+0xd1/0x650 [ 24.292174] ? __virt_addr_valid+0x1db/0x2d0 [ 24.292198] ? kasan_atomics_helper+0x3df/0x5450 [ 24.292229] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.292255] ? kasan_atomics_helper+0x3df/0x5450 [ 24.292276] kasan_report+0x141/0x180 [ 24.292297] ? kasan_atomics_helper+0x3df/0x5450 [ 24.292337] kasan_check_range+0x10c/0x1c0 [ 24.292361] __kasan_check_read+0x15/0x20 [ 24.292383] kasan_atomics_helper+0x3df/0x5450 [ 24.292415] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.292436] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.292461] ? kasan_atomics+0x152/0x310 [ 24.292495] kasan_atomics+0x1dc/0x310 [ 24.292517] ? __pfx_kasan_atomics+0x10/0x10 [ 24.292538] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 24.292571] ? __pfx_read_tsc+0x10/0x10 [ 24.292594] ? ktime_get_ts64+0x86/0x230 [ 24.292619] kunit_try_run_case+0x1a5/0x480 [ 24.292647] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.292678] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 24.292698] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.292724] ? __kthread_parkme+0x82/0x180 [ 24.292755] ? preempt_count_sub+0x50/0x80 [ 24.292778] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.292804] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.292907] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.292932] kthread+0x337/0x6f0 [ 24.293140] ? trace_preempt_on+0x20/0xc0 [ 24.293176] ? __pfx_kthread+0x10/0x10 [ 24.293198] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.293222] ? calculate_sigpending+0x7b/0xa0 [ 24.293257] ? __pfx_kthread+0x10/0x10 [ 24.293278] ret_from_fork+0x116/0x1d0 [ 24.293297] ? __pfx_kthread+0x10/0x10 [ 24.293318] ret_from_fork_asm+0x1a/0x30 [ 24.293357] </TASK> [ 24.293368] [ 24.302516] Allocated by task 294: [ 24.302750] kasan_save_stack+0x45/0x70 [ 24.303066] kasan_save_track+0x18/0x40 [ 24.303305] kasan_save_alloc_info+0x3b/0x50 [ 24.303508] __kasan_kmalloc+0xb7/0xc0 [ 24.303697] __kmalloc_cache_noprof+0x189/0x420 [ 24.304011] kasan_atomics+0x95/0x310 [ 24.304146] kunit_try_run_case+0x1a5/0x480 [ 24.304287] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.304461] kthread+0x337/0x6f0 [ 24.304576] ret_from_fork+0x116/0x1d0 [ 24.304702] ret_from_fork_asm+0x1a/0x30 [ 24.305060] [ 24.305430] The buggy address belongs to the object at ffff8881039e9700 [ 24.305430] which belongs to the cache kmalloc-64 of size 64 [ 24.306044] The buggy address is located 0 bytes to the right of [ 24.306044] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 24.306706] [ 24.306796] The buggy address belongs to the physical page: [ 24.307111] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 24.307481] flags: 0x200000000000000(node=0|zone=2) [ 24.307699] page_type: f5(slab) [ 24.307818] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.308225] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.308541] page dumped because: kasan: bad access detected [ 24.308706] [ 24.308768] Memory state around the buggy address: [ 24.308917] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.309133] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.309339] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.309670] ^ [ 24.309890] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.310583] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.311242] ================================================================== [ 25.041625] ================================================================== [ 25.042134] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4eae/0x5450 [ 25.042653] Read of size 8 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 25.042995] [ 25.043104] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.043160] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.043174] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.043196] Call Trace: [ 25.043215] <TASK> [ 25.043233] dump_stack_lvl+0x73/0xb0 [ 25.043260] print_report+0xd1/0x650 [ 25.043281] ? __virt_addr_valid+0x1db/0x2d0 [ 25.043304] ? kasan_atomics_helper+0x4eae/0x5450 [ 25.043325] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.043353] ? kasan_atomics_helper+0x4eae/0x5450 [ 25.043375] kasan_report+0x141/0x180 [ 25.043399] ? kasan_atomics_helper+0x4eae/0x5450 [ 25.043424] __asan_report_load8_noabort+0x18/0x20 [ 25.043448] kasan_atomics_helper+0x4eae/0x5450 [ 25.043470] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.043491] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.043515] ? kasan_atomics+0x152/0x310 [ 25.043540] kasan_atomics+0x1dc/0x310 [ 25.043562] ? __pfx_kasan_atomics+0x10/0x10 [ 25.043583] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.043607] ? __pfx_read_tsc+0x10/0x10 [ 25.043629] ? ktime_get_ts64+0x86/0x230 [ 25.043654] kunit_try_run_case+0x1a5/0x480 [ 25.043680] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.043703] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.043724] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.043750] ? __kthread_parkme+0x82/0x180 [ 25.043770] ? preempt_count_sub+0x50/0x80 [ 25.043793] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.043817] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.043841] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.043864] kthread+0x337/0x6f0 [ 25.043884] ? trace_preempt_on+0x20/0xc0 [ 25.043918] ? __pfx_kthread+0x10/0x10 [ 25.043954] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.043977] ? calculate_sigpending+0x7b/0xa0 [ 25.044001] ? __pfx_kthread+0x10/0x10 [ 25.044022] ret_from_fork+0x116/0x1d0 [ 25.044043] ? __pfx_kthread+0x10/0x10 [ 25.044065] ret_from_fork_asm+0x1a/0x30 [ 25.044095] </TASK> [ 25.044106] [ 25.051516] Allocated by task 294: [ 25.051698] kasan_save_stack+0x45/0x70 [ 25.051894] kasan_save_track+0x18/0x40 [ 25.052083] kasan_save_alloc_info+0x3b/0x50 [ 25.052311] __kasan_kmalloc+0xb7/0xc0 [ 25.052520] __kmalloc_cache_noprof+0x189/0x420 [ 25.052707] kasan_atomics+0x95/0x310 [ 25.052890] kunit_try_run_case+0x1a5/0x480 [ 25.053090] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.053391] kthread+0x337/0x6f0 [ 25.053569] ret_from_fork+0x116/0x1d0 [ 25.053730] ret_from_fork_asm+0x1a/0x30 [ 25.053930] [ 25.054017] The buggy address belongs to the object at ffff8881039e9700 [ 25.054017] which belongs to the cache kmalloc-64 of size 64 [ 25.054543] The buggy address is located 0 bytes to the right of [ 25.054543] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 25.055002] [ 25.055072] The buggy address belongs to the physical page: [ 25.055590] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 25.055848] flags: 0x200000000000000(node=0|zone=2) [ 25.056016] page_type: f5(slab) [ 25.056274] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.056615] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.056948] page dumped because: kasan: bad access detected [ 25.057205] [ 25.057281] Memory state around the buggy address: [ 25.057470] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.057777] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.058207] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.058542] ^ [ 25.058689] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.058895] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.059108] ================================================================== [ 25.117576] ================================================================== [ 25.117922] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b6/0x5450 [ 25.118281] Write of size 8 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 25.118801] [ 25.118913] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.118970] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.118984] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.119006] Call Trace: [ 25.119026] <TASK> [ 25.119063] dump_stack_lvl+0x73/0xb0 [ 25.119090] print_report+0xd1/0x650 [ 25.119112] ? __virt_addr_valid+0x1db/0x2d0 [ 25.119135] ? kasan_atomics_helper+0x15b6/0x5450 [ 25.119156] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.119181] ? kasan_atomics_helper+0x15b6/0x5450 [ 25.119203] kasan_report+0x141/0x180 [ 25.119223] ? kasan_atomics_helper+0x15b6/0x5450 [ 25.119249] kasan_check_range+0x10c/0x1c0 [ 25.119272] __kasan_check_write+0x18/0x20 [ 25.119294] kasan_atomics_helper+0x15b6/0x5450 [ 25.119316] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.119337] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.119362] ? kasan_atomics+0x152/0x310 [ 25.119387] kasan_atomics+0x1dc/0x310 [ 25.119409] ? __pfx_kasan_atomics+0x10/0x10 [ 25.119431] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.119454] ? __pfx_read_tsc+0x10/0x10 [ 25.119478] ? ktime_get_ts64+0x86/0x230 [ 25.119502] kunit_try_run_case+0x1a5/0x480 [ 25.119529] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.119552] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.119572] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.119598] ? __kthread_parkme+0x82/0x180 [ 25.119618] ? preempt_count_sub+0x50/0x80 [ 25.119642] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.119666] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.119690] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.119713] kthread+0x337/0x6f0 [ 25.119733] ? trace_preempt_on+0x20/0xc0 [ 25.119756] ? __pfx_kthread+0x10/0x10 [ 25.119776] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.119799] ? calculate_sigpending+0x7b/0xa0 [ 25.119822] ? __pfx_kthread+0x10/0x10 [ 25.119844] ret_from_fork+0x116/0x1d0 [ 25.119862] ? __pfx_kthread+0x10/0x10 [ 25.119883] ret_from_fork_asm+0x1a/0x30 [ 25.119913] </TASK> [ 25.119924] [ 25.127563] Allocated by task 294: [ 25.127733] kasan_save_stack+0x45/0x70 [ 25.127872] kasan_save_track+0x18/0x40 [ 25.128009] kasan_save_alloc_info+0x3b/0x50 [ 25.128247] __kasan_kmalloc+0xb7/0xc0 [ 25.128443] __kmalloc_cache_noprof+0x189/0x420 [ 25.128650] kasan_atomics+0x95/0x310 [ 25.128774] kunit_try_run_case+0x1a5/0x480 [ 25.128915] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.129226] kthread+0x337/0x6f0 [ 25.129388] ret_from_fork+0x116/0x1d0 [ 25.129569] ret_from_fork_asm+0x1a/0x30 [ 25.129732] [ 25.129797] The buggy address belongs to the object at ffff8881039e9700 [ 25.129797] which belongs to the cache kmalloc-64 of size 64 [ 25.130148] The buggy address is located 0 bytes to the right of [ 25.130148] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 25.130502] [ 25.130567] The buggy address belongs to the physical page: [ 25.130862] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 25.131213] flags: 0x200000000000000(node=0|zone=2) [ 25.131447] page_type: f5(slab) [ 25.131614] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.131970] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.132302] page dumped because: kasan: bad access detected [ 25.132559] [ 25.132648] Memory state around the buggy address: [ 25.132868] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.133137] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.133344] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.133547] ^ [ 25.133806] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.134125] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.134429] ================================================================== [ 24.381534] ================================================================== [ 24.382519] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x565/0x5450 [ 24.383471] Write of size 4 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 24.383783] [ 24.383891] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.383958] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.383975] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.384000] Call Trace: [ 24.384016] <TASK> [ 24.384038] dump_stack_lvl+0x73/0xb0 [ 24.384069] print_report+0xd1/0x650 [ 24.384092] ? __virt_addr_valid+0x1db/0x2d0 [ 24.384117] ? kasan_atomics_helper+0x565/0x5450 [ 24.384138] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.384164] ? kasan_atomics_helper+0x565/0x5450 [ 24.384185] kasan_report+0x141/0x180 [ 24.384208] ? kasan_atomics_helper+0x565/0x5450 [ 24.384257] kasan_check_range+0x10c/0x1c0 [ 24.384282] __kasan_check_write+0x18/0x20 [ 24.384304] kasan_atomics_helper+0x565/0x5450 [ 24.384326] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.384357] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.384611] ? kasan_atomics+0x152/0x310 [ 24.384639] kasan_atomics+0x1dc/0x310 [ 24.384854] ? __pfx_kasan_atomics+0x10/0x10 [ 24.384879] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 24.384907] ? __pfx_read_tsc+0x10/0x10 [ 24.384930] ? ktime_get_ts64+0x86/0x230 [ 24.384968] kunit_try_run_case+0x1a5/0x480 [ 24.384997] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.385020] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 24.385042] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.385067] ? __kthread_parkme+0x82/0x180 [ 24.385088] ? preempt_count_sub+0x50/0x80 [ 24.385111] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.385147] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.385171] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.385195] kthread+0x337/0x6f0 [ 24.385215] ? trace_preempt_on+0x20/0xc0 [ 24.385238] ? __pfx_kthread+0x10/0x10 [ 24.385259] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.385282] ? calculate_sigpending+0x7b/0xa0 [ 24.385305] ? __pfx_kthread+0x10/0x10 [ 24.385327] ret_from_fork+0x116/0x1d0 [ 24.385345] ? __pfx_kthread+0x10/0x10 [ 24.385366] ret_from_fork_asm+0x1a/0x30 [ 24.385397] </TASK> [ 24.385409] [ 24.398023] Allocated by task 294: [ 24.398599] kasan_save_stack+0x45/0x70 [ 24.398773] kasan_save_track+0x18/0x40 [ 24.399309] kasan_save_alloc_info+0x3b/0x50 [ 24.399550] __kasan_kmalloc+0xb7/0xc0 [ 24.399909] __kmalloc_cache_noprof+0x189/0x420 [ 24.400215] kasan_atomics+0x95/0x310 [ 24.400386] kunit_try_run_case+0x1a5/0x480 [ 24.400622] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.401146] kthread+0x337/0x6f0 [ 24.401375] ret_from_fork+0x116/0x1d0 [ 24.401551] ret_from_fork_asm+0x1a/0x30 [ 24.401734] [ 24.402111] The buggy address belongs to the object at ffff8881039e9700 [ 24.402111] which belongs to the cache kmalloc-64 of size 64 [ 24.402614] The buggy address is located 0 bytes to the right of [ 24.402614] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 24.403420] [ 24.403563] The buggy address belongs to the physical page: [ 24.403789] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 24.404322] flags: 0x200000000000000(node=0|zone=2) [ 24.404727] page_type: f5(slab) [ 24.404987] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.405319] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.405781] page dumped because: kasan: bad access detected [ 24.406180] [ 24.406251] Memory state around the buggy address: [ 24.406416] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.406728] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.406959] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.407404] ^ [ 24.408027] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.408353] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.408787] ================================================================== [ 25.408567] ================================================================== [ 25.409212] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1e12/0x5450 [ 25.409483] Write of size 8 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 25.409836] [ 25.409932] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.409992] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.410006] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.410028] Call Trace: [ 25.410048] <TASK> [ 25.410068] dump_stack_lvl+0x73/0xb0 [ 25.410096] print_report+0xd1/0x650 [ 25.410117] ? __virt_addr_valid+0x1db/0x2d0 [ 25.410148] ? kasan_atomics_helper+0x1e12/0x5450 [ 25.410169] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.410204] ? kasan_atomics_helper+0x1e12/0x5450 [ 25.410225] kasan_report+0x141/0x180 [ 25.410247] ? kasan_atomics_helper+0x1e12/0x5450 [ 25.410283] kasan_check_range+0x10c/0x1c0 [ 25.410306] __kasan_check_write+0x18/0x20 [ 25.410328] kasan_atomics_helper+0x1e12/0x5450 [ 25.410349] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.410370] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.410395] ? kasan_atomics+0x152/0x310 [ 25.410420] kasan_atomics+0x1dc/0x310 [ 25.410441] ? __pfx_kasan_atomics+0x10/0x10 [ 25.410462] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.410485] ? __pfx_read_tsc+0x10/0x10 [ 25.410508] ? ktime_get_ts64+0x86/0x230 [ 25.410543] kunit_try_run_case+0x1a5/0x480 [ 25.410569] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.410592] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.410624] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.410650] ? __kthread_parkme+0x82/0x180 [ 25.410672] ? preempt_count_sub+0x50/0x80 [ 25.410695] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.410719] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.410743] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.410767] kthread+0x337/0x6f0 [ 25.410786] ? trace_preempt_on+0x20/0xc0 [ 25.410810] ? __pfx_kthread+0x10/0x10 [ 25.410830] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.410854] ? calculate_sigpending+0x7b/0xa0 [ 25.410877] ? __pfx_kthread+0x10/0x10 [ 25.410898] ret_from_fork+0x116/0x1d0 [ 25.410917] ? __pfx_kthread+0x10/0x10 [ 25.410945] ret_from_fork_asm+0x1a/0x30 [ 25.410976] </TASK> [ 25.410988] [ 25.418614] Allocated by task 294: [ 25.418772] kasan_save_stack+0x45/0x70 [ 25.419006] kasan_save_track+0x18/0x40 [ 25.419214] kasan_save_alloc_info+0x3b/0x50 [ 25.419405] __kasan_kmalloc+0xb7/0xc0 [ 25.419580] __kmalloc_cache_noprof+0x189/0x420 [ 25.419800] kasan_atomics+0x95/0x310 [ 25.419962] kunit_try_run_case+0x1a5/0x480 [ 25.420180] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.420447] kthread+0x337/0x6f0 [ 25.420617] ret_from_fork+0x116/0x1d0 [ 25.420794] ret_from_fork_asm+0x1a/0x30 [ 25.420978] [ 25.421068] The buggy address belongs to the object at ffff8881039e9700 [ 25.421068] which belongs to the cache kmalloc-64 of size 64 [ 25.421593] The buggy address is located 0 bytes to the right of [ 25.421593] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 25.422081] [ 25.422192] The buggy address belongs to the physical page: [ 25.422433] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 25.422697] flags: 0x200000000000000(node=0|zone=2) [ 25.422855] page_type: f5(slab) [ 25.422990] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.423531] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.423890] page dumped because: kasan: bad access detected [ 25.424153] [ 25.424222] Memory state around the buggy address: [ 25.424380] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.424586] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.424883] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.425360] ^ [ 25.425562] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.425811] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.426137] ================================================================== [ 24.748050] ================================================================== [ 24.748715] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xde0/0x5450 [ 24.749134] Write of size 4 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 24.749418] [ 24.749531] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.749582] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.749595] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.749618] Call Trace: [ 24.749639] <TASK> [ 24.749660] dump_stack_lvl+0x73/0xb0 [ 24.749687] print_report+0xd1/0x650 [ 24.749710] ? __virt_addr_valid+0x1db/0x2d0 [ 24.749733] ? kasan_atomics_helper+0xde0/0x5450 [ 24.749754] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.749779] ? kasan_atomics_helper+0xde0/0x5450 [ 24.749800] kasan_report+0x141/0x180 [ 24.749822] ? kasan_atomics_helper+0xde0/0x5450 [ 24.749847] kasan_check_range+0x10c/0x1c0 [ 24.749870] __kasan_check_write+0x18/0x20 [ 24.749892] kasan_atomics_helper+0xde0/0x5450 [ 24.749914] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.749948] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.749973] ? kasan_atomics+0x152/0x310 [ 24.749998] kasan_atomics+0x1dc/0x310 [ 24.750020] ? __pfx_kasan_atomics+0x10/0x10 [ 24.750041] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 24.750065] ? __pfx_read_tsc+0x10/0x10 [ 24.750088] ? ktime_get_ts64+0x86/0x230 [ 24.750114] kunit_try_run_case+0x1a5/0x480 [ 24.750151] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.750175] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 24.750195] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.750220] ? __kthread_parkme+0x82/0x180 [ 24.750241] ? preempt_count_sub+0x50/0x80 [ 24.750265] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.750289] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.750313] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.750337] kthread+0x337/0x6f0 [ 24.750356] ? trace_preempt_on+0x20/0xc0 [ 24.750380] ? __pfx_kthread+0x10/0x10 [ 24.750400] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.750424] ? calculate_sigpending+0x7b/0xa0 [ 24.750447] ? __pfx_kthread+0x10/0x10 [ 24.750469] ret_from_fork+0x116/0x1d0 [ 24.750488] ? __pfx_kthread+0x10/0x10 [ 24.750508] ret_from_fork_asm+0x1a/0x30 [ 24.750539] </TASK> [ 24.750551] [ 24.757879] Allocated by task 294: [ 24.758032] kasan_save_stack+0x45/0x70 [ 24.758273] kasan_save_track+0x18/0x40 [ 24.758431] kasan_save_alloc_info+0x3b/0x50 [ 24.758619] __kasan_kmalloc+0xb7/0xc0 [ 24.758770] __kmalloc_cache_noprof+0x189/0x420 [ 24.758978] kasan_atomics+0x95/0x310 [ 24.759135] kunit_try_run_case+0x1a5/0x480 [ 24.759314] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.759516] kthread+0x337/0x6f0 [ 24.759643] ret_from_fork+0x116/0x1d0 [ 24.759820] ret_from_fork_asm+0x1a/0x30 [ 24.759979] [ 24.760046] The buggy address belongs to the object at ffff8881039e9700 [ 24.760046] which belongs to the cache kmalloc-64 of size 64 [ 24.760625] The buggy address is located 0 bytes to the right of [ 24.760625] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 24.760996] [ 24.761068] The buggy address belongs to the physical page: [ 24.761306] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 24.761649] flags: 0x200000000000000(node=0|zone=2) [ 24.761876] page_type: f5(slab) [ 24.762048] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.762557] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.762850] page dumped because: kasan: bad access detected [ 24.763033] [ 24.763096] Memory state around the buggy address: [ 24.763246] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.763555] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.763867] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.764182] ^ [ 24.764380] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.764654] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.764928] ================================================================== [ 24.312953] ================================================================== [ 24.313497] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b54/0x5450 [ 24.313980] Read of size 4 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 24.314651] [ 24.314790] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.314953] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.314971] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.314995] Call Trace: [ 24.315017] <TASK> [ 24.315039] dump_stack_lvl+0x73/0xb0 [ 24.315070] print_report+0xd1/0x650 [ 24.315093] ? __virt_addr_valid+0x1db/0x2d0 [ 24.315117] ? kasan_atomics_helper+0x4b54/0x5450 [ 24.315156] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.315182] ? kasan_atomics_helper+0x4b54/0x5450 [ 24.315203] kasan_report+0x141/0x180 [ 24.315235] ? kasan_atomics_helper+0x4b54/0x5450 [ 24.315260] __asan_report_load4_noabort+0x18/0x20 [ 24.315284] kasan_atomics_helper+0x4b54/0x5450 [ 24.315317] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.315338] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.315362] ? kasan_atomics+0x152/0x310 [ 24.315388] kasan_atomics+0x1dc/0x310 [ 24.315410] ? __pfx_kasan_atomics+0x10/0x10 [ 24.315431] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 24.315455] ? __pfx_read_tsc+0x10/0x10 [ 24.315478] ? ktime_get_ts64+0x86/0x230 [ 24.315503] kunit_try_run_case+0x1a5/0x480 [ 24.315530] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.315554] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 24.315574] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.315608] ? __kthread_parkme+0x82/0x180 [ 24.315629] ? preempt_count_sub+0x50/0x80 [ 24.315653] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.315686] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.315710] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.315734] kthread+0x337/0x6f0 [ 24.315762] ? trace_preempt_on+0x20/0xc0 [ 24.315785] ? __pfx_kthread+0x10/0x10 [ 24.315805] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.315839] ? calculate_sigpending+0x7b/0xa0 [ 24.315911] ? __pfx_kthread+0x10/0x10 [ 24.315932] ret_from_fork+0x116/0x1d0 [ 24.315961] ? __pfx_kthread+0x10/0x10 [ 24.315982] ret_from_fork_asm+0x1a/0x30 [ 24.316014] </TASK> [ 24.316025] [ 24.324744] Allocated by task 294: [ 24.325003] kasan_save_stack+0x45/0x70 [ 24.325332] kasan_save_track+0x18/0x40 [ 24.325522] kasan_save_alloc_info+0x3b/0x50 [ 24.325744] __kasan_kmalloc+0xb7/0xc0 [ 24.326220] __kmalloc_cache_noprof+0x189/0x420 [ 24.326455] kasan_atomics+0x95/0x310 [ 24.326606] kunit_try_run_case+0x1a5/0x480 [ 24.326747] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.326913] kthread+0x337/0x6f0 [ 24.327058] ret_from_fork+0x116/0x1d0 [ 24.327277] ret_from_fork_asm+0x1a/0x30 [ 24.327468] [ 24.327596] The buggy address belongs to the object at ffff8881039e9700 [ 24.327596] which belongs to the cache kmalloc-64 of size 64 [ 24.328089] The buggy address is located 0 bytes to the right of [ 24.328089] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 24.328654] [ 24.328728] The buggy address belongs to the physical page: [ 24.328958] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 24.329353] flags: 0x200000000000000(node=0|zone=2) [ 24.329682] page_type: f5(slab) [ 24.329801] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.330070] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.330703] page dumped because: kasan: bad access detected [ 24.331215] [ 24.331317] Memory state around the buggy address: [ 24.331485] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.331694] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.332276] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.332722] ^ [ 24.333032] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.333326] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.333656] ================================================================== [ 24.986316] ================================================================== [ 24.986960] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12e6/0x5450 [ 24.987611] Write of size 4 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 24.988032] [ 24.988127] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.988176] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.988189] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.988212] Call Trace: [ 24.988244] <TASK> [ 24.988264] dump_stack_lvl+0x73/0xb0 [ 24.988292] print_report+0xd1/0x650 [ 24.988325] ? __virt_addr_valid+0x1db/0x2d0 [ 24.988355] ? kasan_atomics_helper+0x12e6/0x5450 [ 24.988376] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.988412] ? kasan_atomics_helper+0x12e6/0x5450 [ 24.988433] kasan_report+0x141/0x180 [ 24.988454] ? kasan_atomics_helper+0x12e6/0x5450 [ 24.988478] kasan_check_range+0x10c/0x1c0 [ 24.988500] __kasan_check_write+0x18/0x20 [ 24.988523] kasan_atomics_helper+0x12e6/0x5450 [ 24.988545] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.988575] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.988599] ? kasan_atomics+0x152/0x310 [ 24.988624] kasan_atomics+0x1dc/0x310 [ 24.988656] ? __pfx_kasan_atomics+0x10/0x10 [ 24.988677] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 24.988701] ? __pfx_read_tsc+0x10/0x10 [ 24.988724] ? ktime_get_ts64+0x86/0x230 [ 24.988758] kunit_try_run_case+0x1a5/0x480 [ 24.988785] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.988808] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 24.988838] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.988863] ? __kthread_parkme+0x82/0x180 [ 24.988884] ? preempt_count_sub+0x50/0x80 [ 24.988908] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.988932] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.988963] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.988987] kthread+0x337/0x6f0 [ 24.989007] ? trace_preempt_on+0x20/0xc0 [ 24.989030] ? __pfx_kthread+0x10/0x10 [ 24.989050] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.989073] ? calculate_sigpending+0x7b/0xa0 [ 24.989097] ? __pfx_kthread+0x10/0x10 [ 24.989118] ret_from_fork+0x116/0x1d0 [ 24.989147] ? __pfx_kthread+0x10/0x10 [ 24.989169] ret_from_fork_asm+0x1a/0x30 [ 24.989200] </TASK> [ 24.989211] [ 24.997462] Allocated by task 294: [ 24.997642] kasan_save_stack+0x45/0x70 [ 24.997846] kasan_save_track+0x18/0x40 [ 24.998023] kasan_save_alloc_info+0x3b/0x50 [ 24.998274] __kasan_kmalloc+0xb7/0xc0 [ 24.998451] __kmalloc_cache_noprof+0x189/0x420 [ 24.998667] kasan_atomics+0x95/0x310 [ 24.998838] kunit_try_run_case+0x1a5/0x480 [ 24.999048] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.999217] kthread+0x337/0x6f0 [ 24.999329] ret_from_fork+0x116/0x1d0 [ 24.999455] ret_from_fork_asm+0x1a/0x30 [ 24.999587] [ 24.999667] The buggy address belongs to the object at ffff8881039e9700 [ 24.999667] which belongs to the cache kmalloc-64 of size 64 [ 25.000206] The buggy address is located 0 bytes to the right of [ 25.000206] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 25.000712] [ 25.000779] The buggy address belongs to the physical page: [ 25.000953] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 25.001185] flags: 0x200000000000000(node=0|zone=2) [ 25.001588] page_type: f5(slab) [ 25.001753] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.002104] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.002646] page dumped because: kasan: bad access detected [ 25.002899] [ 25.002998] Memory state around the buggy address: [ 25.003176] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.003496] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.003772] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.004082] ^ [ 25.004381] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.004673] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.004977] ================================================================== [ 25.266199] ================================================================== [ 25.266600] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x19e3/0x5450 [ 25.266975] Write of size 8 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 25.267346] [ 25.267446] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.267493] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.267507] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.267529] Call Trace: [ 25.267548] <TASK> [ 25.267565] dump_stack_lvl+0x73/0xb0 [ 25.267591] print_report+0xd1/0x650 [ 25.267612] ? __virt_addr_valid+0x1db/0x2d0 [ 25.267635] ? kasan_atomics_helper+0x19e3/0x5450 [ 25.267656] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.267682] ? kasan_atomics_helper+0x19e3/0x5450 [ 25.267703] kasan_report+0x141/0x180 [ 25.267724] ? kasan_atomics_helper+0x19e3/0x5450 [ 25.267749] kasan_check_range+0x10c/0x1c0 [ 25.267772] __kasan_check_write+0x18/0x20 [ 25.267795] kasan_atomics_helper+0x19e3/0x5450 [ 25.267816] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.267837] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.267861] ? kasan_atomics+0x152/0x310 [ 25.267886] kasan_atomics+0x1dc/0x310 [ 25.267908] ? __pfx_kasan_atomics+0x10/0x10 [ 25.267929] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.267975] ? __pfx_read_tsc+0x10/0x10 [ 25.267997] ? ktime_get_ts64+0x86/0x230 [ 25.268021] kunit_try_run_case+0x1a5/0x480 [ 25.268060] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.268083] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.268103] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.268139] ? __kthread_parkme+0x82/0x180 [ 25.268159] ? preempt_count_sub+0x50/0x80 [ 25.268182] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.268217] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.268240] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.268265] kthread+0x337/0x6f0 [ 25.268295] ? trace_preempt_on+0x20/0xc0 [ 25.268318] ? __pfx_kthread+0x10/0x10 [ 25.268344] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.268379] ? calculate_sigpending+0x7b/0xa0 [ 25.268402] ? __pfx_kthread+0x10/0x10 [ 25.268423] ret_from_fork+0x116/0x1d0 [ 25.268453] ? __pfx_kthread+0x10/0x10 [ 25.268473] ret_from_fork_asm+0x1a/0x30 [ 25.268503] </TASK> [ 25.268525] [ 25.275866] Allocated by task 294: [ 25.276036] kasan_save_stack+0x45/0x70 [ 25.276250] kasan_save_track+0x18/0x40 [ 25.276416] kasan_save_alloc_info+0x3b/0x50 [ 25.276617] __kasan_kmalloc+0xb7/0xc0 [ 25.276781] __kmalloc_cache_noprof+0x189/0x420 [ 25.277007] kasan_atomics+0x95/0x310 [ 25.277211] kunit_try_run_case+0x1a5/0x480 [ 25.277410] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.277646] kthread+0x337/0x6f0 [ 25.277804] ret_from_fork+0x116/0x1d0 [ 25.277975] ret_from_fork_asm+0x1a/0x30 [ 25.278197] [ 25.278268] The buggy address belongs to the object at ffff8881039e9700 [ 25.278268] which belongs to the cache kmalloc-64 of size 64 [ 25.278694] The buggy address is located 0 bytes to the right of [ 25.278694] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 25.279177] [ 25.279267] The buggy address belongs to the physical page: [ 25.279495] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 25.279810] flags: 0x200000000000000(node=0|zone=2) [ 25.279970] page_type: f5(slab) [ 25.280080] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.280731] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.280973] page dumped because: kasan: bad access detected [ 25.281131] [ 25.281193] Memory state around the buggy address: [ 25.281424] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.281736] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.282062] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.282406] ^ [ 25.282619] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.282831] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.283162] ================================================================== [ 25.301057] ================================================================== [ 25.301524] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1b22/0x5450 [ 25.301899] Write of size 8 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 25.302248] [ 25.302358] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.302406] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.302420] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.302442] Call Trace: [ 25.302462] <TASK> [ 25.302490] dump_stack_lvl+0x73/0xb0 [ 25.302517] print_report+0xd1/0x650 [ 25.302538] ? __virt_addr_valid+0x1db/0x2d0 [ 25.302572] ? kasan_atomics_helper+0x1b22/0x5450 [ 25.302593] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.302618] ? kasan_atomics_helper+0x1b22/0x5450 [ 25.302639] kasan_report+0x141/0x180 [ 25.302661] ? kasan_atomics_helper+0x1b22/0x5450 [ 25.302686] kasan_check_range+0x10c/0x1c0 [ 25.302709] __kasan_check_write+0x18/0x20 [ 25.302732] kasan_atomics_helper+0x1b22/0x5450 [ 25.302754] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.302776] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.302800] ? kasan_atomics+0x152/0x310 [ 25.302825] kasan_atomics+0x1dc/0x310 [ 25.302847] ? __pfx_kasan_atomics+0x10/0x10 [ 25.302868] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.302892] ? __pfx_read_tsc+0x10/0x10 [ 25.302916] ? ktime_get_ts64+0x86/0x230 [ 25.302953] kunit_try_run_case+0x1a5/0x480 [ 25.302980] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.303003] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.303025] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.303050] ? __kthread_parkme+0x82/0x180 [ 25.303071] ? preempt_count_sub+0x50/0x80 [ 25.303094] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.303129] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.303162] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.303185] kthread+0x337/0x6f0 [ 25.303206] ? trace_preempt_on+0x20/0xc0 [ 25.303240] ? __pfx_kthread+0x10/0x10 [ 25.303260] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.303284] ? calculate_sigpending+0x7b/0xa0 [ 25.303308] ? __pfx_kthread+0x10/0x10 [ 25.303328] ret_from_fork+0x116/0x1d0 [ 25.303347] ? __pfx_kthread+0x10/0x10 [ 25.303367] ret_from_fork_asm+0x1a/0x30 [ 25.303398] </TASK> [ 25.303409] [ 25.312635] Allocated by task 294: [ 25.312815] kasan_save_stack+0x45/0x70 [ 25.313006] kasan_save_track+0x18/0x40 [ 25.313753] kasan_save_alloc_info+0x3b/0x50 [ 25.314343] __kasan_kmalloc+0xb7/0xc0 [ 25.314492] __kmalloc_cache_noprof+0x189/0x420 [ 25.314643] kasan_atomics+0x95/0x310 [ 25.314774] kunit_try_run_case+0x1a5/0x480 [ 25.314917] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.315095] kthread+0x337/0x6f0 [ 25.315217] ret_from_fork+0x116/0x1d0 [ 25.315342] ret_from_fork_asm+0x1a/0x30 [ 25.315472] [ 25.315540] The buggy address belongs to the object at ffff8881039e9700 [ 25.315540] which belongs to the cache kmalloc-64 of size 64 [ 25.315883] The buggy address is located 0 bytes to the right of [ 25.315883] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 25.317116] [ 25.317368] The buggy address belongs to the physical page: [ 25.317903] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 25.318641] flags: 0x200000000000000(node=0|zone=2) [ 25.319106] page_type: f5(slab) [ 25.319413] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.320059] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.320717] page dumped because: kasan: bad access detected [ 25.321209] [ 25.321360] Memory state around the buggy address: [ 25.321796] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.322479] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.323195] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.323800] ^ [ 25.324237] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.324483] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.324681] ================================================================== [ 24.356477] ================================================================== [ 24.356815] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b3a/0x5450 [ 24.357249] Write of size 4 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 24.357576] [ 24.357690] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.357743] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.357757] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.357790] Call Trace: [ 24.357814] <TASK> [ 24.357837] dump_stack_lvl+0x73/0xb0 [ 24.358118] print_report+0xd1/0x650 [ 24.358159] ? __virt_addr_valid+0x1db/0x2d0 [ 24.358198] ? kasan_atomics_helper+0x4b3a/0x5450 [ 24.358221] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.358247] ? kasan_atomics_helper+0x4b3a/0x5450 [ 24.358268] kasan_report+0x141/0x180 [ 24.358290] ? kasan_atomics_helper+0x4b3a/0x5450 [ 24.358316] __asan_report_store4_noabort+0x1b/0x30 [ 24.358340] kasan_atomics_helper+0x4b3a/0x5450 [ 24.358364] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.358385] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.358410] ? kasan_atomics+0x152/0x310 [ 24.358436] kasan_atomics+0x1dc/0x310 [ 24.358458] ? __pfx_kasan_atomics+0x10/0x10 [ 24.358480] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 24.358504] ? __pfx_read_tsc+0x10/0x10 [ 24.358542] ? ktime_get_ts64+0x86/0x230 [ 24.358568] kunit_try_run_case+0x1a5/0x480 [ 24.358596] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.358631] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 24.358653] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.358678] ? __kthread_parkme+0x82/0x180 [ 24.358699] ? preempt_count_sub+0x50/0x80 [ 24.358722] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.358746] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.358770] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.358794] kthread+0x337/0x6f0 [ 24.358858] ? trace_preempt_on+0x20/0xc0 [ 24.358885] ? __pfx_kthread+0x10/0x10 [ 24.358906] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.359011] ? calculate_sigpending+0x7b/0xa0 [ 24.359038] ? __pfx_kthread+0x10/0x10 [ 24.359059] ret_from_fork+0x116/0x1d0 [ 24.359080] ? __pfx_kthread+0x10/0x10 [ 24.359100] ret_from_fork_asm+0x1a/0x30 [ 24.359131] </TASK> [ 24.359143] [ 24.368138] Allocated by task 294: [ 24.368721] kasan_save_stack+0x45/0x70 [ 24.369134] kasan_save_track+0x18/0x40 [ 24.369317] kasan_save_alloc_info+0x3b/0x50 [ 24.369514] __kasan_kmalloc+0xb7/0xc0 [ 24.369679] __kmalloc_cache_noprof+0x189/0x420 [ 24.370172] kasan_atomics+0x95/0x310 [ 24.370364] kunit_try_run_case+0x1a5/0x480 [ 24.370545] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.370715] kthread+0x337/0x6f0 [ 24.370844] ret_from_fork+0x116/0x1d0 [ 24.371134] ret_from_fork_asm+0x1a/0x30 [ 24.371333] [ 24.371428] The buggy address belongs to the object at ffff8881039e9700 [ 24.371428] which belongs to the cache kmalloc-64 of size 64 [ 24.372104] The buggy address is located 0 bytes to the right of [ 24.372104] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 24.372547] [ 24.372644] The buggy address belongs to the physical page: [ 24.372925] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 24.373486] flags: 0x200000000000000(node=0|zone=2) [ 24.373659] page_type: f5(slab) [ 24.373777] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.374117] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.374477] page dumped because: kasan: bad access detected [ 24.375029] [ 24.375497] Memory state around the buggy address: [ 24.376167] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.376591] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.377077] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.377646] ^ [ 24.378369] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.379147] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.379784] ================================================================== [ 24.460737] ================================================================== [ 24.461340] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x72f/0x5450 [ 24.461623] Write of size 4 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 24.461924] [ 24.462086] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.462138] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.462152] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.462175] Call Trace: [ 24.462189] <TASK> [ 24.462209] dump_stack_lvl+0x73/0xb0 [ 24.462236] print_report+0xd1/0x650 [ 24.462258] ? __virt_addr_valid+0x1db/0x2d0 [ 24.462282] ? kasan_atomics_helper+0x72f/0x5450 [ 24.462302] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.462348] ? kasan_atomics_helper+0x72f/0x5450 [ 24.462391] kasan_report+0x141/0x180 [ 24.462414] ? kasan_atomics_helper+0x72f/0x5450 [ 24.462468] kasan_check_range+0x10c/0x1c0 [ 24.462503] __kasan_check_write+0x18/0x20 [ 24.462544] kasan_atomics_helper+0x72f/0x5450 [ 24.462571] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.462593] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.462618] ? kasan_atomics+0x152/0x310 [ 24.462644] kasan_atomics+0x1dc/0x310 [ 24.462666] ? __pfx_kasan_atomics+0x10/0x10 [ 24.462687] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 24.462711] ? __pfx_read_tsc+0x10/0x10 [ 24.462734] ? ktime_get_ts64+0x86/0x230 [ 24.462759] kunit_try_run_case+0x1a5/0x480 [ 24.462805] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.462842] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 24.462863] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.462888] ? __kthread_parkme+0x82/0x180 [ 24.462909] ? preempt_count_sub+0x50/0x80 [ 24.462932] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.462966] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.462990] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.463014] kthread+0x337/0x6f0 [ 24.463033] ? trace_preempt_on+0x20/0xc0 [ 24.463074] ? __pfx_kthread+0x10/0x10 [ 24.463096] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.463119] ? calculate_sigpending+0x7b/0xa0 [ 24.463143] ? __pfx_kthread+0x10/0x10 [ 24.463163] ret_from_fork+0x116/0x1d0 [ 24.463182] ? __pfx_kthread+0x10/0x10 [ 24.463203] ret_from_fork_asm+0x1a/0x30 [ 24.463233] </TASK> [ 24.463244] [ 24.475706] Allocated by task 294: [ 24.476169] kasan_save_stack+0x45/0x70 [ 24.476510] kasan_save_track+0x18/0x40 [ 24.476694] kasan_save_alloc_info+0x3b/0x50 [ 24.477338] __kasan_kmalloc+0xb7/0xc0 [ 24.477545] __kmalloc_cache_noprof+0x189/0x420 [ 24.477740] kasan_atomics+0x95/0x310 [ 24.478275] kunit_try_run_case+0x1a5/0x480 [ 24.478631] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.479255] kthread+0x337/0x6f0 [ 24.479453] ret_from_fork+0x116/0x1d0 [ 24.479623] ret_from_fork_asm+0x1a/0x30 [ 24.479793] [ 24.480158] The buggy address belongs to the object at ffff8881039e9700 [ 24.480158] which belongs to the cache kmalloc-64 of size 64 [ 24.480637] The buggy address is located 0 bytes to the right of [ 24.480637] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 24.481547] [ 24.481643] The buggy address belongs to the physical page: [ 24.482186] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 24.482516] flags: 0x200000000000000(node=0|zone=2) [ 24.482725] page_type: f5(slab) [ 24.483269] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.483582] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.484036] page dumped because: kasan: bad access detected [ 24.484434] [ 24.484539] Memory state around the buggy address: [ 24.484740] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.485378] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.485609] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.485955] ^ [ 24.486264] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.486539] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.486828] ================================================================== [ 25.207425] ================================================================== [ 25.207827] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1818/0x5450 [ 25.208288] Write of size 8 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 25.208606] [ 25.208722] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.208805] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.208846] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.208869] Call Trace: [ 25.208891] <TASK> [ 25.208916] dump_stack_lvl+0x73/0xb0 [ 25.208959] print_report+0xd1/0x650 [ 25.208983] ? __virt_addr_valid+0x1db/0x2d0 [ 25.209007] ? kasan_atomics_helper+0x1818/0x5450 [ 25.209047] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.209081] ? kasan_atomics_helper+0x1818/0x5450 [ 25.209103] kasan_report+0x141/0x180 [ 25.209136] ? kasan_atomics_helper+0x1818/0x5450 [ 25.209162] kasan_check_range+0x10c/0x1c0 [ 25.209185] __kasan_check_write+0x18/0x20 [ 25.209207] kasan_atomics_helper+0x1818/0x5450 [ 25.209229] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.209251] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.209276] ? kasan_atomics+0x152/0x310 [ 25.209329] kasan_atomics+0x1dc/0x310 [ 25.209351] ? __pfx_kasan_atomics+0x10/0x10 [ 25.209372] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.209406] ? __pfx_read_tsc+0x10/0x10 [ 25.209430] ? ktime_get_ts64+0x86/0x230 [ 25.209481] kunit_try_run_case+0x1a5/0x480 [ 25.209509] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.209532] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.209563] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.209588] ? __kthread_parkme+0x82/0x180 [ 25.209609] ? preempt_count_sub+0x50/0x80 [ 25.209632] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.209656] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.209679] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.209703] kthread+0x337/0x6f0 [ 25.209723] ? trace_preempt_on+0x20/0xc0 [ 25.209746] ? __pfx_kthread+0x10/0x10 [ 25.209768] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.209790] ? calculate_sigpending+0x7b/0xa0 [ 25.209814] ? __pfx_kthread+0x10/0x10 [ 25.209835] ret_from_fork+0x116/0x1d0 [ 25.209854] ? __pfx_kthread+0x10/0x10 [ 25.209874] ret_from_fork_asm+0x1a/0x30 [ 25.209904] </TASK> [ 25.209916] [ 25.217797] Allocated by task 294: [ 25.217992] kasan_save_stack+0x45/0x70 [ 25.218233] kasan_save_track+0x18/0x40 [ 25.218533] kasan_save_alloc_info+0x3b/0x50 [ 25.218763] __kasan_kmalloc+0xb7/0xc0 [ 25.218934] __kmalloc_cache_noprof+0x189/0x420 [ 25.219155] kasan_atomics+0x95/0x310 [ 25.219406] kunit_try_run_case+0x1a5/0x480 [ 25.219606] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.219912] kthread+0x337/0x6f0 [ 25.220088] ret_from_fork+0x116/0x1d0 [ 25.220287] ret_from_fork_asm+0x1a/0x30 [ 25.220463] [ 25.220585] The buggy address belongs to the object at ffff8881039e9700 [ 25.220585] which belongs to the cache kmalloc-64 of size 64 [ 25.221053] The buggy address is located 0 bytes to the right of [ 25.221053] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 25.221401] [ 25.221469] The buggy address belongs to the physical page: [ 25.221632] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 25.221907] flags: 0x200000000000000(node=0|zone=2) [ 25.222224] page_type: f5(slab) [ 25.222409] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.222790] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.223139] page dumped because: kasan: bad access detected [ 25.223382] [ 25.223509] Memory state around the buggy address: [ 25.223726] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.223969] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.224292] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.224658] ^ [ 25.224950] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.225337] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.225538] ================================================================== [ 24.228012] ================================================================== [ 24.228399] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4ba2/0x5450 [ 24.228735] Write of size 4 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 24.229221] [ 24.229309] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.229358] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.229370] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.229391] Call Trace: [ 24.229406] <TASK> [ 24.229501] dump_stack_lvl+0x73/0xb0 [ 24.229529] print_report+0xd1/0x650 [ 24.229549] ? __virt_addr_valid+0x1db/0x2d0 [ 24.229571] ? kasan_atomics_helper+0x4ba2/0x5450 [ 24.229592] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.229617] ? kasan_atomics_helper+0x4ba2/0x5450 [ 24.229636] kasan_report+0x141/0x180 [ 24.229656] ? kasan_atomics_helper+0x4ba2/0x5450 [ 24.229679] __asan_report_store4_noabort+0x1b/0x30 [ 24.229711] kasan_atomics_helper+0x4ba2/0x5450 [ 24.229732] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.229752] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.229786] ? kasan_atomics+0x152/0x310 [ 24.229810] kasan_atomics+0x1dc/0x310 [ 24.229897] ? __pfx_kasan_atomics+0x10/0x10 [ 24.229917] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 24.229952] ? __pfx_read_tsc+0x10/0x10 [ 24.229973] ? ktime_get_ts64+0x86/0x230 [ 24.229998] kunit_try_run_case+0x1a5/0x480 [ 24.230023] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.230054] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 24.230073] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.230097] ? __kthread_parkme+0x82/0x180 [ 24.230128] ? preempt_count_sub+0x50/0x80 [ 24.230151] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.230173] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.230195] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.230217] kthread+0x337/0x6f0 [ 24.230235] ? trace_preempt_on+0x20/0xc0 [ 24.230258] ? __pfx_kthread+0x10/0x10 [ 24.230277] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.230308] ? calculate_sigpending+0x7b/0xa0 [ 24.230331] ? __pfx_kthread+0x10/0x10 [ 24.230351] ret_from_fork+0x116/0x1d0 [ 24.230379] ? __pfx_kthread+0x10/0x10 [ 24.230398] ret_from_fork_asm+0x1a/0x30 [ 24.230427] </TASK> [ 24.230438] [ 24.238778] Allocated by task 294: [ 24.239203] kasan_save_stack+0x45/0x70 [ 24.239549] kasan_save_track+0x18/0x40 [ 24.239737] kasan_save_alloc_info+0x3b/0x50 [ 24.240116] __kasan_kmalloc+0xb7/0xc0 [ 24.240252] __kmalloc_cache_noprof+0x189/0x420 [ 24.240405] kasan_atomics+0x95/0x310 [ 24.240549] kunit_try_run_case+0x1a5/0x480 [ 24.240747] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.240997] kthread+0x337/0x6f0 [ 24.241143] ret_from_fork+0x116/0x1d0 [ 24.241269] ret_from_fork_asm+0x1a/0x30 [ 24.241403] [ 24.241468] The buggy address belongs to the object at ffff8881039e9700 [ 24.241468] which belongs to the cache kmalloc-64 of size 64 [ 24.242021] The buggy address is located 0 bytes to the right of [ 24.242021] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 24.243071] [ 24.243302] The buggy address belongs to the physical page: [ 24.243539] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 24.243847] flags: 0x200000000000000(node=0|zone=2) [ 24.244021] page_type: f5(slab) [ 24.244274] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.244737] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.245165] page dumped because: kasan: bad access detected [ 24.245401] [ 24.245490] Memory state around the buggy address: [ 24.245654] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.245966] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.246362] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.246604] ^ [ 24.246838] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.247570] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.248003] ================================================================== [ 25.391052] ================================================================== [ 25.391579] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1d7a/0x5450 [ 25.391809] Write of size 8 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 25.392198] [ 25.392310] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.392366] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.392379] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.392401] Call Trace: [ 25.392422] <TASK> [ 25.392442] dump_stack_lvl+0x73/0xb0 [ 25.392469] print_report+0xd1/0x650 [ 25.392492] ? __virt_addr_valid+0x1db/0x2d0 [ 25.392515] ? kasan_atomics_helper+0x1d7a/0x5450 [ 25.392535] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.392561] ? kasan_atomics_helper+0x1d7a/0x5450 [ 25.392581] kasan_report+0x141/0x180 [ 25.392602] ? kasan_atomics_helper+0x1d7a/0x5450 [ 25.392628] kasan_check_range+0x10c/0x1c0 [ 25.392651] __kasan_check_write+0x18/0x20 [ 25.392674] kasan_atomics_helper+0x1d7a/0x5450 [ 25.392696] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.392717] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.392741] ? kasan_atomics+0x152/0x310 [ 25.392766] kasan_atomics+0x1dc/0x310 [ 25.392788] ? __pfx_kasan_atomics+0x10/0x10 [ 25.392809] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.392832] ? __pfx_read_tsc+0x10/0x10 [ 25.392854] ? ktime_get_ts64+0x86/0x230 [ 25.392879] kunit_try_run_case+0x1a5/0x480 [ 25.392906] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.392928] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.392958] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.392984] ? __kthread_parkme+0x82/0x180 [ 25.393004] ? preempt_count_sub+0x50/0x80 [ 25.393028] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.393052] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.393076] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.393099] kthread+0x337/0x6f0 [ 25.393130] ? trace_preempt_on+0x20/0xc0 [ 25.393153] ? __pfx_kthread+0x10/0x10 [ 25.393173] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.393197] ? calculate_sigpending+0x7b/0xa0 [ 25.393220] ? __pfx_kthread+0x10/0x10 [ 25.393242] ret_from_fork+0x116/0x1d0 [ 25.393260] ? __pfx_kthread+0x10/0x10 [ 25.393280] ret_from_fork_asm+0x1a/0x30 [ 25.393310] </TASK> [ 25.393322] [ 25.400858] Allocated by task 294: [ 25.401031] kasan_save_stack+0x45/0x70 [ 25.401246] kasan_save_track+0x18/0x40 [ 25.401411] kasan_save_alloc_info+0x3b/0x50 [ 25.401607] __kasan_kmalloc+0xb7/0xc0 [ 25.401781] __kmalloc_cache_noprof+0x189/0x420 [ 25.401982] kasan_atomics+0x95/0x310 [ 25.402141] kunit_try_run_case+0x1a5/0x480 [ 25.402302] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.402539] kthread+0x337/0x6f0 [ 25.402693] ret_from_fork+0x116/0x1d0 [ 25.402870] ret_from_fork_asm+0x1a/0x30 [ 25.403038] [ 25.403104] The buggy address belongs to the object at ffff8881039e9700 [ 25.403104] which belongs to the cache kmalloc-64 of size 64 [ 25.403569] The buggy address is located 0 bytes to the right of [ 25.403569] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 25.404052] [ 25.404147] The buggy address belongs to the physical page: [ 25.404322] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 25.404553] flags: 0x200000000000000(node=0|zone=2) [ 25.404710] page_type: f5(slab) [ 25.404824] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.405112] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.405629] page dumped because: kasan: bad access detected [ 25.405868] [ 25.405962] Memory state around the buggy address: [ 25.406171] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.406376] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.406580] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.406781] ^ [ 25.407081] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.407528] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.407863] ================================================================== [ 25.226071] ================================================================== [ 25.226590] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x18b1/0x5450 [ 25.227172] Write of size 8 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 25.227556] [ 25.227728] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.227855] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.227870] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.228166] Call Trace: [ 25.228190] <TASK> [ 25.228211] dump_stack_lvl+0x73/0xb0 [ 25.228239] print_report+0xd1/0x650 [ 25.228261] ? __virt_addr_valid+0x1db/0x2d0 [ 25.228305] ? kasan_atomics_helper+0x18b1/0x5450 [ 25.228346] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.228371] ? kasan_atomics_helper+0x18b1/0x5450 [ 25.228405] kasan_report+0x141/0x180 [ 25.228440] ? kasan_atomics_helper+0x18b1/0x5450 [ 25.228465] kasan_check_range+0x10c/0x1c0 [ 25.228502] __kasan_check_write+0x18/0x20 [ 25.228524] kasan_atomics_helper+0x18b1/0x5450 [ 25.228559] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.228591] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.228616] ? kasan_atomics+0x152/0x310 [ 25.228642] kasan_atomics+0x1dc/0x310 [ 25.228675] ? __pfx_kasan_atomics+0x10/0x10 [ 25.228698] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.228722] ? __pfx_read_tsc+0x10/0x10 [ 25.228745] ? ktime_get_ts64+0x86/0x230 [ 25.228770] kunit_try_run_case+0x1a5/0x480 [ 25.228797] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.228819] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.228840] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.228866] ? __kthread_parkme+0x82/0x180 [ 25.228885] ? preempt_count_sub+0x50/0x80 [ 25.228909] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.228933] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.228965] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.228989] kthread+0x337/0x6f0 [ 25.229008] ? trace_preempt_on+0x20/0xc0 [ 25.229031] ? __pfx_kthread+0x10/0x10 [ 25.229051] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.229074] ? calculate_sigpending+0x7b/0xa0 [ 25.229098] ? __pfx_kthread+0x10/0x10 [ 25.229129] ret_from_fork+0x116/0x1d0 [ 25.229148] ? __pfx_kthread+0x10/0x10 [ 25.229168] ret_from_fork_asm+0x1a/0x30 [ 25.229199] </TASK> [ 25.229210] [ 25.237288] Allocated by task 294: [ 25.237423] kasan_save_stack+0x45/0x70 [ 25.237558] kasan_save_track+0x18/0x40 [ 25.237742] kasan_save_alloc_info+0x3b/0x50 [ 25.238030] __kasan_kmalloc+0xb7/0xc0 [ 25.238425] __kmalloc_cache_noprof+0x189/0x420 [ 25.238573] kasan_atomics+0x95/0x310 [ 25.238750] kunit_try_run_case+0x1a5/0x480 [ 25.238984] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.239302] kthread+0x337/0x6f0 [ 25.239461] ret_from_fork+0x116/0x1d0 [ 25.239647] ret_from_fork_asm+0x1a/0x30 [ 25.239860] [ 25.239977] The buggy address belongs to the object at ffff8881039e9700 [ 25.239977] which belongs to the cache kmalloc-64 of size 64 [ 25.240565] The buggy address is located 0 bytes to the right of [ 25.240565] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 25.241168] [ 25.241273] The buggy address belongs to the physical page: [ 25.241517] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 25.241904] flags: 0x200000000000000(node=0|zone=2) [ 25.242154] page_type: f5(slab) [ 25.242373] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.242692] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.242905] page dumped because: kasan: bad access detected [ 25.243124] [ 25.243209] Memory state around the buggy address: [ 25.243420] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.243730] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.244065] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.244269] ^ [ 25.244416] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.244792] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.245111] ================================================================== [ 25.246494] ================================================================== [ 25.247098] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x194a/0x5450 [ 25.247518] Write of size 8 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 25.247848] [ 25.247980] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.248042] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.248056] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.248118] Call Trace: [ 25.248163] <TASK> [ 25.248182] dump_stack_lvl+0x73/0xb0 [ 25.248209] print_report+0xd1/0x650 [ 25.248240] ? __virt_addr_valid+0x1db/0x2d0 [ 25.248263] ? kasan_atomics_helper+0x194a/0x5450 [ 25.248284] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.248310] ? kasan_atomics_helper+0x194a/0x5450 [ 25.248335] kasan_report+0x141/0x180 [ 25.248357] ? kasan_atomics_helper+0x194a/0x5450 [ 25.248382] kasan_check_range+0x10c/0x1c0 [ 25.248405] __kasan_check_write+0x18/0x20 [ 25.248438] kasan_atomics_helper+0x194a/0x5450 [ 25.248460] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.248481] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.248505] ? kasan_atomics+0x152/0x310 [ 25.248530] kasan_atomics+0x1dc/0x310 [ 25.248552] ? __pfx_kasan_atomics+0x10/0x10 [ 25.248573] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.248676] ? __pfx_read_tsc+0x10/0x10 [ 25.248700] ? ktime_get_ts64+0x86/0x230 [ 25.248726] kunit_try_run_case+0x1a5/0x480 [ 25.248764] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.248787] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.248818] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.248858] ? __kthread_parkme+0x82/0x180 [ 25.248899] ? preempt_count_sub+0x50/0x80 [ 25.248924] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.248964] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.249003] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.249053] kthread+0x337/0x6f0 [ 25.249072] ? trace_preempt_on+0x20/0xc0 [ 25.249095] ? __pfx_kthread+0x10/0x10 [ 25.249133] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.249156] ? calculate_sigpending+0x7b/0xa0 [ 25.249180] ? __pfx_kthread+0x10/0x10 [ 25.249201] ret_from_fork+0x116/0x1d0 [ 25.249220] ? __pfx_kthread+0x10/0x10 [ 25.249240] ret_from_fork_asm+0x1a/0x30 [ 25.249270] </TASK> [ 25.249282] [ 25.257338] Allocated by task 294: [ 25.257484] kasan_save_stack+0x45/0x70 [ 25.257723] kasan_save_track+0x18/0x40 [ 25.257881] kasan_save_alloc_info+0x3b/0x50 [ 25.258107] __kasan_kmalloc+0xb7/0xc0 [ 25.258318] __kmalloc_cache_noprof+0x189/0x420 [ 25.258539] kasan_atomics+0x95/0x310 [ 25.258725] kunit_try_run_case+0x1a5/0x480 [ 25.258920] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.259277] kthread+0x337/0x6f0 [ 25.259459] ret_from_fork+0x116/0x1d0 [ 25.259660] ret_from_fork_asm+0x1a/0x30 [ 25.259841] [ 25.259905] The buggy address belongs to the object at ffff8881039e9700 [ 25.259905] which belongs to the cache kmalloc-64 of size 64 [ 25.260536] The buggy address is located 0 bytes to the right of [ 25.260536] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 25.260907] [ 25.261028] The buggy address belongs to the physical page: [ 25.261278] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 25.261737] flags: 0x200000000000000(node=0|zone=2) [ 25.262008] page_type: f5(slab) [ 25.262207] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.262551] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.262869] page dumped because: kasan: bad access detected [ 25.263040] [ 25.263100] Memory state around the buggy address: [ 25.263242] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.263459] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.263820] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.264271] ^ [ 25.264726] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.265136] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.265428] ================================================================== [ 25.346720] ================================================================== [ 25.347721] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f30/0x5450 [ 25.348209] Read of size 8 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 25.348643] [ 25.348735] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.348787] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.348801] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.349071] Call Trace: [ 25.349102] <TASK> [ 25.349127] dump_stack_lvl+0x73/0xb0 [ 25.349160] print_report+0xd1/0x650 [ 25.349185] ? __virt_addr_valid+0x1db/0x2d0 [ 25.349209] ? kasan_atomics_helper+0x4f30/0x5450 [ 25.349230] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.349257] ? kasan_atomics_helper+0x4f30/0x5450 [ 25.349278] kasan_report+0x141/0x180 [ 25.349299] ? kasan_atomics_helper+0x4f30/0x5450 [ 25.349325] __asan_report_load8_noabort+0x18/0x20 [ 25.349348] kasan_atomics_helper+0x4f30/0x5450 [ 25.349370] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.349392] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.349417] ? kasan_atomics+0x152/0x310 [ 25.349442] kasan_atomics+0x1dc/0x310 [ 25.349463] ? __pfx_kasan_atomics+0x10/0x10 [ 25.349485] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.349508] ? __pfx_read_tsc+0x10/0x10 [ 25.349530] ? ktime_get_ts64+0x86/0x230 [ 25.349556] kunit_try_run_case+0x1a5/0x480 [ 25.349583] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.349605] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.349625] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.349650] ? __kthread_parkme+0x82/0x180 [ 25.349671] ? preempt_count_sub+0x50/0x80 [ 25.349695] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.349719] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.349742] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.349765] kthread+0x337/0x6f0 [ 25.349785] ? trace_preempt_on+0x20/0xc0 [ 25.349809] ? __pfx_kthread+0x10/0x10 [ 25.349830] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.349853] ? calculate_sigpending+0x7b/0xa0 [ 25.349877] ? __pfx_kthread+0x10/0x10 [ 25.349897] ret_from_fork+0x116/0x1d0 [ 25.349916] ? __pfx_kthread+0x10/0x10 [ 25.349947] ret_from_fork_asm+0x1a/0x30 [ 25.349978] </TASK> [ 25.349989] [ 25.362673] Allocated by task 294: [ 25.363157] kasan_save_stack+0x45/0x70 [ 25.363646] kasan_save_track+0x18/0x40 [ 25.364175] kasan_save_alloc_info+0x3b/0x50 [ 25.364691] __kasan_kmalloc+0xb7/0xc0 [ 25.365204] __kmalloc_cache_noprof+0x189/0x420 [ 25.365731] kasan_atomics+0x95/0x310 [ 25.366289] kunit_try_run_case+0x1a5/0x480 [ 25.366620] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.366793] kthread+0x337/0x6f0 [ 25.366910] ret_from_fork+0x116/0x1d0 [ 25.367047] ret_from_fork_asm+0x1a/0x30 [ 25.367309] [ 25.367469] The buggy address belongs to the object at ffff8881039e9700 [ 25.367469] which belongs to the cache kmalloc-64 of size 64 [ 25.368601] The buggy address is located 0 bytes to the right of [ 25.368601] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 25.369783] [ 25.369960] The buggy address belongs to the physical page: [ 25.370239] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 25.370475] flags: 0x200000000000000(node=0|zone=2) [ 25.370635] page_type: f5(slab) [ 25.370751] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.370990] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.371293] page dumped because: kasan: bad access detected [ 25.371531] [ 25.371618] Memory state around the buggy address: [ 25.371813] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.372045] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.372608] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.372891] ^ [ 25.373110] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.373378] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.373657] ================================================================== [ 24.704217] ================================================================== [ 24.704769] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a84/0x5450 [ 24.705256] Read of size 4 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 24.705578] [ 24.705696] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.705747] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.705761] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.705784] Call Trace: [ 24.705807] <TASK> [ 24.706031] dump_stack_lvl+0x73/0xb0 [ 24.706065] print_report+0xd1/0x650 [ 24.706088] ? __virt_addr_valid+0x1db/0x2d0 [ 24.706239] ? kasan_atomics_helper+0x4a84/0x5450 [ 24.706263] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.706289] ? kasan_atomics_helper+0x4a84/0x5450 [ 24.706310] kasan_report+0x141/0x180 [ 24.706332] ? kasan_atomics_helper+0x4a84/0x5450 [ 24.706357] __asan_report_load4_noabort+0x18/0x20 [ 24.706381] kasan_atomics_helper+0x4a84/0x5450 [ 24.706403] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.706425] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.706449] ? kasan_atomics+0x152/0x310 [ 24.706474] kasan_atomics+0x1dc/0x310 [ 24.706497] ? __pfx_kasan_atomics+0x10/0x10 [ 24.706518] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 24.706542] ? __pfx_read_tsc+0x10/0x10 [ 24.706564] ? ktime_get_ts64+0x86/0x230 [ 24.706589] kunit_try_run_case+0x1a5/0x480 [ 24.706616] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.706639] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 24.706659] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.706684] ? __kthread_parkme+0x82/0x180 [ 24.706705] ? preempt_count_sub+0x50/0x80 [ 24.706728] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.706752] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.706775] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.706798] kthread+0x337/0x6f0 [ 24.706825] ? trace_preempt_on+0x20/0xc0 [ 24.706849] ? __pfx_kthread+0x10/0x10 [ 24.706869] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.706892] ? calculate_sigpending+0x7b/0xa0 [ 24.706915] ? __pfx_kthread+0x10/0x10 [ 24.706950] ret_from_fork+0x116/0x1d0 [ 24.706969] ? __pfx_kthread+0x10/0x10 [ 24.706989] ret_from_fork_asm+0x1a/0x30 [ 24.707019] </TASK> [ 24.707030] [ 24.718495] Allocated by task 294: [ 24.718805] kasan_save_stack+0x45/0x70 [ 24.719008] kasan_save_track+0x18/0x40 [ 24.719415] kasan_save_alloc_info+0x3b/0x50 [ 24.719842] __kasan_kmalloc+0xb7/0xc0 [ 24.720104] __kmalloc_cache_noprof+0x189/0x420 [ 24.720425] kasan_atomics+0x95/0x310 [ 24.720792] kunit_try_run_case+0x1a5/0x480 [ 24.721216] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.721543] kthread+0x337/0x6f0 [ 24.721815] ret_from_fork+0x116/0x1d0 [ 24.722264] ret_from_fork_asm+0x1a/0x30 [ 24.722466] [ 24.722565] The buggy address belongs to the object at ffff8881039e9700 [ 24.722565] which belongs to the cache kmalloc-64 of size 64 [ 24.723264] The buggy address is located 0 bytes to the right of [ 24.723264] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 24.723904] [ 24.724015] The buggy address belongs to the physical page: [ 24.724694] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 24.725211] flags: 0x200000000000000(node=0|zone=2) [ 24.725534] page_type: f5(slab) [ 24.725710] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.726294] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.726695] page dumped because: kasan: bad access detected [ 24.727316] [ 24.727405] Memory state around the buggy address: [ 24.727618] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.727902] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.728594] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.728837] ^ [ 24.729501] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.729741] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.730387] ================================================================== [ 25.283820] ================================================================== [ 25.284147] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1a7f/0x5450 [ 25.284380] Write of size 8 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 25.284606] [ 25.284766] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.284811] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.284825] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.284846] Call Trace: [ 25.284862] <TASK> [ 25.284877] dump_stack_lvl+0x73/0xb0 [ 25.284903] print_report+0xd1/0x650 [ 25.284924] ? __virt_addr_valid+0x1db/0x2d0 [ 25.284957] ? kasan_atomics_helper+0x1a7f/0x5450 [ 25.284978] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.285003] ? kasan_atomics_helper+0x1a7f/0x5450 [ 25.285024] kasan_report+0x141/0x180 [ 25.285046] ? kasan_atomics_helper+0x1a7f/0x5450 [ 25.285072] kasan_check_range+0x10c/0x1c0 [ 25.285094] __kasan_check_write+0x18/0x20 [ 25.285117] kasan_atomics_helper+0x1a7f/0x5450 [ 25.285138] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.285159] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.285183] ? kasan_atomics+0x152/0x310 [ 25.285209] kasan_atomics+0x1dc/0x310 [ 25.285230] ? __pfx_kasan_atomics+0x10/0x10 [ 25.285251] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.285275] ? __pfx_read_tsc+0x10/0x10 [ 25.285296] ? ktime_get_ts64+0x86/0x230 [ 25.285320] kunit_try_run_case+0x1a5/0x480 [ 25.285346] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.285368] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.285388] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.285414] ? __kthread_parkme+0x82/0x180 [ 25.285434] ? preempt_count_sub+0x50/0x80 [ 25.285458] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.285482] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.285506] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.285530] kthread+0x337/0x6f0 [ 25.285549] ? trace_preempt_on+0x20/0xc0 [ 25.285572] ? __pfx_kthread+0x10/0x10 [ 25.285593] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.285616] ? calculate_sigpending+0x7b/0xa0 [ 25.285639] ? __pfx_kthread+0x10/0x10 [ 25.285660] ret_from_fork+0x116/0x1d0 [ 25.285678] ? __pfx_kthread+0x10/0x10 [ 25.285698] ret_from_fork_asm+0x1a/0x30 [ 25.285729] </TASK> [ 25.285739] [ 25.293377] Allocated by task 294: [ 25.293559] kasan_save_stack+0x45/0x70 [ 25.293778] kasan_save_track+0x18/0x40 [ 25.293933] kasan_save_alloc_info+0x3b/0x50 [ 25.294081] __kasan_kmalloc+0xb7/0xc0 [ 25.294204] __kmalloc_cache_noprof+0x189/0x420 [ 25.294349] kasan_atomics+0x95/0x310 [ 25.294473] kunit_try_run_case+0x1a5/0x480 [ 25.294613] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.294778] kthread+0x337/0x6f0 [ 25.294891] ret_from_fork+0x116/0x1d0 [ 25.295024] ret_from_fork_asm+0x1a/0x30 [ 25.295193] [ 25.295283] The buggy address belongs to the object at ffff8881039e9700 [ 25.295283] which belongs to the cache kmalloc-64 of size 64 [ 25.295830] The buggy address is located 0 bytes to the right of [ 25.295830] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 25.296382] [ 25.296471] The buggy address belongs to the physical page: [ 25.296714] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 25.297060] flags: 0x200000000000000(node=0|zone=2) [ 25.297283] page_type: f5(slab) [ 25.297454] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.297767] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.297994] page dumped because: kasan: bad access detected [ 25.298257] [ 25.298353] Memory state around the buggy address: [ 25.298566] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.298879] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.299233] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.299517] ^ [ 25.299668] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.299966] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.300302] ================================================================== [ 24.937560] ================================================================== [ 24.937983] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1217/0x5450 [ 24.938332] Write of size 4 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 24.938613] [ 24.938725] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.938773] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.938787] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.938811] Call Trace: [ 24.938833] <TASK> [ 24.938854] dump_stack_lvl+0x73/0xb0 [ 24.938881] print_report+0xd1/0x650 [ 24.938902] ? __virt_addr_valid+0x1db/0x2d0 [ 24.938926] ? kasan_atomics_helper+0x1217/0x5450 [ 24.938959] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.938984] ? kasan_atomics_helper+0x1217/0x5450 [ 24.939005] kasan_report+0x141/0x180 [ 24.939027] ? kasan_atomics_helper+0x1217/0x5450 [ 24.939052] kasan_check_range+0x10c/0x1c0 [ 24.939076] __kasan_check_write+0x18/0x20 [ 24.939100] kasan_atomics_helper+0x1217/0x5450 [ 24.939123] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.939146] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.939171] ? kasan_atomics+0x152/0x310 [ 24.939196] kasan_atomics+0x1dc/0x310 [ 24.939218] ? __pfx_kasan_atomics+0x10/0x10 [ 24.939240] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 24.939265] ? __pfx_read_tsc+0x10/0x10 [ 24.939287] ? ktime_get_ts64+0x86/0x230 [ 24.939312] kunit_try_run_case+0x1a5/0x480 [ 24.939339] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.939361] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 24.939381] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.939407] ? __kthread_parkme+0x82/0x180 [ 24.939426] ? preempt_count_sub+0x50/0x80 [ 24.939451] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.939474] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.939497] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.939520] kthread+0x337/0x6f0 [ 24.939539] ? trace_preempt_on+0x20/0xc0 [ 24.939562] ? __pfx_kthread+0x10/0x10 [ 24.939583] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.939607] ? calculate_sigpending+0x7b/0xa0 [ 24.939631] ? __pfx_kthread+0x10/0x10 [ 24.939652] ret_from_fork+0x116/0x1d0 [ 24.939670] ? __pfx_kthread+0x10/0x10 [ 24.939691] ret_from_fork_asm+0x1a/0x30 [ 24.939721] </TASK> [ 24.939732] [ 24.951244] Allocated by task 294: [ 24.951562] kasan_save_stack+0x45/0x70 [ 24.951908] kasan_save_track+0x18/0x40 [ 24.952230] kasan_save_alloc_info+0x3b/0x50 [ 24.952458] __kasan_kmalloc+0xb7/0xc0 [ 24.952626] __kmalloc_cache_noprof+0x189/0x420 [ 24.952813] kasan_atomics+0x95/0x310 [ 24.952992] kunit_try_run_case+0x1a5/0x480 [ 24.953449] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.953854] kthread+0x337/0x6f0 [ 24.954129] ret_from_fork+0x116/0x1d0 [ 24.954428] ret_from_fork_asm+0x1a/0x30 [ 24.954787] [ 24.954882] The buggy address belongs to the object at ffff8881039e9700 [ 24.954882] which belongs to the cache kmalloc-64 of size 64 [ 24.955583] The buggy address is located 0 bytes to the right of [ 24.955583] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 24.956086] [ 24.956229] The buggy address belongs to the physical page: [ 24.956465] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 24.956782] flags: 0x200000000000000(node=0|zone=2) [ 24.957358] page_type: f5(slab) [ 24.957649] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.958276] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.958765] page dumped because: kasan: bad access detected [ 24.959220] [ 24.959478] Memory state around the buggy address: [ 24.959756] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.960237] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.960721] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.961279] ^ [ 24.961501] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.961782] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.962070] ================================================================== [ 24.512505] ================================================================== [ 24.512757] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x860/0x5450 [ 24.513119] Write of size 4 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 24.513570] [ 24.514156] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.514404] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.514419] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.514443] Call Trace: [ 24.514465] <TASK> [ 24.514486] dump_stack_lvl+0x73/0xb0 [ 24.514513] print_report+0xd1/0x650 [ 24.514536] ? __virt_addr_valid+0x1db/0x2d0 [ 24.514559] ? kasan_atomics_helper+0x860/0x5450 [ 24.514580] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.514606] ? kasan_atomics_helper+0x860/0x5450 [ 24.514627] kasan_report+0x141/0x180 [ 24.514649] ? kasan_atomics_helper+0x860/0x5450 [ 24.514674] kasan_check_range+0x10c/0x1c0 [ 24.514697] __kasan_check_write+0x18/0x20 [ 24.514719] kasan_atomics_helper+0x860/0x5450 [ 24.514741] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.514762] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.514787] ? kasan_atomics+0x152/0x310 [ 24.514813] kasan_atomics+0x1dc/0x310 [ 24.514931] ? __pfx_kasan_atomics+0x10/0x10 [ 24.514969] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 24.514993] ? __pfx_read_tsc+0x10/0x10 [ 24.515016] ? ktime_get_ts64+0x86/0x230 [ 24.515042] kunit_try_run_case+0x1a5/0x480 [ 24.515069] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.515092] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 24.515113] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.515146] ? __kthread_parkme+0x82/0x180 [ 24.515168] ? preempt_count_sub+0x50/0x80 [ 24.515192] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.515217] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.515241] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.515265] kthread+0x337/0x6f0 [ 24.515285] ? trace_preempt_on+0x20/0xc0 [ 24.515308] ? __pfx_kthread+0x10/0x10 [ 24.515329] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.515353] ? calculate_sigpending+0x7b/0xa0 [ 24.515377] ? __pfx_kthread+0x10/0x10 [ 24.515399] ret_from_fork+0x116/0x1d0 [ 24.515418] ? __pfx_kthread+0x10/0x10 [ 24.515439] ret_from_fork_asm+0x1a/0x30 [ 24.515469] </TASK> [ 24.515480] [ 24.526720] Allocated by task 294: [ 24.527150] kasan_save_stack+0x45/0x70 [ 24.527437] kasan_save_track+0x18/0x40 [ 24.527614] kasan_save_alloc_info+0x3b/0x50 [ 24.528112] __kasan_kmalloc+0xb7/0xc0 [ 24.528363] __kmalloc_cache_noprof+0x189/0x420 [ 24.528608] kasan_atomics+0x95/0x310 [ 24.528773] kunit_try_run_case+0x1a5/0x480 [ 24.529225] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.529419] kthread+0x337/0x6f0 [ 24.529717] ret_from_fork+0x116/0x1d0 [ 24.529892] ret_from_fork_asm+0x1a/0x30 [ 24.530312] [ 24.530413] The buggy address belongs to the object at ffff8881039e9700 [ 24.530413] which belongs to the cache kmalloc-64 of size 64 [ 24.530932] The buggy address is located 0 bytes to the right of [ 24.530932] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 24.531822] [ 24.531934] The buggy address belongs to the physical page: [ 24.532348] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 24.532813] flags: 0x200000000000000(node=0|zone=2) [ 24.533133] page_type: f5(slab) [ 24.533323] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.533787] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.534217] page dumped because: kasan: bad access detected [ 24.534490] [ 24.534589] Memory state around the buggy address: [ 24.534771] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.535410] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.535709] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.536216] ^ [ 24.536661] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.537047] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.537347] ================================================================== [ 24.269744] ================================================================== [ 24.270196] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b6e/0x5450 [ 24.270528] Write of size 4 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 24.270846] [ 24.271235] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.271288] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.271303] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.271326] Call Trace: [ 24.271348] <TASK> [ 24.271369] dump_stack_lvl+0x73/0xb0 [ 24.271398] print_report+0xd1/0x650 [ 24.271420] ? __virt_addr_valid+0x1db/0x2d0 [ 24.271443] ? kasan_atomics_helper+0x4b6e/0x5450 [ 24.271464] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.271490] ? kasan_atomics_helper+0x4b6e/0x5450 [ 24.271511] kasan_report+0x141/0x180 [ 24.271533] ? kasan_atomics_helper+0x4b6e/0x5450 [ 24.271558] __asan_report_store4_noabort+0x1b/0x30 [ 24.271582] kasan_atomics_helper+0x4b6e/0x5450 [ 24.271603] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.271624] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.271649] ? kasan_atomics+0x152/0x310 [ 24.271675] kasan_atomics+0x1dc/0x310 [ 24.271697] ? __pfx_kasan_atomics+0x10/0x10 [ 24.271718] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 24.271741] ? __pfx_read_tsc+0x10/0x10 [ 24.271763] ? ktime_get_ts64+0x86/0x230 [ 24.271788] kunit_try_run_case+0x1a5/0x480 [ 24.271815] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.271837] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 24.271857] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.271883] ? __kthread_parkme+0x82/0x180 [ 24.272005] ? preempt_count_sub+0x50/0x80 [ 24.272037] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.272062] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.272098] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.272133] kthread+0x337/0x6f0 [ 24.272153] ? trace_preempt_on+0x20/0xc0 [ 24.272188] ? __pfx_kthread+0x10/0x10 [ 24.272208] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.272241] ? calculate_sigpending+0x7b/0xa0 [ 24.272265] ? __pfx_kthread+0x10/0x10 [ 24.272286] ret_from_fork+0x116/0x1d0 [ 24.272316] ? __pfx_kthread+0x10/0x10 [ 24.272342] ret_from_fork_asm+0x1a/0x30 [ 24.272373] </TASK> [ 24.272385] [ 24.280827] Allocated by task 294: [ 24.281035] kasan_save_stack+0x45/0x70 [ 24.281189] kasan_save_track+0x18/0x40 [ 24.281403] kasan_save_alloc_info+0x3b/0x50 [ 24.281752] __kasan_kmalloc+0xb7/0xc0 [ 24.281953] __kmalloc_cache_noprof+0x189/0x420 [ 24.282423] kasan_atomics+0x95/0x310 [ 24.282598] kunit_try_run_case+0x1a5/0x480 [ 24.282787] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.283290] kthread+0x337/0x6f0 [ 24.283461] ret_from_fork+0x116/0x1d0 [ 24.283647] ret_from_fork_asm+0x1a/0x30 [ 24.283935] [ 24.284048] The buggy address belongs to the object at ffff8881039e9700 [ 24.284048] which belongs to the cache kmalloc-64 of size 64 [ 24.284584] The buggy address is located 0 bytes to the right of [ 24.284584] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 24.285198] [ 24.285297] The buggy address belongs to the physical page: [ 24.285540] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 24.285914] flags: 0x200000000000000(node=0|zone=2) [ 24.286150] page_type: f5(slab) [ 24.286413] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.286686] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.286909] page dumped because: kasan: bad access detected [ 24.287084] [ 24.287150] Memory state around the buggy address: [ 24.287413] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.287733] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.288048] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.289143] ^ [ 24.289416] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.289681] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.289890] ================================================================== [ 24.963478] ================================================================== [ 24.963883] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49e8/0x5450 [ 24.964523] Read of size 4 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 24.964827] [ 24.964934] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.964995] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.965009] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.965032] Call Trace: [ 24.965055] <TASK> [ 24.965076] dump_stack_lvl+0x73/0xb0 [ 24.965103] print_report+0xd1/0x650 [ 24.965125] ? __virt_addr_valid+0x1db/0x2d0 [ 24.965148] ? kasan_atomics_helper+0x49e8/0x5450 [ 24.965169] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.965195] ? kasan_atomics_helper+0x49e8/0x5450 [ 24.965217] kasan_report+0x141/0x180 [ 24.965238] ? kasan_atomics_helper+0x49e8/0x5450 [ 24.965263] __asan_report_load4_noabort+0x18/0x20 [ 24.965286] kasan_atomics_helper+0x49e8/0x5450 [ 24.965307] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.965329] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.965353] ? kasan_atomics+0x152/0x310 [ 24.965378] kasan_atomics+0x1dc/0x310 [ 24.965399] ? __pfx_kasan_atomics+0x10/0x10 [ 24.965421] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 24.965445] ? __pfx_read_tsc+0x10/0x10 [ 24.965467] ? ktime_get_ts64+0x86/0x230 [ 24.965492] kunit_try_run_case+0x1a5/0x480 [ 24.965518] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.965540] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 24.965562] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.965588] ? __kthread_parkme+0x82/0x180 [ 24.965609] ? preempt_count_sub+0x50/0x80 [ 24.965632] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.965656] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.965680] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.965703] kthread+0x337/0x6f0 [ 24.965723] ? trace_preempt_on+0x20/0xc0 [ 24.965748] ? __pfx_kthread+0x10/0x10 [ 24.965769] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.965792] ? calculate_sigpending+0x7b/0xa0 [ 24.965816] ? __pfx_kthread+0x10/0x10 [ 24.965837] ret_from_fork+0x116/0x1d0 [ 24.965856] ? __pfx_kthread+0x10/0x10 [ 24.965876] ret_from_fork_asm+0x1a/0x30 [ 24.965906] </TASK> [ 24.965917] [ 24.973179] Allocated by task 294: [ 24.973309] kasan_save_stack+0x45/0x70 [ 24.973499] kasan_save_track+0x18/0x40 [ 24.974699] kasan_save_alloc_info+0x3b/0x50 [ 24.975155] __kasan_kmalloc+0xb7/0xc0 [ 24.975294] __kmalloc_cache_noprof+0x189/0x420 [ 24.975440] kasan_atomics+0x95/0x310 [ 24.975562] kunit_try_run_case+0x1a5/0x480 [ 24.975699] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.975862] kthread+0x337/0x6f0 [ 24.975983] ret_from_fork+0x116/0x1d0 [ 24.976107] ret_from_fork_asm+0x1a/0x30 [ 24.976235] [ 24.976300] The buggy address belongs to the object at ffff8881039e9700 [ 24.976300] which belongs to the cache kmalloc-64 of size 64 [ 24.976643] The buggy address is located 0 bytes to the right of [ 24.976643] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 24.977109] [ 24.977264] The buggy address belongs to the physical page: [ 24.977776] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 24.978640] flags: 0x200000000000000(node=0|zone=2) [ 24.979259] page_type: f5(slab) [ 24.979618] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.980314] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.980987] page dumped because: kasan: bad access detected [ 24.981504] [ 24.981668] Memory state around the buggy address: [ 24.982132] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.982758] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.983436] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.984056] ^ [ 24.984543] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.985180] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.985777] ================================================================== [ 25.082807] ================================================================== [ 25.083209] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x50d4/0x5450 [ 25.083467] Write of size 8 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 25.083717] [ 25.083823] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.083871] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.083884] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.083906] Call Trace: [ 25.083925] <TASK> [ 25.083955] dump_stack_lvl+0x73/0xb0 [ 25.083981] print_report+0xd1/0x650 [ 25.084003] ? __virt_addr_valid+0x1db/0x2d0 [ 25.084026] ? kasan_atomics_helper+0x50d4/0x5450 [ 25.084047] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.084073] ? kasan_atomics_helper+0x50d4/0x5450 [ 25.084094] kasan_report+0x141/0x180 [ 25.084115] ? kasan_atomics_helper+0x50d4/0x5450 [ 25.084155] __asan_report_store8_noabort+0x1b/0x30 [ 25.084179] kasan_atomics_helper+0x50d4/0x5450 [ 25.084201] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.084223] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.084247] ? kasan_atomics+0x152/0x310 [ 25.084272] kasan_atomics+0x1dc/0x310 [ 25.084295] ? __pfx_kasan_atomics+0x10/0x10 [ 25.084317] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.084349] ? __pfx_read_tsc+0x10/0x10 [ 25.084371] ? ktime_get_ts64+0x86/0x230 [ 25.084396] kunit_try_run_case+0x1a5/0x480 [ 25.084422] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.084445] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.084465] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.084490] ? __kthread_parkme+0x82/0x180 [ 25.084510] ? preempt_count_sub+0x50/0x80 [ 25.084534] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.084557] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.084582] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.084606] kthread+0x337/0x6f0 [ 25.084625] ? trace_preempt_on+0x20/0xc0 [ 25.084648] ? __pfx_kthread+0x10/0x10 [ 25.084668] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.084691] ? calculate_sigpending+0x7b/0xa0 [ 25.084714] ? __pfx_kthread+0x10/0x10 [ 25.084735] ret_from_fork+0x116/0x1d0 [ 25.084754] ? __pfx_kthread+0x10/0x10 [ 25.084774] ret_from_fork_asm+0x1a/0x30 [ 25.084804] </TASK> [ 25.084815] [ 25.092028] Allocated by task 294: [ 25.092154] kasan_save_stack+0x45/0x70 [ 25.092287] kasan_save_track+0x18/0x40 [ 25.092421] kasan_save_alloc_info+0x3b/0x50 [ 25.092562] __kasan_kmalloc+0xb7/0xc0 [ 25.092713] __kmalloc_cache_noprof+0x189/0x420 [ 25.093062] kasan_atomics+0x95/0x310 [ 25.093422] kunit_try_run_case+0x1a5/0x480 [ 25.093621] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.093861] kthread+0x337/0x6f0 [ 25.094028] ret_from_fork+0x116/0x1d0 [ 25.094260] ret_from_fork_asm+0x1a/0x30 [ 25.094447] [ 25.094535] The buggy address belongs to the object at ffff8881039e9700 [ 25.094535] which belongs to the cache kmalloc-64 of size 64 [ 25.095006] The buggy address is located 0 bytes to the right of [ 25.095006] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 25.095639] [ 25.095705] The buggy address belongs to the physical page: [ 25.095870] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 25.096319] flags: 0x200000000000000(node=0|zone=2) [ 25.096560] page_type: f5(slab) [ 25.096728] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.097032] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.097372] page dumped because: kasan: bad access detected [ 25.097595] [ 25.097658] Memory state around the buggy address: [ 25.097849] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.098148] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.098417] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.098679] ^ [ 25.098859] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.099162] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.099433] ================================================================== [ 25.426869] ================================================================== [ 25.427302] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1eaa/0x5450 [ 25.427561] Write of size 8 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 25.427853] [ 25.427973] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.428025] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.428038] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.428060] Call Trace: [ 25.428081] <TASK> [ 25.428101] dump_stack_lvl+0x73/0xb0 [ 25.428127] print_report+0xd1/0x650 [ 25.428149] ? __virt_addr_valid+0x1db/0x2d0 [ 25.428173] ? kasan_atomics_helper+0x1eaa/0x5450 [ 25.428193] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.428217] ? kasan_atomics_helper+0x1eaa/0x5450 [ 25.428239] kasan_report+0x141/0x180 [ 25.428272] ? kasan_atomics_helper+0x1eaa/0x5450 [ 25.428297] kasan_check_range+0x10c/0x1c0 [ 25.428320] __kasan_check_write+0x18/0x20 [ 25.428349] kasan_atomics_helper+0x1eaa/0x5450 [ 25.428371] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.428392] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.428417] ? kasan_atomics+0x152/0x310 [ 25.428452] kasan_atomics+0x1dc/0x310 [ 25.428474] ? __pfx_kasan_atomics+0x10/0x10 [ 25.428495] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.428529] ? __pfx_read_tsc+0x10/0x10 [ 25.428552] ? ktime_get_ts64+0x86/0x230 [ 25.428577] kunit_try_run_case+0x1a5/0x480 [ 25.428604] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.428627] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.428647] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.428672] ? __kthread_parkme+0x82/0x180 [ 25.428693] ? preempt_count_sub+0x50/0x80 [ 25.428716] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.428740] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.428763] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.428787] kthread+0x337/0x6f0 [ 25.428807] ? trace_preempt_on+0x20/0xc0 [ 25.428831] ? __pfx_kthread+0x10/0x10 [ 25.428852] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.428874] ? calculate_sigpending+0x7b/0xa0 [ 25.428898] ? __pfx_kthread+0x10/0x10 [ 25.428919] ret_from_fork+0x116/0x1d0 [ 25.428949] ? __pfx_kthread+0x10/0x10 [ 25.428970] ret_from_fork_asm+0x1a/0x30 [ 25.429003] </TASK> [ 25.429014] [ 25.436744] Allocated by task 294: [ 25.436877] kasan_save_stack+0x45/0x70 [ 25.437027] kasan_save_track+0x18/0x40 [ 25.437153] kasan_save_alloc_info+0x3b/0x50 [ 25.437294] __kasan_kmalloc+0xb7/0xc0 [ 25.437417] __kmalloc_cache_noprof+0x189/0x420 [ 25.437566] kasan_atomics+0x95/0x310 [ 25.437768] kunit_try_run_case+0x1a5/0x480 [ 25.438014] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.438277] kthread+0x337/0x6f0 [ 25.438435] ret_from_fork+0x116/0x1d0 [ 25.438609] ret_from_fork_asm+0x1a/0x30 [ 25.438792] [ 25.438880] The buggy address belongs to the object at ffff8881039e9700 [ 25.438880] which belongs to the cache kmalloc-64 of size 64 [ 25.439413] The buggy address is located 0 bytes to the right of [ 25.439413] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 25.439914] [ 25.439990] The buggy address belongs to the physical page: [ 25.440176] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 25.440405] flags: 0x200000000000000(node=0|zone=2) [ 25.440581] page_type: f5(slab) [ 25.440745] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.441090] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.441468] page dumped because: kasan: bad access detected [ 25.441716] [ 25.441782] Memory state around the buggy address: [ 25.441931] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.442177] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.442391] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.442599] ^ [ 25.442745] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.442961] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.443290] ================================================================== [ 24.920509] ================================================================== [ 24.920962] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a02/0x5450 [ 24.921293] Read of size 4 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 24.921568] [ 24.921672] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.921722] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.921735] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.921757] Call Trace: [ 24.921777] <TASK> [ 24.921797] dump_stack_lvl+0x73/0xb0 [ 24.921823] print_report+0xd1/0x650 [ 24.921844] ? __virt_addr_valid+0x1db/0x2d0 [ 24.921867] ? kasan_atomics_helper+0x4a02/0x5450 [ 24.921888] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.921914] ? kasan_atomics_helper+0x4a02/0x5450 [ 24.921934] kasan_report+0x141/0x180 [ 24.921966] ? kasan_atomics_helper+0x4a02/0x5450 [ 24.921991] __asan_report_load4_noabort+0x18/0x20 [ 24.922014] kasan_atomics_helper+0x4a02/0x5450 [ 24.922035] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.922057] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.922082] ? kasan_atomics+0x152/0x310 [ 24.922107] kasan_atomics+0x1dc/0x310 [ 24.922129] ? __pfx_kasan_atomics+0x10/0x10 [ 24.922151] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 24.922174] ? __pfx_read_tsc+0x10/0x10 [ 24.922196] ? ktime_get_ts64+0x86/0x230 [ 24.922221] kunit_try_run_case+0x1a5/0x480 [ 24.922247] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.922270] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 24.922290] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.922315] ? __kthread_parkme+0x82/0x180 [ 24.922335] ? preempt_count_sub+0x50/0x80 [ 24.922359] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.922382] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.922405] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.922429] kthread+0x337/0x6f0 [ 24.922448] ? trace_preempt_on+0x20/0xc0 [ 24.922472] ? __pfx_kthread+0x10/0x10 [ 24.922492] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.922515] ? calculate_sigpending+0x7b/0xa0 [ 24.922539] ? __pfx_kthread+0x10/0x10 [ 24.922560] ret_from_fork+0x116/0x1d0 [ 24.922579] ? __pfx_kthread+0x10/0x10 [ 24.922599] ret_from_fork_asm+0x1a/0x30 [ 24.922628] </TASK> [ 24.922640] [ 24.929789] Allocated by task 294: [ 24.929981] kasan_save_stack+0x45/0x70 [ 24.930222] kasan_save_track+0x18/0x40 [ 24.930403] kasan_save_alloc_info+0x3b/0x50 [ 24.930609] __kasan_kmalloc+0xb7/0xc0 [ 24.930765] __kmalloc_cache_noprof+0x189/0x420 [ 24.930947] kasan_atomics+0x95/0x310 [ 24.931071] kunit_try_run_case+0x1a5/0x480 [ 24.931401] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.931617] kthread+0x337/0x6f0 [ 24.931731] ret_from_fork+0x116/0x1d0 [ 24.931855] ret_from_fork_asm+0x1a/0x30 [ 24.932005] [ 24.932071] The buggy address belongs to the object at ffff8881039e9700 [ 24.932071] which belongs to the cache kmalloc-64 of size 64 [ 24.932821] The buggy address is located 0 bytes to the right of [ 24.932821] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 24.933327] [ 24.933396] The buggy address belongs to the physical page: [ 24.933561] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 24.933883] flags: 0x200000000000000(node=0|zone=2) [ 24.934123] page_type: f5(slab) [ 24.934287] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.934627] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.934950] page dumped because: kasan: bad access detected [ 24.935182] [ 24.935246] Memory state around the buggy address: [ 24.935394] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.935601] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.935808] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.936060] ^ [ 24.936268] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.936585] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.936887] ================================================================== [ 24.903339] ================================================================== [ 24.903577] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1148/0x5450 [ 24.904032] Write of size 4 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 24.904397] [ 24.904546] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.904597] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.904611] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.904633] Call Trace: [ 24.904656] <TASK> [ 24.904676] dump_stack_lvl+0x73/0xb0 [ 24.904702] print_report+0xd1/0x650 [ 24.904723] ? __virt_addr_valid+0x1db/0x2d0 [ 24.904748] ? kasan_atomics_helper+0x1148/0x5450 [ 24.904769] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.904794] ? kasan_atomics_helper+0x1148/0x5450 [ 24.904816] kasan_report+0x141/0x180 [ 24.904838] ? kasan_atomics_helper+0x1148/0x5450 [ 24.904863] kasan_check_range+0x10c/0x1c0 [ 24.904886] __kasan_check_write+0x18/0x20 [ 24.904909] kasan_atomics_helper+0x1148/0x5450 [ 24.904930] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.904963] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.904987] ? kasan_atomics+0x152/0x310 [ 24.905012] kasan_atomics+0x1dc/0x310 [ 24.905034] ? __pfx_kasan_atomics+0x10/0x10 [ 24.905055] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 24.905079] ? __pfx_read_tsc+0x10/0x10 [ 24.905101] ? ktime_get_ts64+0x86/0x230 [ 24.905126] kunit_try_run_case+0x1a5/0x480 [ 24.905152] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.905175] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 24.905195] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.905219] ? __kthread_parkme+0x82/0x180 [ 24.905240] ? preempt_count_sub+0x50/0x80 [ 24.905263] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.905287] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.905311] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.905334] kthread+0x337/0x6f0 [ 24.905366] ? trace_preempt_on+0x20/0xc0 [ 24.905389] ? __pfx_kthread+0x10/0x10 [ 24.905409] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.905433] ? calculate_sigpending+0x7b/0xa0 [ 24.905457] ? __pfx_kthread+0x10/0x10 [ 24.905478] ret_from_fork+0x116/0x1d0 [ 24.905497] ? __pfx_kthread+0x10/0x10 [ 24.905517] ret_from_fork_asm+0x1a/0x30 [ 24.905546] </TASK> [ 24.905558] [ 24.912950] Allocated by task 294: [ 24.913092] kasan_save_stack+0x45/0x70 [ 24.913293] kasan_save_track+0x18/0x40 [ 24.913469] kasan_save_alloc_info+0x3b/0x50 [ 24.913621] __kasan_kmalloc+0xb7/0xc0 [ 24.913788] __kmalloc_cache_noprof+0x189/0x420 [ 24.913934] kasan_atomics+0x95/0x310 [ 24.914068] kunit_try_run_case+0x1a5/0x480 [ 24.914454] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.914703] kthread+0x337/0x6f0 [ 24.914860] ret_from_fork+0x116/0x1d0 [ 24.915016] ret_from_fork_asm+0x1a/0x30 [ 24.915184] [ 24.915342] The buggy address belongs to the object at ffff8881039e9700 [ 24.915342] which belongs to the cache kmalloc-64 of size 64 [ 24.915713] The buggy address is located 0 bytes to the right of [ 24.915713] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 24.916299] [ 24.916387] The buggy address belongs to the physical page: [ 24.916597] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 24.916893] flags: 0x200000000000000(node=0|zone=2) [ 24.917117] page_type: f5(slab) [ 24.917275] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.917515] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.917735] page dumped because: kasan: bad access detected [ 24.917900] [ 24.917973] Memory state around the buggy address: [ 24.918123] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.918433] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.918752] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.919063] ^ [ 24.919460] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.919743] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.919954] ================================================================== [ 25.325282] ================================================================== [ 25.326130] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1c18/0x5450 [ 25.326475] Write of size 8 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 25.326685] [ 25.326770] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.326821] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.326834] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.326857] Call Trace: [ 25.326878] <TASK> [ 25.326899] dump_stack_lvl+0x73/0xb0 [ 25.326928] print_report+0xd1/0x650 [ 25.326962] ? __virt_addr_valid+0x1db/0x2d0 [ 25.326985] ? kasan_atomics_helper+0x1c18/0x5450 [ 25.327006] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.327031] ? kasan_atomics_helper+0x1c18/0x5450 [ 25.327051] kasan_report+0x141/0x180 [ 25.327073] ? kasan_atomics_helper+0x1c18/0x5450 [ 25.327098] kasan_check_range+0x10c/0x1c0 [ 25.327121] __kasan_check_write+0x18/0x20 [ 25.327144] kasan_atomics_helper+0x1c18/0x5450 [ 25.327166] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.327207] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.327232] ? kasan_atomics+0x152/0x310 [ 25.327257] kasan_atomics+0x1dc/0x310 [ 25.327278] ? __pfx_kasan_atomics+0x10/0x10 [ 25.327299] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.327323] ? __pfx_read_tsc+0x10/0x10 [ 25.327346] ? ktime_get_ts64+0x86/0x230 [ 25.327371] kunit_try_run_case+0x1a5/0x480 [ 25.327398] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.327420] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.327440] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.327466] ? __kthread_parkme+0x82/0x180 [ 25.327486] ? preempt_count_sub+0x50/0x80 [ 25.327510] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.327534] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.327558] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.327582] kthread+0x337/0x6f0 [ 25.327602] ? trace_preempt_on+0x20/0xc0 [ 25.327626] ? __pfx_kthread+0x10/0x10 [ 25.327649] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.327672] ? calculate_sigpending+0x7b/0xa0 [ 25.327696] ? __pfx_kthread+0x10/0x10 [ 25.327718] ret_from_fork+0x116/0x1d0 [ 25.327737] ? __pfx_kthread+0x10/0x10 [ 25.327757] ret_from_fork_asm+0x1a/0x30 [ 25.327788] </TASK> [ 25.327800] [ 25.334863] Allocated by task 294: [ 25.335045] kasan_save_stack+0x45/0x70 [ 25.335980] kasan_save_track+0x18/0x40 [ 25.336516] kasan_save_alloc_info+0x3b/0x50 [ 25.336966] __kasan_kmalloc+0xb7/0xc0 [ 25.337147] __kmalloc_cache_noprof+0x189/0x420 [ 25.337614] kasan_atomics+0x95/0x310 [ 25.337859] kunit_try_run_case+0x1a5/0x480 [ 25.338202] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.338527] kthread+0x337/0x6f0 [ 25.338662] ret_from_fork+0x116/0x1d0 [ 25.338975] ret_from_fork_asm+0x1a/0x30 [ 25.339167] [ 25.339413] The buggy address belongs to the object at ffff8881039e9700 [ 25.339413] which belongs to the cache kmalloc-64 of size 64 [ 25.339922] The buggy address is located 0 bytes to the right of [ 25.339922] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 25.340597] [ 25.340845] The buggy address belongs to the physical page: [ 25.341062] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 25.341640] flags: 0x200000000000000(node=0|zone=2) [ 25.341877] page_type: f5(slab) [ 25.342163] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.342513] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.342795] page dumped because: kasan: bad access detected [ 25.343108] [ 25.343309] Memory state around the buggy address: [ 25.343626] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.344000] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.344448] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.344727] ^ [ 25.344924] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.345388] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.345766] ================================================================== [ 24.248497] ================================================================== [ 24.248921] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b88/0x5450 [ 24.249276] Read of size 4 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 24.249572] [ 24.249684] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.249733] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.249745] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.249768] Call Trace: [ 24.249799] <TASK> [ 24.249821] dump_stack_lvl+0x73/0xb0 [ 24.249848] print_report+0xd1/0x650 [ 24.249880] ? __virt_addr_valid+0x1db/0x2d0 [ 24.249902] ? kasan_atomics_helper+0x4b88/0x5450 [ 24.249932] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.249973] ? kasan_atomics_helper+0x4b88/0x5450 [ 24.249993] kasan_report+0x141/0x180 [ 24.250013] ? kasan_atomics_helper+0x4b88/0x5450 [ 24.250037] __asan_report_load4_noabort+0x18/0x20 [ 24.250059] kasan_atomics_helper+0x4b88/0x5450 [ 24.250079] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.250099] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.250123] ? kasan_atomics+0x152/0x310 [ 24.250262] kasan_atomics+0x1dc/0x310 [ 24.250285] ? __pfx_kasan_atomics+0x10/0x10 [ 24.250305] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 24.250328] ? __pfx_read_tsc+0x10/0x10 [ 24.250350] ? ktime_get_ts64+0x86/0x230 [ 24.250374] kunit_try_run_case+0x1a5/0x480 [ 24.250400] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.250422] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 24.250450] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.250474] ? __kthread_parkme+0x82/0x180 [ 24.250493] ? preempt_count_sub+0x50/0x80 [ 24.250527] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.250549] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.250572] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.250594] kthread+0x337/0x6f0 [ 24.250612] ? trace_preempt_on+0x20/0xc0 [ 24.250634] ? __pfx_kthread+0x10/0x10 [ 24.250653] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.250675] ? calculate_sigpending+0x7b/0xa0 [ 24.250697] ? __pfx_kthread+0x10/0x10 [ 24.250718] ret_from_fork+0x116/0x1d0 [ 24.250736] ? __pfx_kthread+0x10/0x10 [ 24.250756] ret_from_fork_asm+0x1a/0x30 [ 24.250785] </TASK> [ 24.250796] [ 24.259994] Allocated by task 294: [ 24.260417] kasan_save_stack+0x45/0x70 [ 24.260652] kasan_save_track+0x18/0x40 [ 24.260882] kasan_save_alloc_info+0x3b/0x50 [ 24.261095] __kasan_kmalloc+0xb7/0xc0 [ 24.261335] __kmalloc_cache_noprof+0x189/0x420 [ 24.261526] kasan_atomics+0x95/0x310 [ 24.261716] kunit_try_run_case+0x1a5/0x480 [ 24.261972] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.262279] kthread+0x337/0x6f0 [ 24.262429] ret_from_fork+0x116/0x1d0 [ 24.262617] ret_from_fork_asm+0x1a/0x30 [ 24.262789] [ 24.262891] The buggy address belongs to the object at ffff8881039e9700 [ 24.262891] which belongs to the cache kmalloc-64 of size 64 [ 24.263548] The buggy address is located 0 bytes to the right of [ 24.263548] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 24.264090] [ 24.264181] The buggy address belongs to the physical page: [ 24.264607] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 24.264963] flags: 0x200000000000000(node=0|zone=2) [ 24.265187] page_type: f5(slab) [ 24.265397] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.265622] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.266120] page dumped because: kasan: bad access detected [ 24.266424] [ 24.266524] Memory state around the buggy address: [ 24.266756] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.267342] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.267604] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.268035] ^ [ 24.268349] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.268670] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.268900] ================================================================== [ 24.858877] ================================================================== [ 24.859264] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1079/0x5450 [ 24.859862] Write of size 4 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 24.860369] [ 24.860707] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.860775] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.860790] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.860812] Call Trace: [ 24.860833] <TASK> [ 24.860852] dump_stack_lvl+0x73/0xb0 [ 24.860881] print_report+0xd1/0x650 [ 24.860902] ? __virt_addr_valid+0x1db/0x2d0 [ 24.860926] ? kasan_atomics_helper+0x1079/0x5450 [ 24.860955] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.860981] ? kasan_atomics_helper+0x1079/0x5450 [ 24.861002] kasan_report+0x141/0x180 [ 24.861023] ? kasan_atomics_helper+0x1079/0x5450 [ 24.861048] kasan_check_range+0x10c/0x1c0 [ 24.861071] __kasan_check_write+0x18/0x20 [ 24.861093] kasan_atomics_helper+0x1079/0x5450 [ 24.861114] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.861145] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.861169] ? kasan_atomics+0x152/0x310 [ 24.861193] kasan_atomics+0x1dc/0x310 [ 24.861215] ? __pfx_kasan_atomics+0x10/0x10 [ 24.861236] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 24.861259] ? __pfx_read_tsc+0x10/0x10 [ 24.861282] ? ktime_get_ts64+0x86/0x230 [ 24.861307] kunit_try_run_case+0x1a5/0x480 [ 24.861333] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.861356] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 24.861376] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.861402] ? __kthread_parkme+0x82/0x180 [ 24.861422] ? preempt_count_sub+0x50/0x80 [ 24.861446] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.861470] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.861494] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.861518] kthread+0x337/0x6f0 [ 24.861538] ? trace_preempt_on+0x20/0xc0 [ 24.861561] ? __pfx_kthread+0x10/0x10 [ 24.861582] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.861605] ? calculate_sigpending+0x7b/0xa0 [ 24.861629] ? __pfx_kthread+0x10/0x10 [ 24.861650] ret_from_fork+0x116/0x1d0 [ 24.861670] ? __pfx_kthread+0x10/0x10 [ 24.861690] ret_from_fork_asm+0x1a/0x30 [ 24.861721] </TASK> [ 24.861732] [ 24.871618] Allocated by task 294: [ 24.871967] kasan_save_stack+0x45/0x70 [ 24.872144] kasan_save_track+0x18/0x40 [ 24.872466] kasan_save_alloc_info+0x3b/0x50 [ 24.872665] __kasan_kmalloc+0xb7/0xc0 [ 24.872857] __kmalloc_cache_noprof+0x189/0x420 [ 24.873052] kasan_atomics+0x95/0x310 [ 24.873221] kunit_try_run_case+0x1a5/0x480 [ 24.873414] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.873626] kthread+0x337/0x6f0 [ 24.873787] ret_from_fork+0x116/0x1d0 [ 24.873934] ret_from_fork_asm+0x1a/0x30 [ 24.874490] [ 24.874580] The buggy address belongs to the object at ffff8881039e9700 [ 24.874580] which belongs to the cache kmalloc-64 of size 64 [ 24.875162] The buggy address is located 0 bytes to the right of [ 24.875162] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 24.875764] [ 24.876003] The buggy address belongs to the physical page: [ 24.876277] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 24.876715] flags: 0x200000000000000(node=0|zone=2) [ 24.877013] page_type: f5(slab) [ 24.877207] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.877609] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.878001] page dumped because: kasan: bad access detected [ 24.878207] [ 24.878365] Memory state around the buggy address: [ 24.878697] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.879012] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.879328] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.879750] ^ [ 24.880041] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.880307] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.880731] ================================================================== [ 25.099955] ================================================================== [ 25.100416] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x151d/0x5450 [ 25.100746] Write of size 8 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 25.101036] [ 25.101122] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.101170] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.101183] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.101206] Call Trace: [ 25.101226] <TASK> [ 25.101244] dump_stack_lvl+0x73/0xb0 [ 25.101270] print_report+0xd1/0x650 [ 25.101291] ? __virt_addr_valid+0x1db/0x2d0 [ 25.101314] ? kasan_atomics_helper+0x151d/0x5450 [ 25.101335] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.101361] ? kasan_atomics_helper+0x151d/0x5450 [ 25.101382] kasan_report+0x141/0x180 [ 25.101404] ? kasan_atomics_helper+0x151d/0x5450 [ 25.101429] kasan_check_range+0x10c/0x1c0 [ 25.101452] __kasan_check_write+0x18/0x20 [ 25.101474] kasan_atomics_helper+0x151d/0x5450 [ 25.101496] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.101518] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.101543] ? kasan_atomics+0x152/0x310 [ 25.101568] kasan_atomics+0x1dc/0x310 [ 25.101590] ? __pfx_kasan_atomics+0x10/0x10 [ 25.101611] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.101635] ? __pfx_read_tsc+0x10/0x10 [ 25.101656] ? ktime_get_ts64+0x86/0x230 [ 25.101680] kunit_try_run_case+0x1a5/0x480 [ 25.101706] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.101728] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.101749] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.101776] ? __kthread_parkme+0x82/0x180 [ 25.101795] ? preempt_count_sub+0x50/0x80 [ 25.101818] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.101842] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.101865] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.101889] kthread+0x337/0x6f0 [ 25.101908] ? trace_preempt_on+0x20/0xc0 [ 25.101931] ? __pfx_kthread+0x10/0x10 [ 25.101961] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.101985] ? calculate_sigpending+0x7b/0xa0 [ 25.102022] ? __pfx_kthread+0x10/0x10 [ 25.102042] ret_from_fork+0x116/0x1d0 [ 25.102062] ? __pfx_kthread+0x10/0x10 [ 25.102082] ret_from_fork_asm+0x1a/0x30 [ 25.102112] </TASK> [ 25.102123] [ 25.109741] Allocated by task 294: [ 25.109884] kasan_save_stack+0x45/0x70 [ 25.110063] kasan_save_track+0x18/0x40 [ 25.110336] kasan_save_alloc_info+0x3b/0x50 [ 25.110507] __kasan_kmalloc+0xb7/0xc0 [ 25.110656] __kmalloc_cache_noprof+0x189/0x420 [ 25.110839] kasan_atomics+0x95/0x310 [ 25.110972] kunit_try_run_case+0x1a5/0x480 [ 25.111184] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.111442] kthread+0x337/0x6f0 [ 25.111603] ret_from_fork+0x116/0x1d0 [ 25.111782] ret_from_fork_asm+0x1a/0x30 [ 25.111930] [ 25.112004] The buggy address belongs to the object at ffff8881039e9700 [ 25.112004] which belongs to the cache kmalloc-64 of size 64 [ 25.112584] The buggy address is located 0 bytes to the right of [ 25.112584] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 25.112933] [ 25.113034] The buggy address belongs to the physical page: [ 25.113480] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 25.113829] flags: 0x200000000000000(node=0|zone=2) [ 25.114029] page_type: f5(slab) [ 25.114200] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.114484] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.114749] page dumped because: kasan: bad access detected [ 25.114911] [ 25.115004] Memory state around the buggy address: [ 25.115224] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.115802] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.116054] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.116403] ^ [ 25.116556] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.116765] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.116979] ================================================================== [ 25.560052] ================================================================== [ 25.560425] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x218a/0x5450 [ 25.560760] Write of size 8 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 25.561152] [ 25.561244] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.561296] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.561309] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.561332] Call Trace: [ 25.561354] <TASK> [ 25.561376] dump_stack_lvl+0x73/0xb0 [ 25.561405] print_report+0xd1/0x650 [ 25.561428] ? __virt_addr_valid+0x1db/0x2d0 [ 25.561451] ? kasan_atomics_helper+0x218a/0x5450 [ 25.561484] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.561510] ? kasan_atomics_helper+0x218a/0x5450 [ 25.561531] kasan_report+0x141/0x180 [ 25.561564] ? kasan_atomics_helper+0x218a/0x5450 [ 25.561591] kasan_check_range+0x10c/0x1c0 [ 25.561614] __kasan_check_write+0x18/0x20 [ 25.561637] kasan_atomics_helper+0x218a/0x5450 [ 25.561668] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.561690] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.561714] ? kasan_atomics+0x152/0x310 [ 25.561750] kasan_atomics+0x1dc/0x310 [ 25.561772] ? __pfx_kasan_atomics+0x10/0x10 [ 25.561793] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.561817] ? __pfx_read_tsc+0x10/0x10 [ 25.561840] ? ktime_get_ts64+0x86/0x230 [ 25.561865] kunit_try_run_case+0x1a5/0x480 [ 25.561893] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.561916] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.561947] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.561973] ? __kthread_parkme+0x82/0x180 [ 25.561994] ? preempt_count_sub+0x50/0x80 [ 25.562018] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.562050] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.562074] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.562126] kthread+0x337/0x6f0 [ 25.562146] ? trace_preempt_on+0x20/0xc0 [ 25.562170] ? __pfx_kthread+0x10/0x10 [ 25.562191] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.562214] ? calculate_sigpending+0x7b/0xa0 [ 25.562238] ? __pfx_kthread+0x10/0x10 [ 25.562259] ret_from_fork+0x116/0x1d0 [ 25.562278] ? __pfx_kthread+0x10/0x10 [ 25.562298] ret_from_fork_asm+0x1a/0x30 [ 25.562329] </TASK> [ 25.562341] [ 25.569737] Allocated by task 294: [ 25.569942] kasan_save_stack+0x45/0x70 [ 25.570181] kasan_save_track+0x18/0x40 [ 25.570362] kasan_save_alloc_info+0x3b/0x50 [ 25.570552] __kasan_kmalloc+0xb7/0xc0 [ 25.570719] __kmalloc_cache_noprof+0x189/0x420 [ 25.570943] kasan_atomics+0x95/0x310 [ 25.571161] kunit_try_run_case+0x1a5/0x480 [ 25.571304] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.571571] kthread+0x337/0x6f0 [ 25.571716] ret_from_fork+0x116/0x1d0 [ 25.571870] ret_from_fork_asm+0x1a/0x30 [ 25.572069] [ 25.572156] The buggy address belongs to the object at ffff8881039e9700 [ 25.572156] which belongs to the cache kmalloc-64 of size 64 [ 25.572663] The buggy address is located 0 bytes to the right of [ 25.572663] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 25.573200] [ 25.573293] The buggy address belongs to the physical page: [ 25.573528] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 25.573766] flags: 0x200000000000000(node=0|zone=2) [ 25.573925] page_type: f5(slab) [ 25.574097] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.574430] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.574751] page dumped because: kasan: bad access detected [ 25.574919] [ 25.575015] Memory state around the buggy address: [ 25.575286] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.575603] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.575893] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.576215] ^ [ 25.576432] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.576741] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.577041] ================================================================== [ 25.513980] ================================================================== [ 25.514389] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x20c8/0x5450 [ 25.514619] Write of size 8 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 25.514859] [ 25.514972] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.515021] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.515034] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.515057] Call Trace: [ 25.515077] <TASK> [ 25.515096] dump_stack_lvl+0x73/0xb0 [ 25.515159] print_report+0xd1/0x650 [ 25.515181] ? __virt_addr_valid+0x1db/0x2d0 [ 25.515204] ? kasan_atomics_helper+0x20c8/0x5450 [ 25.515237] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.515263] ? kasan_atomics_helper+0x20c8/0x5450 [ 25.515284] kasan_report+0x141/0x180 [ 25.515306] ? kasan_atomics_helper+0x20c8/0x5450 [ 25.515331] kasan_check_range+0x10c/0x1c0 [ 25.515353] __kasan_check_write+0x18/0x20 [ 25.515376] kasan_atomics_helper+0x20c8/0x5450 [ 25.515398] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.515421] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.515447] ? kasan_atomics+0x152/0x310 [ 25.515472] kasan_atomics+0x1dc/0x310 [ 25.515494] ? __pfx_kasan_atomics+0x10/0x10 [ 25.515516] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.515539] ? __pfx_read_tsc+0x10/0x10 [ 25.515561] ? ktime_get_ts64+0x86/0x230 [ 25.515587] kunit_try_run_case+0x1a5/0x480 [ 25.515613] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.515636] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.515657] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.515683] ? __kthread_parkme+0x82/0x180 [ 25.515704] ? preempt_count_sub+0x50/0x80 [ 25.515727] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.515751] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.515775] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.515799] kthread+0x337/0x6f0 [ 25.515819] ? trace_preempt_on+0x20/0xc0 [ 25.515842] ? __pfx_kthread+0x10/0x10 [ 25.515863] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.515886] ? calculate_sigpending+0x7b/0xa0 [ 25.515910] ? __pfx_kthread+0x10/0x10 [ 25.515932] ret_from_fork+0x116/0x1d0 [ 25.515959] ? __pfx_kthread+0x10/0x10 [ 25.515980] ret_from_fork_asm+0x1a/0x30 [ 25.516011] </TASK> [ 25.516023] [ 25.523675] Allocated by task 294: [ 25.523835] kasan_save_stack+0x45/0x70 [ 25.524037] kasan_save_track+0x18/0x40 [ 25.524237] kasan_save_alloc_info+0x3b/0x50 [ 25.524438] __kasan_kmalloc+0xb7/0xc0 [ 25.524613] __kmalloc_cache_noprof+0x189/0x420 [ 25.524814] kasan_atomics+0x95/0x310 [ 25.524995] kunit_try_run_case+0x1a5/0x480 [ 25.525219] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.525456] kthread+0x337/0x6f0 [ 25.525623] ret_from_fork+0x116/0x1d0 [ 25.525798] ret_from_fork_asm+0x1a/0x30 [ 25.525986] [ 25.526080] The buggy address belongs to the object at ffff8881039e9700 [ 25.526080] which belongs to the cache kmalloc-64 of size 64 [ 25.526518] The buggy address is located 0 bytes to the right of [ 25.526518] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 25.526874] [ 25.526948] The buggy address belongs to the physical page: [ 25.527214] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 25.527577] flags: 0x200000000000000(node=0|zone=2) [ 25.527801] page_type: f5(slab) [ 25.527970] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.528321] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.528636] page dumped because: kasan: bad access detected [ 25.528813] [ 25.528876] Memory state around the buggy address: [ 25.529033] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.529309] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.529649] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.529960] ^ [ 25.530197] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.530514] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.530807] ================================================================== [ 25.135160] ================================================================== [ 25.135489] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x164f/0x5450 [ 25.135809] Write of size 8 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 25.136149] [ 25.136265] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.136313] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.137671] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.137716] Call Trace: [ 25.137741] <TASK> [ 25.137763] dump_stack_lvl+0x73/0xb0 [ 25.137795] print_report+0xd1/0x650 [ 25.137828] ? __virt_addr_valid+0x1db/0x2d0 [ 25.137852] ? kasan_atomics_helper+0x164f/0x5450 [ 25.137874] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.137900] ? kasan_atomics_helper+0x164f/0x5450 [ 25.137921] kasan_report+0x141/0x180 [ 25.137951] ? kasan_atomics_helper+0x164f/0x5450 [ 25.137976] kasan_check_range+0x10c/0x1c0 [ 25.138000] __kasan_check_write+0x18/0x20 [ 25.138022] kasan_atomics_helper+0x164f/0x5450 [ 25.138044] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.138065] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.138089] ? kasan_atomics+0x152/0x310 [ 25.138115] kasan_atomics+0x1dc/0x310 [ 25.138149] ? __pfx_kasan_atomics+0x10/0x10 [ 25.138170] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.138194] ? __pfx_read_tsc+0x10/0x10 [ 25.138217] ? ktime_get_ts64+0x86/0x230 [ 25.138243] kunit_try_run_case+0x1a5/0x480 [ 25.138272] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.138295] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.138316] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.138341] ? __kthread_parkme+0x82/0x180 [ 25.138362] ? preempt_count_sub+0x50/0x80 [ 25.138386] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.138410] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.138434] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.138457] kthread+0x337/0x6f0 [ 25.138477] ? trace_preempt_on+0x20/0xc0 [ 25.138500] ? __pfx_kthread+0x10/0x10 [ 25.138522] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.138545] ? calculate_sigpending+0x7b/0xa0 [ 25.138568] ? __pfx_kthread+0x10/0x10 [ 25.138590] ret_from_fork+0x116/0x1d0 [ 25.138608] ? __pfx_kthread+0x10/0x10 [ 25.138629] ret_from_fork_asm+0x1a/0x30 [ 25.138659] </TASK> [ 25.138671] [ 25.147455] Allocated by task 294: [ 25.147654] kasan_save_stack+0x45/0x70 [ 25.147845] kasan_save_track+0x18/0x40 [ 25.148026] kasan_save_alloc_info+0x3b/0x50 [ 25.148527] __kasan_kmalloc+0xb7/0xc0 [ 25.148827] __kmalloc_cache_noprof+0x189/0x420 [ 25.149114] kasan_atomics+0x95/0x310 [ 25.149394] kunit_try_run_case+0x1a5/0x480 [ 25.149769] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.150121] kthread+0x337/0x6f0 [ 25.150289] ret_from_fork+0x116/0x1d0 [ 25.150463] ret_from_fork_asm+0x1a/0x30 [ 25.150647] [ 25.150740] The buggy address belongs to the object at ffff8881039e9700 [ 25.150740] which belongs to the cache kmalloc-64 of size 64 [ 25.151688] The buggy address is located 0 bytes to the right of [ 25.151688] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 25.152570] [ 25.152676] The buggy address belongs to the physical page: [ 25.153063] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 25.153597] flags: 0x200000000000000(node=0|zone=2) [ 25.153935] page_type: f5(slab) [ 25.154115] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.154568] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.154867] page dumped because: kasan: bad access detected [ 25.155096] [ 25.155377] Memory state around the buggy address: [ 25.155710] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.156266] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.156747] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.157058] ^ [ 25.157528] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.158030] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.158551] ================================================================== [ 24.487829] ================================================================== [ 24.488161] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x7c7/0x5450 [ 24.488510] Write of size 4 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 24.489725] [ 24.489961] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.490077] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.490093] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.490134] Call Trace: [ 24.490155] <TASK> [ 24.490174] dump_stack_lvl+0x73/0xb0 [ 24.490202] print_report+0xd1/0x650 [ 24.490224] ? __virt_addr_valid+0x1db/0x2d0 [ 24.490247] ? kasan_atomics_helper+0x7c7/0x5450 [ 24.490268] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.490294] ? kasan_atomics_helper+0x7c7/0x5450 [ 24.490315] kasan_report+0x141/0x180 [ 24.490336] ? kasan_atomics_helper+0x7c7/0x5450 [ 24.490361] kasan_check_range+0x10c/0x1c0 [ 24.490384] __kasan_check_write+0x18/0x20 [ 24.490407] kasan_atomics_helper+0x7c7/0x5450 [ 24.490429] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.490451] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.490476] ? kasan_atomics+0x152/0x310 [ 24.490501] kasan_atomics+0x1dc/0x310 [ 24.490523] ? __pfx_kasan_atomics+0x10/0x10 [ 24.490545] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 24.490568] ? __pfx_read_tsc+0x10/0x10 [ 24.490590] ? ktime_get_ts64+0x86/0x230 [ 24.490616] kunit_try_run_case+0x1a5/0x480 [ 24.490644] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.490666] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 24.490688] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.490714] ? __kthread_parkme+0x82/0x180 [ 24.490735] ? preempt_count_sub+0x50/0x80 [ 24.490758] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.490783] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.490889] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.490921] kthread+0x337/0x6f0 [ 24.490954] ? trace_preempt_on+0x20/0xc0 [ 24.490979] ? __pfx_kthread+0x10/0x10 [ 24.491000] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.491024] ? calculate_sigpending+0x7b/0xa0 [ 24.491047] ? __pfx_kthread+0x10/0x10 [ 24.491068] ret_from_fork+0x116/0x1d0 [ 24.491087] ? __pfx_kthread+0x10/0x10 [ 24.491108] ret_from_fork_asm+0x1a/0x30 [ 24.491138] </TASK> [ 24.491149] [ 24.501807] Allocated by task 294: [ 24.501961] kasan_save_stack+0x45/0x70 [ 24.502471] kasan_save_track+0x18/0x40 [ 24.502645] kasan_save_alloc_info+0x3b/0x50 [ 24.503003] __kasan_kmalloc+0xb7/0xc0 [ 24.503209] __kmalloc_cache_noprof+0x189/0x420 [ 24.503521] kasan_atomics+0x95/0x310 [ 24.503664] kunit_try_run_case+0x1a5/0x480 [ 24.504025] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.504391] kthread+0x337/0x6f0 [ 24.504636] ret_from_fork+0x116/0x1d0 [ 24.504809] ret_from_fork_asm+0x1a/0x30 [ 24.505110] [ 24.505186] The buggy address belongs to the object at ffff8881039e9700 [ 24.505186] which belongs to the cache kmalloc-64 of size 64 [ 24.505873] The buggy address is located 0 bytes to the right of [ 24.505873] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 24.506786] [ 24.506973] The buggy address belongs to the physical page: [ 24.507242] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 24.507630] flags: 0x200000000000000(node=0|zone=2) [ 24.508024] page_type: f5(slab) [ 24.508351] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.508736] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.509095] page dumped because: kasan: bad access detected [ 24.509301] [ 24.509379] Memory state around the buggy address: [ 24.509691] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.510012] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.510569] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.510904] ^ [ 24.511132] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.511529] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.511947] ================================================================== [ 25.023000] ================================================================== [ 25.023696] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x13b5/0x5450 [ 25.024032] Read of size 8 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 25.024379] [ 25.024486] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.024534] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.024547] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.024569] Call Trace: [ 25.024589] <TASK> [ 25.024608] dump_stack_lvl+0x73/0xb0 [ 25.024635] print_report+0xd1/0x650 [ 25.024656] ? __virt_addr_valid+0x1db/0x2d0 [ 25.024679] ? kasan_atomics_helper+0x13b5/0x5450 [ 25.024699] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.024724] ? kasan_atomics_helper+0x13b5/0x5450 [ 25.024745] kasan_report+0x141/0x180 [ 25.024767] ? kasan_atomics_helper+0x13b5/0x5450 [ 25.024792] kasan_check_range+0x10c/0x1c0 [ 25.024815] __kasan_check_read+0x15/0x20 [ 25.024837] kasan_atomics_helper+0x13b5/0x5450 [ 25.024860] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.024882] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.024906] ? kasan_atomics+0x152/0x310 [ 25.024931] kasan_atomics+0x1dc/0x310 [ 25.024963] ? __pfx_kasan_atomics+0x10/0x10 [ 25.024985] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.025008] ? __pfx_read_tsc+0x10/0x10 [ 25.025031] ? ktime_get_ts64+0x86/0x230 [ 25.025055] kunit_try_run_case+0x1a5/0x480 [ 25.025081] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.025104] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.025124] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.025149] ? __kthread_parkme+0x82/0x180 [ 25.025170] ? preempt_count_sub+0x50/0x80 [ 25.025193] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.025217] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.025241] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.025264] kthread+0x337/0x6f0 [ 25.025298] ? trace_preempt_on+0x20/0xc0 [ 25.025321] ? __pfx_kthread+0x10/0x10 [ 25.025342] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.025364] ? calculate_sigpending+0x7b/0xa0 [ 25.025388] ? __pfx_kthread+0x10/0x10 [ 25.025409] ret_from_fork+0x116/0x1d0 [ 25.025428] ? __pfx_kthread+0x10/0x10 [ 25.025448] ret_from_fork_asm+0x1a/0x30 [ 25.025478] </TASK> [ 25.025489] [ 25.033623] Allocated by task 294: [ 25.033746] kasan_save_stack+0x45/0x70 [ 25.033882] kasan_save_track+0x18/0x40 [ 25.034018] kasan_save_alloc_info+0x3b/0x50 [ 25.034159] __kasan_kmalloc+0xb7/0xc0 [ 25.034345] __kmalloc_cache_noprof+0x189/0x420 [ 25.034787] kasan_atomics+0x95/0x310 [ 25.034974] kunit_try_run_case+0x1a5/0x480 [ 25.035171] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.035478] kthread+0x337/0x6f0 [ 25.035637] ret_from_fork+0x116/0x1d0 [ 25.035812] ret_from_fork_asm+0x1a/0x30 [ 25.036008] [ 25.036097] The buggy address belongs to the object at ffff8881039e9700 [ 25.036097] which belongs to the cache kmalloc-64 of size 64 [ 25.036601] The buggy address is located 0 bytes to the right of [ 25.036601] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 25.036965] [ 25.037032] The buggy address belongs to the physical page: [ 25.037392] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 25.037739] flags: 0x200000000000000(node=0|zone=2) [ 25.038003] page_type: f5(slab) [ 25.038195] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.038540] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.038841] page dumped because: kasan: bad access detected [ 25.039016] [ 25.039080] Memory state around the buggy address: [ 25.039518] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.039827] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.040072] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.040579] ^ [ 25.040751] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.040968] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.041173] ================================================================== [ 25.184088] ================================================================== [ 25.184442] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x177f/0x5450 [ 25.184789] Write of size 8 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 25.185638] [ 25.185740] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.185795] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.185811] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.185835] Call Trace: [ 25.185858] <TASK> [ 25.185881] dump_stack_lvl+0x73/0xb0 [ 25.185911] print_report+0xd1/0x650 [ 25.185934] ? __virt_addr_valid+0x1db/0x2d0 [ 25.185972] ? kasan_atomics_helper+0x177f/0x5450 [ 25.185994] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.186022] ? kasan_atomics_helper+0x177f/0x5450 [ 25.186043] kasan_report+0x141/0x180 [ 25.186064] ? kasan_atomics_helper+0x177f/0x5450 [ 25.186090] kasan_check_range+0x10c/0x1c0 [ 25.186119] __kasan_check_write+0x18/0x20 [ 25.186142] kasan_atomics_helper+0x177f/0x5450 [ 25.186163] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.186185] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.186210] ? kasan_atomics+0x152/0x310 [ 25.186235] kasan_atomics+0x1dc/0x310 [ 25.186257] ? __pfx_kasan_atomics+0x10/0x10 [ 25.186278] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.186302] ? __pfx_read_tsc+0x10/0x10 [ 25.186324] ? ktime_get_ts64+0x86/0x230 [ 25.186349] kunit_try_run_case+0x1a5/0x480 [ 25.186388] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.186411] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.186432] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.186467] ? __kthread_parkme+0x82/0x180 [ 25.186488] ? preempt_count_sub+0x50/0x80 [ 25.186512] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.186536] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.186559] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.186583] kthread+0x337/0x6f0 [ 25.186602] ? trace_preempt_on+0x20/0xc0 [ 25.186626] ? __pfx_kthread+0x10/0x10 [ 25.186646] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.186670] ? calculate_sigpending+0x7b/0xa0 [ 25.186694] ? __pfx_kthread+0x10/0x10 [ 25.186715] ret_from_fork+0x116/0x1d0 [ 25.186734] ? __pfx_kthread+0x10/0x10 [ 25.186754] ret_from_fork_asm+0x1a/0x30 [ 25.186785] </TASK> [ 25.186797] [ 25.194800] Allocated by task 294: [ 25.194986] kasan_save_stack+0x45/0x70 [ 25.195213] kasan_save_track+0x18/0x40 [ 25.195420] kasan_save_alloc_info+0x3b/0x50 [ 25.195625] __kasan_kmalloc+0xb7/0xc0 [ 25.195788] __kmalloc_cache_noprof+0x189/0x420 [ 25.196031] kasan_atomics+0x95/0x310 [ 25.196252] kunit_try_run_case+0x1a5/0x480 [ 25.196509] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.196773] kthread+0x337/0x6f0 [ 25.196931] ret_from_fork+0x116/0x1d0 [ 25.197143] ret_from_fork_asm+0x1a/0x30 [ 25.197329] [ 25.197418] The buggy address belongs to the object at ffff8881039e9700 [ 25.197418] which belongs to the cache kmalloc-64 of size 64 [ 25.197848] The buggy address is located 0 bytes to the right of [ 25.197848] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 25.198801] [ 25.198916] The buggy address belongs to the physical page: [ 25.199673] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 25.200493] flags: 0x200000000000000(node=0|zone=2) [ 25.200873] page_type: f5(slab) [ 25.201052] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.201914] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.202590] page dumped because: kasan: bad access detected [ 25.203064] [ 25.203341] Memory state around the buggy address: [ 25.203694] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.204427] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.204823] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.205112] ^ [ 25.205621] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.206230] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.206534] ================================================================== [ 25.478957] ================================================================== [ 25.479351] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x2006/0x5450 [ 25.479630] Write of size 8 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 25.479943] [ 25.480062] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.480155] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.480169] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.480191] Call Trace: [ 25.480212] <TASK> [ 25.480232] dump_stack_lvl+0x73/0xb0 [ 25.480260] print_report+0xd1/0x650 [ 25.480282] ? __virt_addr_valid+0x1db/0x2d0 [ 25.480307] ? kasan_atomics_helper+0x2006/0x5450 [ 25.480334] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.480361] ? kasan_atomics_helper+0x2006/0x5450 [ 25.480382] kasan_report+0x141/0x180 [ 25.480404] ? kasan_atomics_helper+0x2006/0x5450 [ 25.480428] kasan_check_range+0x10c/0x1c0 [ 25.480462] __kasan_check_write+0x18/0x20 [ 25.480484] kasan_atomics_helper+0x2006/0x5450 [ 25.480506] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.480527] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.480563] ? kasan_atomics+0x152/0x310 [ 25.480588] kasan_atomics+0x1dc/0x310 [ 25.480610] ? __pfx_kasan_atomics+0x10/0x10 [ 25.480640] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.480664] ? __pfx_read_tsc+0x10/0x10 [ 25.480686] ? ktime_get_ts64+0x86/0x230 [ 25.480722] kunit_try_run_case+0x1a5/0x480 [ 25.480749] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.480772] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.480801] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.480826] ? __kthread_parkme+0x82/0x180 [ 25.480849] ? preempt_count_sub+0x50/0x80 [ 25.480882] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.480907] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.480930] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.480963] kthread+0x337/0x6f0 [ 25.480992] ? trace_preempt_on+0x20/0xc0 [ 25.481015] ? __pfx_kthread+0x10/0x10 [ 25.481035] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.481069] ? calculate_sigpending+0x7b/0xa0 [ 25.481093] ? __pfx_kthread+0x10/0x10 [ 25.481131] ret_from_fork+0x116/0x1d0 [ 25.481160] ? __pfx_kthread+0x10/0x10 [ 25.481180] ret_from_fork_asm+0x1a/0x30 [ 25.481210] </TASK> [ 25.481233] [ 25.488734] Allocated by task 294: [ 25.488928] kasan_save_stack+0x45/0x70 [ 25.489153] kasan_save_track+0x18/0x40 [ 25.489315] kasan_save_alloc_info+0x3b/0x50 [ 25.489455] __kasan_kmalloc+0xb7/0xc0 [ 25.489578] __kmalloc_cache_noprof+0x189/0x420 [ 25.489724] kasan_atomics+0x95/0x310 [ 25.489848] kunit_try_run_case+0x1a5/0x480 [ 25.490048] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.490325] kthread+0x337/0x6f0 [ 25.490485] ret_from_fork+0x116/0x1d0 [ 25.490660] ret_from_fork_asm+0x1a/0x30 [ 25.490847] [ 25.490944] The buggy address belongs to the object at ffff8881039e9700 [ 25.490944] which belongs to the cache kmalloc-64 of size 64 [ 25.491395] The buggy address is located 0 bytes to the right of [ 25.491395] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 25.491748] [ 25.491831] The buggy address belongs to the physical page: [ 25.492088] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 25.492485] flags: 0x200000000000000(node=0|zone=2) [ 25.492738] page_type: f5(slab) [ 25.492932] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.493295] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.493575] page dumped because: kasan: bad access detected [ 25.493819] [ 25.493895] Memory state around the buggy address: [ 25.494104] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.494435] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.494725] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.495007] ^ [ 25.495222] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.495505] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.495820] ================================================================== [ 24.587514] ================================================================== [ 24.587739] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa2b/0x5450 [ 24.588535] Write of size 4 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 24.589250] [ 24.589433] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.589485] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.589499] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.589522] Call Trace: [ 24.589547] <TASK> [ 24.589570] dump_stack_lvl+0x73/0xb0 [ 24.589601] print_report+0xd1/0x650 [ 24.589623] ? __virt_addr_valid+0x1db/0x2d0 [ 24.589665] ? kasan_atomics_helper+0xa2b/0x5450 [ 24.589686] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.589711] ? kasan_atomics_helper+0xa2b/0x5450 [ 24.589732] kasan_report+0x141/0x180 [ 24.589753] ? kasan_atomics_helper+0xa2b/0x5450 [ 24.589815] kasan_check_range+0x10c/0x1c0 [ 24.589850] __kasan_check_write+0x18/0x20 [ 24.589884] kasan_atomics_helper+0xa2b/0x5450 [ 24.589906] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.589927] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.589962] ? kasan_atomics+0x152/0x310 [ 24.589987] kasan_atomics+0x1dc/0x310 [ 24.590009] ? __pfx_kasan_atomics+0x10/0x10 [ 24.590030] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 24.590053] ? __pfx_read_tsc+0x10/0x10 [ 24.590076] ? ktime_get_ts64+0x86/0x230 [ 24.590120] kunit_try_run_case+0x1a5/0x480 [ 24.590155] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.590194] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 24.590214] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.590239] ? __kthread_parkme+0x82/0x180 [ 24.590260] ? preempt_count_sub+0x50/0x80 [ 24.590284] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.590308] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.590332] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.590355] kthread+0x337/0x6f0 [ 24.590375] ? trace_preempt_on+0x20/0xc0 [ 24.590401] ? __pfx_kthread+0x10/0x10 [ 24.590422] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.590445] ? calculate_sigpending+0x7b/0xa0 [ 24.590469] ? __pfx_kthread+0x10/0x10 [ 24.590490] ret_from_fork+0x116/0x1d0 [ 24.590509] ? __pfx_kthread+0x10/0x10 [ 24.590530] ret_from_fork_asm+0x1a/0x30 [ 24.590560] </TASK> [ 24.590572] [ 24.604845] Allocated by task 294: [ 24.605824] kasan_save_stack+0x45/0x70 [ 24.606057] kasan_save_track+0x18/0x40 [ 24.606208] kasan_save_alloc_info+0x3b/0x50 [ 24.606352] __kasan_kmalloc+0xb7/0xc0 [ 24.606478] __kmalloc_cache_noprof+0x189/0x420 [ 24.606625] kasan_atomics+0x95/0x310 [ 24.606751] kunit_try_run_case+0x1a5/0x480 [ 24.606891] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.607456] kthread+0x337/0x6f0 [ 24.607768] ret_from_fork+0x116/0x1d0 [ 24.608237] ret_from_fork_asm+0x1a/0x30 [ 24.608583] [ 24.608655] The buggy address belongs to the object at ffff8881039e9700 [ 24.608655] which belongs to the cache kmalloc-64 of size 64 [ 24.610163] The buggy address is located 0 bytes to the right of [ 24.610163] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 24.611624] [ 24.611734] The buggy address belongs to the physical page: [ 24.612237] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 24.612770] flags: 0x200000000000000(node=0|zone=2) [ 24.613337] page_type: f5(slab) [ 24.613661] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.614251] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.614777] page dumped because: kasan: bad access detected [ 24.614975] [ 24.615044] Memory state around the buggy address: [ 24.615455] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.615717] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.616508] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.617044] ^ [ 24.617471] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.617969] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.618627] ================================================================== [ 25.531610] ================================================================== [ 25.532136] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fb2/0x5450 [ 25.532755] Read of size 8 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 25.533036] [ 25.533276] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.533327] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.533340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.533363] Call Trace: [ 25.533384] <TASK> [ 25.533403] dump_stack_lvl+0x73/0xb0 [ 25.533430] print_report+0xd1/0x650 [ 25.533452] ? __virt_addr_valid+0x1db/0x2d0 [ 25.533475] ? kasan_atomics_helper+0x4fb2/0x5450 [ 25.533496] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.533522] ? kasan_atomics_helper+0x4fb2/0x5450 [ 25.533543] kasan_report+0x141/0x180 [ 25.533564] ? kasan_atomics_helper+0x4fb2/0x5450 [ 25.533589] __asan_report_load8_noabort+0x18/0x20 [ 25.533613] kasan_atomics_helper+0x4fb2/0x5450 [ 25.533635] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.533657] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.533682] ? kasan_atomics+0x152/0x310 [ 25.533708] kasan_atomics+0x1dc/0x310 [ 25.533730] ? __pfx_kasan_atomics+0x10/0x10 [ 25.533751] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.533774] ? __pfx_read_tsc+0x10/0x10 [ 25.533796] ? ktime_get_ts64+0x86/0x230 [ 25.533820] kunit_try_run_case+0x1a5/0x480 [ 25.533848] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.533870] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.533891] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.533916] ? __kthread_parkme+0x82/0x180 [ 25.533948] ? preempt_count_sub+0x50/0x80 [ 25.533972] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.533996] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.534019] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.534044] kthread+0x337/0x6f0 [ 25.534062] ? trace_preempt_on+0x20/0xc0 [ 25.534085] ? __pfx_kthread+0x10/0x10 [ 25.534112] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.534135] ? calculate_sigpending+0x7b/0xa0 [ 25.534159] ? __pfx_kthread+0x10/0x10 [ 25.534180] ret_from_fork+0x116/0x1d0 [ 25.534199] ? __pfx_kthread+0x10/0x10 [ 25.534219] ret_from_fork_asm+0x1a/0x30 [ 25.534250] </TASK> [ 25.534262] [ 25.547455] Allocated by task 294: [ 25.547832] kasan_save_stack+0x45/0x70 [ 25.548236] kasan_save_track+0x18/0x40 [ 25.548599] kasan_save_alloc_info+0x3b/0x50 [ 25.548991] __kasan_kmalloc+0xb7/0xc0 [ 25.549353] __kmalloc_cache_noprof+0x189/0x420 [ 25.549763] kasan_atomics+0x95/0x310 [ 25.550138] kunit_try_run_case+0x1a5/0x480 [ 25.550520] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.550947] kthread+0x337/0x6f0 [ 25.551063] ret_from_fork+0x116/0x1d0 [ 25.551414] ret_from_fork_asm+0x1a/0x30 [ 25.551783] [ 25.551952] The buggy address belongs to the object at ffff8881039e9700 [ 25.551952] which belongs to the cache kmalloc-64 of size 64 [ 25.552700] The buggy address is located 0 bytes to the right of [ 25.552700] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 25.553822] [ 25.553987] The buggy address belongs to the physical page: [ 25.554445] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 25.555025] flags: 0x200000000000000(node=0|zone=2) [ 25.555430] page_type: f5(slab) [ 25.555554] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.556057] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.556724] page dumped because: kasan: bad access detected [ 25.557070] [ 25.557209] Memory state around the buggy address: [ 25.557662] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.558176] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.558390] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.558604] ^ [ 25.558754] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.558982] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.559245] ================================================================== [ 25.614920] ================================================================== [ 25.615287] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5115/0x5450 [ 25.615639] Read of size 8 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 25.615969] [ 25.616056] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.616126] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.616140] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.616162] Call Trace: [ 25.616183] <TASK> [ 25.616204] dump_stack_lvl+0x73/0xb0 [ 25.616230] print_report+0xd1/0x650 [ 25.616253] ? __virt_addr_valid+0x1db/0x2d0 [ 25.616277] ? kasan_atomics_helper+0x5115/0x5450 [ 25.616298] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.616324] ? kasan_atomics_helper+0x5115/0x5450 [ 25.616349] kasan_report+0x141/0x180 [ 25.616371] ? kasan_atomics_helper+0x5115/0x5450 [ 25.616396] __asan_report_load8_noabort+0x18/0x20 [ 25.616430] kasan_atomics_helper+0x5115/0x5450 [ 25.616452] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.616474] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.616518] ? kasan_atomics+0x152/0x310 [ 25.616543] kasan_atomics+0x1dc/0x310 [ 25.616566] ? __pfx_kasan_atomics+0x10/0x10 [ 25.616597] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.616621] ? __pfx_read_tsc+0x10/0x10 [ 25.616643] ? ktime_get_ts64+0x86/0x230 [ 25.616668] kunit_try_run_case+0x1a5/0x480 [ 25.616695] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.616727] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.616747] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.616773] ? __kthread_parkme+0x82/0x180 [ 25.616804] ? preempt_count_sub+0x50/0x80 [ 25.616827] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.616851] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.616875] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.616899] kthread+0x337/0x6f0 [ 25.616918] ? trace_preempt_on+0x20/0xc0 [ 25.616951] ? __pfx_kthread+0x10/0x10 [ 25.616971] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.616995] ? calculate_sigpending+0x7b/0xa0 [ 25.617019] ? __pfx_kthread+0x10/0x10 [ 25.617040] ret_from_fork+0x116/0x1d0 [ 25.617059] ? __pfx_kthread+0x10/0x10 [ 25.617079] ret_from_fork_asm+0x1a/0x30 [ 25.617135] </TASK> [ 25.617147] [ 25.624640] Allocated by task 294: [ 25.624777] kasan_save_stack+0x45/0x70 [ 25.624934] kasan_save_track+0x18/0x40 [ 25.625547] kasan_save_alloc_info+0x3b/0x50 [ 25.625740] __kasan_kmalloc+0xb7/0xc0 [ 25.625901] __kmalloc_cache_noprof+0x189/0x420 [ 25.626084] kasan_atomics+0x95/0x310 [ 25.626262] kunit_try_run_case+0x1a5/0x480 [ 25.626446] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.626663] kthread+0x337/0x6f0 [ 25.626815] ret_from_fork+0x116/0x1d0 [ 25.627634] ret_from_fork_asm+0x1a/0x30 [ 25.627826] [ 25.627899] The buggy address belongs to the object at ffff8881039e9700 [ 25.627899] which belongs to the cache kmalloc-64 of size 64 [ 25.628839] The buggy address is located 0 bytes to the right of [ 25.628839] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 25.629585] [ 25.629682] The buggy address belongs to the physical page: [ 25.629910] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 25.630187] flags: 0x200000000000000(node=0|zone=2) [ 25.630439] page_type: f5(slab) [ 25.630588] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.630918] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.631204] page dumped because: kasan: bad access detected [ 25.631471] [ 25.631577] Memory state around the buggy address: [ 25.631810] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.632089] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.632441] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.632716] ^ [ 25.632888] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.633225] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.633479] ================================================================== [ 24.619584] ================================================================== [ 24.620436] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xac7/0x5450 [ 24.621182] Write of size 4 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 24.621661] [ 24.621790] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.621951] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.621967] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.621991] Call Trace: [ 24.622012] <TASK> [ 24.622063] dump_stack_lvl+0x73/0xb0 [ 24.622095] print_report+0xd1/0x650 [ 24.622135] ? __virt_addr_valid+0x1db/0x2d0 [ 24.622158] ? kasan_atomics_helper+0xac7/0x5450 [ 24.622180] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.622205] ? kasan_atomics_helper+0xac7/0x5450 [ 24.622226] kasan_report+0x141/0x180 [ 24.622248] ? kasan_atomics_helper+0xac7/0x5450 [ 24.622273] kasan_check_range+0x10c/0x1c0 [ 24.622297] __kasan_check_write+0x18/0x20 [ 24.622319] kasan_atomics_helper+0xac7/0x5450 [ 24.622341] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.622362] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.622387] ? kasan_atomics+0x152/0x310 [ 24.622412] kasan_atomics+0x1dc/0x310 [ 24.622435] ? __pfx_kasan_atomics+0x10/0x10 [ 24.622457] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 24.622481] ? __pfx_read_tsc+0x10/0x10 [ 24.622502] ? ktime_get_ts64+0x86/0x230 [ 24.622528] kunit_try_run_case+0x1a5/0x480 [ 24.622556] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.622579] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 24.622599] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.622624] ? __kthread_parkme+0x82/0x180 [ 24.622645] ? preempt_count_sub+0x50/0x80 [ 24.622669] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.622692] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.622717] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.622741] kthread+0x337/0x6f0 [ 24.622760] ? trace_preempt_on+0x20/0xc0 [ 24.622783] ? __pfx_kthread+0x10/0x10 [ 24.622803] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.622826] ? calculate_sigpending+0x7b/0xa0 [ 24.622850] ? __pfx_kthread+0x10/0x10 [ 24.622871] ret_from_fork+0x116/0x1d0 [ 24.622890] ? __pfx_kthread+0x10/0x10 [ 24.622910] ret_from_fork_asm+0x1a/0x30 [ 24.622949] </TASK> [ 24.622961] [ 24.635819] Allocated by task 294: [ 24.636088] kasan_save_stack+0x45/0x70 [ 24.636284] kasan_save_track+0x18/0x40 [ 24.636463] kasan_save_alloc_info+0x3b/0x50 [ 24.636654] __kasan_kmalloc+0xb7/0xc0 [ 24.637194] __kmalloc_cache_noprof+0x189/0x420 [ 24.637588] kasan_atomics+0x95/0x310 [ 24.637781] kunit_try_run_case+0x1a5/0x480 [ 24.638187] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.638424] kthread+0x337/0x6f0 [ 24.638582] ret_from_fork+0x116/0x1d0 [ 24.638751] ret_from_fork_asm+0x1a/0x30 [ 24.639353] [ 24.639446] The buggy address belongs to the object at ffff8881039e9700 [ 24.639446] which belongs to the cache kmalloc-64 of size 64 [ 24.640378] The buggy address is located 0 bytes to the right of [ 24.640378] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 24.640998] [ 24.641097] The buggy address belongs to the physical page: [ 24.641328] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 24.641648] flags: 0x200000000000000(node=0|zone=2) [ 24.642231] page_type: f5(slab) [ 24.642381] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.642689] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.643800] page dumped because: kasan: bad access detected [ 24.644267] [ 24.644502] Memory state around the buggy address: [ 24.644845] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.645373] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.645669] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.646221] ^ [ 24.646628] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.647347] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.647629] ================================================================== [ 24.564979] ================================================================== [ 24.565275] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x992/0x5450 [ 24.565553] Write of size 4 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 24.565900] [ 24.566018] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.566069] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.566084] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.566108] Call Trace: [ 24.566131] <TASK> [ 24.566153] dump_stack_lvl+0x73/0xb0 [ 24.566180] print_report+0xd1/0x650 [ 24.566202] ? __virt_addr_valid+0x1db/0x2d0 [ 24.566226] ? kasan_atomics_helper+0x992/0x5450 [ 24.566246] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.566272] ? kasan_atomics_helper+0x992/0x5450 [ 24.566293] kasan_report+0x141/0x180 [ 24.566314] ? kasan_atomics_helper+0x992/0x5450 [ 24.566339] kasan_check_range+0x10c/0x1c0 [ 24.566362] __kasan_check_write+0x18/0x20 [ 24.566384] kasan_atomics_helper+0x992/0x5450 [ 24.566407] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.566428] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.566452] ? kasan_atomics+0x152/0x310 [ 24.566485] kasan_atomics+0x1dc/0x310 [ 24.566507] ? __pfx_kasan_atomics+0x10/0x10 [ 24.566527] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 24.566550] ? __pfx_read_tsc+0x10/0x10 [ 24.566572] ? ktime_get_ts64+0x86/0x230 [ 24.566597] kunit_try_run_case+0x1a5/0x480 [ 24.566624] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.566646] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 24.566666] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.566691] ? __kthread_parkme+0x82/0x180 [ 24.566712] ? preempt_count_sub+0x50/0x80 [ 24.566735] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.566759] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.566782] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.566806] kthread+0x337/0x6f0 [ 24.566835] ? trace_preempt_on+0x20/0xc0 [ 24.566858] ? __pfx_kthread+0x10/0x10 [ 24.566879] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.566902] ? calculate_sigpending+0x7b/0xa0 [ 24.566927] ? __pfx_kthread+0x10/0x10 [ 24.566959] ret_from_fork+0x116/0x1d0 [ 24.566978] ? __pfx_kthread+0x10/0x10 [ 24.566998] ret_from_fork_asm+0x1a/0x30 [ 24.567028] </TASK> [ 24.567040] [ 24.575723] Allocated by task 294: [ 24.576082] kasan_save_stack+0x45/0x70 [ 24.576302] kasan_save_track+0x18/0x40 [ 24.576492] kasan_save_alloc_info+0x3b/0x50 [ 24.576676] __kasan_kmalloc+0xb7/0xc0 [ 24.576800] __kmalloc_cache_noprof+0x189/0x420 [ 24.576958] kasan_atomics+0x95/0x310 [ 24.577207] kunit_try_run_case+0x1a5/0x480 [ 24.577424] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.577674] kthread+0x337/0x6f0 [ 24.578541] ret_from_fork+0x116/0x1d0 [ 24.579020] ret_from_fork_asm+0x1a/0x30 [ 24.579181] [ 24.579252] The buggy address belongs to the object at ffff8881039e9700 [ 24.579252] which belongs to the cache kmalloc-64 of size 64 [ 24.579595] The buggy address is located 0 bytes to the right of [ 24.579595] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 24.579962] [ 24.580076] The buggy address belongs to the physical page: [ 24.580649] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 24.580883] flags: 0x200000000000000(node=0|zone=2) [ 24.581372] page_type: f5(slab) [ 24.581774] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.582369] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.583170] page dumped because: kasan: bad access detected [ 24.583637] [ 24.583709] Memory state around the buggy address: [ 24.583909] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.584418] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.585175] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.585886] ^ [ 24.586323] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.586877] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.587089] ================================================================== [ 24.765571] ================================================================== [ 24.765981] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe78/0x5450 [ 24.766314] Write of size 4 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 24.766527] [ 24.766610] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.766658] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.766671] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.766694] Call Trace: [ 24.766716] <TASK> [ 24.766736] dump_stack_lvl+0x73/0xb0 [ 24.766762] print_report+0xd1/0x650 [ 24.766782] ? __virt_addr_valid+0x1db/0x2d0 [ 24.766808] ? kasan_atomics_helper+0xe78/0x5450 [ 24.766829] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.766854] ? kasan_atomics_helper+0xe78/0x5450 [ 24.766875] kasan_report+0x141/0x180 [ 24.766896] ? kasan_atomics_helper+0xe78/0x5450 [ 24.766921] kasan_check_range+0x10c/0x1c0 [ 24.766956] __kasan_check_write+0x18/0x20 [ 24.766978] kasan_atomics_helper+0xe78/0x5450 [ 24.767000] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.767021] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.767046] ? kasan_atomics+0x152/0x310 [ 24.767071] kasan_atomics+0x1dc/0x310 [ 24.767094] ? __pfx_kasan_atomics+0x10/0x10 [ 24.767115] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 24.767139] ? __pfx_read_tsc+0x10/0x10 [ 24.767160] ? ktime_get_ts64+0x86/0x230 [ 24.767185] kunit_try_run_case+0x1a5/0x480 [ 24.767212] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.767235] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 24.767255] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.767280] ? __kthread_parkme+0x82/0x180 [ 24.767301] ? preempt_count_sub+0x50/0x80 [ 24.767324] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.767348] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.767371] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.767395] kthread+0x337/0x6f0 [ 24.767414] ? trace_preempt_on+0x20/0xc0 [ 24.767437] ? __pfx_kthread+0x10/0x10 [ 24.767458] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.767481] ? calculate_sigpending+0x7b/0xa0 [ 24.767506] ? __pfx_kthread+0x10/0x10 [ 24.767527] ret_from_fork+0x116/0x1d0 [ 24.767546] ? __pfx_kthread+0x10/0x10 [ 24.767567] ret_from_fork_asm+0x1a/0x30 [ 24.767597] </TASK> [ 24.767608] [ 24.775213] Allocated by task 294: [ 24.775364] kasan_save_stack+0x45/0x70 [ 24.775539] kasan_save_track+0x18/0x40 [ 24.775693] kasan_save_alloc_info+0x3b/0x50 [ 24.775866] __kasan_kmalloc+0xb7/0xc0 [ 24.776000] __kmalloc_cache_noprof+0x189/0x420 [ 24.776211] kasan_atomics+0x95/0x310 [ 24.776393] kunit_try_run_case+0x1a5/0x480 [ 24.776613] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.776784] kthread+0x337/0x6f0 [ 24.776898] ret_from_fork+0x116/0x1d0 [ 24.777070] ret_from_fork_asm+0x1a/0x30 [ 24.777353] [ 24.777451] The buggy address belongs to the object at ffff8881039e9700 [ 24.777451] which belongs to the cache kmalloc-64 of size 64 [ 24.777899] The buggy address is located 0 bytes to the right of [ 24.777899] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 24.778413] [ 24.778496] The buggy address belongs to the physical page: [ 24.778716] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 24.779007] flags: 0x200000000000000(node=0|zone=2) [ 24.779261] page_type: f5(slab) [ 24.779397] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.779684] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.779982] page dumped because: kasan: bad access detected [ 24.780218] [ 24.780296] Memory state around the buggy address: [ 24.780486] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.780694] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.780901] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.781202] ^ [ 24.781515] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.781818] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.782033] ================================================================== [ 24.676518] ================================================================== [ 24.676877] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xc70/0x5450 [ 24.677129] Write of size 4 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 24.677437] [ 24.677846] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.677903] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.677918] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.677955] Call Trace: [ 24.677978] <TASK> [ 24.677999] dump_stack_lvl+0x73/0xb0 [ 24.678029] print_report+0xd1/0x650 [ 24.678052] ? __virt_addr_valid+0x1db/0x2d0 [ 24.678076] ? kasan_atomics_helper+0xc70/0x5450 [ 24.678097] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.678151] ? kasan_atomics_helper+0xc70/0x5450 [ 24.678173] kasan_report+0x141/0x180 [ 24.678195] ? kasan_atomics_helper+0xc70/0x5450 [ 24.678220] kasan_check_range+0x10c/0x1c0 [ 24.678243] __kasan_check_write+0x18/0x20 [ 24.678541] kasan_atomics_helper+0xc70/0x5450 [ 24.678568] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.678590] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.678615] ? kasan_atomics+0x152/0x310 [ 24.678641] kasan_atomics+0x1dc/0x310 [ 24.678662] ? __pfx_kasan_atomics+0x10/0x10 [ 24.678684] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 24.678708] ? __pfx_read_tsc+0x10/0x10 [ 24.678731] ? ktime_get_ts64+0x86/0x230 [ 24.678759] kunit_try_run_case+0x1a5/0x480 [ 24.678785] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.678808] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 24.678843] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.678869] ? __kthread_parkme+0x82/0x180 [ 24.678889] ? preempt_count_sub+0x50/0x80 [ 24.678913] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.678950] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.678974] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.678997] kthread+0x337/0x6f0 [ 24.679016] ? trace_preempt_on+0x20/0xc0 [ 24.679040] ? __pfx_kthread+0x10/0x10 [ 24.679060] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.679083] ? calculate_sigpending+0x7b/0xa0 [ 24.679107] ? __pfx_kthread+0x10/0x10 [ 24.679128] ret_from_fork+0x116/0x1d0 [ 24.679147] ? __pfx_kthread+0x10/0x10 [ 24.679167] ret_from_fork_asm+0x1a/0x30 [ 24.679197] </TASK> [ 24.679209] [ 24.691612] Allocated by task 294: [ 24.691958] kasan_save_stack+0x45/0x70 [ 24.692493] kasan_save_track+0x18/0x40 [ 24.692766] kasan_save_alloc_info+0x3b/0x50 [ 24.693103] __kasan_kmalloc+0xb7/0xc0 [ 24.693412] __kmalloc_cache_noprof+0x189/0x420 [ 24.693835] kasan_atomics+0x95/0x310 [ 24.694031] kunit_try_run_case+0x1a5/0x480 [ 24.694519] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.694847] kthread+0x337/0x6f0 [ 24.695022] ret_from_fork+0x116/0x1d0 [ 24.695281] ret_from_fork_asm+0x1a/0x30 [ 24.695715] [ 24.695808] The buggy address belongs to the object at ffff8881039e9700 [ 24.695808] which belongs to the cache kmalloc-64 of size 64 [ 24.696640] The buggy address is located 0 bytes to the right of [ 24.696640] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 24.697386] [ 24.697643] The buggy address belongs to the physical page: [ 24.697954] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 24.698581] flags: 0x200000000000000(node=0|zone=2) [ 24.698983] page_type: f5(slab) [ 24.699260] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.699695] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.700044] page dumped because: kasan: bad access detected [ 24.700503] [ 24.700783] Memory state around the buggy address: [ 24.701039] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.701517] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.701907] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.702518] ^ [ 24.702992] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.703294] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.703564] ================================================================== [ 24.409508] ================================================================== [ 24.409796] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5fe/0x5450 [ 24.410333] Write of size 4 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 24.410611] [ 24.410796] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.410849] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.410864] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.410886] Call Trace: [ 24.410908] <TASK> [ 24.410930] dump_stack_lvl+0x73/0xb0 [ 24.410972] print_report+0xd1/0x650 [ 24.410995] ? __virt_addr_valid+0x1db/0x2d0 [ 24.411019] ? kasan_atomics_helper+0x5fe/0x5450 [ 24.411040] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.411065] ? kasan_atomics_helper+0x5fe/0x5450 [ 24.411088] kasan_report+0x141/0x180 [ 24.411110] ? kasan_atomics_helper+0x5fe/0x5450 [ 24.411136] kasan_check_range+0x10c/0x1c0 [ 24.411158] __kasan_check_write+0x18/0x20 [ 24.411281] kasan_atomics_helper+0x5fe/0x5450 [ 24.411304] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.411326] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.411351] ? kasan_atomics+0x152/0x310 [ 24.411376] kasan_atomics+0x1dc/0x310 [ 24.411399] ? __pfx_kasan_atomics+0x10/0x10 [ 24.411420] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 24.411443] ? __pfx_read_tsc+0x10/0x10 [ 24.411468] ? ktime_get_ts64+0x86/0x230 [ 24.411493] kunit_try_run_case+0x1a5/0x480 [ 24.411521] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.411544] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 24.411565] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.411590] ? __kthread_parkme+0x82/0x180 [ 24.411611] ? preempt_count_sub+0x50/0x80 [ 24.411635] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.411659] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.411683] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.411706] kthread+0x337/0x6f0 [ 24.411726] ? trace_preempt_on+0x20/0xc0 [ 24.411749] ? __pfx_kthread+0x10/0x10 [ 24.411769] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.411792] ? calculate_sigpending+0x7b/0xa0 [ 24.412023] ? __pfx_kthread+0x10/0x10 [ 24.412053] ret_from_fork+0x116/0x1d0 [ 24.412074] ? __pfx_kthread+0x10/0x10 [ 24.412095] ret_from_fork_asm+0x1a/0x30 [ 24.412125] </TASK> [ 24.412137] [ 24.422875] Allocated by task 294: [ 24.423177] kasan_save_stack+0x45/0x70 [ 24.423754] kasan_save_track+0x18/0x40 [ 24.424083] kasan_save_alloc_info+0x3b/0x50 [ 24.424257] __kasan_kmalloc+0xb7/0xc0 [ 24.424534] __kmalloc_cache_noprof+0x189/0x420 [ 24.424853] kasan_atomics+0x95/0x310 [ 24.425162] kunit_try_run_case+0x1a5/0x480 [ 24.425327] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.425692] kthread+0x337/0x6f0 [ 24.425920] ret_from_fork+0x116/0x1d0 [ 24.426363] ret_from_fork_asm+0x1a/0x30 [ 24.426551] [ 24.426637] The buggy address belongs to the object at ffff8881039e9700 [ 24.426637] which belongs to the cache kmalloc-64 of size 64 [ 24.427186] The buggy address is located 0 bytes to the right of [ 24.427186] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 24.428108] [ 24.428218] The buggy address belongs to the physical page: [ 24.428617] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 24.429157] flags: 0x200000000000000(node=0|zone=2) [ 24.429391] page_type: f5(slab) [ 24.429698] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.430188] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.430470] page dumped because: kasan: bad access detected [ 24.430695] [ 24.430780] Memory state around the buggy address: [ 24.430975] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.431272] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.432137] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.432370] ^ [ 24.432526] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.432737] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.432952] ================================================================== [ 24.783036] ================================================================== [ 24.783342] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf10/0x5450 [ 24.783641] Write of size 4 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 24.783994] [ 24.784099] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.784148] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.784161] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.784185] Call Trace: [ 24.784207] <TASK> [ 24.784226] dump_stack_lvl+0x73/0xb0 [ 24.784252] print_report+0xd1/0x650 [ 24.784274] ? __virt_addr_valid+0x1db/0x2d0 [ 24.784298] ? kasan_atomics_helper+0xf10/0x5450 [ 24.784318] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.784351] ? kasan_atomics_helper+0xf10/0x5450 [ 24.784372] kasan_report+0x141/0x180 [ 24.784393] ? kasan_atomics_helper+0xf10/0x5450 [ 24.784418] kasan_check_range+0x10c/0x1c0 [ 24.784440] __kasan_check_write+0x18/0x20 [ 24.784463] kasan_atomics_helper+0xf10/0x5450 [ 24.785076] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.785100] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.785125] ? kasan_atomics+0x152/0x310 [ 24.785151] kasan_atomics+0x1dc/0x310 [ 24.785173] ? __pfx_kasan_atomics+0x10/0x10 [ 24.785194] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 24.785874] ? __pfx_read_tsc+0x10/0x10 [ 24.785902] ? ktime_get_ts64+0x86/0x230 [ 24.785931] kunit_try_run_case+0x1a5/0x480 [ 24.785974] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.785997] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 24.786018] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.786043] ? __kthread_parkme+0x82/0x180 [ 24.786065] ? preempt_count_sub+0x50/0x80 [ 24.786088] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.786112] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.786151] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.786174] kthread+0x337/0x6f0 [ 24.786194] ? trace_preempt_on+0x20/0xc0 [ 24.786218] ? __pfx_kthread+0x10/0x10 [ 24.786238] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.786262] ? calculate_sigpending+0x7b/0xa0 [ 24.786325] ? __pfx_kthread+0x10/0x10 [ 24.786366] ret_from_fork+0x116/0x1d0 [ 24.786386] ? __pfx_kthread+0x10/0x10 [ 24.786407] ret_from_fork_asm+0x1a/0x30 [ 24.786437] </TASK> [ 24.786449] [ 24.799110] Allocated by task 294: [ 24.799475] kasan_save_stack+0x45/0x70 [ 24.799869] kasan_save_track+0x18/0x40 [ 24.800046] kasan_save_alloc_info+0x3b/0x50 [ 24.800549] __kasan_kmalloc+0xb7/0xc0 [ 24.800913] __kmalloc_cache_noprof+0x189/0x420 [ 24.801340] kasan_atomics+0x95/0x310 [ 24.801516] kunit_try_run_case+0x1a5/0x480 [ 24.801701] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.801928] kthread+0x337/0x6f0 [ 24.802087] ret_from_fork+0x116/0x1d0 [ 24.802581] ret_from_fork_asm+0x1a/0x30 [ 24.802966] [ 24.803385] The buggy address belongs to the object at ffff8881039e9700 [ 24.803385] which belongs to the cache kmalloc-64 of size 64 [ 24.804307] The buggy address is located 0 bytes to the right of [ 24.804307] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 24.805245] [ 24.805346] The buggy address belongs to the physical page: [ 24.805579] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 24.805893] flags: 0x200000000000000(node=0|zone=2) [ 24.806449] page_type: f5(slab) [ 24.806861] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.807382] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.807686] page dumped because: kasan: bad access detected [ 24.807896] [ 24.807986] Memory state around the buggy address: [ 24.808478] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.808995] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.809442] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.809725] ^ [ 24.809924] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.810143] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.810526] ================================================================== [ 24.648820] ================================================================== [ 24.649436] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xb6a/0x5450 [ 24.649843] Write of size 4 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 24.650400] [ 24.650718] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.650775] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.650790] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.650814] Call Trace: [ 24.650932] <TASK> [ 24.650969] dump_stack_lvl+0x73/0xb0 [ 24.651000] print_report+0xd1/0x650 [ 24.651022] ? __virt_addr_valid+0x1db/0x2d0 [ 24.651046] ? kasan_atomics_helper+0xb6a/0x5450 [ 24.651099] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.651125] ? kasan_atomics_helper+0xb6a/0x5450 [ 24.651146] kasan_report+0x141/0x180 [ 24.651167] ? kasan_atomics_helper+0xb6a/0x5450 [ 24.651192] kasan_check_range+0x10c/0x1c0 [ 24.651215] __kasan_check_write+0x18/0x20 [ 24.651249] kasan_atomics_helper+0xb6a/0x5450 [ 24.651271] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.651292] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.651316] ? kasan_atomics+0x152/0x310 [ 24.651341] kasan_atomics+0x1dc/0x310 [ 24.651363] ? __pfx_kasan_atomics+0x10/0x10 [ 24.651384] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 24.651408] ? __pfx_read_tsc+0x10/0x10 [ 24.651430] ? ktime_get_ts64+0x86/0x230 [ 24.651455] kunit_try_run_case+0x1a5/0x480 [ 24.651481] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.651504] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 24.651524] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.651551] ? __kthread_parkme+0x82/0x180 [ 24.651571] ? preempt_count_sub+0x50/0x80 [ 24.651596] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.651620] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.651643] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.651667] kthread+0x337/0x6f0 [ 24.651686] ? trace_preempt_on+0x20/0xc0 [ 24.651709] ? __pfx_kthread+0x10/0x10 [ 24.651729] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.651752] ? calculate_sigpending+0x7b/0xa0 [ 24.651776] ? __pfx_kthread+0x10/0x10 [ 24.651796] ret_from_fork+0x116/0x1d0 [ 24.651815] ? __pfx_kthread+0x10/0x10 [ 24.651845] ret_from_fork_asm+0x1a/0x30 [ 24.651875] </TASK> [ 24.651886] [ 24.664448] Allocated by task 294: [ 24.664639] kasan_save_stack+0x45/0x70 [ 24.665005] kasan_save_track+0x18/0x40 [ 24.665330] kasan_save_alloc_info+0x3b/0x50 [ 24.665648] __kasan_kmalloc+0xb7/0xc0 [ 24.665992] __kmalloc_cache_noprof+0x189/0x420 [ 24.666381] kasan_atomics+0x95/0x310 [ 24.666557] kunit_try_run_case+0x1a5/0x480 [ 24.666750] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.667320] kthread+0x337/0x6f0 [ 24.667796] ret_from_fork+0x116/0x1d0 [ 24.668100] ret_from_fork_asm+0x1a/0x30 [ 24.668488] [ 24.668584] The buggy address belongs to the object at ffff8881039e9700 [ 24.668584] which belongs to the cache kmalloc-64 of size 64 [ 24.669395] The buggy address is located 0 bytes to the right of [ 24.669395] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 24.670470] [ 24.670698] The buggy address belongs to the physical page: [ 24.671066] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 24.671413] flags: 0x200000000000000(node=0|zone=2) [ 24.671638] page_type: f5(slab) [ 24.671755] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.672573] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.672922] page dumped because: kasan: bad access detected [ 24.673203] [ 24.673274] Memory state around the buggy address: [ 24.673468] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.673765] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.674378] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.674672] ^ [ 24.675065] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.675307] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.675669] ================================================================== [ 25.577744] ================================================================== [ 25.578089] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fa5/0x5450 [ 25.578472] Read of size 8 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 25.578786] [ 25.578899] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.578975] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.578989] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.579011] Call Trace: [ 25.579032] <TASK> [ 25.579054] dump_stack_lvl+0x73/0xb0 [ 25.579091] print_report+0xd1/0x650 [ 25.579147] ? __virt_addr_valid+0x1db/0x2d0 [ 25.579183] ? kasan_atomics_helper+0x4fa5/0x5450 [ 25.579207] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.579234] ? kasan_atomics_helper+0x4fa5/0x5450 [ 25.579256] kasan_report+0x141/0x180 [ 25.579279] ? kasan_atomics_helper+0x4fa5/0x5450 [ 25.579308] __asan_report_load8_noabort+0x18/0x20 [ 25.579332] kasan_atomics_helper+0x4fa5/0x5450 [ 25.579354] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.579375] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.579400] ? kasan_atomics+0x152/0x310 [ 25.579437] kasan_atomics+0x1dc/0x310 [ 25.579459] ? __pfx_kasan_atomics+0x10/0x10 [ 25.579491] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.579515] ? __pfx_read_tsc+0x10/0x10 [ 25.579538] ? ktime_get_ts64+0x86/0x230 [ 25.579563] kunit_try_run_case+0x1a5/0x480 [ 25.579600] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.579623] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.579655] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.579681] ? __kthread_parkme+0x82/0x180 [ 25.579703] ? preempt_count_sub+0x50/0x80 [ 25.579734] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.579758] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.579782] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.579824] kthread+0x337/0x6f0 [ 25.579844] ? trace_preempt_on+0x20/0xc0 [ 25.579867] ? __pfx_kthread+0x10/0x10 [ 25.579888] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.579910] ? calculate_sigpending+0x7b/0xa0 [ 25.579934] ? __pfx_kthread+0x10/0x10 [ 25.579964] ret_from_fork+0x116/0x1d0 [ 25.579983] ? __pfx_kthread+0x10/0x10 [ 25.580004] ret_from_fork_asm+0x1a/0x30 [ 25.580036] </TASK> [ 25.580049] [ 25.587143] Allocated by task 294: [ 25.587338] kasan_save_stack+0x45/0x70 [ 25.587512] kasan_save_track+0x18/0x40 [ 25.587702] kasan_save_alloc_info+0x3b/0x50 [ 25.587892] __kasan_kmalloc+0xb7/0xc0 [ 25.588080] __kmalloc_cache_noprof+0x189/0x420 [ 25.588301] kasan_atomics+0x95/0x310 [ 25.588487] kunit_try_run_case+0x1a5/0x480 [ 25.588697] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.588906] kthread+0x337/0x6f0 [ 25.589069] ret_from_fork+0x116/0x1d0 [ 25.589269] ret_from_fork_asm+0x1a/0x30 [ 25.589454] [ 25.589542] The buggy address belongs to the object at ffff8881039e9700 [ 25.589542] which belongs to the cache kmalloc-64 of size 64 [ 25.590016] The buggy address is located 0 bytes to the right of [ 25.590016] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 25.590549] [ 25.590651] The buggy address belongs to the physical page: [ 25.590846] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 25.591086] flags: 0x200000000000000(node=0|zone=2) [ 25.591264] page_type: f5(slab) [ 25.591379] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.591602] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.591820] page dumped because: kasan: bad access detected [ 25.592035] [ 25.592141] Memory state around the buggy address: [ 25.592384] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.592689] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.593012] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.593324] ^ [ 25.593537] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.593840] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.594984] ================================================================== [ 25.443958] ================================================================== [ 25.444322] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1f43/0x5450 [ 25.444651] Write of size 8 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 25.444996] [ 25.445126] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.445175] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.445188] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.445211] Call Trace: [ 25.445231] <TASK> [ 25.445251] dump_stack_lvl+0x73/0xb0 [ 25.445278] print_report+0xd1/0x650 [ 25.445301] ? __virt_addr_valid+0x1db/0x2d0 [ 25.445325] ? kasan_atomics_helper+0x1f43/0x5450 [ 25.445345] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.445371] ? kasan_atomics_helper+0x1f43/0x5450 [ 25.445392] kasan_report+0x141/0x180 [ 25.445414] ? kasan_atomics_helper+0x1f43/0x5450 [ 25.445439] kasan_check_range+0x10c/0x1c0 [ 25.445462] __kasan_check_write+0x18/0x20 [ 25.445485] kasan_atomics_helper+0x1f43/0x5450 [ 25.445507] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.445527] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.445552] ? kasan_atomics+0x152/0x310 [ 25.445577] kasan_atomics+0x1dc/0x310 [ 25.445599] ? __pfx_kasan_atomics+0x10/0x10 [ 25.445620] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.445644] ? __pfx_read_tsc+0x10/0x10 [ 25.445666] ? ktime_get_ts64+0x86/0x230 [ 25.445691] kunit_try_run_case+0x1a5/0x480 [ 25.445717] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.445740] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.445761] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.445786] ? __kthread_parkme+0x82/0x180 [ 25.445806] ? preempt_count_sub+0x50/0x80 [ 25.445829] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.445853] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.445876] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.445918] kthread+0x337/0x6f0 [ 25.445947] ? trace_preempt_on+0x20/0xc0 [ 25.445971] ? __pfx_kthread+0x10/0x10 [ 25.445991] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.446015] ? calculate_sigpending+0x7b/0xa0 [ 25.446039] ? __pfx_kthread+0x10/0x10 [ 25.446061] ret_from_fork+0x116/0x1d0 [ 25.446079] ? __pfx_kthread+0x10/0x10 [ 25.446100] ret_from_fork_asm+0x1a/0x30 [ 25.446148] </TASK> [ 25.446160] [ 25.453916] Allocated by task 294: [ 25.454074] kasan_save_stack+0x45/0x70 [ 25.454299] kasan_save_track+0x18/0x40 [ 25.454495] kasan_save_alloc_info+0x3b/0x50 [ 25.454697] __kasan_kmalloc+0xb7/0xc0 [ 25.454872] __kmalloc_cache_noprof+0x189/0x420 [ 25.455089] kasan_atomics+0x95/0x310 [ 25.455283] kunit_try_run_case+0x1a5/0x480 [ 25.455436] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.455619] kthread+0x337/0x6f0 [ 25.455778] ret_from_fork+0x116/0x1d0 [ 25.455965] ret_from_fork_asm+0x1a/0x30 [ 25.456204] [ 25.456286] The buggy address belongs to the object at ffff8881039e9700 [ 25.456286] which belongs to the cache kmalloc-64 of size 64 [ 25.456706] The buggy address is located 0 bytes to the right of [ 25.456706] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 25.457070] [ 25.457163] The buggy address belongs to the physical page: [ 25.457330] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 25.457560] flags: 0x200000000000000(node=0|zone=2) [ 25.457715] page_type: f5(slab) [ 25.457829] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.458223] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.458547] page dumped because: kasan: bad access detected [ 25.458785] [ 25.458868] Memory state around the buggy address: [ 25.459087] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.459407] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.459714] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.460041] ^ [ 25.460286] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.460595] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.460858] ================================================================== [ 24.835048] ================================================================== [ 24.835740] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a36/0x5450 [ 24.836354] Read of size 4 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 24.836815] [ 24.836971] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.837024] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.837037] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.837059] Call Trace: [ 24.837082] <TASK> [ 24.837102] dump_stack_lvl+0x73/0xb0 [ 24.837129] print_report+0xd1/0x650 [ 24.837151] ? __virt_addr_valid+0x1db/0x2d0 [ 24.837175] ? kasan_atomics_helper+0x4a36/0x5450 [ 24.837196] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.837222] ? kasan_atomics_helper+0x4a36/0x5450 [ 24.837244] kasan_report+0x141/0x180 [ 24.837267] ? kasan_atomics_helper+0x4a36/0x5450 [ 24.837331] __asan_report_load4_noabort+0x18/0x20 [ 24.837356] kasan_atomics_helper+0x4a36/0x5450 [ 24.837389] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.837411] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.837435] ? kasan_atomics+0x152/0x310 [ 24.837460] kasan_atomics+0x1dc/0x310 [ 24.837482] ? __pfx_kasan_atomics+0x10/0x10 [ 24.837504] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 24.837527] ? __pfx_read_tsc+0x10/0x10 [ 24.837549] ? ktime_get_ts64+0x86/0x230 [ 24.837575] kunit_try_run_case+0x1a5/0x480 [ 24.837602] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.837625] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 24.837645] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.837671] ? __kthread_parkme+0x82/0x180 [ 24.837691] ? preempt_count_sub+0x50/0x80 [ 24.837716] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.837740] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.837763] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.837787] kthread+0x337/0x6f0 [ 24.837807] ? trace_preempt_on+0x20/0xc0 [ 24.837830] ? __pfx_kthread+0x10/0x10 [ 24.837850] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.837873] ? calculate_sigpending+0x7b/0xa0 [ 24.837896] ? __pfx_kthread+0x10/0x10 [ 24.837917] ret_from_fork+0x116/0x1d0 [ 24.837944] ? __pfx_kthread+0x10/0x10 [ 24.837965] ret_from_fork_asm+0x1a/0x30 [ 24.837995] </TASK> [ 24.838007] [ 24.848008] Allocated by task 294: [ 24.848209] kasan_save_stack+0x45/0x70 [ 24.848451] kasan_save_track+0x18/0x40 [ 24.848722] kasan_save_alloc_info+0x3b/0x50 [ 24.848954] __kasan_kmalloc+0xb7/0xc0 [ 24.849456] __kmalloc_cache_noprof+0x189/0x420 [ 24.849666] kasan_atomics+0x95/0x310 [ 24.849800] kunit_try_run_case+0x1a5/0x480 [ 24.850013] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.850494] kthread+0x337/0x6f0 [ 24.850758] ret_from_fork+0x116/0x1d0 [ 24.850946] ret_from_fork_asm+0x1a/0x30 [ 24.851291] [ 24.851396] The buggy address belongs to the object at ffff8881039e9700 [ 24.851396] which belongs to the cache kmalloc-64 of size 64 [ 24.852195] The buggy address is located 0 bytes to the right of [ 24.852195] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 24.852947] [ 24.853057] The buggy address belongs to the physical page: [ 24.853288] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 24.853785] flags: 0x200000000000000(node=0|zone=2) [ 24.854094] page_type: f5(slab) [ 24.854234] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.854671] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.855103] page dumped because: kasan: bad access detected [ 24.855522] [ 24.855673] Memory state around the buggy address: [ 24.855886] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.856371] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.856733] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.857142] ^ [ 24.857302] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.857724] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.858046] ================================================================== [ 24.203424] ================================================================== [ 24.204086] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4bbc/0x5450 [ 24.204602] Read of size 4 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 24.204879] [ 24.205003] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.205057] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.205070] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.205091] Call Trace: [ 24.205106] <TASK> [ 24.205491] dump_stack_lvl+0x73/0xb0 [ 24.205538] print_report+0xd1/0x650 [ 24.205560] ? __virt_addr_valid+0x1db/0x2d0 [ 24.205585] ? kasan_atomics_helper+0x4bbc/0x5450 [ 24.205605] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.205629] ? kasan_atomics_helper+0x4bbc/0x5450 [ 24.205649] kasan_report+0x141/0x180 [ 24.205671] ? kasan_atomics_helper+0x4bbc/0x5450 [ 24.205695] __asan_report_load4_noabort+0x18/0x20 [ 24.205718] kasan_atomics_helper+0x4bbc/0x5450 [ 24.205738] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.205758] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.205782] ? kasan_atomics+0x152/0x310 [ 24.205807] kasan_atomics+0x1dc/0x310 [ 24.205874] ? __pfx_kasan_atomics+0x10/0x10 [ 24.205898] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 24.205921] ? __pfx_read_tsc+0x10/0x10 [ 24.205956] ? ktime_get_ts64+0x86/0x230 [ 24.205980] kunit_try_run_case+0x1a5/0x480 [ 24.206007] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.206029] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 24.206048] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.206073] ? __kthread_parkme+0x82/0x180 [ 24.206093] ? preempt_count_sub+0x50/0x80 [ 24.206116] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.206138] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.206160] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.206183] kthread+0x337/0x6f0 [ 24.206201] ? trace_preempt_on+0x20/0xc0 [ 24.206224] ? __pfx_kthread+0x10/0x10 [ 24.206243] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.206266] ? calculate_sigpending+0x7b/0xa0 [ 24.206289] ? __pfx_kthread+0x10/0x10 [ 24.206309] ret_from_fork+0x116/0x1d0 [ 24.206327] ? __pfx_kthread+0x10/0x10 [ 24.206345] ret_from_fork_asm+0x1a/0x30 [ 24.206375] </TASK> [ 24.206386] [ 24.218219] Allocated by task 294: [ 24.218372] kasan_save_stack+0x45/0x70 [ 24.218579] kasan_save_track+0x18/0x40 [ 24.218767] kasan_save_alloc_info+0x3b/0x50 [ 24.219154] __kasan_kmalloc+0xb7/0xc0 [ 24.219295] __kmalloc_cache_noprof+0x189/0x420 [ 24.219523] kasan_atomics+0x95/0x310 [ 24.219703] kunit_try_run_case+0x1a5/0x480 [ 24.219928] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.220399] kthread+0x337/0x6f0 [ 24.220537] ret_from_fork+0x116/0x1d0 [ 24.220702] ret_from_fork_asm+0x1a/0x30 [ 24.220956] [ 24.221031] The buggy address belongs to the object at ffff8881039e9700 [ 24.221031] which belongs to the cache kmalloc-64 of size 64 [ 24.221667] The buggy address is located 0 bytes to the right of [ 24.221667] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 24.222383] [ 24.222494] The buggy address belongs to the physical page: [ 24.222746] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 24.223305] flags: 0x200000000000000(node=0|zone=2) [ 24.223548] page_type: f5(slab) [ 24.223692] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.224045] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.224362] page dumped because: kasan: bad access detected [ 24.224589] [ 24.224659] Memory state around the buggy address: [ 24.224867] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.225180] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.225666] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.226072] ^ [ 24.226362] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.226573] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.227166] ================================================================== [ 25.461439] ================================================================== [ 25.461777] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f71/0x5450 [ 25.462169] Read of size 8 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 25.462492] [ 25.462587] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.462636] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.462649] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.462671] Call Trace: [ 25.462691] <TASK> [ 25.462709] dump_stack_lvl+0x73/0xb0 [ 25.462737] print_report+0xd1/0x650 [ 25.462758] ? __virt_addr_valid+0x1db/0x2d0 [ 25.462783] ? kasan_atomics_helper+0x4f71/0x5450 [ 25.462805] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.462833] ? kasan_atomics_helper+0x4f71/0x5450 [ 25.462854] kasan_report+0x141/0x180 [ 25.462875] ? kasan_atomics_helper+0x4f71/0x5450 [ 25.462900] __asan_report_load8_noabort+0x18/0x20 [ 25.462924] kasan_atomics_helper+0x4f71/0x5450 [ 25.462957] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.462977] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.463002] ? kasan_atomics+0x152/0x310 [ 25.463040] kasan_atomics+0x1dc/0x310 [ 25.463062] ? __pfx_kasan_atomics+0x10/0x10 [ 25.463083] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.463129] ? __pfx_read_tsc+0x10/0x10 [ 25.463151] ? ktime_get_ts64+0x86/0x230 [ 25.463176] kunit_try_run_case+0x1a5/0x480 [ 25.463203] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.463226] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.463266] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.463291] ? __kthread_parkme+0x82/0x180 [ 25.463312] ? preempt_count_sub+0x50/0x80 [ 25.463336] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.463374] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.463397] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.463423] kthread+0x337/0x6f0 [ 25.463442] ? trace_preempt_on+0x20/0xc0 [ 25.463465] ? __pfx_kthread+0x10/0x10 [ 25.463485] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.463508] ? calculate_sigpending+0x7b/0xa0 [ 25.463532] ? __pfx_kthread+0x10/0x10 [ 25.463555] ret_from_fork+0x116/0x1d0 [ 25.463577] ? __pfx_kthread+0x10/0x10 [ 25.463599] ret_from_fork_asm+0x1a/0x30 [ 25.463633] </TASK> [ 25.463644] [ 25.471130] Allocated by task 294: [ 25.471323] kasan_save_stack+0x45/0x70 [ 25.471548] kasan_save_track+0x18/0x40 [ 25.471751] kasan_save_alloc_info+0x3b/0x50 [ 25.471893] __kasan_kmalloc+0xb7/0xc0 [ 25.472026] __kmalloc_cache_noprof+0x189/0x420 [ 25.472198] kasan_atomics+0x95/0x310 [ 25.472324] kunit_try_run_case+0x1a5/0x480 [ 25.472470] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.472635] kthread+0x337/0x6f0 [ 25.472747] ret_from_fork+0x116/0x1d0 [ 25.472871] ret_from_fork_asm+0x1a/0x30 [ 25.473046] [ 25.473168] The buggy address belongs to the object at ffff8881039e9700 [ 25.473168] which belongs to the cache kmalloc-64 of size 64 [ 25.473690] The buggy address is located 0 bytes to the right of [ 25.473690] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 25.474250] [ 25.474342] The buggy address belongs to the physical page: [ 25.474592] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 25.474949] flags: 0x200000000000000(node=0|zone=2) [ 25.475200] page_type: f5(slab) [ 25.475363] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.475693] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.476033] page dumped because: kasan: bad access detected [ 25.476273] [ 25.476355] Memory state around the buggy address: [ 25.476505] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.476714] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.476923] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.477265] ^ [ 25.477512] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.477861] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.478232] ================================================================== [ 25.496517] ================================================================== [ 25.496848] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f98/0x5450 [ 25.497189] Read of size 8 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 25.497654] [ 25.497774] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.497823] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.497836] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.497858] Call Trace: [ 25.497879] <TASK> [ 25.497899] dump_stack_lvl+0x73/0xb0 [ 25.497926] print_report+0xd1/0x650 [ 25.497957] ? __virt_addr_valid+0x1db/0x2d0 [ 25.497980] ? kasan_atomics_helper+0x4f98/0x5450 [ 25.498001] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.498027] ? kasan_atomics_helper+0x4f98/0x5450 [ 25.498048] kasan_report+0x141/0x180 [ 25.498069] ? kasan_atomics_helper+0x4f98/0x5450 [ 25.498094] __asan_report_load8_noabort+0x18/0x20 [ 25.498124] kasan_atomics_helper+0x4f98/0x5450 [ 25.498146] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.498167] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.498191] ? kasan_atomics+0x152/0x310 [ 25.498217] kasan_atomics+0x1dc/0x310 [ 25.498239] ? __pfx_kasan_atomics+0x10/0x10 [ 25.498261] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.498283] ? __pfx_read_tsc+0x10/0x10 [ 25.498305] ? ktime_get_ts64+0x86/0x230 [ 25.498330] kunit_try_run_case+0x1a5/0x480 [ 25.498356] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.498381] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.498401] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.498427] ? __kthread_parkme+0x82/0x180 [ 25.498448] ? preempt_count_sub+0x50/0x80 [ 25.498471] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.498495] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.498519] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.498542] kthread+0x337/0x6f0 [ 25.498562] ? trace_preempt_on+0x20/0xc0 [ 25.498584] ? __pfx_kthread+0x10/0x10 [ 25.498605] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.498628] ? calculate_sigpending+0x7b/0xa0 [ 25.498652] ? __pfx_kthread+0x10/0x10 [ 25.498673] ret_from_fork+0x116/0x1d0 [ 25.498692] ? __pfx_kthread+0x10/0x10 [ 25.498712] ret_from_fork_asm+0x1a/0x30 [ 25.498742] </TASK> [ 25.498754] [ 25.505771] Allocated by task 294: [ 25.505903] kasan_save_stack+0x45/0x70 [ 25.506055] kasan_save_track+0x18/0x40 [ 25.506207] kasan_save_alloc_info+0x3b/0x50 [ 25.506351] __kasan_kmalloc+0xb7/0xc0 [ 25.506488] __kmalloc_cache_noprof+0x189/0x420 [ 25.506700] kasan_atomics+0x95/0x310 [ 25.506878] kunit_try_run_case+0x1a5/0x480 [ 25.507135] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.507389] kthread+0x337/0x6f0 [ 25.507553] ret_from_fork+0x116/0x1d0 [ 25.507748] ret_from_fork_asm+0x1a/0x30 [ 25.507983] [ 25.508079] The buggy address belongs to the object at ffff8881039e9700 [ 25.508079] which belongs to the cache kmalloc-64 of size 64 [ 25.508677] The buggy address is located 0 bytes to the right of [ 25.508677] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 25.509195] [ 25.509265] The buggy address belongs to the physical page: [ 25.509433] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 25.509807] flags: 0x200000000000000(node=0|zone=2) [ 25.510047] page_type: f5(slab) [ 25.510241] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.510560] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.510861] page dumped because: kasan: bad access detected [ 25.511097] [ 25.511229] Memory state around the buggy address: [ 25.511408] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.511698] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.512004] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.512347] ^ [ 25.512568] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.512853] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.513177] ================================================================== [ 24.434004] ================================================================== [ 24.434768] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x697/0x5450 [ 24.435273] Write of size 4 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 24.435858] [ 24.436192] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.436260] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.436275] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.436299] Call Trace: [ 24.436317] <TASK> [ 24.436357] dump_stack_lvl+0x73/0xb0 [ 24.436387] print_report+0xd1/0x650 [ 24.436410] ? __virt_addr_valid+0x1db/0x2d0 [ 24.436434] ? kasan_atomics_helper+0x697/0x5450 [ 24.436455] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.436482] ? kasan_atomics_helper+0x697/0x5450 [ 24.436503] kasan_report+0x141/0x180 [ 24.436524] ? kasan_atomics_helper+0x697/0x5450 [ 24.436549] kasan_check_range+0x10c/0x1c0 [ 24.436572] __kasan_check_write+0x18/0x20 [ 24.436595] kasan_atomics_helper+0x697/0x5450 [ 24.436617] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.436639] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.436664] ? kasan_atomics+0x152/0x310 [ 24.436689] kasan_atomics+0x1dc/0x310 [ 24.436711] ? __pfx_kasan_atomics+0x10/0x10 [ 24.436733] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 24.436757] ? __pfx_read_tsc+0x10/0x10 [ 24.436780] ? ktime_get_ts64+0x86/0x230 [ 24.436847] kunit_try_run_case+0x1a5/0x480 [ 24.436877] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.436900] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 24.436932] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.436965] ? __kthread_parkme+0x82/0x180 [ 24.436986] ? preempt_count_sub+0x50/0x80 [ 24.437010] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.437034] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.437058] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.437082] kthread+0x337/0x6f0 [ 24.437101] ? trace_preempt_on+0x20/0xc0 [ 24.437141] ? __pfx_kthread+0x10/0x10 [ 24.437161] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.437184] ? calculate_sigpending+0x7b/0xa0 [ 24.437208] ? __pfx_kthread+0x10/0x10 [ 24.437230] ret_from_fork+0x116/0x1d0 [ 24.437248] ? __pfx_kthread+0x10/0x10 [ 24.437269] ret_from_fork_asm+0x1a/0x30 [ 24.437299] </TASK> [ 24.437311] [ 24.450128] Allocated by task 294: [ 24.450596] kasan_save_stack+0x45/0x70 [ 24.451150] kasan_save_track+0x18/0x40 [ 24.451542] kasan_save_alloc_info+0x3b/0x50 [ 24.452016] __kasan_kmalloc+0xb7/0xc0 [ 24.452391] __kmalloc_cache_noprof+0x189/0x420 [ 24.452908] kasan_atomics+0x95/0x310 [ 24.453183] kunit_try_run_case+0x1a5/0x480 [ 24.453333] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.453497] kthread+0x337/0x6f0 [ 24.453609] ret_from_fork+0x116/0x1d0 [ 24.453729] ret_from_fork_asm+0x1a/0x30 [ 24.453889] [ 24.453962] The buggy address belongs to the object at ffff8881039e9700 [ 24.453962] which belongs to the cache kmalloc-64 of size 64 [ 24.454785] The buggy address is located 0 bytes to the right of [ 24.454785] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 24.455194] [ 24.455303] The buggy address belongs to the physical page: [ 24.455672] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 24.455993] flags: 0x200000000000000(node=0|zone=2) [ 24.456393] page_type: f5(slab) [ 24.456576] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.457035] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.457374] page dumped because: kasan: bad access detected [ 24.457649] [ 24.457713] Memory state around the buggy address: [ 24.457972] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.458473] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.458739] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.458962] ^ [ 24.459218] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.459654] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.459988] ================================================================== [ 25.159193] ================================================================== [ 25.160187] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16e7/0x5450 [ 25.160714] Write of size 8 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 25.161038] [ 25.161149] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.161203] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.161217] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.161241] Call Trace: [ 25.161264] <TASK> [ 25.161286] dump_stack_lvl+0x73/0xb0 [ 25.161315] print_report+0xd1/0x650 [ 25.161337] ? __virt_addr_valid+0x1db/0x2d0 [ 25.161360] ? kasan_atomics_helper+0x16e7/0x5450 [ 25.161382] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.161408] ? kasan_atomics_helper+0x16e7/0x5450 [ 25.161429] kasan_report+0x141/0x180 [ 25.161450] ? kasan_atomics_helper+0x16e7/0x5450 [ 25.161475] kasan_check_range+0x10c/0x1c0 [ 25.161499] __kasan_check_write+0x18/0x20 [ 25.161522] kasan_atomics_helper+0x16e7/0x5450 [ 25.161543] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.161565] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.161590] ? kasan_atomics+0x152/0x310 [ 25.161615] kasan_atomics+0x1dc/0x310 [ 25.161637] ? __pfx_kasan_atomics+0x10/0x10 [ 25.161658] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.161682] ? __pfx_read_tsc+0x10/0x10 [ 25.161704] ? ktime_get_ts64+0x86/0x230 [ 25.161730] kunit_try_run_case+0x1a5/0x480 [ 25.161758] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.161781] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.161802] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.161827] ? __kthread_parkme+0x82/0x180 [ 25.161848] ? preempt_count_sub+0x50/0x80 [ 25.161872] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.161896] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.161920] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.161957] kthread+0x337/0x6f0 [ 25.161977] ? trace_preempt_on+0x20/0xc0 [ 25.162000] ? __pfx_kthread+0x10/0x10 [ 25.162020] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.162044] ? calculate_sigpending+0x7b/0xa0 [ 25.162068] ? __pfx_kthread+0x10/0x10 [ 25.162089] ret_from_fork+0x116/0x1d0 [ 25.162108] ? __pfx_kthread+0x10/0x10 [ 25.162129] ret_from_fork_asm+0x1a/0x30 [ 25.162160] </TASK> [ 25.162171] [ 25.173345] Allocated by task 294: [ 25.173780] kasan_save_stack+0x45/0x70 [ 25.173985] kasan_save_track+0x18/0x40 [ 25.174511] kasan_save_alloc_info+0x3b/0x50 [ 25.174730] __kasan_kmalloc+0xb7/0xc0 [ 25.174901] __kmalloc_cache_noprof+0x189/0x420 [ 25.175141] kasan_atomics+0x95/0x310 [ 25.175545] kunit_try_run_case+0x1a5/0x480 [ 25.175845] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.176150] kthread+0x337/0x6f0 [ 25.176285] ret_from_fork+0x116/0x1d0 [ 25.176609] ret_from_fork_asm+0x1a/0x30 [ 25.176763] [ 25.176955] The buggy address belongs to the object at ffff8881039e9700 [ 25.176955] which belongs to the cache kmalloc-64 of size 64 [ 25.177654] The buggy address is located 0 bytes to the right of [ 25.177654] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 25.178333] [ 25.178572] The buggy address belongs to the physical page: [ 25.178761] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 25.179264] flags: 0x200000000000000(node=0|zone=2) [ 25.179571] page_type: f5(slab) [ 25.179748] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.180283] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.181025] page dumped because: kasan: bad access detected [ 25.181399] [ 25.181483] Memory state around the buggy address: [ 25.181830] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.182244] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.182450] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.182648] ^ [ 25.182794] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.183012] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.183350] ================================================================== [ 25.374254] ================================================================== [ 25.374573] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1ce1/0x5450 [ 25.374948] Write of size 8 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 25.375309] [ 25.375417] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.375467] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.375481] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.375503] Call Trace: [ 25.375525] <TASK> [ 25.375545] dump_stack_lvl+0x73/0xb0 [ 25.375572] print_report+0xd1/0x650 [ 25.375593] ? __virt_addr_valid+0x1db/0x2d0 [ 25.375618] ? kasan_atomics_helper+0x1ce1/0x5450 [ 25.375638] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.375663] ? kasan_atomics_helper+0x1ce1/0x5450 [ 25.375684] kasan_report+0x141/0x180 [ 25.375705] ? kasan_atomics_helper+0x1ce1/0x5450 [ 25.375730] kasan_check_range+0x10c/0x1c0 [ 25.375754] __kasan_check_write+0x18/0x20 [ 25.375776] kasan_atomics_helper+0x1ce1/0x5450 [ 25.375798] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.375820] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.375845] ? kasan_atomics+0x152/0x310 [ 25.375871] kasan_atomics+0x1dc/0x310 [ 25.375896] ? __pfx_kasan_atomics+0x10/0x10 [ 25.375918] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.375957] ? __pfx_read_tsc+0x10/0x10 [ 25.375980] ? ktime_get_ts64+0x86/0x230 [ 25.376006] kunit_try_run_case+0x1a5/0x480 [ 25.376035] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.376058] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.376079] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.376104] ? __kthread_parkme+0x82/0x180 [ 25.376137] ? preempt_count_sub+0x50/0x80 [ 25.376161] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.376185] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.376209] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.376232] kthread+0x337/0x6f0 [ 25.376254] ? trace_preempt_on+0x20/0xc0 [ 25.376278] ? __pfx_kthread+0x10/0x10 [ 25.376298] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.376321] ? calculate_sigpending+0x7b/0xa0 [ 25.376351] ? __pfx_kthread+0x10/0x10 [ 25.376373] ret_from_fork+0x116/0x1d0 [ 25.376391] ? __pfx_kthread+0x10/0x10 [ 25.376411] ret_from_fork_asm+0x1a/0x30 [ 25.376442] </TASK> [ 25.376454] [ 25.383580] Allocated by task 294: [ 25.383718] kasan_save_stack+0x45/0x70 [ 25.383899] kasan_save_track+0x18/0x40 [ 25.384092] kasan_save_alloc_info+0x3b/0x50 [ 25.384290] __kasan_kmalloc+0xb7/0xc0 [ 25.384475] __kmalloc_cache_noprof+0x189/0x420 [ 25.384659] kasan_atomics+0x95/0x310 [ 25.384783] kunit_try_run_case+0x1a5/0x480 [ 25.384922] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.385098] kthread+0x337/0x6f0 [ 25.385218] ret_from_fork+0x116/0x1d0 [ 25.385407] ret_from_fork_asm+0x1a/0x30 [ 25.385595] [ 25.385685] The buggy address belongs to the object at ffff8881039e9700 [ 25.385685] which belongs to the cache kmalloc-64 of size 64 [ 25.386324] The buggy address is located 0 bytes to the right of [ 25.386324] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 25.386872] [ 25.386972] The buggy address belongs to the physical page: [ 25.387209] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 25.387491] flags: 0x200000000000000(node=0|zone=2) [ 25.387650] page_type: f5(slab) [ 25.387814] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.388185] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.388491] page dumped because: kasan: bad access detected [ 25.388692] [ 25.388779] Memory state around the buggy address: [ 25.388978] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.389187] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.389393] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.389596] ^ [ 25.389742] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.390045] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.390346] ================================================================== [ 24.335240] ================================================================== [ 24.335552] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a0/0x5450 [ 24.335889] Write of size 4 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 24.336380] [ 24.336494] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.336559] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.336578] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.336602] Call Trace: [ 24.336624] <TASK> [ 24.336655] dump_stack_lvl+0x73/0xb0 [ 24.336687] print_report+0xd1/0x650 [ 24.336710] ? __virt_addr_valid+0x1db/0x2d0 [ 24.336745] ? kasan_atomics_helper+0x4a0/0x5450 [ 24.336766] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.336793] ? kasan_atomics_helper+0x4a0/0x5450 [ 24.336826] kasan_report+0x141/0x180 [ 24.336849] ? kasan_atomics_helper+0x4a0/0x5450 [ 24.336874] kasan_check_range+0x10c/0x1c0 [ 24.336897] __kasan_check_write+0x18/0x20 [ 24.336920] kasan_atomics_helper+0x4a0/0x5450 [ 24.336951] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.336973] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.336998] ? kasan_atomics+0x152/0x310 [ 24.337023] kasan_atomics+0x1dc/0x310 [ 24.337102] ? __pfx_kasan_atomics+0x10/0x10 [ 24.337137] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 24.337162] ? __pfx_read_tsc+0x10/0x10 [ 24.337185] ? ktime_get_ts64+0x86/0x230 [ 24.337211] kunit_try_run_case+0x1a5/0x480 [ 24.337237] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.337260] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 24.337281] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.337315] ? __kthread_parkme+0x82/0x180 [ 24.337337] ? preempt_count_sub+0x50/0x80 [ 24.337362] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.337386] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.337410] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.337442] kthread+0x337/0x6f0 [ 24.337462] ? trace_preempt_on+0x20/0xc0 [ 24.337485] ? __pfx_kthread+0x10/0x10 [ 24.337515] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.337539] ? calculate_sigpending+0x7b/0xa0 [ 24.337571] ? __pfx_kthread+0x10/0x10 [ 24.337592] ret_from_fork+0x116/0x1d0 [ 24.337611] ? __pfx_kthread+0x10/0x10 [ 24.337632] ret_from_fork_asm+0x1a/0x30 [ 24.337671] </TASK> [ 24.337683] [ 24.346831] Allocated by task 294: [ 24.347021] kasan_save_stack+0x45/0x70 [ 24.347369] kasan_save_track+0x18/0x40 [ 24.347620] kasan_save_alloc_info+0x3b/0x50 [ 24.347830] __kasan_kmalloc+0xb7/0xc0 [ 24.348116] __kmalloc_cache_noprof+0x189/0x420 [ 24.348412] kasan_atomics+0x95/0x310 [ 24.348548] kunit_try_run_case+0x1a5/0x480 [ 24.348770] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.349021] kthread+0x337/0x6f0 [ 24.349173] ret_from_fork+0x116/0x1d0 [ 24.349436] ret_from_fork_asm+0x1a/0x30 [ 24.349655] [ 24.349747] The buggy address belongs to the object at ffff8881039e9700 [ 24.349747] which belongs to the cache kmalloc-64 of size 64 [ 24.350152] The buggy address is located 0 bytes to the right of [ 24.350152] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 24.351009] [ 24.351128] The buggy address belongs to the physical page: [ 24.351377] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 24.351710] flags: 0x200000000000000(node=0|zone=2) [ 24.352090] page_type: f5(slab) [ 24.352281] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.352588] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.352810] page dumped because: kasan: bad access detected [ 24.353127] [ 24.353253] Memory state around the buggy address: [ 24.353480] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.353920] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.354506] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.354889] ^ [ 24.355137] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.355385] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.355707] ================================================================== [ 25.005574] ================================================================== [ 25.006170] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49ce/0x5450 [ 25.006408] Read of size 4 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 25.006714] [ 25.006846] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.006894] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.006908] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.006930] Call Trace: [ 25.006961] <TASK> [ 25.006981] dump_stack_lvl+0x73/0xb0 [ 25.007008] print_report+0xd1/0x650 [ 25.007030] ? __virt_addr_valid+0x1db/0x2d0 [ 25.007053] ? kasan_atomics_helper+0x49ce/0x5450 [ 25.007074] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.007099] ? kasan_atomics_helper+0x49ce/0x5450 [ 25.007130] kasan_report+0x141/0x180 [ 25.007152] ? kasan_atomics_helper+0x49ce/0x5450 [ 25.007177] __asan_report_load4_noabort+0x18/0x20 [ 25.007201] kasan_atomics_helper+0x49ce/0x5450 [ 25.007222] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.007243] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.007267] ? kasan_atomics+0x152/0x310 [ 25.007292] kasan_atomics+0x1dc/0x310 [ 25.007314] ? __pfx_kasan_atomics+0x10/0x10 [ 25.007335] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.007369] ? __pfx_read_tsc+0x10/0x10 [ 25.007390] ? ktime_get_ts64+0x86/0x230 [ 25.007426] kunit_try_run_case+0x1a5/0x480 [ 25.007453] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.007476] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.007496] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.007521] ? __kthread_parkme+0x82/0x180 [ 25.007542] ? preempt_count_sub+0x50/0x80 [ 25.007566] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.007598] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.007622] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.007647] kthread+0x337/0x6f0 [ 25.007681] ? trace_preempt_on+0x20/0xc0 [ 25.007705] ? __pfx_kthread+0x10/0x10 [ 25.007726] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.007749] ? calculate_sigpending+0x7b/0xa0 [ 25.007774] ? __pfx_kthread+0x10/0x10 [ 25.007796] ret_from_fork+0x116/0x1d0 [ 25.007815] ? __pfx_kthread+0x10/0x10 [ 25.007835] ret_from_fork_asm+0x1a/0x30 [ 25.007865] </TASK> [ 25.007876] [ 25.015458] Allocated by task 294: [ 25.015627] kasan_save_stack+0x45/0x70 [ 25.015803] kasan_save_track+0x18/0x40 [ 25.015992] kasan_save_alloc_info+0x3b/0x50 [ 25.016227] __kasan_kmalloc+0xb7/0xc0 [ 25.016394] __kmalloc_cache_noprof+0x189/0x420 [ 25.016611] kasan_atomics+0x95/0x310 [ 25.016767] kunit_try_run_case+0x1a5/0x480 [ 25.016908] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.017081] kthread+0x337/0x6f0 [ 25.017238] ret_from_fork+0x116/0x1d0 [ 25.017415] ret_from_fork_asm+0x1a/0x30 [ 25.017626] [ 25.017714] The buggy address belongs to the object at ffff8881039e9700 [ 25.017714] which belongs to the cache kmalloc-64 of size 64 [ 25.018138] The buggy address is located 0 bytes to the right of [ 25.018138] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 25.018656] [ 25.018758] The buggy address belongs to the physical page: [ 25.018981] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 25.019212] flags: 0x200000000000000(node=0|zone=2) [ 25.019367] page_type: f5(slab) [ 25.019481] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.019701] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.019918] page dumped because: kasan: bad access detected [ 25.020168] [ 25.020253] Memory state around the buggy address: [ 25.020475] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.020791] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.021111] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.021447] ^ [ 25.021660] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.021975] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.022307] ================================================================== [ 25.596036] ================================================================== [ 25.596981] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x224c/0x5450 [ 25.597509] Write of size 8 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 25.598047] [ 25.598286] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 25.598457] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.598478] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.598502] Call Trace: [ 25.598535] <TASK> [ 25.598556] dump_stack_lvl+0x73/0xb0 [ 25.598586] print_report+0xd1/0x650 [ 25.598651] ? __virt_addr_valid+0x1db/0x2d0 [ 25.598675] ? kasan_atomics_helper+0x224c/0x5450 [ 25.598696] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.598722] ? kasan_atomics_helper+0x224c/0x5450 [ 25.598744] kasan_report+0x141/0x180 [ 25.598767] ? kasan_atomics_helper+0x224c/0x5450 [ 25.598792] kasan_check_range+0x10c/0x1c0 [ 25.598815] __kasan_check_write+0x18/0x20 [ 25.598838] kasan_atomics_helper+0x224c/0x5450 [ 25.598860] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.598881] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.598905] ? kasan_atomics+0x152/0x310 [ 25.598931] kasan_atomics+0x1dc/0x310 [ 25.598964] ? __pfx_kasan_atomics+0x10/0x10 [ 25.598986] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.599010] ? __pfx_read_tsc+0x10/0x10 [ 25.599032] ? ktime_get_ts64+0x86/0x230 [ 25.599058] kunit_try_run_case+0x1a5/0x480 [ 25.599085] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.599129] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.599151] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.599176] ? __kthread_parkme+0x82/0x180 [ 25.599197] ? preempt_count_sub+0x50/0x80 [ 25.599220] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.599246] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.599269] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.599295] kthread+0x337/0x6f0 [ 25.599317] ? trace_preempt_on+0x20/0xc0 [ 25.599341] ? __pfx_kthread+0x10/0x10 [ 25.599361] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.599385] ? calculate_sigpending+0x7b/0xa0 [ 25.599409] ? __pfx_kthread+0x10/0x10 [ 25.599430] ret_from_fork+0x116/0x1d0 [ 25.599450] ? __pfx_kthread+0x10/0x10 [ 25.599471] ret_from_fork_asm+0x1a/0x30 [ 25.599502] </TASK> [ 25.599514] [ 25.607073] Allocated by task 294: [ 25.607295] kasan_save_stack+0x45/0x70 [ 25.607485] kasan_save_track+0x18/0x40 [ 25.607681] kasan_save_alloc_info+0x3b/0x50 [ 25.607835] __kasan_kmalloc+0xb7/0xc0 [ 25.607976] __kmalloc_cache_noprof+0x189/0x420 [ 25.608233] kasan_atomics+0x95/0x310 [ 25.608418] kunit_try_run_case+0x1a5/0x480 [ 25.608616] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.608803] kthread+0x337/0x6f0 [ 25.608949] ret_from_fork+0x116/0x1d0 [ 25.609156] ret_from_fork_asm+0x1a/0x30 [ 25.609360] [ 25.609449] The buggy address belongs to the object at ffff8881039e9700 [ 25.609449] which belongs to the cache kmalloc-64 of size 64 [ 25.609887] The buggy address is located 0 bytes to the right of [ 25.609887] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 25.610283] [ 25.610358] The buggy address belongs to the physical page: [ 25.610601] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 25.610970] flags: 0x200000000000000(node=0|zone=2) [ 25.611220] page_type: f5(slab) [ 25.611383] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.611633] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.611852] page dumped because: kasan: bad access detected [ 25.612051] [ 25.612163] Memory state around the buggy address: [ 25.612411] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.612746] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.613067] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.613401] ^ [ 25.613608] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.613891] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.614227] ================================================================== [ 24.730996] ================================================================== [ 24.731586] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd47/0x5450 [ 24.731963] Write of size 4 at addr ffff8881039e9730 by task kunit_try_catch/294 [ 24.732420] [ 24.732552] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.732604] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.732619] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.732642] Call Trace: [ 24.732665] <TASK> [ 24.732686] dump_stack_lvl+0x73/0xb0 [ 24.732713] print_report+0xd1/0x650 [ 24.732736] ? __virt_addr_valid+0x1db/0x2d0 [ 24.732760] ? kasan_atomics_helper+0xd47/0x5450 [ 24.732781] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.732807] ? kasan_atomics_helper+0xd47/0x5450 [ 24.732827] kasan_report+0x141/0x180 [ 24.732849] ? kasan_atomics_helper+0xd47/0x5450 [ 24.732874] kasan_check_range+0x10c/0x1c0 [ 24.732897] __kasan_check_write+0x18/0x20 [ 24.732919] kasan_atomics_helper+0xd47/0x5450 [ 24.732953] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.732974] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.732999] ? kasan_atomics+0x152/0x310 [ 24.733024] kasan_atomics+0x1dc/0x310 [ 24.733046] ? __pfx_kasan_atomics+0x10/0x10 [ 24.733067] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 24.733091] ? __pfx_read_tsc+0x10/0x10 [ 24.733113] ? ktime_get_ts64+0x86/0x230 [ 24.733139] kunit_try_run_case+0x1a5/0x480 [ 24.733166] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.733189] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 24.733210] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.733235] ? __kthread_parkme+0x82/0x180 [ 24.733255] ? preempt_count_sub+0x50/0x80 [ 24.733279] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.733303] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.733326] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.733350] kthread+0x337/0x6f0 [ 24.733378] ? trace_preempt_on+0x20/0xc0 [ 24.733402] ? __pfx_kthread+0x10/0x10 [ 24.733422] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.733444] ? calculate_sigpending+0x7b/0xa0 [ 24.733468] ? __pfx_kthread+0x10/0x10 [ 24.733489] ret_from_fork+0x116/0x1d0 [ 24.733508] ? __pfx_kthread+0x10/0x10 [ 24.733529] ret_from_fork_asm+0x1a/0x30 [ 24.733559] </TASK> [ 24.733570] [ 24.740566] Allocated by task 294: [ 24.740762] kasan_save_stack+0x45/0x70 [ 24.740930] kasan_save_track+0x18/0x40 [ 24.741074] kasan_save_alloc_info+0x3b/0x50 [ 24.741468] __kasan_kmalloc+0xb7/0xc0 [ 24.741644] __kmalloc_cache_noprof+0x189/0x420 [ 24.741853] kasan_atomics+0x95/0x310 [ 24.741991] kunit_try_run_case+0x1a5/0x480 [ 24.742153] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.742356] kthread+0x337/0x6f0 [ 24.742523] ret_from_fork+0x116/0x1d0 [ 24.742683] ret_from_fork_asm+0x1a/0x30 [ 24.742851] [ 24.742920] The buggy address belongs to the object at ffff8881039e9700 [ 24.742920] which belongs to the cache kmalloc-64 of size 64 [ 24.743517] The buggy address is located 0 bytes to the right of [ 24.743517] allocated 48-byte region [ffff8881039e9700, ffff8881039e9730) [ 24.743982] [ 24.744078] The buggy address belongs to the physical page: [ 24.744304] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 24.744617] flags: 0x200000000000000(node=0|zone=2) [ 24.744823] page_type: f5(slab) [ 24.744972] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.745279] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.745552] page dumped because: kasan: bad access detected [ 24.745758] [ 24.745840] Memory state around the buggy address: [ 24.746044] ffff8881039e9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.746351] ffff8881039e9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.746560] >ffff8881039e9700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.746763] ^ [ 24.746912] ffff8881039e9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.747127] ffff8881039e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.747387] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 24.178116] ================================================================== [ 24.178421] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 24.178772] Read of size 8 at addr ffff888102797f48 by task kunit_try_catch/290 [ 24.179297] [ 24.179392] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.179439] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.179452] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.179473] Call Trace: [ 24.179493] <TASK> [ 24.179511] dump_stack_lvl+0x73/0xb0 [ 24.179538] print_report+0xd1/0x650 [ 24.179558] ? __virt_addr_valid+0x1db/0x2d0 [ 24.179580] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 24.179605] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.179629] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 24.179655] kasan_report+0x141/0x180 [ 24.179675] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 24.179705] __asan_report_load8_noabort+0x18/0x20 [ 24.179728] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 24.179753] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.179786] kasan_bitops_generic+0x121/0x1c0 [ 24.179807] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.179829] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.179855] kunit_try_run_case+0x1a5/0x480 [ 24.179880] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.179901] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.179922] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.180014] ? __kthread_parkme+0x82/0x180 [ 24.180036] ? preempt_count_sub+0x50/0x80 [ 24.180059] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.180082] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.180104] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.180126] kthread+0x337/0x6f0 [ 24.180145] ? trace_preempt_on+0x20/0xc0 [ 24.180168] ? __pfx_kthread+0x10/0x10 [ 24.180187] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.180209] ? calculate_sigpending+0x7b/0xa0 [ 24.180231] ? __pfx_kthread+0x10/0x10 [ 24.180252] ret_from_fork+0x116/0x1d0 [ 24.180269] ? __pfx_kthread+0x10/0x10 [ 24.180289] ret_from_fork_asm+0x1a/0x30 [ 24.180317] </TASK> [ 24.180338] [ 24.188187] Allocated by task 290: [ 24.188369] kasan_save_stack+0x45/0x70 [ 24.188544] kasan_save_track+0x18/0x40 [ 24.188704] kasan_save_alloc_info+0x3b/0x50 [ 24.188856] __kasan_kmalloc+0xb7/0xc0 [ 24.188993] __kmalloc_cache_noprof+0x189/0x420 [ 24.189254] kasan_bitops_generic+0x92/0x1c0 [ 24.189455] kunit_try_run_case+0x1a5/0x480 [ 24.189688] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.190279] kthread+0x337/0x6f0 [ 24.190455] ret_from_fork+0x116/0x1d0 [ 24.190625] ret_from_fork_asm+0x1a/0x30 [ 24.190756] [ 24.190824] The buggy address belongs to the object at ffff888102797f40 [ 24.190824] which belongs to the cache kmalloc-16 of size 16 [ 24.191560] The buggy address is located 8 bytes inside of [ 24.191560] allocated 9-byte region [ffff888102797f40, ffff888102797f49) [ 24.191893] [ 24.191966] The buggy address belongs to the physical page: [ 24.192127] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102797 [ 24.192840] flags: 0x200000000000000(node=0|zone=2) [ 24.193197] page_type: f5(slab) [ 24.193317] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.193540] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.193756] page dumped because: kasan: bad access detected [ 24.193997] [ 24.194085] Memory state around the buggy address: [ 24.194306] ffff888102797e00: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.194948] ffff888102797e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.195422] >ffff888102797f00: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 24.195706] ^ [ 24.196000] ffff888102797f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.196218] ffff888102798000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.196431] ================================================================== [ 24.002156] ================================================================== [ 24.002886] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 24.003188] Write of size 8 at addr ffff888102797f48 by task kunit_try_catch/290 [ 24.003405] [ 24.003491] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.003541] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.003554] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.003576] Call Trace: [ 24.003591] <TASK> [ 24.003609] dump_stack_lvl+0x73/0xb0 [ 24.003635] print_report+0xd1/0x650 [ 24.003656] ? __virt_addr_valid+0x1db/0x2d0 [ 24.003678] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 24.003703] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.003728] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 24.003753] kasan_report+0x141/0x180 [ 24.003773] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 24.003802] kasan_check_range+0x10c/0x1c0 [ 24.003823] __kasan_check_write+0x18/0x20 [ 24.003845] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 24.003870] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.003902] kasan_bitops_generic+0x121/0x1c0 [ 24.003923] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.004241] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.004275] kunit_try_run_case+0x1a5/0x480 [ 24.004303] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.004325] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.004351] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.004567] ? __kthread_parkme+0x82/0x180 [ 24.004591] ? preempt_count_sub+0x50/0x80 [ 24.004615] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.004639] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.004662] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.004684] kthread+0x337/0x6f0 [ 24.004702] ? trace_preempt_on+0x20/0xc0 [ 24.004728] ? __pfx_kthread+0x10/0x10 [ 24.004747] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.004769] ? calculate_sigpending+0x7b/0xa0 [ 24.004792] ? __pfx_kthread+0x10/0x10 [ 24.004885] ret_from_fork+0x116/0x1d0 [ 24.004909] ? __pfx_kthread+0x10/0x10 [ 24.004929] ret_from_fork_asm+0x1a/0x30 [ 24.004971] </TASK> [ 24.004982] [ 24.016376] Allocated by task 290: [ 24.016549] kasan_save_stack+0x45/0x70 [ 24.016737] kasan_save_track+0x18/0x40 [ 24.017411] kasan_save_alloc_info+0x3b/0x50 [ 24.017677] __kasan_kmalloc+0xb7/0xc0 [ 24.018165] __kmalloc_cache_noprof+0x189/0x420 [ 24.018376] kasan_bitops_generic+0x92/0x1c0 [ 24.018556] kunit_try_run_case+0x1a5/0x480 [ 24.018731] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.019476] kthread+0x337/0x6f0 [ 24.019708] ret_from_fork+0x116/0x1d0 [ 24.020150] ret_from_fork_asm+0x1a/0x30 [ 24.020428] [ 24.020638] The buggy address belongs to the object at ffff888102797f40 [ 24.020638] which belongs to the cache kmalloc-16 of size 16 [ 24.021552] The buggy address is located 8 bytes inside of [ 24.021552] allocated 9-byte region [ffff888102797f40, ffff888102797f49) [ 24.022381] [ 24.022480] The buggy address belongs to the physical page: [ 24.022704] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102797 [ 24.023582] flags: 0x200000000000000(node=0|zone=2) [ 24.024021] page_type: f5(slab) [ 24.024346] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.024660] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.025187] page dumped because: kasan: bad access detected [ 24.025422] [ 24.025507] Memory state around the buggy address: [ 24.025708] ffff888102797e00: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.026552] ffff888102797e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.027109] >ffff888102797f00: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 24.027405] ^ [ 24.027638] ffff888102797f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.028364] ffff888102798000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.028637] ================================================================== [ 24.158759] ================================================================== [ 24.160022] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 24.161093] Read of size 8 at addr ffff888102797f48 by task kunit_try_catch/290 [ 24.161362] [ 24.161450] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.161501] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.161513] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.161536] Call Trace: [ 24.161556] <TASK> [ 24.161575] dump_stack_lvl+0x73/0xb0 [ 24.161602] print_report+0xd1/0x650 [ 24.161623] ? __virt_addr_valid+0x1db/0x2d0 [ 24.161645] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 24.161671] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.161695] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 24.161720] kasan_report+0x141/0x180 [ 24.161740] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 24.161769] kasan_check_range+0x10c/0x1c0 [ 24.161791] __kasan_check_read+0x15/0x20 [ 24.161812] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 24.161837] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.161870] kasan_bitops_generic+0x121/0x1c0 [ 24.161892] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.161916] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.161952] kunit_try_run_case+0x1a5/0x480 [ 24.161978] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.161999] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.162020] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.162044] ? __kthread_parkme+0x82/0x180 [ 24.162063] ? preempt_count_sub+0x50/0x80 [ 24.162086] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.162108] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.162130] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.162153] kthread+0x337/0x6f0 [ 24.162171] ? trace_preempt_on+0x20/0xc0 [ 24.162193] ? __pfx_kthread+0x10/0x10 [ 24.162212] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.162234] ? calculate_sigpending+0x7b/0xa0 [ 24.162256] ? __pfx_kthread+0x10/0x10 [ 24.162277] ret_from_fork+0x116/0x1d0 [ 24.162295] ? __pfx_kthread+0x10/0x10 [ 24.162314] ret_from_fork_asm+0x1a/0x30 [ 24.162343] </TASK> [ 24.162353] [ 24.169800] Allocated by task 290: [ 24.170164] kasan_save_stack+0x45/0x70 [ 24.170370] kasan_save_track+0x18/0x40 [ 24.170558] kasan_save_alloc_info+0x3b/0x50 [ 24.170760] __kasan_kmalloc+0xb7/0xc0 [ 24.171090] __kmalloc_cache_noprof+0x189/0x420 [ 24.171309] kasan_bitops_generic+0x92/0x1c0 [ 24.171482] kunit_try_run_case+0x1a5/0x480 [ 24.171622] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.171786] kthread+0x337/0x6f0 [ 24.171898] ret_from_fork+0x116/0x1d0 [ 24.172088] ret_from_fork_asm+0x1a/0x30 [ 24.172355] [ 24.172488] The buggy address belongs to the object at ffff888102797f40 [ 24.172488] which belongs to the cache kmalloc-16 of size 16 [ 24.172868] The buggy address is located 8 bytes inside of [ 24.172868] allocated 9-byte region [ffff888102797f40, ffff888102797f49) [ 24.173265] [ 24.173350] The buggy address belongs to the physical page: [ 24.173597] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102797 [ 24.173961] flags: 0x200000000000000(node=0|zone=2) [ 24.174196] page_type: f5(slab) [ 24.174533] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.175175] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.175471] page dumped because: kasan: bad access detected [ 24.175697] [ 24.175777] Memory state around the buggy address: [ 24.176024] ffff888102797e00: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.176237] ffff888102797e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.176481] >ffff888102797f00: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 24.176790] ^ [ 24.177047] ffff888102797f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.177366] ffff888102798000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.177642] ================================================================== [ 24.102648] ================================================================== [ 24.103269] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 24.103649] Write of size 8 at addr ffff888102797f48 by task kunit_try_catch/290 [ 24.103870] [ 24.104051] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.104103] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.104115] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.104136] Call Trace: [ 24.104157] <TASK> [ 24.104175] dump_stack_lvl+0x73/0xb0 [ 24.104202] print_report+0xd1/0x650 [ 24.104223] ? __virt_addr_valid+0x1db/0x2d0 [ 24.104245] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 24.104271] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.104295] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 24.104320] kasan_report+0x141/0x180 [ 24.104345] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 24.104375] kasan_check_range+0x10c/0x1c0 [ 24.104397] __kasan_check_write+0x18/0x20 [ 24.104418] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 24.104444] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.104476] kasan_bitops_generic+0x121/0x1c0 [ 24.104498] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.104520] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.104545] kunit_try_run_case+0x1a5/0x480 [ 24.104569] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.104591] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.104611] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.104635] ? __kthread_parkme+0x82/0x180 [ 24.104654] ? preempt_count_sub+0x50/0x80 [ 24.104677] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.104699] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.104721] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.104744] kthread+0x337/0x6f0 [ 24.104763] ? trace_preempt_on+0x20/0xc0 [ 24.104785] ? __pfx_kthread+0x10/0x10 [ 24.104804] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.104842] ? calculate_sigpending+0x7b/0xa0 [ 24.104865] ? __pfx_kthread+0x10/0x10 [ 24.104885] ret_from_fork+0x116/0x1d0 [ 24.104903] ? __pfx_kthread+0x10/0x10 [ 24.104922] ret_from_fork_asm+0x1a/0x30 [ 24.104960] </TASK> [ 24.104970] [ 24.112754] Allocated by task 290: [ 24.112878] kasan_save_stack+0x45/0x70 [ 24.113170] kasan_save_track+0x18/0x40 [ 24.113379] kasan_save_alloc_info+0x3b/0x50 [ 24.113587] __kasan_kmalloc+0xb7/0xc0 [ 24.113772] __kmalloc_cache_noprof+0x189/0x420 [ 24.114190] kasan_bitops_generic+0x92/0x1c0 [ 24.114341] kunit_try_run_case+0x1a5/0x480 [ 24.114541] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.114751] kthread+0x337/0x6f0 [ 24.114999] ret_from_fork+0x116/0x1d0 [ 24.115205] ret_from_fork_asm+0x1a/0x30 [ 24.115370] [ 24.115461] The buggy address belongs to the object at ffff888102797f40 [ 24.115461] which belongs to the cache kmalloc-16 of size 16 [ 24.116007] The buggy address is located 8 bytes inside of [ 24.116007] allocated 9-byte region [ffff888102797f40, ffff888102797f49) [ 24.116605] [ 24.116685] The buggy address belongs to the physical page: [ 24.117082] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102797 [ 24.117322] flags: 0x200000000000000(node=0|zone=2) [ 24.117476] page_type: f5(slab) [ 24.117591] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.117922] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.118275] page dumped because: kasan: bad access detected [ 24.118628] [ 24.118726] Memory state around the buggy address: [ 24.119066] ffff888102797e00: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.119278] ffff888102797e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.119482] >ffff888102797f00: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 24.119925] ^ [ 24.120284] ffff888102797f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.120613] ffff888102798000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.121186] ================================================================== [ 24.079191] ================================================================== [ 24.079431] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 24.079830] Write of size 8 at addr ffff888102797f48 by task kunit_try_catch/290 [ 24.080587] [ 24.080694] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.080744] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.080757] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.080779] Call Trace: [ 24.080799] <TASK> [ 24.081040] dump_stack_lvl+0x73/0xb0 [ 24.081079] print_report+0xd1/0x650 [ 24.081102] ? __virt_addr_valid+0x1db/0x2d0 [ 24.081125] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 24.081150] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.081176] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 24.081201] kasan_report+0x141/0x180 [ 24.081222] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 24.081252] kasan_check_range+0x10c/0x1c0 [ 24.081274] __kasan_check_write+0x18/0x20 [ 24.081296] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 24.081320] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.081353] kasan_bitops_generic+0x121/0x1c0 [ 24.081375] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.081397] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.081423] kunit_try_run_case+0x1a5/0x480 [ 24.081449] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.081469] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.081490] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.081514] ? __kthread_parkme+0x82/0x180 [ 24.081534] ? preempt_count_sub+0x50/0x80 [ 24.081557] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.081580] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.081602] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.081624] kthread+0x337/0x6f0 [ 24.081643] ? trace_preempt_on+0x20/0xc0 [ 24.081665] ? __pfx_kthread+0x10/0x10 [ 24.081687] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.081709] ? calculate_sigpending+0x7b/0xa0 [ 24.081732] ? __pfx_kthread+0x10/0x10 [ 24.081751] ret_from_fork+0x116/0x1d0 [ 24.081770] ? __pfx_kthread+0x10/0x10 [ 24.081789] ret_from_fork_asm+0x1a/0x30 [ 24.081969] </TASK> [ 24.081986] [ 24.092160] Allocated by task 290: [ 24.092532] kasan_save_stack+0x45/0x70 [ 24.092739] kasan_save_track+0x18/0x40 [ 24.093087] kasan_save_alloc_info+0x3b/0x50 [ 24.093465] __kasan_kmalloc+0xb7/0xc0 [ 24.093618] __kmalloc_cache_noprof+0x189/0x420 [ 24.094115] kasan_bitops_generic+0x92/0x1c0 [ 24.094309] kunit_try_run_case+0x1a5/0x480 [ 24.094497] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.094725] kthread+0x337/0x6f0 [ 24.094864] ret_from_fork+0x116/0x1d0 [ 24.095301] ret_from_fork_asm+0x1a/0x30 [ 24.095459] [ 24.095543] The buggy address belongs to the object at ffff888102797f40 [ 24.095543] which belongs to the cache kmalloc-16 of size 16 [ 24.096323] The buggy address is located 8 bytes inside of [ 24.096323] allocated 9-byte region [ffff888102797f40, ffff888102797f49) [ 24.097038] [ 24.097290] The buggy address belongs to the physical page: [ 24.097523] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102797 [ 24.098199] flags: 0x200000000000000(node=0|zone=2) [ 24.098413] page_type: f5(slab) [ 24.098563] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.099149] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.099460] page dumped because: kasan: bad access detected [ 24.099690] [ 24.099762] Memory state around the buggy address: [ 24.099989] ffff888102797e00: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.100653] ffff888102797e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.101137] >ffff888102797f00: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 24.101446] ^ [ 24.101672] ffff888102797f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.101966] ffff888102798000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.102273] ================================================================== [ 24.140153] ================================================================== [ 24.140475] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 24.141045] Write of size 8 at addr ffff888102797f48 by task kunit_try_catch/290 [ 24.141360] [ 24.141466] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.141514] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.141527] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.141549] Call Trace: [ 24.141568] <TASK> [ 24.141585] dump_stack_lvl+0x73/0xb0 [ 24.141612] print_report+0xd1/0x650 [ 24.141633] ? __virt_addr_valid+0x1db/0x2d0 [ 24.141655] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 24.141680] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.141705] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 24.141730] kasan_report+0x141/0x180 [ 24.141750] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 24.141780] kasan_check_range+0x10c/0x1c0 [ 24.141801] __kasan_check_write+0x18/0x20 [ 24.141821] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 24.141847] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.141880] kasan_bitops_generic+0x121/0x1c0 [ 24.141903] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.141925] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.141964] kunit_try_run_case+0x1a5/0x480 [ 24.141988] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.142013] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.142033] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.142057] ? __kthread_parkme+0x82/0x180 [ 24.142078] ? preempt_count_sub+0x50/0x80 [ 24.142100] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.142123] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.142145] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.142168] kthread+0x337/0x6f0 [ 24.142217] ? trace_preempt_on+0x20/0xc0 [ 24.142241] ? __pfx_kthread+0x10/0x10 [ 24.142261] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.142284] ? calculate_sigpending+0x7b/0xa0 [ 24.142307] ? __pfx_kthread+0x10/0x10 [ 24.142328] ret_from_fork+0x116/0x1d0 [ 24.142347] ? __pfx_kthread+0x10/0x10 [ 24.142366] ret_from_fork_asm+0x1a/0x30 [ 24.142395] </TASK> [ 24.142406] [ 24.150348] Allocated by task 290: [ 24.150544] kasan_save_stack+0x45/0x70 [ 24.150762] kasan_save_track+0x18/0x40 [ 24.150889] kasan_save_alloc_info+0x3b/0x50 [ 24.151090] __kasan_kmalloc+0xb7/0xc0 [ 24.151274] __kmalloc_cache_noprof+0x189/0x420 [ 24.151606] kasan_bitops_generic+0x92/0x1c0 [ 24.151783] kunit_try_run_case+0x1a5/0x480 [ 24.152075] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.152369] kthread+0x337/0x6f0 [ 24.152482] ret_from_fork+0x116/0x1d0 [ 24.152626] ret_from_fork_asm+0x1a/0x30 [ 24.152810] [ 24.152895] The buggy address belongs to the object at ffff888102797f40 [ 24.152895] which belongs to the cache kmalloc-16 of size 16 [ 24.153318] The buggy address is located 8 bytes inside of [ 24.153318] allocated 9-byte region [ffff888102797f40, ffff888102797f49) [ 24.154085] [ 24.154287] The buggy address belongs to the physical page: [ 24.154562] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102797 [ 24.154791] flags: 0x200000000000000(node=0|zone=2) [ 24.155093] page_type: f5(slab) [ 24.155381] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.155693] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.156053] page dumped because: kasan: bad access detected [ 24.156278] [ 24.156346] Memory state around the buggy address: [ 24.156493] ffff888102797e00: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.156699] ffff888102797e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.156971] >ffff888102797f00: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 24.157272] ^ [ 24.157517] ffff888102797f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.158163] ffff888102798000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.158411] ================================================================== [ 24.121633] ================================================================== [ 24.122085] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 24.122427] Write of size 8 at addr ffff888102797f48 by task kunit_try_catch/290 [ 24.122718] [ 24.122826] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.122873] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.122886] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.122906] Call Trace: [ 24.122927] <TASK> [ 24.122955] dump_stack_lvl+0x73/0xb0 [ 24.122981] print_report+0xd1/0x650 [ 24.123002] ? __virt_addr_valid+0x1db/0x2d0 [ 24.123024] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 24.123050] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.123075] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 24.123100] kasan_report+0x141/0x180 [ 24.123207] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 24.123244] kasan_check_range+0x10c/0x1c0 [ 24.123267] __kasan_check_write+0x18/0x20 [ 24.123288] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 24.123313] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.123345] kasan_bitops_generic+0x121/0x1c0 [ 24.123367] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.123389] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.123415] kunit_try_run_case+0x1a5/0x480 [ 24.123439] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.123461] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.123481] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.123505] ? __kthread_parkme+0x82/0x180 [ 24.123525] ? preempt_count_sub+0x50/0x80 [ 24.123547] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.123570] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.123592] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.123614] kthread+0x337/0x6f0 [ 24.123633] ? trace_preempt_on+0x20/0xc0 [ 24.123656] ? __pfx_kthread+0x10/0x10 [ 24.123675] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.123696] ? calculate_sigpending+0x7b/0xa0 [ 24.123719] ? __pfx_kthread+0x10/0x10 [ 24.123739] ret_from_fork+0x116/0x1d0 [ 24.123757] ? __pfx_kthread+0x10/0x10 [ 24.123776] ret_from_fork_asm+0x1a/0x30 [ 24.123805] </TASK> [ 24.123854] [ 24.131577] Allocated by task 290: [ 24.131706] kasan_save_stack+0x45/0x70 [ 24.131868] kasan_save_track+0x18/0x40 [ 24.132057] kasan_save_alloc_info+0x3b/0x50 [ 24.132357] __kasan_kmalloc+0xb7/0xc0 [ 24.132582] __kmalloc_cache_noprof+0x189/0x420 [ 24.132782] kasan_bitops_generic+0x92/0x1c0 [ 24.133003] kunit_try_run_case+0x1a5/0x480 [ 24.133377] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.133602] kthread+0x337/0x6f0 [ 24.133749] ret_from_fork+0x116/0x1d0 [ 24.133977] ret_from_fork_asm+0x1a/0x30 [ 24.134180] [ 24.134246] The buggy address belongs to the object at ffff888102797f40 [ 24.134246] which belongs to the cache kmalloc-16 of size 16 [ 24.134701] The buggy address is located 8 bytes inside of [ 24.134701] allocated 9-byte region [ffff888102797f40, ffff888102797f49) [ 24.135046] [ 24.135110] The buggy address belongs to the physical page: [ 24.135274] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102797 [ 24.135503] flags: 0x200000000000000(node=0|zone=2) [ 24.135687] page_type: f5(slab) [ 24.135847] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.136345] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.137105] page dumped because: kasan: bad access detected [ 24.137328] [ 24.137392] Memory state around the buggy address: [ 24.137540] ffff888102797e00: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.137746] ffff888102797e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.138301] >ffff888102797f00: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 24.138610] ^ [ 24.138951] ffff888102797f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.139404] ffff888102798000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.139681] ================================================================== [ 24.054686] ================================================================== [ 24.054967] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 24.055505] Write of size 8 at addr ffff888102797f48 by task kunit_try_catch/290 [ 24.056203] [ 24.056453] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.056507] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.056520] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.056601] Call Trace: [ 24.056675] <TASK> [ 24.056697] dump_stack_lvl+0x73/0xb0 [ 24.056727] print_report+0xd1/0x650 [ 24.056748] ? __virt_addr_valid+0x1db/0x2d0 [ 24.056772] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 24.056797] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.056893] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 24.056918] kasan_report+0x141/0x180 [ 24.056953] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 24.056982] kasan_check_range+0x10c/0x1c0 [ 24.057003] __kasan_check_write+0x18/0x20 [ 24.057026] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 24.057052] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.057084] kasan_bitops_generic+0x121/0x1c0 [ 24.057106] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.057128] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.057154] kunit_try_run_case+0x1a5/0x480 [ 24.057179] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.057200] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.057220] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.057245] ? __kthread_parkme+0x82/0x180 [ 24.057266] ? preempt_count_sub+0x50/0x80 [ 24.057287] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.057310] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.057332] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.057355] kthread+0x337/0x6f0 [ 24.057373] ? trace_preempt_on+0x20/0xc0 [ 24.057396] ? __pfx_kthread+0x10/0x10 [ 24.057415] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.057437] ? calculate_sigpending+0x7b/0xa0 [ 24.057459] ? __pfx_kthread+0x10/0x10 [ 24.057479] ret_from_fork+0x116/0x1d0 [ 24.057499] ? __pfx_kthread+0x10/0x10 [ 24.057518] ret_from_fork_asm+0x1a/0x30 [ 24.057548] </TASK> [ 24.057558] [ 24.067729] Allocated by task 290: [ 24.067890] kasan_save_stack+0x45/0x70 [ 24.068405] kasan_save_track+0x18/0x40 [ 24.068580] kasan_save_alloc_info+0x3b/0x50 [ 24.068893] __kasan_kmalloc+0xb7/0xc0 [ 24.069073] __kmalloc_cache_noprof+0x189/0x420 [ 24.069526] kasan_bitops_generic+0x92/0x1c0 [ 24.069764] kunit_try_run_case+0x1a5/0x480 [ 24.070129] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.070569] kthread+0x337/0x6f0 [ 24.070899] ret_from_fork+0x116/0x1d0 [ 24.071098] ret_from_fork_asm+0x1a/0x30 [ 24.071433] [ 24.071530] The buggy address belongs to the object at ffff888102797f40 [ 24.071530] which belongs to the cache kmalloc-16 of size 16 [ 24.072277] The buggy address is located 8 bytes inside of [ 24.072277] allocated 9-byte region [ffff888102797f40, ffff888102797f49) [ 24.072832] [ 24.072924] The buggy address belongs to the physical page: [ 24.073454] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102797 [ 24.073780] flags: 0x200000000000000(node=0|zone=2) [ 24.074249] page_type: f5(slab) [ 24.074388] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.074713] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.075328] page dumped because: kasan: bad access detected [ 24.075558] [ 24.075783] Memory state around the buggy address: [ 24.076114] ffff888102797e00: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.076374] ffff888102797e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.076678] >ffff888102797f00: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 24.077264] ^ [ 24.077482] ffff888102797f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.078006] ffff888102798000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.078323] ================================================================== [ 24.029459] ================================================================== [ 24.029758] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 24.030220] Write of size 8 at addr ffff888102797f48 by task kunit_try_catch/290 [ 24.030540] [ 24.030637] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 24.030687] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.030699] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.030721] Call Trace: [ 24.030741] <TASK> [ 24.030759] dump_stack_lvl+0x73/0xb0 [ 24.030787] print_report+0xd1/0x650 [ 24.030808] ? __virt_addr_valid+0x1db/0x2d0 [ 24.030927] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 24.030967] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.030991] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 24.031017] kasan_report+0x141/0x180 [ 24.031038] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 24.031067] kasan_check_range+0x10c/0x1c0 [ 24.031089] __kasan_check_write+0x18/0x20 [ 24.031110] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 24.031135] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.031168] kasan_bitops_generic+0x121/0x1c0 [ 24.031189] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.031211] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.031236] kunit_try_run_case+0x1a5/0x480 [ 24.031260] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.031282] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.031303] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.031327] ? __kthread_parkme+0x82/0x180 [ 24.031347] ? preempt_count_sub+0x50/0x80 [ 24.031370] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.031393] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.031415] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.031437] kthread+0x337/0x6f0 [ 24.031456] ? trace_preempt_on+0x20/0xc0 [ 24.031479] ? __pfx_kthread+0x10/0x10 [ 24.031498] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.031519] ? calculate_sigpending+0x7b/0xa0 [ 24.031542] ? __pfx_kthread+0x10/0x10 [ 24.031563] ret_from_fork+0x116/0x1d0 [ 24.031581] ? __pfx_kthread+0x10/0x10 [ 24.031600] ret_from_fork_asm+0x1a/0x30 [ 24.031628] </TASK> [ 24.031639] [ 24.042283] Allocated by task 290: [ 24.042972] kasan_save_stack+0x45/0x70 [ 24.043349] kasan_save_track+0x18/0x40 [ 24.043522] kasan_save_alloc_info+0x3b/0x50 [ 24.043715] __kasan_kmalloc+0xb7/0xc0 [ 24.044296] __kmalloc_cache_noprof+0x189/0x420 [ 24.044680] kasan_bitops_generic+0x92/0x1c0 [ 24.045049] kunit_try_run_case+0x1a5/0x480 [ 24.045315] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.045552] kthread+0x337/0x6f0 [ 24.045701] ret_from_fork+0x116/0x1d0 [ 24.045858] ret_from_fork_asm+0x1a/0x30 [ 24.046485] [ 24.046562] The buggy address belongs to the object at ffff888102797f40 [ 24.046562] which belongs to the cache kmalloc-16 of size 16 [ 24.047053] The buggy address is located 8 bytes inside of [ 24.047053] allocated 9-byte region [ffff888102797f40, ffff888102797f49) [ 24.048025] [ 24.048112] The buggy address belongs to the physical page: [ 24.048549] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102797 [ 24.049063] flags: 0x200000000000000(node=0|zone=2) [ 24.049389] page_type: f5(slab) [ 24.049544] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.050231] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.050670] page dumped because: kasan: bad access detected [ 24.051083] [ 24.051167] Memory state around the buggy address: [ 24.051471] ffff888102797e00: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.051779] ffff888102797e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.052402] >ffff888102797f00: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 24.052805] ^ [ 24.053236] ffff888102797f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.053526] ffff888102798000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.053811] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 23.980318] ================================================================== [ 23.980679] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 23.981101] Write of size 8 at addr ffff888102797f48 by task kunit_try_catch/290 [ 23.981365] [ 23.981473] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 23.981522] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.981534] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.981556] Call Trace: [ 23.981575] <TASK> [ 23.981594] dump_stack_lvl+0x73/0xb0 [ 23.981620] print_report+0xd1/0x650 [ 23.981640] ? __virt_addr_valid+0x1db/0x2d0 [ 23.981664] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 23.981688] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.981712] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 23.981736] kasan_report+0x141/0x180 [ 23.981756] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 23.981783] kasan_check_range+0x10c/0x1c0 [ 23.981805] __kasan_check_write+0x18/0x20 [ 23.981826] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 23.981850] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 23.981874] ? __kmalloc_cache_noprof+0x189/0x420 [ 23.981897] ? kasan_bitops_generic+0x92/0x1c0 [ 23.981922] kasan_bitops_generic+0x116/0x1c0 [ 23.981954] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 23.981976] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 23.982002] kunit_try_run_case+0x1a5/0x480 [ 23.982028] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.982048] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.982069] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.982093] ? __kthread_parkme+0x82/0x180 [ 23.982112] ? preempt_count_sub+0x50/0x80 [ 23.982134] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.982157] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.982178] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.982200] kthread+0x337/0x6f0 [ 23.982219] ? trace_preempt_on+0x20/0xc0 [ 23.982241] ? __pfx_kthread+0x10/0x10 [ 23.982260] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.982282] ? calculate_sigpending+0x7b/0xa0 [ 23.982330] ? __pfx_kthread+0x10/0x10 [ 23.982351] ret_from_fork+0x116/0x1d0 [ 23.982370] ? __pfx_kthread+0x10/0x10 [ 23.982389] ret_from_fork_asm+0x1a/0x30 [ 23.982419] </TASK> [ 23.982429] [ 23.990437] Allocated by task 290: [ 23.990640] kasan_save_stack+0x45/0x70 [ 23.990787] kasan_save_track+0x18/0x40 [ 23.991205] kasan_save_alloc_info+0x3b/0x50 [ 23.991376] __kasan_kmalloc+0xb7/0xc0 [ 23.991499] __kmalloc_cache_noprof+0x189/0x420 [ 23.991803] kasan_bitops_generic+0x92/0x1c0 [ 23.992197] kunit_try_run_case+0x1a5/0x480 [ 23.992361] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.992522] kthread+0x337/0x6f0 [ 23.992631] ret_from_fork+0x116/0x1d0 [ 23.992805] ret_from_fork_asm+0x1a/0x30 [ 23.993001] [ 23.993088] The buggy address belongs to the object at ffff888102797f40 [ 23.993088] which belongs to the cache kmalloc-16 of size 16 [ 23.993736] The buggy address is located 8 bytes inside of [ 23.993736] allocated 9-byte region [ffff888102797f40, ffff888102797f49) [ 23.994463] [ 23.994533] The buggy address belongs to the physical page: [ 23.994711] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102797 [ 23.995323] flags: 0x200000000000000(node=0|zone=2) [ 23.995892] page_type: f5(slab) [ 23.996110] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 23.996478] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.996792] page dumped because: kasan: bad access detected [ 23.997072] [ 23.997199] Memory state around the buggy address: [ 23.997364] ffff888102797e00: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.997572] ffff888102797e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.997876] >ffff888102797f00: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 23.998197] ^ [ 23.998380] ffff888102797f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.998588] ffff888102798000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.999385] ================================================================== [ 23.960810] ================================================================== [ 23.961156] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 23.961595] Write of size 8 at addr ffff888102797f48 by task kunit_try_catch/290 [ 23.961872] [ 23.961971] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 23.962018] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.962029] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.962236] Call Trace: [ 23.962289] <TASK> [ 23.962307] dump_stack_lvl+0x73/0xb0 [ 23.962335] print_report+0xd1/0x650 [ 23.962356] ? __virt_addr_valid+0x1db/0x2d0 [ 23.962377] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 23.962402] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.962426] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 23.962450] kasan_report+0x141/0x180 [ 23.962470] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 23.962498] kasan_check_range+0x10c/0x1c0 [ 23.962520] __kasan_check_write+0x18/0x20 [ 23.962541] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 23.962564] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 23.962588] ? __kmalloc_cache_noprof+0x189/0x420 [ 23.962612] ? kasan_bitops_generic+0x92/0x1c0 [ 23.962637] kasan_bitops_generic+0x116/0x1c0 [ 23.962658] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 23.962680] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 23.962706] kunit_try_run_case+0x1a5/0x480 [ 23.962730] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.962751] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.962773] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.962797] ? __kthread_parkme+0x82/0x180 [ 23.962818] ? preempt_count_sub+0x50/0x80 [ 23.962840] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.962863] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.962885] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.962908] kthread+0x337/0x6f0 [ 23.962927] ? trace_preempt_on+0x20/0xc0 [ 23.962961] ? __pfx_kthread+0x10/0x10 [ 23.962980] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.963001] ? calculate_sigpending+0x7b/0xa0 [ 23.963024] ? __pfx_kthread+0x10/0x10 [ 23.963044] ret_from_fork+0x116/0x1d0 [ 23.963062] ? __pfx_kthread+0x10/0x10 [ 23.963081] ret_from_fork_asm+0x1a/0x30 [ 23.963110] </TASK> [ 23.963193] [ 23.971118] Allocated by task 290: [ 23.971561] kasan_save_stack+0x45/0x70 [ 23.971797] kasan_save_track+0x18/0x40 [ 23.972014] kasan_save_alloc_info+0x3b/0x50 [ 23.972283] __kasan_kmalloc+0xb7/0xc0 [ 23.972418] __kmalloc_cache_noprof+0x189/0x420 [ 23.972565] kasan_bitops_generic+0x92/0x1c0 [ 23.972738] kunit_try_run_case+0x1a5/0x480 [ 23.973118] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.973432] kthread+0x337/0x6f0 [ 23.973614] ret_from_fork+0x116/0x1d0 [ 23.973769] ret_from_fork_asm+0x1a/0x30 [ 23.974008] [ 23.974103] The buggy address belongs to the object at ffff888102797f40 [ 23.974103] which belongs to the cache kmalloc-16 of size 16 [ 23.974532] The buggy address is located 8 bytes inside of [ 23.974532] allocated 9-byte region [ffff888102797f40, ffff888102797f49) [ 23.975270] [ 23.975376] The buggy address belongs to the physical page: [ 23.975537] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102797 [ 23.975761] flags: 0x200000000000000(node=0|zone=2) [ 23.976010] page_type: f5(slab) [ 23.976174] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 23.976614] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.977147] page dumped because: kasan: bad access detected [ 23.977318] [ 23.977379] Memory state around the buggy address: [ 23.977547] ffff888102797e00: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.977997] ffff888102797e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.978330] >ffff888102797f00: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 23.978528] ^ [ 23.978750] ffff888102797f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.979567] ffff888102798000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.979926] ================================================================== [ 23.858674] ================================================================== [ 23.858923] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 23.859588] Write of size 8 at addr ffff888102797f48 by task kunit_try_catch/290 [ 23.860061] [ 23.860219] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 23.860303] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.860317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.860350] Call Trace: [ 23.860363] <TASK> [ 23.860392] dump_stack_lvl+0x73/0xb0 [ 23.860420] print_report+0xd1/0x650 [ 23.860442] ? __virt_addr_valid+0x1db/0x2d0 [ 23.860465] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 23.860490] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.860515] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 23.860539] kasan_report+0x141/0x180 [ 23.860560] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 23.860587] kasan_check_range+0x10c/0x1c0 [ 23.860609] __kasan_check_write+0x18/0x20 [ 23.860630] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 23.860654] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 23.860678] ? __kmalloc_cache_noprof+0x189/0x420 [ 23.860701] ? kasan_bitops_generic+0x92/0x1c0 [ 23.860727] kasan_bitops_generic+0x116/0x1c0 [ 23.860748] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 23.860771] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 23.860797] kunit_try_run_case+0x1a5/0x480 [ 23.860822] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.860843] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.860864] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.860972] ? __kthread_parkme+0x82/0x180 [ 23.860994] ? preempt_count_sub+0x50/0x80 [ 23.861017] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.861041] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.861063] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.861086] kthread+0x337/0x6f0 [ 23.861105] ? trace_preempt_on+0x20/0xc0 [ 23.861128] ? __pfx_kthread+0x10/0x10 [ 23.861158] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.861180] ? calculate_sigpending+0x7b/0xa0 [ 23.861203] ? __pfx_kthread+0x10/0x10 [ 23.861223] ret_from_fork+0x116/0x1d0 [ 23.861242] ? __pfx_kthread+0x10/0x10 [ 23.861261] ret_from_fork_asm+0x1a/0x30 [ 23.861289] </TASK> [ 23.861300] [ 23.870047] Allocated by task 290: [ 23.870192] kasan_save_stack+0x45/0x70 [ 23.870605] kasan_save_track+0x18/0x40 [ 23.870915] kasan_save_alloc_info+0x3b/0x50 [ 23.871558] __kasan_kmalloc+0xb7/0xc0 [ 23.871728] __kmalloc_cache_noprof+0x189/0x420 [ 23.871980] kasan_bitops_generic+0x92/0x1c0 [ 23.872120] kunit_try_run_case+0x1a5/0x480 [ 23.872399] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.872677] kthread+0x337/0x6f0 [ 23.872792] ret_from_fork+0x116/0x1d0 [ 23.872916] ret_from_fork_asm+0x1a/0x30 [ 23.873114] [ 23.873201] The buggy address belongs to the object at ffff888102797f40 [ 23.873201] which belongs to the cache kmalloc-16 of size 16 [ 23.873656] The buggy address is located 8 bytes inside of [ 23.873656] allocated 9-byte region [ffff888102797f40, ffff888102797f49) [ 23.874497] [ 23.874579] The buggy address belongs to the physical page: [ 23.874951] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102797 [ 23.875425] flags: 0x200000000000000(node=0|zone=2) [ 23.875614] page_type: f5(slab) [ 23.875803] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 23.876219] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.876527] page dumped because: kasan: bad access detected [ 23.876762] [ 23.876904] Memory state around the buggy address: [ 23.877076] ffff888102797e00: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.877287] ffff888102797e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.878044] >ffff888102797f00: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 23.878335] ^ [ 23.878499] ffff888102797f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.879029] ffff888102798000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.879539] ================================================================== [ 23.880042] ================================================================== [ 23.880364] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 23.880650] Write of size 8 at addr ffff888102797f48 by task kunit_try_catch/290 [ 23.881136] [ 23.881253] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 23.881322] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.881334] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.881356] Call Trace: [ 23.881375] <TASK> [ 23.881394] dump_stack_lvl+0x73/0xb0 [ 23.881420] print_report+0xd1/0x650 [ 23.881445] ? __virt_addr_valid+0x1db/0x2d0 [ 23.881487] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 23.881511] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.881535] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 23.881561] kasan_report+0x141/0x180 [ 23.881581] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 23.881610] kasan_check_range+0x10c/0x1c0 [ 23.881648] __kasan_check_write+0x18/0x20 [ 23.881670] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 23.881693] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 23.881718] ? __kmalloc_cache_noprof+0x189/0x420 [ 23.881742] ? kasan_bitops_generic+0x92/0x1c0 [ 23.881767] kasan_bitops_generic+0x116/0x1c0 [ 23.881788] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 23.881859] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 23.881889] kunit_try_run_case+0x1a5/0x480 [ 23.881915] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.881948] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.881969] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.881993] ? __kthread_parkme+0x82/0x180 [ 23.882013] ? preempt_count_sub+0x50/0x80 [ 23.882036] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.882058] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.882103] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.882133] kthread+0x337/0x6f0 [ 23.882152] ? trace_preempt_on+0x20/0xc0 [ 23.882176] ? __pfx_kthread+0x10/0x10 [ 23.882196] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.882218] ? calculate_sigpending+0x7b/0xa0 [ 23.882240] ? __pfx_kthread+0x10/0x10 [ 23.882260] ret_from_fork+0x116/0x1d0 [ 23.882280] ? __pfx_kthread+0x10/0x10 [ 23.882299] ret_from_fork_asm+0x1a/0x30 [ 23.882329] </TASK> [ 23.882339] [ 23.891035] Allocated by task 290: [ 23.891272] kasan_save_stack+0x45/0x70 [ 23.891458] kasan_save_track+0x18/0x40 [ 23.891586] kasan_save_alloc_info+0x3b/0x50 [ 23.891734] __kasan_kmalloc+0xb7/0xc0 [ 23.891913] __kmalloc_cache_noprof+0x189/0x420 [ 23.892462] kasan_bitops_generic+0x92/0x1c0 [ 23.892671] kunit_try_run_case+0x1a5/0x480 [ 23.892928] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.893341] kthread+0x337/0x6f0 [ 23.893518] ret_from_fork+0x116/0x1d0 [ 23.893670] ret_from_fork_asm+0x1a/0x30 [ 23.893802] [ 23.893867] The buggy address belongs to the object at ffff888102797f40 [ 23.893867] which belongs to the cache kmalloc-16 of size 16 [ 23.894530] The buggy address is located 8 bytes inside of [ 23.894530] allocated 9-byte region [ffff888102797f40, ffff888102797f49) [ 23.895091] [ 23.895264] The buggy address belongs to the physical page: [ 23.895511] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102797 [ 23.896172] flags: 0x200000000000000(node=0|zone=2) [ 23.896349] page_type: f5(slab) [ 23.896467] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 23.896890] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.897399] page dumped because: kasan: bad access detected [ 23.897645] [ 23.897709] Memory state around the buggy address: [ 23.897885] ffff888102797e00: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.898331] ffff888102797e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.898684] >ffff888102797f00: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 23.899061] ^ [ 23.899324] ffff888102797f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.899561] ffff888102798000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.899974] ================================================================== [ 23.921038] ================================================================== [ 23.921582] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 23.922119] Write of size 8 at addr ffff888102797f48 by task kunit_try_catch/290 [ 23.922427] [ 23.922513] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 23.922563] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.922575] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.922597] Call Trace: [ 23.922618] <TASK> [ 23.922638] dump_stack_lvl+0x73/0xb0 [ 23.922690] print_report+0xd1/0x650 [ 23.922712] ? __virt_addr_valid+0x1db/0x2d0 [ 23.922735] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 23.922759] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.922800] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 23.922824] kasan_report+0x141/0x180 [ 23.922844] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 23.922872] kasan_check_range+0x10c/0x1c0 [ 23.922894] __kasan_check_write+0x18/0x20 [ 23.922916] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 23.923138] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 23.923174] ? __kmalloc_cache_noprof+0x189/0x420 [ 23.923198] ? kasan_bitops_generic+0x92/0x1c0 [ 23.923223] kasan_bitops_generic+0x116/0x1c0 [ 23.923244] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 23.923267] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 23.923365] kunit_try_run_case+0x1a5/0x480 [ 23.923392] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.923413] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.923434] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.923476] ? __kthread_parkme+0x82/0x180 [ 23.923497] ? preempt_count_sub+0x50/0x80 [ 23.923520] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.923542] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.923564] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.923587] kthread+0x337/0x6f0 [ 23.923606] ? trace_preempt_on+0x20/0xc0 [ 23.923630] ? __pfx_kthread+0x10/0x10 [ 23.923650] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.923672] ? calculate_sigpending+0x7b/0xa0 [ 23.923694] ? __pfx_kthread+0x10/0x10 [ 23.923714] ret_from_fork+0x116/0x1d0 [ 23.923732] ? __pfx_kthread+0x10/0x10 [ 23.923751] ret_from_fork_asm+0x1a/0x30 [ 23.923780] </TASK> [ 23.923792] [ 23.932060] Allocated by task 290: [ 23.932205] kasan_save_stack+0x45/0x70 [ 23.932436] kasan_save_track+0x18/0x40 [ 23.932622] kasan_save_alloc_info+0x3b/0x50 [ 23.932818] __kasan_kmalloc+0xb7/0xc0 [ 23.933262] __kmalloc_cache_noprof+0x189/0x420 [ 23.933450] kasan_bitops_generic+0x92/0x1c0 [ 23.933592] kunit_try_run_case+0x1a5/0x480 [ 23.933729] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.934048] kthread+0x337/0x6f0 [ 23.934366] ret_from_fork+0x116/0x1d0 [ 23.934546] ret_from_fork_asm+0x1a/0x30 [ 23.934731] [ 23.934855] The buggy address belongs to the object at ffff888102797f40 [ 23.934855] which belongs to the cache kmalloc-16 of size 16 [ 23.935452] The buggy address is located 8 bytes inside of [ 23.935452] allocated 9-byte region [ffff888102797f40, ffff888102797f49) [ 23.935817] [ 23.935882] The buggy address belongs to the physical page: [ 23.936132] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102797 [ 23.936592] flags: 0x200000000000000(node=0|zone=2) [ 23.936760] page_type: f5(slab) [ 23.937039] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 23.937653] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.938100] page dumped because: kasan: bad access detected [ 23.938298] [ 23.938362] Memory state around the buggy address: [ 23.938509] ffff888102797e00: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.938722] ffff888102797e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.939133] >ffff888102797f00: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 23.939464] ^ [ 23.939953] ffff888102797f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.940546] ffff888102798000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.941022] ================================================================== [ 23.900772] ================================================================== [ 23.901083] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 23.901701] Write of size 8 at addr ffff888102797f48 by task kunit_try_catch/290 [ 23.902083] [ 23.902175] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 23.902225] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.902236] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.902257] Call Trace: [ 23.902278] <TASK> [ 23.902299] dump_stack_lvl+0x73/0xb0 [ 23.902355] print_report+0xd1/0x650 [ 23.902378] ? __virt_addr_valid+0x1db/0x2d0 [ 23.902401] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 23.902443] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.902468] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 23.902502] kasan_report+0x141/0x180 [ 23.902534] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 23.902562] kasan_check_range+0x10c/0x1c0 [ 23.902584] __kasan_check_write+0x18/0x20 [ 23.902605] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 23.902628] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 23.902652] ? __kmalloc_cache_noprof+0x189/0x420 [ 23.902676] ? kasan_bitops_generic+0x92/0x1c0 [ 23.902701] kasan_bitops_generic+0x116/0x1c0 [ 23.902722] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 23.902744] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 23.902771] kunit_try_run_case+0x1a5/0x480 [ 23.902796] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.902817] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.902838] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.902863] ? __kthread_parkme+0x82/0x180 [ 23.902883] ? preempt_count_sub+0x50/0x80 [ 23.902905] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.902928] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.902962] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.902984] kthread+0x337/0x6f0 [ 23.903003] ? trace_preempt_on+0x20/0xc0 [ 23.903027] ? __pfx_kthread+0x10/0x10 [ 23.903046] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.903068] ? calculate_sigpending+0x7b/0xa0 [ 23.903092] ? __pfx_kthread+0x10/0x10 [ 23.903112] ret_from_fork+0x116/0x1d0 [ 23.903131] ? __pfx_kthread+0x10/0x10 [ 23.903149] ret_from_fork_asm+0x1a/0x30 [ 23.903179] </TASK> [ 23.903190] [ 23.911871] Allocated by task 290: [ 23.912086] kasan_save_stack+0x45/0x70 [ 23.912305] kasan_save_track+0x18/0x40 [ 23.912517] kasan_save_alloc_info+0x3b/0x50 [ 23.912723] __kasan_kmalloc+0xb7/0xc0 [ 23.912950] __kmalloc_cache_noprof+0x189/0x420 [ 23.913204] kasan_bitops_generic+0x92/0x1c0 [ 23.913405] kunit_try_run_case+0x1a5/0x480 [ 23.913581] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.913948] kthread+0x337/0x6f0 [ 23.914114] ret_from_fork+0x116/0x1d0 [ 23.914268] ret_from_fork_asm+0x1a/0x30 [ 23.914399] [ 23.914462] The buggy address belongs to the object at ffff888102797f40 [ 23.914462] which belongs to the cache kmalloc-16 of size 16 [ 23.915022] The buggy address is located 8 bytes inside of [ 23.915022] allocated 9-byte region [ffff888102797f40, ffff888102797f49) [ 23.915676] [ 23.915766] The buggy address belongs to the physical page: [ 23.916112] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102797 [ 23.916445] flags: 0x200000000000000(node=0|zone=2) [ 23.916604] page_type: f5(slab) [ 23.916719] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 23.917444] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.917983] page dumped because: kasan: bad access detected [ 23.918258] [ 23.918362] Memory state around the buggy address: [ 23.918540] ffff888102797e00: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.918799] ffff888102797e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.919358] >ffff888102797f00: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 23.919647] ^ [ 23.919898] ffff888102797f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.920139] ffff888102798000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.920561] ================================================================== [ 23.836042] ================================================================== [ 23.836592] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 23.836970] Write of size 8 at addr ffff888102797f48 by task kunit_try_catch/290 [ 23.837274] [ 23.837360] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 23.837415] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.837427] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.837449] Call Trace: [ 23.837462] <TASK> [ 23.837480] dump_stack_lvl+0x73/0xb0 [ 23.837533] print_report+0xd1/0x650 [ 23.837555] ? __virt_addr_valid+0x1db/0x2d0 [ 23.837802] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 23.837831] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.837856] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 23.837880] kasan_report+0x141/0x180 [ 23.837900] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 23.837928] kasan_check_range+0x10c/0x1c0 [ 23.837961] __kasan_check_write+0x18/0x20 [ 23.837983] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 23.838007] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 23.838031] ? __kmalloc_cache_noprof+0x189/0x420 [ 23.838056] ? kasan_bitops_generic+0x92/0x1c0 [ 23.838081] kasan_bitops_generic+0x116/0x1c0 [ 23.838103] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 23.838127] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 23.838153] kunit_try_run_case+0x1a5/0x480 [ 23.838178] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.838200] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.838221] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.838246] ? __kthread_parkme+0x82/0x180 [ 23.838267] ? preempt_count_sub+0x50/0x80 [ 23.838289] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.838312] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.838343] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.838366] kthread+0x337/0x6f0 [ 23.838384] ? trace_preempt_on+0x20/0xc0 [ 23.838406] ? __pfx_kthread+0x10/0x10 [ 23.838425] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.838448] ? calculate_sigpending+0x7b/0xa0 [ 23.838471] ? __pfx_kthread+0x10/0x10 [ 23.838491] ret_from_fork+0x116/0x1d0 [ 23.838510] ? __pfx_kthread+0x10/0x10 [ 23.838529] ret_from_fork_asm+0x1a/0x30 [ 23.838558] </TASK> [ 23.838568] [ 23.848854] Allocated by task 290: [ 23.849455] kasan_save_stack+0x45/0x70 [ 23.849611] kasan_save_track+0x18/0x40 [ 23.849800] kasan_save_alloc_info+0x3b/0x50 [ 23.850194] __kasan_kmalloc+0xb7/0xc0 [ 23.850359] __kmalloc_cache_noprof+0x189/0x420 [ 23.850511] kasan_bitops_generic+0x92/0x1c0 [ 23.850713] kunit_try_run_case+0x1a5/0x480 [ 23.850987] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.851314] kthread+0x337/0x6f0 [ 23.851433] ret_from_fork+0x116/0x1d0 [ 23.851556] ret_from_fork_asm+0x1a/0x30 [ 23.851744] [ 23.851833] The buggy address belongs to the object at ffff888102797f40 [ 23.851833] which belongs to the cache kmalloc-16 of size 16 [ 23.852543] The buggy address is located 8 bytes inside of [ 23.852543] allocated 9-byte region [ffff888102797f40, ffff888102797f49) [ 23.852994] [ 23.853063] The buggy address belongs to the physical page: [ 23.853524] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102797 [ 23.853926] flags: 0x200000000000000(node=0|zone=2) [ 23.854322] page_type: f5(slab) [ 23.854470] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 23.854814] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.855156] page dumped because: kasan: bad access detected [ 23.855440] [ 23.855523] Memory state around the buggy address: [ 23.855757] ffff888102797e00: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.856073] ffff888102797e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.856457] >ffff888102797f00: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 23.856751] ^ [ 23.857267] ffff888102797f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.857509] ffff888102798000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.857986] ================================================================== [ 23.941444] ================================================================== [ 23.941796] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 23.942126] Write of size 8 at addr ffff888102797f48 by task kunit_try_catch/290 [ 23.942467] [ 23.942685] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 23.942738] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.942750] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.942772] Call Trace: [ 23.942855] <TASK> [ 23.942879] dump_stack_lvl+0x73/0xb0 [ 23.942907] print_report+0xd1/0x650 [ 23.942927] ? __virt_addr_valid+0x1db/0x2d0 [ 23.942963] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 23.942987] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.943013] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 23.943036] kasan_report+0x141/0x180 [ 23.943057] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 23.943084] kasan_check_range+0x10c/0x1c0 [ 23.943106] __kasan_check_write+0x18/0x20 [ 23.943129] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 23.943152] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 23.943177] ? __kmalloc_cache_noprof+0x189/0x420 [ 23.943200] ? kasan_bitops_generic+0x92/0x1c0 [ 23.943225] kasan_bitops_generic+0x116/0x1c0 [ 23.943247] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 23.943269] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 23.943295] kunit_try_run_case+0x1a5/0x480 [ 23.943321] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.943343] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.943363] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.943387] ? __kthread_parkme+0x82/0x180 [ 23.943407] ? preempt_count_sub+0x50/0x80 [ 23.943429] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.943452] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.943474] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.943496] kthread+0x337/0x6f0 [ 23.943515] ? trace_preempt_on+0x20/0xc0 [ 23.943538] ? __pfx_kthread+0x10/0x10 [ 23.943557] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.943578] ? calculate_sigpending+0x7b/0xa0 [ 23.943602] ? __pfx_kthread+0x10/0x10 [ 23.943625] ret_from_fork+0x116/0x1d0 [ 23.943644] ? __pfx_kthread+0x10/0x10 [ 23.943664] ret_from_fork_asm+0x1a/0x30 [ 23.943694] </TASK> [ 23.943704] [ 23.951704] Allocated by task 290: [ 23.951830] kasan_save_stack+0x45/0x70 [ 23.952050] kasan_save_track+0x18/0x40 [ 23.952231] kasan_save_alloc_info+0x3b/0x50 [ 23.952442] __kasan_kmalloc+0xb7/0xc0 [ 23.952681] __kmalloc_cache_noprof+0x189/0x420 [ 23.953058] kasan_bitops_generic+0x92/0x1c0 [ 23.953291] kunit_try_run_case+0x1a5/0x480 [ 23.953539] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.953710] kthread+0x337/0x6f0 [ 23.953994] ret_from_fork+0x116/0x1d0 [ 23.954282] ret_from_fork_asm+0x1a/0x30 [ 23.954608] [ 23.954675] The buggy address belongs to the object at ffff888102797f40 [ 23.954675] which belongs to the cache kmalloc-16 of size 16 [ 23.955190] The buggy address is located 8 bytes inside of [ 23.955190] allocated 9-byte region [ffff888102797f40, ffff888102797f49) [ 23.955715] [ 23.955780] The buggy address belongs to the physical page: [ 23.955950] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102797 [ 23.956515] flags: 0x200000000000000(node=0|zone=2) [ 23.956735] page_type: f5(slab) [ 23.956893] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 23.957402] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.957625] page dumped because: kasan: bad access detected [ 23.957976] [ 23.958097] Memory state around the buggy address: [ 23.958543] ffff888102797e00: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.958844] ffff888102797e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.959279] >ffff888102797f00: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 23.959581] ^ [ 23.959801] ffff888102797f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.960155] ffff888102798000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.960370] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 23.810074] ================================================================== [ 23.811040] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80 [ 23.811274] Read of size 1 at addr ffff888102596f90 by task kunit_try_catch/288 [ 23.811580] [ 23.811664] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 23.811713] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.811726] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.811748] Call Trace: [ 23.811767] <TASK> [ 23.811786] dump_stack_lvl+0x73/0xb0 [ 23.811810] print_report+0xd1/0x650 [ 23.811831] ? __virt_addr_valid+0x1db/0x2d0 [ 23.811854] ? strnlen+0x73/0x80 [ 23.811873] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.811897] ? strnlen+0x73/0x80 [ 23.811917] kasan_report+0x141/0x180 [ 23.811952] ? strnlen+0x73/0x80 [ 23.812015] __asan_report_load1_noabort+0x18/0x20 [ 23.812041] strnlen+0x73/0x80 [ 23.812061] kasan_strings+0x615/0xe80 [ 23.812080] ? trace_hardirqs_on+0x37/0xe0 [ 23.812102] ? __pfx_kasan_strings+0x10/0x10 [ 23.812121] ? finish_task_switch.isra.0+0x153/0x700 [ 23.812143] ? __switch_to+0x47/0xf50 [ 23.812167] ? __schedule+0x10cc/0x2b60 [ 23.812192] ? __pfx_read_tsc+0x10/0x10 [ 23.812245] ? ktime_get_ts64+0x86/0x230 [ 23.812269] kunit_try_run_case+0x1a5/0x480 [ 23.812295] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.812317] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.812344] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.812369] ? __kthread_parkme+0x82/0x180 [ 23.812390] ? preempt_count_sub+0x50/0x80 [ 23.812411] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.812435] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.812467] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.812490] kthread+0x337/0x6f0 [ 23.812508] ? trace_preempt_on+0x20/0xc0 [ 23.812529] ? __pfx_kthread+0x10/0x10 [ 23.812548] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.812570] ? calculate_sigpending+0x7b/0xa0 [ 23.812592] ? __pfx_kthread+0x10/0x10 [ 23.812613] ret_from_fork+0x116/0x1d0 [ 23.812630] ? __pfx_kthread+0x10/0x10 [ 23.812649] ret_from_fork_asm+0x1a/0x30 [ 23.812678] </TASK> [ 23.812688] [ 23.820497] Allocated by task 288: [ 23.820639] kasan_save_stack+0x45/0x70 [ 23.820883] kasan_save_track+0x18/0x40 [ 23.821080] kasan_save_alloc_info+0x3b/0x50 [ 23.821302] __kasan_kmalloc+0xb7/0xc0 [ 23.821476] __kmalloc_cache_noprof+0x189/0x420 [ 23.821622] kasan_strings+0xc0/0xe80 [ 23.821744] kunit_try_run_case+0x1a5/0x480 [ 23.821887] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.822137] kthread+0x337/0x6f0 [ 23.822302] ret_from_fork+0x116/0x1d0 [ 23.822485] ret_from_fork_asm+0x1a/0x30 [ 23.822765] [ 23.822900] Freed by task 288: [ 23.823065] kasan_save_stack+0x45/0x70 [ 23.823266] kasan_save_track+0x18/0x40 [ 23.823688] kasan_save_free_info+0x3f/0x60 [ 23.823916] __kasan_slab_free+0x56/0x70 [ 23.824075] kfree+0x222/0x3f0 [ 23.824224] kasan_strings+0x2aa/0xe80 [ 23.824433] kunit_try_run_case+0x1a5/0x480 [ 23.824615] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.824836] kthread+0x337/0x6f0 [ 23.824996] ret_from_fork+0x116/0x1d0 [ 23.825120] ret_from_fork_asm+0x1a/0x30 [ 23.825250] [ 23.825313] The buggy address belongs to the object at ffff888102596f80 [ 23.825313] which belongs to the cache kmalloc-32 of size 32 [ 23.825776] The buggy address is located 16 bytes inside of [ 23.825776] freed 32-byte region [ffff888102596f80, ffff888102596fa0) [ 23.826227] [ 23.826293] The buggy address belongs to the physical page: [ 23.826456] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102596 [ 23.826902] flags: 0x200000000000000(node=0|zone=2) [ 23.827258] page_type: f5(slab) [ 23.827422] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 23.827751] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 23.828108] page dumped because: kasan: bad access detected [ 23.828275] [ 23.828340] Memory state around the buggy address: [ 23.828489] ffff888102596e80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 23.828990] ffff888102596f00: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 23.829307] >ffff888102596f80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 23.829621] ^ [ 23.829956] ffff888102597000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.830252] ffff888102597080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.830764] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strlen
[ 23.788598] ================================================================== [ 23.789250] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 23.789521] Read of size 1 at addr ffff888102596f90 by task kunit_try_catch/288 [ 23.789814] [ 23.789900] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 23.789965] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.789978] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.790000] Call Trace: [ 23.790020] <TASK> [ 23.790040] dump_stack_lvl+0x73/0xb0 [ 23.790066] print_report+0xd1/0x650 [ 23.790087] ? __virt_addr_valid+0x1db/0x2d0 [ 23.790110] ? strlen+0x8f/0xb0 [ 23.790128] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.790153] ? strlen+0x8f/0xb0 [ 23.790172] kasan_report+0x141/0x180 [ 23.790191] ? strlen+0x8f/0xb0 [ 23.790214] __asan_report_load1_noabort+0x18/0x20 [ 23.790236] strlen+0x8f/0xb0 [ 23.790255] kasan_strings+0x57b/0xe80 [ 23.790274] ? trace_hardirqs_on+0x37/0xe0 [ 23.790296] ? __pfx_kasan_strings+0x10/0x10 [ 23.790314] ? finish_task_switch.isra.0+0x153/0x700 [ 23.790335] ? __switch_to+0x47/0xf50 [ 23.790359] ? __schedule+0x10cc/0x2b60 [ 23.790436] ? __pfx_read_tsc+0x10/0x10 [ 23.790458] ? ktime_get_ts64+0x86/0x230 [ 23.790483] kunit_try_run_case+0x1a5/0x480 [ 23.790509] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.790532] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.790553] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.790577] ? __kthread_parkme+0x82/0x180 [ 23.790596] ? preempt_count_sub+0x50/0x80 [ 23.790620] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.790643] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.790665] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.790688] kthread+0x337/0x6f0 [ 23.790706] ? trace_preempt_on+0x20/0xc0 [ 23.790728] ? __pfx_kthread+0x10/0x10 [ 23.790746] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.790768] ? calculate_sigpending+0x7b/0xa0 [ 23.790791] ? __pfx_kthread+0x10/0x10 [ 23.790843] ret_from_fork+0x116/0x1d0 [ 23.790862] ? __pfx_kthread+0x10/0x10 [ 23.790882] ret_from_fork_asm+0x1a/0x30 [ 23.790911] </TASK> [ 23.790921] [ 23.798884] Allocated by task 288: [ 23.799031] kasan_save_stack+0x45/0x70 [ 23.799236] kasan_save_track+0x18/0x40 [ 23.799427] kasan_save_alloc_info+0x3b/0x50 [ 23.799628] __kasan_kmalloc+0xb7/0xc0 [ 23.799790] __kmalloc_cache_noprof+0x189/0x420 [ 23.799983] kasan_strings+0xc0/0xe80 [ 23.800184] kunit_try_run_case+0x1a5/0x480 [ 23.800345] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.800513] kthread+0x337/0x6f0 [ 23.800626] ret_from_fork+0x116/0x1d0 [ 23.800794] ret_from_fork_asm+0x1a/0x30 [ 23.800988] [ 23.801408] Freed by task 288: [ 23.801646] kasan_save_stack+0x45/0x70 [ 23.801903] kasan_save_track+0x18/0x40 [ 23.802114] kasan_save_free_info+0x3f/0x60 [ 23.802259] __kasan_slab_free+0x56/0x70 [ 23.802385] kfree+0x222/0x3f0 [ 23.802495] kasan_strings+0x2aa/0xe80 [ 23.802618] kunit_try_run_case+0x1a5/0x480 [ 23.802782] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.803090] kthread+0x337/0x6f0 [ 23.803254] ret_from_fork+0x116/0x1d0 [ 23.803478] ret_from_fork_asm+0x1a/0x30 [ 23.803669] [ 23.803759] The buggy address belongs to the object at ffff888102596f80 [ 23.803759] which belongs to the cache kmalloc-32 of size 32 [ 23.804347] The buggy address is located 16 bytes inside of [ 23.804347] freed 32-byte region [ffff888102596f80, ffff888102596fa0) [ 23.804795] [ 23.804957] The buggy address belongs to the physical page: [ 23.805125] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102596 [ 23.805654] flags: 0x200000000000000(node=0|zone=2) [ 23.805919] page_type: f5(slab) [ 23.806094] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 23.806353] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 23.806569] page dumped because: kasan: bad access detected [ 23.806727] [ 23.807230] Memory state around the buggy address: [ 23.807463] ffff888102596e80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 23.807806] ffff888102596f00: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 23.808025] >ffff888102596f80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 23.808767] ^ [ 23.809043] ffff888102597000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.809316] ffff888102597080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.809538] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 23.759291] ================================================================== [ 23.759642] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80 [ 23.760099] Read of size 1 at addr ffff888102596f90 by task kunit_try_catch/288 [ 23.760664] [ 23.760768] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 23.760864] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.760879] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.760900] Call Trace: [ 23.760921] <TASK> [ 23.760951] dump_stack_lvl+0x73/0xb0 [ 23.760979] print_report+0xd1/0x650 [ 23.761000] ? __virt_addr_valid+0x1db/0x2d0 [ 23.761021] ? kasan_strings+0xcbc/0xe80 [ 23.761040] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.761065] ? kasan_strings+0xcbc/0xe80 [ 23.761084] kasan_report+0x141/0x180 [ 23.761104] ? kasan_strings+0xcbc/0xe80 [ 23.761127] __asan_report_load1_noabort+0x18/0x20 [ 23.761150] kasan_strings+0xcbc/0xe80 [ 23.761168] ? trace_hardirqs_on+0x37/0xe0 [ 23.761190] ? __pfx_kasan_strings+0x10/0x10 [ 23.761209] ? finish_task_switch.isra.0+0x153/0x700 [ 23.761230] ? __switch_to+0x47/0xf50 [ 23.761255] ? __schedule+0x10cc/0x2b60 [ 23.761280] ? __pfx_read_tsc+0x10/0x10 [ 23.761300] ? ktime_get_ts64+0x86/0x230 [ 23.761324] kunit_try_run_case+0x1a5/0x480 [ 23.761350] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.761376] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.761398] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.761423] ? __kthread_parkme+0x82/0x180 [ 23.761443] ? preempt_count_sub+0x50/0x80 [ 23.761464] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.761488] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.761511] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.761533] kthread+0x337/0x6f0 [ 23.761551] ? trace_preempt_on+0x20/0xc0 [ 23.761572] ? __pfx_kthread+0x10/0x10 [ 23.761591] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.761613] ? calculate_sigpending+0x7b/0xa0 [ 23.761637] ? __pfx_kthread+0x10/0x10 [ 23.761656] ret_from_fork+0x116/0x1d0 [ 23.761674] ? __pfx_kthread+0x10/0x10 [ 23.761693] ret_from_fork_asm+0x1a/0x30 [ 23.761722] </TASK> [ 23.761732] [ 23.772902] Allocated by task 288: [ 23.773454] kasan_save_stack+0x45/0x70 [ 23.773735] kasan_save_track+0x18/0x40 [ 23.774062] kasan_save_alloc_info+0x3b/0x50 [ 23.774397] __kasan_kmalloc+0xb7/0xc0 [ 23.774564] __kmalloc_cache_noprof+0x189/0x420 [ 23.775094] kasan_strings+0xc0/0xe80 [ 23.775413] kunit_try_run_case+0x1a5/0x480 [ 23.775623] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.775833] kthread+0x337/0x6f0 [ 23.776286] ret_from_fork+0x116/0x1d0 [ 23.776474] ret_from_fork_asm+0x1a/0x30 [ 23.776636] [ 23.776725] Freed by task 288: [ 23.777145] kasan_save_stack+0x45/0x70 [ 23.777332] kasan_save_track+0x18/0x40 [ 23.777636] kasan_save_free_info+0x3f/0x60 [ 23.777967] __kasan_slab_free+0x56/0x70 [ 23.778158] kfree+0x222/0x3f0 [ 23.778504] kasan_strings+0x2aa/0xe80 [ 23.778656] kunit_try_run_case+0x1a5/0x480 [ 23.779008] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.779417] kthread+0x337/0x6f0 [ 23.779591] ret_from_fork+0x116/0x1d0 [ 23.780118] ret_from_fork_asm+0x1a/0x30 [ 23.780440] [ 23.780540] The buggy address belongs to the object at ffff888102596f80 [ 23.780540] which belongs to the cache kmalloc-32 of size 32 [ 23.781211] The buggy address is located 16 bytes inside of [ 23.781211] freed 32-byte region [ffff888102596f80, ffff888102596fa0) [ 23.781817] [ 23.781984] The buggy address belongs to the physical page: [ 23.782266] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102596 [ 23.782685] flags: 0x200000000000000(node=0|zone=2) [ 23.783048] page_type: f5(slab) [ 23.783259] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 23.783644] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 23.784090] page dumped because: kasan: bad access detected [ 23.784621] [ 23.784715] Memory state around the buggy address: [ 23.785404] ffff888102596e80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 23.785801] ffff888102596f00: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 23.786411] >ffff888102596f80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 23.786741] ^ [ 23.787164] ffff888102597000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.787451] ffff888102597080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.787691] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 23.737462] ================================================================== [ 23.738447] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0 [ 23.738708] Read of size 1 at addr ffff888102596f90 by task kunit_try_catch/288 [ 23.739037] [ 23.739157] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 23.739228] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.739241] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.739262] Call Trace: [ 23.739274] <TASK> [ 23.739292] dump_stack_lvl+0x73/0xb0 [ 23.739316] print_report+0xd1/0x650 [ 23.739338] ? __virt_addr_valid+0x1db/0x2d0 [ 23.739362] ? strcmp+0xb0/0xc0 [ 23.739381] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.739406] ? strcmp+0xb0/0xc0 [ 23.739424] kasan_report+0x141/0x180 [ 23.739444] ? strcmp+0xb0/0xc0 [ 23.739466] __asan_report_load1_noabort+0x18/0x20 [ 23.739490] strcmp+0xb0/0xc0 [ 23.739509] kasan_strings+0x431/0xe80 [ 23.739528] ? trace_hardirqs_on+0x37/0xe0 [ 23.739550] ? __pfx_kasan_strings+0x10/0x10 [ 23.739569] ? finish_task_switch.isra.0+0x153/0x700 [ 23.739591] ? __switch_to+0x47/0xf50 [ 23.739615] ? __schedule+0x10cc/0x2b60 [ 23.739640] ? __pfx_read_tsc+0x10/0x10 [ 23.739660] ? ktime_get_ts64+0x86/0x230 [ 23.739684] kunit_try_run_case+0x1a5/0x480 [ 23.739709] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.739838] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.739860] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.739884] ? __kthread_parkme+0x82/0x180 [ 23.739904] ? preempt_count_sub+0x50/0x80 [ 23.739925] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.739959] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.739982] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.740006] kthread+0x337/0x6f0 [ 23.740024] ? trace_preempt_on+0x20/0xc0 [ 23.740044] ? __pfx_kthread+0x10/0x10 [ 23.740064] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.740086] ? calculate_sigpending+0x7b/0xa0 [ 23.740108] ? __pfx_kthread+0x10/0x10 [ 23.740128] ret_from_fork+0x116/0x1d0 [ 23.740146] ? __pfx_kthread+0x10/0x10 [ 23.740164] ret_from_fork_asm+0x1a/0x30 [ 23.740193] </TASK> [ 23.740203] [ 23.747609] Allocated by task 288: [ 23.747798] kasan_save_stack+0x45/0x70 [ 23.748136] kasan_save_track+0x18/0x40 [ 23.748361] kasan_save_alloc_info+0x3b/0x50 [ 23.748648] __kasan_kmalloc+0xb7/0xc0 [ 23.748783] __kmalloc_cache_noprof+0x189/0x420 [ 23.748926] kasan_strings+0xc0/0xe80 [ 23.749110] kunit_try_run_case+0x1a5/0x480 [ 23.749567] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.750053] kthread+0x337/0x6f0 [ 23.750236] ret_from_fork+0x116/0x1d0 [ 23.750439] ret_from_fork_asm+0x1a/0x30 [ 23.750632] [ 23.750727] Freed by task 288: [ 23.750991] kasan_save_stack+0x45/0x70 [ 23.751190] kasan_save_track+0x18/0x40 [ 23.751346] kasan_save_free_info+0x3f/0x60 [ 23.751484] __kasan_slab_free+0x56/0x70 [ 23.751611] kfree+0x222/0x3f0 [ 23.751750] kasan_strings+0x2aa/0xe80 [ 23.751926] kunit_try_run_case+0x1a5/0x480 [ 23.752164] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.752610] kthread+0x337/0x6f0 [ 23.752850] ret_from_fork+0x116/0x1d0 [ 23.753032] ret_from_fork_asm+0x1a/0x30 [ 23.753286] [ 23.753375] The buggy address belongs to the object at ffff888102596f80 [ 23.753375] which belongs to the cache kmalloc-32 of size 32 [ 23.753961] The buggy address is located 16 bytes inside of [ 23.753961] freed 32-byte region [ffff888102596f80, ffff888102596fa0) [ 23.754309] [ 23.754400] The buggy address belongs to the physical page: [ 23.754645] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102596 [ 23.755101] flags: 0x200000000000000(node=0|zone=2) [ 23.755516] page_type: f5(slab) [ 23.755715] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 23.756141] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 23.756457] page dumped because: kasan: bad access detected [ 23.756688] [ 23.756756] Memory state around the buggy address: [ 23.757137] ffff888102596e80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 23.757425] ffff888102596f00: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 23.757697] >ffff888102596f80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 23.758011] ^ [ 23.758138] ffff888102597000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.758396] ffff888102597080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.758721] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 23.713445] ================================================================== [ 23.714079] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 23.714394] Read of size 1 at addr ffff888102596e98 by task kunit_try_catch/286 [ 23.714662] [ 23.714764] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 23.714813] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.714826] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.714847] Call Trace: [ 23.714859] <TASK> [ 23.714876] dump_stack_lvl+0x73/0xb0 [ 23.714900] print_report+0xd1/0x650 [ 23.714923] ? __virt_addr_valid+0x1db/0x2d0 [ 23.714961] ? memcmp+0x1b4/0x1d0 [ 23.714995] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.715020] ? memcmp+0x1b4/0x1d0 [ 23.715040] kasan_report+0x141/0x180 [ 23.715061] ? memcmp+0x1b4/0x1d0 [ 23.715084] __asan_report_load1_noabort+0x18/0x20 [ 23.715106] memcmp+0x1b4/0x1d0 [ 23.715126] kasan_memcmp+0x18f/0x390 [ 23.715145] ? trace_hardirqs_on+0x37/0xe0 [ 23.715168] ? __pfx_kasan_memcmp+0x10/0x10 [ 23.715186] ? finish_task_switch.isra.0+0x153/0x700 [ 23.715207] ? __switch_to+0x47/0xf50 [ 23.715235] ? __pfx_read_tsc+0x10/0x10 [ 23.715256] ? ktime_get_ts64+0x86/0x230 [ 23.715280] kunit_try_run_case+0x1a5/0x480 [ 23.715308] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.715349] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.715369] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.715394] ? __kthread_parkme+0x82/0x180 [ 23.715414] ? preempt_count_sub+0x50/0x80 [ 23.715435] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.715459] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.715481] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.715503] kthread+0x337/0x6f0 [ 23.715522] ? trace_preempt_on+0x20/0xc0 [ 23.715542] ? __pfx_kthread+0x10/0x10 [ 23.715561] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.715583] ? calculate_sigpending+0x7b/0xa0 [ 23.715607] ? __pfx_kthread+0x10/0x10 [ 23.715627] ret_from_fork+0x116/0x1d0 [ 23.715645] ? __pfx_kthread+0x10/0x10 [ 23.715664] ret_from_fork_asm+0x1a/0x30 [ 23.715692] </TASK> [ 23.715702] [ 23.722392] Allocated by task 286: [ 23.722510] kasan_save_stack+0x45/0x70 [ 23.722641] kasan_save_track+0x18/0x40 [ 23.722761] kasan_save_alloc_info+0x3b/0x50 [ 23.722982] __kasan_kmalloc+0xb7/0xc0 [ 23.723201] __kmalloc_cache_noprof+0x189/0x420 [ 23.723439] kasan_memcmp+0xb7/0x390 [ 23.723620] kunit_try_run_case+0x1a5/0x480 [ 23.723825] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.724096] kthread+0x337/0x6f0 [ 23.724284] ret_from_fork+0x116/0x1d0 [ 23.724474] ret_from_fork_asm+0x1a/0x30 [ 23.724661] [ 23.724728] The buggy address belongs to the object at ffff888102596e80 [ 23.724728] which belongs to the cache kmalloc-32 of size 32 [ 23.725140] The buggy address is located 0 bytes to the right of [ 23.725140] allocated 24-byte region [ffff888102596e80, ffff888102596e98) [ 23.725879] [ 23.725996] The buggy address belongs to the physical page: [ 23.726306] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102596 [ 23.726551] flags: 0x200000000000000(node=0|zone=2) [ 23.726775] page_type: f5(slab) [ 23.726963] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 23.727303] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 23.727512] page dumped because: kasan: bad access detected [ 23.727667] [ 23.727726] Memory state around the buggy address: [ 23.727870] ffff888102596d80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 23.728176] ffff888102596e00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 23.728479] >ffff888102596e80: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.728820] ^ [ 23.729199] ffff888102596f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.729404] ffff888102596f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.729601] ==================================================================
Failure - kunit - drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid_reject
<8>[ 267.944108] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid_reject RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid
<8>[ 267.850064] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_atomic_helper_connector_hdmi_reset
<8>[ 267.756423] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_atomic_helper_connector_hdmi_reset RESULT=fail>
Failure - log-parser-boot - kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 23.683387] ================================================================== [ 23.683887] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 23.684597] Read of size 1 at addr ffff888102bbfc4a by task kunit_try_catch/282 [ 23.685565] [ 23.685682] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 23.685877] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.685906] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.685928] Call Trace: [ 23.685968] <TASK> [ 23.685985] dump_stack_lvl+0x73/0xb0 [ 23.686014] print_report+0xd1/0x650 [ 23.686036] ? __virt_addr_valid+0x1db/0x2d0 [ 23.686059] ? kasan_alloca_oob_right+0x329/0x390 [ 23.686085] ? kasan_addr_to_slab+0x11/0xa0 [ 23.686105] ? kasan_alloca_oob_right+0x329/0x390 [ 23.686126] kasan_report+0x141/0x180 [ 23.686304] ? kasan_alloca_oob_right+0x329/0x390 [ 23.686339] __asan_report_load1_noabort+0x18/0x20 [ 23.686364] kasan_alloca_oob_right+0x329/0x390 [ 23.686386] ? __pfx_sched_clock_cpu+0x10/0x10 [ 23.686409] ? finish_task_switch.isra.0+0x153/0x700 [ 23.686431] ? __mutex_lock.constprop.0+0x99e/0x1280 [ 23.686454] ? trace_hardirqs_on+0x37/0xe0 [ 23.686477] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 23.686501] ? __schedule+0x10cc/0x2b60 [ 23.686523] ? __pfx_read_tsc+0x10/0x10 [ 23.686544] ? ktime_get_ts64+0x86/0x230 [ 23.686567] kunit_try_run_case+0x1a5/0x480 [ 23.686592] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.686613] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.686633] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.686668] ? __kthread_parkme+0x82/0x180 [ 23.686687] ? preempt_count_sub+0x50/0x80 [ 23.686708] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.686731] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.686753] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.686775] kthread+0x337/0x6f0 [ 23.686793] ? trace_preempt_on+0x20/0xc0 [ 23.686816] ? __pfx_kthread+0x10/0x10 [ 23.686836] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.686858] ? calculate_sigpending+0x7b/0xa0 [ 23.686880] ? __pfx_kthread+0x10/0x10 [ 23.686900] ret_from_fork+0x116/0x1d0 [ 23.686918] ? __pfx_kthread+0x10/0x10 [ 23.686947] ret_from_fork_asm+0x1a/0x30 [ 23.686976] </TASK> [ 23.686987] [ 23.696841] The buggy address belongs to stack of task kunit_try_catch/282 [ 23.697270] [ 23.697374] The buggy address belongs to the physical page: [ 23.697593] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bbf [ 23.697988] flags: 0x200000000000000(node=0|zone=2) [ 23.698279] raw: 0200000000000000 dead000000000100 dead000000000122 0000000000000000 [ 23.698515] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 23.698734] page dumped because: kasan: bad access detected [ 23.699144] [ 23.699264] Memory state around the buggy address: [ 23.699485] ffff888102bbfb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.700218] ffff888102bbfb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.700541] >ffff888102bbfc00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 23.700764] ^ [ 23.701209] ffff888102bbfc80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 23.701517] ffff888102bbfd00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 23.701762] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 23.661008] ================================================================== [ 23.661452] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x320/0x380 [ 23.661737] Read of size 1 at addr ffff888102bc7c3f by task kunit_try_catch/280 [ 23.662104] [ 23.662282] CPU: 0 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 23.662329] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.662342] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.662363] Call Trace: [ 23.662376] <TASK> [ 23.662392] dump_stack_lvl+0x73/0xb0 [ 23.662418] print_report+0xd1/0x650 [ 23.662438] ? __virt_addr_valid+0x1db/0x2d0 [ 23.662460] ? kasan_alloca_oob_left+0x320/0x380 [ 23.662481] ? kasan_addr_to_slab+0x11/0xa0 [ 23.662500] ? kasan_alloca_oob_left+0x320/0x380 [ 23.662520] kasan_report+0x141/0x180 [ 23.662541] ? kasan_alloca_oob_left+0x320/0x380 [ 23.662565] __asan_report_load1_noabort+0x18/0x20 [ 23.662587] kasan_alloca_oob_left+0x320/0x380 [ 23.662607] ? __kasan_check_write+0x18/0x20 [ 23.662629] ? __pfx_sched_clock_cpu+0x10/0x10 [ 23.662651] ? finish_task_switch.isra.0+0x153/0x700 [ 23.662672] ? __mutex_lock.constprop.0+0x99e/0x1280 [ 23.662696] ? trace_hardirqs_on+0x37/0xe0 [ 23.662719] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 23.662743] ? __schedule+0x10cc/0x2b60 [ 23.662766] ? __pfx_read_tsc+0x10/0x10 [ 23.662787] ? ktime_get_ts64+0x86/0x230 [ 23.662810] kunit_try_run_case+0x1a5/0x480 [ 23.662835] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.662857] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.662876] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.662901] ? __kthread_parkme+0x82/0x180 [ 23.662920] ? preempt_count_sub+0x50/0x80 [ 23.662966] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.662990] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.663013] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.663035] kthread+0x337/0x6f0 [ 23.663053] ? trace_preempt_on+0x20/0xc0 [ 23.663074] ? __pfx_kthread+0x10/0x10 [ 23.663094] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.663116] ? calculate_sigpending+0x7b/0xa0 [ 23.663187] ? __pfx_kthread+0x10/0x10 [ 23.663207] ret_from_fork+0x116/0x1d0 [ 23.663225] ? __pfx_kthread+0x10/0x10 [ 23.663245] ret_from_fork_asm+0x1a/0x30 [ 23.663273] </TASK> [ 23.663285] [ 23.671062] The buggy address belongs to stack of task kunit_try_catch/280 [ 23.671609] [ 23.671694] The buggy address belongs to the physical page: [ 23.671984] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bc7 [ 23.672361] flags: 0x200000000000000(node=0|zone=2) [ 23.672600] raw: 0200000000000000 dead000000000100 dead000000000122 0000000000000000 [ 23.672887] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 23.673200] page dumped because: kasan: bad access detected [ 23.673530] [ 23.673594] Memory state around the buggy address: [ 23.673743] ffff888102bc7b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.673960] ffff888102bc7b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.674427] >ffff888102bc7c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 23.674725] ^ [ 23.674956] ffff888102bc7c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 23.675466] ffff888102bc7d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 23.675672] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 23.641369] ================================================================== [ 23.641983] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2b5/0x300 [ 23.642624] Read of size 1 at addr ffff888102c3fd02 by task kunit_try_catch/278 [ 23.643004] [ 23.643111] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 23.643159] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.643173] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.643192] Call Trace: [ 23.643205] <TASK> [ 23.643220] dump_stack_lvl+0x73/0xb0 [ 23.643248] print_report+0xd1/0x650 [ 23.643268] ? __virt_addr_valid+0x1db/0x2d0 [ 23.643291] ? kasan_stack_oob+0x2b5/0x300 [ 23.643309] ? kasan_addr_to_slab+0x11/0xa0 [ 23.643328] ? kasan_stack_oob+0x2b5/0x300 [ 23.643346] kasan_report+0x141/0x180 [ 23.643366] ? kasan_stack_oob+0x2b5/0x300 [ 23.643388] __asan_report_load1_noabort+0x18/0x20 [ 23.643410] kasan_stack_oob+0x2b5/0x300 [ 23.643429] ? __pfx_kasan_stack_oob+0x10/0x10 [ 23.643446] ? finish_task_switch.isra.0+0x153/0x700 [ 23.643468] ? __switch_to+0x47/0xf50 [ 23.643494] ? __schedule+0x10cc/0x2b60 [ 23.643519] ? __pfx_read_tsc+0x10/0x10 [ 23.643540] ? ktime_get_ts64+0x86/0x230 [ 23.643564] kunit_try_run_case+0x1a5/0x480 [ 23.643590] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.643611] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.643631] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.643655] ? __kthread_parkme+0x82/0x180 [ 23.643674] ? preempt_count_sub+0x50/0x80 [ 23.643695] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.643718] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.643739] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.643763] kthread+0x337/0x6f0 [ 23.643782] ? trace_preempt_on+0x20/0xc0 [ 23.643804] ? __pfx_kthread+0x10/0x10 [ 23.643871] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.643893] ? calculate_sigpending+0x7b/0xa0 [ 23.643916] ? __pfx_kthread+0x10/0x10 [ 23.643948] ret_from_fork+0x116/0x1d0 [ 23.643966] ? __pfx_kthread+0x10/0x10 [ 23.643985] ret_from_fork_asm+0x1a/0x30 [ 23.644016] </TASK> [ 23.644027] [ 23.651042] The buggy address belongs to stack of task kunit_try_catch/278 [ 23.651529] and is located at offset 138 in frame: [ 23.651754] kasan_stack_oob+0x0/0x300 [ 23.652149] [ 23.652267] This frame has 4 objects: [ 23.652540] [48, 49) '__assertion' [ 23.652561] [64, 72) 'array' [ 23.652680] [96, 112) '__assertion' [ 23.652830] [128, 138) 'stack_array' [ 23.653017] [ 23.653190] The buggy address belongs to the physical page: [ 23.653541] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c3f [ 23.654032] flags: 0x200000000000000(node=0|zone=2) [ 23.654197] raw: 0200000000000000 dead000000000100 dead000000000122 0000000000000000 [ 23.654416] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 23.654628] page dumped because: kasan: bad access detected [ 23.655024] [ 23.655129] Memory state around the buggy address: [ 23.655349] ffff888102c3fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 23.655657] ffff888102c3fc80: f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 [ 23.655983] >ffff888102c3fd00: 02 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 23.656287] ^ [ 23.656421] ffff888102c3fd80: f1 f1 f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 [ 23.656627] ffff888102c3fe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.657130] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 23.618366] ================================================================== [ 23.618872] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x286/0x2d0 [ 23.619354] Read of size 1 at addr ffffffffb32a9ecd by task kunit_try_catch/274 [ 23.619613] [ 23.619744] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 23.619790] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.619802] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.619823] Call Trace: [ 23.619914] <TASK> [ 23.619932] dump_stack_lvl+0x73/0xb0 [ 23.619975] print_report+0xd1/0x650 [ 23.619996] ? __virt_addr_valid+0x1db/0x2d0 [ 23.620018] ? kasan_global_oob_right+0x286/0x2d0 [ 23.620038] ? kasan_addr_to_slab+0x11/0xa0 [ 23.620057] ? kasan_global_oob_right+0x286/0x2d0 [ 23.620077] kasan_report+0x141/0x180 [ 23.620097] ? kasan_global_oob_right+0x286/0x2d0 [ 23.620121] __asan_report_load1_noabort+0x18/0x20 [ 23.620143] kasan_global_oob_right+0x286/0x2d0 [ 23.620163] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 23.620185] ? __schedule+0x10cc/0x2b60 [ 23.620208] ? __pfx_read_tsc+0x10/0x10 [ 23.620229] ? ktime_get_ts64+0x86/0x230 [ 23.620252] kunit_try_run_case+0x1a5/0x480 [ 23.620277] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.620300] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.620319] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.620348] ? __kthread_parkme+0x82/0x180 [ 23.620368] ? preempt_count_sub+0x50/0x80 [ 23.620390] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.620413] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.620435] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.620457] kthread+0x337/0x6f0 [ 23.620476] ? trace_preempt_on+0x20/0xc0 [ 23.620497] ? __pfx_kthread+0x10/0x10 [ 23.620516] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.620538] ? calculate_sigpending+0x7b/0xa0 [ 23.620560] ? __pfx_kthread+0x10/0x10 [ 23.620580] ret_from_fork+0x116/0x1d0 [ 23.620598] ? __pfx_kthread+0x10/0x10 [ 23.620617] ret_from_fork_asm+0x1a/0x30 [ 23.620645] </TASK> [ 23.620655] [ 23.627410] The buggy address belongs to the variable: [ 23.627664] global_array+0xd/0x40 [ 23.627961] [ 23.628080] The buggy address belongs to the physical page: [ 23.628613] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x264a9 [ 23.629020] flags: 0x100000000002000(reserved|node=0|zone=1) [ 23.629214] raw: 0100000000002000 ffffea0000992a48 ffffea0000992a48 0000000000000000 [ 23.629560] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 23.629869] page dumped because: kasan: bad access detected [ 23.630175] [ 23.630240] Memory state around the buggy address: [ 23.630436] ffffffffb32a9d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.630734] ffffffffb32a9e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.631073] >ffffffffb32a9e80: 00 00 00 00 00 00 00 00 00 02 f9 f9 f9 f9 f9 f9 [ 23.631380] ^ [ 23.631622] ffffffffb32a9f00: 00 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 [ 23.632102] ffffffffb32a9f80: 02 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 [ 23.632406] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 23.597785] ================================================================== [ 23.598244] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 23.598612] Free of addr ffff88810396c001 by task kunit_try_catch/272 [ 23.598855] [ 23.598953] CPU: 1 UID: 0 PID: 272 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 23.599002] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.599015] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.599036] Call Trace: [ 23.599048] <TASK> [ 23.599064] dump_stack_lvl+0x73/0xb0 [ 23.599090] print_report+0xd1/0x650 [ 23.599110] ? __virt_addr_valid+0x1db/0x2d0 [ 23.599133] ? kasan_addr_to_slab+0x11/0xa0 [ 23.599151] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 23.599176] kasan_report_invalid_free+0x10a/0x130 [ 23.599198] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 23.599223] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 23.599245] __kasan_mempool_poison_object+0x102/0x1d0 [ 23.599268] mempool_free+0x2ec/0x380 [ 23.599292] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 23.599315] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 23.599337] ? update_load_avg+0x1be/0x21b0 [ 23.599376] ? finish_task_switch.isra.0+0x153/0x700 [ 23.599402] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 23.599424] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 23.599469] ? __pfx_mempool_kmalloc+0x10/0x10 [ 23.599490] ? __pfx_mempool_kfree+0x10/0x10 [ 23.599513] ? __pfx_read_tsc+0x10/0x10 [ 23.599534] ? ktime_get_ts64+0x86/0x230 [ 23.599557] kunit_try_run_case+0x1a5/0x480 [ 23.599582] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.599604] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.599625] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.599649] ? __kthread_parkme+0x82/0x180 [ 23.599668] ? preempt_count_sub+0x50/0x80 [ 23.599689] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.599712] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.599734] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.599756] kthread+0x337/0x6f0 [ 23.599775] ? trace_preempt_on+0x20/0xc0 [ 23.599796] ? __pfx_kthread+0x10/0x10 [ 23.599826] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.599848] ? calculate_sigpending+0x7b/0xa0 [ 23.599869] ? __pfx_kthread+0x10/0x10 [ 23.599889] ret_from_fork+0x116/0x1d0 [ 23.599907] ? __pfx_kthread+0x10/0x10 [ 23.599925] ret_from_fork_asm+0x1a/0x30 [ 23.599962] </TASK> [ 23.599974] [ 23.608548] The buggy address belongs to the physical page: [ 23.608984] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10396c [ 23.609618] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.609908] flags: 0x200000000000040(head|node=0|zone=2) [ 23.610085] page_type: f8(unknown) [ 23.610204] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.610618] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.611351] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.611762] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.612183] head: 0200000000000002 ffffea00040e5b01 00000000ffffffff 00000000ffffffff [ 23.612493] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.612797] page dumped because: kasan: bad access detected [ 23.613015] [ 23.613082] Memory state around the buggy address: [ 23.613229] ffff88810396bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.613644] ffff88810396bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.613971] >ffff88810396c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.614253] ^ [ 23.614365] ffff88810396c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.614688] ffff88810396c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.615348] ================================================================== [ 23.567167] ================================================================== [ 23.567750] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 23.568443] Free of addr ffff8881039c3a01 by task kunit_try_catch/270 [ 23.568857] [ 23.568965] CPU: 1 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 23.569016] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.569029] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.569049] Call Trace: [ 23.569063] <TASK> [ 23.569316] dump_stack_lvl+0x73/0xb0 [ 23.569348] print_report+0xd1/0x650 [ 23.569368] ? __virt_addr_valid+0x1db/0x2d0 [ 23.569393] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.569418] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 23.569442] kasan_report_invalid_free+0x10a/0x130 [ 23.569464] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 23.569489] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 23.569511] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 23.569534] check_slab_allocation+0x11f/0x130 [ 23.569554] __kasan_mempool_poison_object+0x91/0x1d0 [ 23.569576] mempool_free+0x2ec/0x380 [ 23.569601] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 23.569624] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 23.569647] ? update_load_avg+0x1be/0x21b0 [ 23.569673] ? finish_task_switch.isra.0+0x153/0x700 [ 23.569698] mempool_kmalloc_invalid_free+0xed/0x140 [ 23.569719] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 23.569743] ? __pfx_mempool_kmalloc+0x10/0x10 [ 23.569764] ? __pfx_mempool_kfree+0x10/0x10 [ 23.569787] ? __pfx_read_tsc+0x10/0x10 [ 23.569823] ? ktime_get_ts64+0x86/0x230 [ 23.569847] kunit_try_run_case+0x1a5/0x480 [ 23.569871] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.569893] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.569913] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.569949] ? __kthread_parkme+0x82/0x180 [ 23.569968] ? preempt_count_sub+0x50/0x80 [ 23.569990] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.570012] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.570034] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.570057] kthread+0x337/0x6f0 [ 23.570075] ? trace_preempt_on+0x20/0xc0 [ 23.570097] ? __pfx_kthread+0x10/0x10 [ 23.570116] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.570139] ? calculate_sigpending+0x7b/0xa0 [ 23.570161] ? __pfx_kthread+0x10/0x10 [ 23.570180] ret_from_fork+0x116/0x1d0 [ 23.570198] ? __pfx_kthread+0x10/0x10 [ 23.570217] ret_from_fork_asm+0x1a/0x30 [ 23.570246] </TASK> [ 23.570256] [ 23.582416] Allocated by task 270: [ 23.582610] kasan_save_stack+0x45/0x70 [ 23.582783] kasan_save_track+0x18/0x40 [ 23.583262] kasan_save_alloc_info+0x3b/0x50 [ 23.583441] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 23.583677] remove_element+0x11e/0x190 [ 23.583841] mempool_alloc_preallocated+0x4d/0x90 [ 23.584448] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 23.584683] mempool_kmalloc_invalid_free+0xed/0x140 [ 23.585024] kunit_try_run_case+0x1a5/0x480 [ 23.585324] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.585538] kthread+0x337/0x6f0 [ 23.585769] ret_from_fork+0x116/0x1d0 [ 23.585902] ret_from_fork_asm+0x1a/0x30 [ 23.586256] [ 23.586349] The buggy address belongs to the object at ffff8881039c3a00 [ 23.586349] which belongs to the cache kmalloc-128 of size 128 [ 23.586810] The buggy address is located 1 bytes inside of [ 23.586810] 128-byte region [ffff8881039c3a00, ffff8881039c3a80) [ 23.587503] [ 23.587601] The buggy address belongs to the physical page: [ 23.588133] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039c3 [ 23.588539] flags: 0x200000000000000(node=0|zone=2) [ 23.588711] page_type: f5(slab) [ 23.588949] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.589559] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.590006] page dumped because: kasan: bad access detected [ 23.590305] [ 23.590378] Memory state around the buggy address: [ 23.590575] ffff8881039c3900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.590854] ffff8881039c3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.591455] >ffff8881039c3a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.591803] ^ [ 23.592005] ffff8881039c3a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.592489] ffff8881039c3b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.592782] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 23.486724] ================================================================== [ 23.487373] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 23.487663] Free of addr ffff888102597700 by task kunit_try_catch/264 [ 23.487916] [ 23.488095] CPU: 0 UID: 0 PID: 264 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 23.488147] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.488160] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.488181] Call Trace: [ 23.488195] <TASK> [ 23.488211] dump_stack_lvl+0x73/0xb0 [ 23.488239] print_report+0xd1/0x650 [ 23.488260] ? __virt_addr_valid+0x1db/0x2d0 [ 23.488286] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.488310] ? mempool_double_free_helper+0x184/0x370 [ 23.488340] kasan_report_invalid_free+0x10a/0x130 [ 23.488364] ? mempool_double_free_helper+0x184/0x370 [ 23.488388] ? mempool_double_free_helper+0x184/0x370 [ 23.488409] ? mempool_double_free_helper+0x184/0x370 [ 23.488430] check_slab_allocation+0x101/0x130 [ 23.488450] __kasan_mempool_poison_object+0x91/0x1d0 [ 23.488473] mempool_free+0x2ec/0x380 [ 23.488498] mempool_double_free_helper+0x184/0x370 [ 23.488520] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 23.488541] ? update_load_avg+0x1be/0x21b0 [ 23.488568] ? finish_task_switch.isra.0+0x153/0x700 [ 23.488593] mempool_kmalloc_double_free+0xed/0x140 [ 23.488615] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 23.488640] ? __pfx_mempool_kmalloc+0x10/0x10 [ 23.488661] ? __pfx_mempool_kfree+0x10/0x10 [ 23.488685] ? __pfx_read_tsc+0x10/0x10 [ 23.488706] ? ktime_get_ts64+0x86/0x230 [ 23.488731] kunit_try_run_case+0x1a5/0x480 [ 23.488757] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.488779] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.488800] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.488825] ? __kthread_parkme+0x82/0x180 [ 23.488844] ? preempt_count_sub+0x50/0x80 [ 23.488867] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.488929] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.488966] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.488989] kthread+0x337/0x6f0 [ 23.489007] ? trace_preempt_on+0x20/0xc0 [ 23.489032] ? __pfx_kthread+0x10/0x10 [ 23.489051] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.489073] ? calculate_sigpending+0x7b/0xa0 [ 23.489096] ? __pfx_kthread+0x10/0x10 [ 23.489116] ret_from_fork+0x116/0x1d0 [ 23.489134] ? __pfx_kthread+0x10/0x10 [ 23.489153] ret_from_fork_asm+0x1a/0x30 [ 23.489183] </TASK> [ 23.489194] [ 23.498829] Allocated by task 264: [ 23.498984] kasan_save_stack+0x45/0x70 [ 23.499167] kasan_save_track+0x18/0x40 [ 23.499451] kasan_save_alloc_info+0x3b/0x50 [ 23.499998] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 23.500479] remove_element+0x11e/0x190 [ 23.500753] mempool_alloc_preallocated+0x4d/0x90 [ 23.501034] mempool_double_free_helper+0x8a/0x370 [ 23.501597] mempool_kmalloc_double_free+0xed/0x140 [ 23.501908] kunit_try_run_case+0x1a5/0x480 [ 23.502356] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.502726] kthread+0x337/0x6f0 [ 23.503010] ret_from_fork+0x116/0x1d0 [ 23.503232] ret_from_fork_asm+0x1a/0x30 [ 23.503607] [ 23.503824] Freed by task 264: [ 23.504154] kasan_save_stack+0x45/0x70 [ 23.504344] kasan_save_track+0x18/0x40 [ 23.504512] kasan_save_free_info+0x3f/0x60 [ 23.504689] __kasan_mempool_poison_object+0x131/0x1d0 [ 23.505241] mempool_free+0x2ec/0x380 [ 23.505543] mempool_double_free_helper+0x109/0x370 [ 23.505968] mempool_kmalloc_double_free+0xed/0x140 [ 23.506445] kunit_try_run_case+0x1a5/0x480 [ 23.506658] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.507047] kthread+0x337/0x6f0 [ 23.507347] ret_from_fork+0x116/0x1d0 [ 23.507539] ret_from_fork_asm+0x1a/0x30 [ 23.507716] [ 23.507801] The buggy address belongs to the object at ffff888102597700 [ 23.507801] which belongs to the cache kmalloc-128 of size 128 [ 23.508819] The buggy address is located 0 bytes inside of [ 23.508819] 128-byte region [ffff888102597700, ffff888102597780) [ 23.509962] [ 23.510064] The buggy address belongs to the physical page: [ 23.510446] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102597 [ 23.510770] flags: 0x200000000000000(node=0|zone=2) [ 23.511238] page_type: f5(slab) [ 23.511412] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.511718] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.512460] page dumped because: kasan: bad access detected [ 23.512713] [ 23.512796] Memory state around the buggy address: [ 23.513133] ffff888102597600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.513505] ffff888102597680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.513762] >ffff888102597700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.514098] ^ [ 23.514343] ffff888102597780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.514636] ffff888102597800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.514917] ================================================================== [ 23.520280] ================================================================== [ 23.520763] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 23.521273] Free of addr ffff888103968000 by task kunit_try_catch/266 [ 23.521515] [ 23.521629] CPU: 1 UID: 0 PID: 266 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 23.521678] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.521690] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.521713] Call Trace: [ 23.521726] <TASK> [ 23.521742] dump_stack_lvl+0x73/0xb0 [ 23.521772] print_report+0xd1/0x650 [ 23.521792] ? __virt_addr_valid+0x1db/0x2d0 [ 23.521817] ? kasan_addr_to_slab+0x11/0xa0 [ 23.521836] ? mempool_double_free_helper+0x184/0x370 [ 23.521859] kasan_report_invalid_free+0x10a/0x130 [ 23.521881] ? mempool_double_free_helper+0x184/0x370 [ 23.521906] ? mempool_double_free_helper+0x184/0x370 [ 23.521926] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 23.522061] mempool_free+0x2ec/0x380 [ 23.522088] mempool_double_free_helper+0x184/0x370 [ 23.522111] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 23.522134] ? __kasan_check_write+0x18/0x20 [ 23.522157] ? __pfx_sched_clock_cpu+0x10/0x10 [ 23.522179] ? finish_task_switch.isra.0+0x153/0x700 [ 23.522204] mempool_kmalloc_large_double_free+0xed/0x140 [ 23.522227] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 23.522251] ? __kasan_check_write+0x18/0x20 [ 23.522273] ? __pfx_mempool_kmalloc+0x10/0x10 [ 23.522294] ? __pfx_mempool_kfree+0x10/0x10 [ 23.522317] ? __pfx_read_tsc+0x10/0x10 [ 23.522338] ? ktime_get_ts64+0x86/0x230 [ 23.522364] kunit_try_run_case+0x1a5/0x480 [ 23.522389] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.522412] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 23.522433] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.522457] ? __kthread_parkme+0x82/0x180 [ 23.522477] ? preempt_count_sub+0x50/0x80 [ 23.522498] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.522521] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.522545] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.522567] kthread+0x337/0x6f0 [ 23.522585] ? trace_preempt_on+0x20/0xc0 [ 23.522608] ? __pfx_kthread+0x10/0x10 [ 23.522627] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.522648] ? calculate_sigpending+0x7b/0xa0 [ 23.522672] ? __pfx_kthread+0x10/0x10 [ 23.522692] ret_from_fork+0x116/0x1d0 [ 23.522710] ? __pfx_kthread+0x10/0x10 [ 23.522728] ret_from_fork_asm+0x1a/0x30 [ 23.522757] </TASK> [ 23.522768] [ 23.531644] The buggy address belongs to the physical page: [ 23.532013] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88810396e600 pfn:0x103968 [ 23.532281] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.532908] flags: 0x200000000000040(head|node=0|zone=2) [ 23.533262] page_type: f8(unknown) [ 23.533442] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.533692] raw: ffff88810396e600 0000000000000000 00000000f8000000 0000000000000000 [ 23.533913] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.534191] head: ffff88810396e600 0000000000000000 00000000f8000000 0000000000000000 [ 23.534610] head: 0200000000000002 ffffea00040e5a01 00000000ffffffff 00000000ffffffff [ 23.535107] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.535556] page dumped because: kasan: bad access detected [ 23.535722] [ 23.535784] Memory state around the buggy address: [ 23.536134] ffff888103967f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.536448] ffff888103967f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.536714] >ffff888103968000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.536917] ^ [ 23.537215] ffff888103968080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.537538] ffff888103968100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.537798] ================================================================== [ 23.545199] ================================================================== [ 23.545692] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 23.546228] Free of addr ffff888102bec000 by task kunit_try_catch/268 [ 23.546494] [ 23.546590] CPU: 0 UID: 0 PID: 268 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 23.546638] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.546650] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.546672] Call Trace: [ 23.546686] <TASK> [ 23.546703] dump_stack_lvl+0x73/0xb0 [ 23.546730] print_report+0xd1/0x650 [ 23.546751] ? __virt_addr_valid+0x1db/0x2d0 [ 23.546775] ? kasan_addr_to_slab+0x11/0xa0 [ 23.546794] ? mempool_double_free_helper+0x184/0x370 [ 23.546816] kasan_report_invalid_free+0x10a/0x130 [ 23.546852] ? mempool_double_free_helper+0x184/0x370 [ 23.546875] ? mempool_double_free_helper+0x184/0x370 [ 23.546897] __kasan_mempool_poison_pages+0x115/0x130 [ 23.546920] mempool_free+0x290/0x380 [ 23.546958] mempool_double_free_helper+0x184/0x370 [ 23.546980] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 23.547003] ? __kasan_check_write+0x18/0x20 [ 23.547025] ? __pfx_sched_clock_cpu+0x10/0x10 [ 23.547047] ? finish_task_switch.isra.0+0x153/0x700 [ 23.547072] mempool_page_alloc_double_free+0xe8/0x140 [ 23.547095] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 23.547119] ? __kasan_check_write+0x18/0x20 [ 23.547141] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 23.547164] ? __pfx_mempool_free_pages+0x10/0x10 [ 23.547189] ? __pfx_read_tsc+0x10/0x10 [ 23.547211] ? ktime_get_ts64+0x86/0x230 [ 23.547231] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 23.547255] kunit_try_run_case+0x1a5/0x480 [ 23.547281] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.547397] ? queued_spin_lock_slowpath+0x116/0xb40 [ 23.547442] ? __kthread_parkme+0x82/0x180 [ 23.547461] ? preempt_count_sub+0x50/0x80 [ 23.547482] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.547506] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.547528] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.547551] kthread+0x337/0x6f0 [ 23.547571] ? trace_preempt_on+0x20/0xc0 [ 23.547592] ? __pfx_kthread+0x10/0x10 [ 23.547612] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.547634] ? calculate_sigpending+0x7b/0xa0 [ 23.547658] ? __pfx_kthread+0x10/0x10 [ 23.547678] ret_from_fork+0x116/0x1d0 [ 23.547697] ? __pfx_kthread+0x10/0x10 [ 23.547715] ret_from_fork_asm+0x1a/0x30 [ 23.547743] </TASK> [ 23.547754] [ 23.559278] The buggy address belongs to the physical page: [ 23.559522] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bec [ 23.560127] flags: 0x200000000000000(node=0|zone=2) [ 23.560524] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 23.560976] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 23.561416] page dumped because: kasan: bad access detected [ 23.561805] [ 23.561965] Memory state around the buggy address: [ 23.562210] ffff888102bebf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.562601] ffff888102bebf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.563131] >ffff888102bec000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.563437] ^ [ 23.563586] ffff888102bec080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.563885] ffff888102bec100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.564571] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 23.398459] ================================================================== [ 23.399418] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 23.400565] Read of size 1 at addr ffff888103964000 by task kunit_try_catch/258 [ 23.401295] [ 23.401580] CPU: 1 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 23.401635] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.401649] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.401671] Call Trace: [ 23.401686] <TASK> [ 23.401704] dump_stack_lvl+0x73/0xb0 [ 23.401735] print_report+0xd1/0x650 [ 23.401755] ? __virt_addr_valid+0x1db/0x2d0 [ 23.401778] ? mempool_uaf_helper+0x392/0x400 [ 23.401798] ? kasan_addr_to_slab+0x11/0xa0 [ 23.401910] ? mempool_uaf_helper+0x392/0x400 [ 23.401956] kasan_report+0x141/0x180 [ 23.401978] ? mempool_uaf_helper+0x392/0x400 [ 23.402003] __asan_report_load1_noabort+0x18/0x20 [ 23.402026] mempool_uaf_helper+0x392/0x400 [ 23.402048] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 23.402104] ? __kasan_check_write+0x18/0x20 [ 23.402127] ? __pfx_sched_clock_cpu+0x10/0x10 [ 23.402150] ? finish_task_switch.isra.0+0x153/0x700 [ 23.402175] mempool_kmalloc_large_uaf+0xef/0x140 [ 23.402196] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 23.402220] ? __pfx_mempool_kmalloc+0x10/0x10 [ 23.402243] ? __pfx_mempool_kfree+0x10/0x10 [ 23.402266] ? __pfx_read_tsc+0x10/0x10 [ 23.402288] ? ktime_get_ts64+0x86/0x230 [ 23.402312] kunit_try_run_case+0x1a5/0x480 [ 23.402336] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.402358] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.402379] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.402404] ? __kthread_parkme+0x82/0x180 [ 23.402423] ? preempt_count_sub+0x50/0x80 [ 23.402444] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.402468] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.402489] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.402512] kthread+0x337/0x6f0 [ 23.402529] ? trace_preempt_on+0x20/0xc0 [ 23.402552] ? __pfx_kthread+0x10/0x10 [ 23.402571] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.402592] ? calculate_sigpending+0x7b/0xa0 [ 23.402615] ? __pfx_kthread+0x10/0x10 [ 23.402637] ret_from_fork+0x116/0x1d0 [ 23.402655] ? __pfx_kthread+0x10/0x10 [ 23.402674] ret_from_fork_asm+0x1a/0x30 [ 23.402704] </TASK> [ 23.402715] [ 23.417975] The buggy address belongs to the physical page: [ 23.418162] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103964 [ 23.418402] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.418627] flags: 0x200000000000040(head|node=0|zone=2) [ 23.418798] page_type: f8(unknown) [ 23.418924] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.419184] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.419661] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.420095] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.420494] head: 0200000000000002 ffffea00040e5901 00000000ffffffff 00000000ffffffff [ 23.420789] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.421246] page dumped because: kasan: bad access detected [ 23.421480] [ 23.421567] Memory state around the buggy address: [ 23.421767] ffff888103963f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.421996] ffff888103963f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.422285] >ffff888103964000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.422648] ^ [ 23.422763] ffff888103964080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.423343] ffff888103964100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.423635] ================================================================== [ 23.458627] ================================================================== [ 23.460176] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 23.460990] Read of size 1 at addr ffff888102bec000 by task kunit_try_catch/262 [ 23.461275] [ 23.461387] CPU: 0 UID: 0 PID: 262 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 23.461450] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.461464] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.461486] Call Trace: [ 23.461501] <TASK> [ 23.461519] dump_stack_lvl+0x73/0xb0 [ 23.461547] print_report+0xd1/0x650 [ 23.461567] ? __virt_addr_valid+0x1db/0x2d0 [ 23.461593] ? mempool_uaf_helper+0x392/0x400 [ 23.461613] ? kasan_addr_to_slab+0x11/0xa0 [ 23.461633] ? mempool_uaf_helper+0x392/0x400 [ 23.461654] kasan_report+0x141/0x180 [ 23.461674] ? mempool_uaf_helper+0x392/0x400 [ 23.461699] __asan_report_load1_noabort+0x18/0x20 [ 23.461722] mempool_uaf_helper+0x392/0x400 [ 23.461743] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 23.461767] ? __kasan_check_write+0x18/0x20 [ 23.461789] ? __pfx_sched_clock_cpu+0x10/0x10 [ 23.461812] ? finish_task_switch.isra.0+0x153/0x700 [ 23.461838] mempool_page_alloc_uaf+0xed/0x140 [ 23.461860] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 23.461885] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 23.461909] ? __pfx_mempool_free_pages+0x10/0x10 [ 23.461933] ? __pfx_read_tsc+0x10/0x10 [ 23.462012] ? ktime_get_ts64+0x86/0x230 [ 23.462042] kunit_try_run_case+0x1a5/0x480 [ 23.462069] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.462091] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.462112] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.462144] ? __kthread_parkme+0x82/0x180 [ 23.462163] ? preempt_count_sub+0x50/0x80 [ 23.462184] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.462209] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.462232] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.462254] kthread+0x337/0x6f0 [ 23.462273] ? trace_preempt_on+0x20/0xc0 [ 23.462296] ? __pfx_kthread+0x10/0x10 [ 23.462315] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.462337] ? calculate_sigpending+0x7b/0xa0 [ 23.462360] ? __pfx_kthread+0x10/0x10 [ 23.462381] ret_from_fork+0x116/0x1d0 [ 23.462400] ? __pfx_kthread+0x10/0x10 [ 23.462420] ret_from_fork_asm+0x1a/0x30 [ 23.462450] </TASK> [ 23.462461] [ 23.476100] The buggy address belongs to the physical page: [ 23.476383] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bec [ 23.476997] flags: 0x200000000000000(node=0|zone=2) [ 23.477287] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 23.477955] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 23.478253] page dumped because: kasan: bad access detected [ 23.478727] [ 23.478907] Memory state around the buggy address: [ 23.479487] ffff888102bebf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.479750] ffff888102bebf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.480088] >ffff888102bec000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.480715] ^ [ 23.481060] ffff888102bec080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.481692] ffff888102bec100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.482324] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 23.362165] ================================================================== [ 23.362619] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 23.363058] Read of size 1 at addr ffff888102597300 by task kunit_try_catch/256 [ 23.363844] [ 23.364132] CPU: 0 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 23.364209] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.364226] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.364429] Call Trace: [ 23.364447] <TASK> [ 23.364467] dump_stack_lvl+0x73/0xb0 [ 23.364502] print_report+0xd1/0x650 [ 23.364526] ? __virt_addr_valid+0x1db/0x2d0 [ 23.364556] ? mempool_uaf_helper+0x392/0x400 [ 23.364580] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.364612] ? mempool_uaf_helper+0x392/0x400 [ 23.364636] kasan_report+0x141/0x180 [ 23.364659] ? mempool_uaf_helper+0x392/0x400 [ 23.364688] __asan_report_load1_noabort+0x18/0x20 [ 23.364715] mempool_uaf_helper+0x392/0x400 [ 23.364740] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 23.364767] ? __kasan_check_write+0x18/0x20 [ 23.364793] ? __pfx_sched_clock_cpu+0x10/0x10 [ 23.364869] ? finish_task_switch.isra.0+0x153/0x700 [ 23.364901] mempool_kmalloc_uaf+0xef/0x140 [ 23.364926] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 23.364966] ? __pfx_mempool_kmalloc+0x10/0x10 [ 23.364994] ? __pfx_mempool_kfree+0x10/0x10 [ 23.365021] ? __pfx_read_tsc+0x10/0x10 [ 23.365046] ? ktime_get_ts64+0x86/0x230 [ 23.365074] kunit_try_run_case+0x1a5/0x480 [ 23.365104] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.365130] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.365156] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.365186] ? __kthread_parkme+0x82/0x180 [ 23.365211] ? preempt_count_sub+0x50/0x80 [ 23.365236] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.365263] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.365292] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.365323] kthread+0x337/0x6f0 [ 23.365343] ? trace_preempt_on+0x20/0xc0 [ 23.365369] ? __pfx_kthread+0x10/0x10 [ 23.365391] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.365417] ? calculate_sigpending+0x7b/0xa0 [ 23.365444] ? __pfx_kthread+0x10/0x10 [ 23.365467] ret_from_fork+0x116/0x1d0 [ 23.365487] ? __pfx_kthread+0x10/0x10 [ 23.365509] ret_from_fork_asm+0x1a/0x30 [ 23.365542] </TASK> [ 23.365553] [ 23.378973] Allocated by task 256: [ 23.379253] kasan_save_stack+0x45/0x70 [ 23.379634] kasan_save_track+0x18/0x40 [ 23.380002] kasan_save_alloc_info+0x3b/0x50 [ 23.380356] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 23.380696] remove_element+0x11e/0x190 [ 23.380989] mempool_alloc_preallocated+0x4d/0x90 [ 23.381414] mempool_uaf_helper+0x96/0x400 [ 23.381716] mempool_kmalloc_uaf+0xef/0x140 [ 23.381962] kunit_try_run_case+0x1a5/0x480 [ 23.382388] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.382695] kthread+0x337/0x6f0 [ 23.383027] ret_from_fork+0x116/0x1d0 [ 23.383445] ret_from_fork_asm+0x1a/0x30 [ 23.383679] [ 23.383752] Freed by task 256: [ 23.384190] kasan_save_stack+0x45/0x70 [ 23.384521] kasan_save_track+0x18/0x40 [ 23.384904] kasan_save_free_info+0x3f/0x60 [ 23.385366] __kasan_mempool_poison_object+0x131/0x1d0 [ 23.385613] mempool_free+0x2ec/0x380 [ 23.385781] mempool_uaf_helper+0x11a/0x400 [ 23.386008] mempool_kmalloc_uaf+0xef/0x140 [ 23.386365] kunit_try_run_case+0x1a5/0x480 [ 23.386705] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.387052] kthread+0x337/0x6f0 [ 23.387464] ret_from_fork+0x116/0x1d0 [ 23.387632] ret_from_fork_asm+0x1a/0x30 [ 23.387880] [ 23.388028] The buggy address belongs to the object at ffff888102597300 [ 23.388028] which belongs to the cache kmalloc-128 of size 128 [ 23.388665] The buggy address is located 0 bytes inside of [ 23.388665] freed 128-byte region [ffff888102597300, ffff888102597380) [ 23.389214] [ 23.389476] The buggy address belongs to the physical page: [ 23.389790] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102597 [ 23.390119] flags: 0x200000000000000(node=0|zone=2) [ 23.390382] page_type: f5(slab) [ 23.390630] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.391098] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.391501] page dumped because: kasan: bad access detected [ 23.391816] [ 23.391935] Memory state around the buggy address: [ 23.392216] ffff888102597200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.392784] ffff888102597280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.393116] >ffff888102597300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.393438] ^ [ 23.393595] ffff888102597380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.394035] ffff888102597400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.394427] ================================================================== [ 23.430407] ================================================================== [ 23.430901] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 23.431285] Read of size 1 at addr ffff8881039e9240 by task kunit_try_catch/260 [ 23.431564] [ 23.431672] CPU: 1 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 23.431721] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.431734] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.431756] Call Trace: [ 23.431769] <TASK> [ 23.431787] dump_stack_lvl+0x73/0xb0 [ 23.431814] print_report+0xd1/0x650 [ 23.431834] ? __virt_addr_valid+0x1db/0x2d0 [ 23.431859] ? mempool_uaf_helper+0x392/0x400 [ 23.431879] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.431904] ? mempool_uaf_helper+0x392/0x400 [ 23.431925] kasan_report+0x141/0x180 [ 23.431955] ? mempool_uaf_helper+0x392/0x400 [ 23.431980] __asan_report_load1_noabort+0x18/0x20 [ 23.432002] mempool_uaf_helper+0x392/0x400 [ 23.432023] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 23.432046] ? __pfx_sched_clock_cpu+0x10/0x10 [ 23.432068] ? finish_task_switch.isra.0+0x153/0x700 [ 23.432093] mempool_slab_uaf+0xea/0x140 [ 23.432114] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 23.432138] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 23.432161] ? __pfx_mempool_free_slab+0x10/0x10 [ 23.432185] ? __pfx_read_tsc+0x10/0x10 [ 23.432206] ? ktime_get_ts64+0x86/0x230 [ 23.432230] kunit_try_run_case+0x1a5/0x480 [ 23.432256] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.432278] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.432300] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.432325] ? __kthread_parkme+0x82/0x180 [ 23.432349] ? preempt_count_sub+0x50/0x80 [ 23.432370] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.432393] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.432416] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.432439] kthread+0x337/0x6f0 [ 23.432457] ? trace_preempt_on+0x20/0xc0 [ 23.432480] ? __pfx_kthread+0x10/0x10 [ 23.432499] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.432522] ? calculate_sigpending+0x7b/0xa0 [ 23.432545] ? __pfx_kthread+0x10/0x10 [ 23.432581] ret_from_fork+0x116/0x1d0 [ 23.432609] ? __pfx_kthread+0x10/0x10 [ 23.432629] ret_from_fork_asm+0x1a/0x30 [ 23.432657] </TASK> [ 23.432668] [ 23.440281] Allocated by task 260: [ 23.440439] kasan_save_stack+0x45/0x70 [ 23.440711] kasan_save_track+0x18/0x40 [ 23.440896] kasan_save_alloc_info+0x3b/0x50 [ 23.441105] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 23.441534] remove_element+0x11e/0x190 [ 23.441668] mempool_alloc_preallocated+0x4d/0x90 [ 23.441842] mempool_uaf_helper+0x96/0x400 [ 23.442047] mempool_slab_uaf+0xea/0x140 [ 23.442394] kunit_try_run_case+0x1a5/0x480 [ 23.442638] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.442952] kthread+0x337/0x6f0 [ 23.443069] ret_from_fork+0x116/0x1d0 [ 23.443193] ret_from_fork_asm+0x1a/0x30 [ 23.443322] [ 23.443384] Freed by task 260: [ 23.443486] kasan_save_stack+0x45/0x70 [ 23.443664] kasan_save_track+0x18/0x40 [ 23.443843] kasan_save_free_info+0x3f/0x60 [ 23.444167] __kasan_mempool_poison_object+0x131/0x1d0 [ 23.444387] mempool_free+0x2ec/0x380 [ 23.444511] mempool_uaf_helper+0x11a/0x400 [ 23.444645] mempool_slab_uaf+0xea/0x140 [ 23.444773] kunit_try_run_case+0x1a5/0x480 [ 23.445211] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.445456] kthread+0x337/0x6f0 [ 23.445616] ret_from_fork+0x116/0x1d0 [ 23.445792] ret_from_fork_asm+0x1a/0x30 [ 23.445990] [ 23.446065] The buggy address belongs to the object at ffff8881039e9240 [ 23.446065] which belongs to the cache test_cache of size 123 [ 23.446608] The buggy address is located 0 bytes inside of [ 23.446608] freed 123-byte region [ffff8881039e9240, ffff8881039e92bb) [ 23.447251] [ 23.447341] The buggy address belongs to the physical page: [ 23.447510] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e9 [ 23.447869] flags: 0x200000000000000(node=0|zone=2) [ 23.448121] page_type: f5(slab) [ 23.448297] raw: 0200000000000000 ffff888103ae53c0 dead000000000122 0000000000000000 [ 23.448618] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 23.449057] page dumped because: kasan: bad access detected [ 23.449285] [ 23.449393] Memory state around the buggy address: [ 23.449593] ffff8881039e9100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.449822] ffff8881039e9180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.450146] >ffff8881039e9200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 23.450468] ^ [ 23.450639] ffff8881039e9280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.451175] ffff8881039e9300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.451431] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 23.276048] ================================================================== [ 23.276490] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 23.277139] Read of size 1 at addr ffff88810257ef73 by task kunit_try_catch/250 [ 23.277480] [ 23.277605] CPU: 0 UID: 0 PID: 250 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 23.277660] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.277673] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.277696] Call Trace: [ 23.277710] <TASK> [ 23.277732] dump_stack_lvl+0x73/0xb0 [ 23.277764] print_report+0xd1/0x650 [ 23.277785] ? __virt_addr_valid+0x1db/0x2d0 [ 23.277810] ? mempool_oob_right_helper+0x318/0x380 [ 23.277833] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.277858] ? mempool_oob_right_helper+0x318/0x380 [ 23.277900] kasan_report+0x141/0x180 [ 23.277920] ? mempool_oob_right_helper+0x318/0x380 [ 23.277957] __asan_report_load1_noabort+0x18/0x20 [ 23.277980] mempool_oob_right_helper+0x318/0x380 [ 23.278002] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 23.278032] mempool_kmalloc_oob_right+0xf2/0x150 [ 23.278053] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 23.278077] ? __pfx_mempool_kmalloc+0x10/0x10 [ 23.278102] ? __pfx_mempool_kfree+0x10/0x10 [ 23.278136] ? __pfx_read_tsc+0x10/0x10 [ 23.278158] ? ktime_get_ts64+0x86/0x230 [ 23.278183] kunit_try_run_case+0x1a5/0x480 [ 23.278210] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.278231] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.278253] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.278278] ? __kthread_parkme+0x82/0x180 [ 23.278300] ? preempt_count_sub+0x50/0x80 [ 23.278323] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.278345] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.278367] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.278390] kthread+0x337/0x6f0 [ 23.278409] ? trace_preempt_on+0x20/0xc0 [ 23.278432] ? __pfx_kthread+0x10/0x10 [ 23.278451] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.278474] ? calculate_sigpending+0x7b/0xa0 [ 23.278498] ? __pfx_kthread+0x10/0x10 [ 23.278517] ret_from_fork+0x116/0x1d0 [ 23.278535] ? __pfx_kthread+0x10/0x10 [ 23.278554] ret_from_fork_asm+0x1a/0x30 [ 23.278584] </TASK> [ 23.278596] [ 23.287960] Allocated by task 250: [ 23.288287] kasan_save_stack+0x45/0x70 [ 23.288476] kasan_save_track+0x18/0x40 [ 23.288662] kasan_save_alloc_info+0x3b/0x50 [ 23.288971] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 23.289390] remove_element+0x11e/0x190 [ 23.289586] mempool_alloc_preallocated+0x4d/0x90 [ 23.289800] mempool_oob_right_helper+0x8a/0x380 [ 23.290022] mempool_kmalloc_oob_right+0xf2/0x150 [ 23.290461] kunit_try_run_case+0x1a5/0x480 [ 23.290627] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.290995] kthread+0x337/0x6f0 [ 23.291300] ret_from_fork+0x116/0x1d0 [ 23.291505] ret_from_fork_asm+0x1a/0x30 [ 23.291803] [ 23.291901] The buggy address belongs to the object at ffff88810257ef00 [ 23.291901] which belongs to the cache kmalloc-128 of size 128 [ 23.292648] The buggy address is located 0 bytes to the right of [ 23.292648] allocated 115-byte region [ffff88810257ef00, ffff88810257ef73) [ 23.293336] [ 23.293548] The buggy address belongs to the physical page: [ 23.293773] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10257e [ 23.294182] flags: 0x200000000000000(node=0|zone=2) [ 23.294483] page_type: f5(slab) [ 23.294676] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.295103] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 23.295432] page dumped because: kasan: bad access detected [ 23.295775] [ 23.295964] Memory state around the buggy address: [ 23.296154] ffff88810257ee00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.296601] ffff88810257ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.296969] >ffff88810257ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.297429] ^ [ 23.297788] ffff88810257ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.298115] ffff88810257f000: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 23.298531] ================================================================== [ 23.329535] ================================================================== [ 23.330037] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 23.330468] Read of size 1 at addr ffff88810259a2bb by task kunit_try_catch/254 [ 23.330770] [ 23.330895] CPU: 0 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 23.330956] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.330972] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.330994] Call Trace: [ 23.331007] <TASK> [ 23.331024] dump_stack_lvl+0x73/0xb0 [ 23.331102] print_report+0xd1/0x650 [ 23.331148] ? __virt_addr_valid+0x1db/0x2d0 [ 23.331173] ? mempool_oob_right_helper+0x318/0x380 [ 23.331194] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.331219] ? mempool_oob_right_helper+0x318/0x380 [ 23.331241] kasan_report+0x141/0x180 [ 23.331271] ? mempool_oob_right_helper+0x318/0x380 [ 23.331296] __asan_report_load1_noabort+0x18/0x20 [ 23.331319] mempool_oob_right_helper+0x318/0x380 [ 23.331353] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 23.331377] ? __pfx_sched_clock_cpu+0x10/0x10 [ 23.331399] ? finish_task_switch.isra.0+0x153/0x700 [ 23.331425] mempool_slab_oob_right+0xed/0x140 [ 23.331448] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 23.331473] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 23.331496] ? __pfx_mempool_free_slab+0x10/0x10 [ 23.331521] ? __pfx_read_tsc+0x10/0x10 [ 23.331542] ? ktime_get_ts64+0x86/0x230 [ 23.331566] kunit_try_run_case+0x1a5/0x480 [ 23.331592] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.331625] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.331645] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.331670] ? __kthread_parkme+0x82/0x180 [ 23.331700] ? preempt_count_sub+0x50/0x80 [ 23.331721] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.331745] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.331776] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.331799] kthread+0x337/0x6f0 [ 23.331818] ? trace_preempt_on+0x20/0xc0 [ 23.331851] ? __pfx_kthread+0x10/0x10 [ 23.331909] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.331952] ? calculate_sigpending+0x7b/0xa0 [ 23.331976] ? __pfx_kthread+0x10/0x10 [ 23.331996] ret_from_fork+0x116/0x1d0 [ 23.332015] ? __pfx_kthread+0x10/0x10 [ 23.332034] ret_from_fork_asm+0x1a/0x30 [ 23.332063] </TASK> [ 23.332075] [ 23.343384] Allocated by task 254: [ 23.343557] kasan_save_stack+0x45/0x70 [ 23.343995] kasan_save_track+0x18/0x40 [ 23.344360] kasan_save_alloc_info+0x3b/0x50 [ 23.344565] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 23.344827] remove_element+0x11e/0x190 [ 23.345272] mempool_alloc_preallocated+0x4d/0x90 [ 23.345459] mempool_oob_right_helper+0x8a/0x380 [ 23.345781] mempool_slab_oob_right+0xed/0x140 [ 23.346195] kunit_try_run_case+0x1a5/0x480 [ 23.346359] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.346601] kthread+0x337/0x6f0 [ 23.346751] ret_from_fork+0x116/0x1d0 [ 23.346919] ret_from_fork_asm+0x1a/0x30 [ 23.347108] [ 23.347560] The buggy address belongs to the object at ffff88810259a240 [ 23.347560] which belongs to the cache test_cache of size 123 [ 23.348407] The buggy address is located 0 bytes to the right of [ 23.348407] allocated 123-byte region [ffff88810259a240, ffff88810259a2bb) [ 23.349152] [ 23.349245] The buggy address belongs to the physical page: [ 23.349671] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10259a [ 23.350244] flags: 0x200000000000000(node=0|zone=2) [ 23.350584] page_type: f5(slab) [ 23.350717] raw: 0200000000000000 ffff888102598000 dead000000000122 0000000000000000 [ 23.351275] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 23.351682] page dumped because: kasan: bad access detected [ 23.352064] [ 23.352169] Memory state around the buggy address: [ 23.352380] ffff88810259a180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.352857] ffff88810259a200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 23.353283] >ffff88810259a280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 23.353670] ^ [ 23.353960] ffff88810259a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.354451] ffff88810259a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.354827] ================================================================== [ 23.301826] ================================================================== [ 23.302530] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 23.302966] Read of size 1 at addr ffff888103966001 by task kunit_try_catch/252 [ 23.303733] [ 23.303848] CPU: 1 UID: 0 PID: 252 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 23.304017] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.304040] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.304062] Call Trace: [ 23.304076] <TASK> [ 23.304094] dump_stack_lvl+0x73/0xb0 [ 23.304124] print_report+0xd1/0x650 [ 23.304144] ? __virt_addr_valid+0x1db/0x2d0 [ 23.304170] ? mempool_oob_right_helper+0x318/0x380 [ 23.304191] ? kasan_addr_to_slab+0x11/0xa0 [ 23.304210] ? mempool_oob_right_helper+0x318/0x380 [ 23.304231] kasan_report+0x141/0x180 [ 23.304251] ? mempool_oob_right_helper+0x318/0x380 [ 23.304277] __asan_report_load1_noabort+0x18/0x20 [ 23.304299] mempool_oob_right_helper+0x318/0x380 [ 23.304321] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 23.304351] ? __kasan_check_write+0x18/0x20 [ 23.304373] ? __pfx_sched_clock_cpu+0x10/0x10 [ 23.304394] ? finish_task_switch.isra.0+0x153/0x700 [ 23.304420] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 23.304442] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 23.304468] ? __pfx_mempool_kmalloc+0x10/0x10 [ 23.304491] ? __pfx_mempool_kfree+0x10/0x10 [ 23.304513] ? __pfx_read_tsc+0x10/0x10 [ 23.304533] ? ktime_get_ts64+0x86/0x230 [ 23.304557] kunit_try_run_case+0x1a5/0x480 [ 23.304581] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.304602] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.304622] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.304646] ? __kthread_parkme+0x82/0x180 [ 23.304665] ? preempt_count_sub+0x50/0x80 [ 23.304686] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.304708] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.304732] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.304755] kthread+0x337/0x6f0 [ 23.304773] ? trace_preempt_on+0x20/0xc0 [ 23.304795] ? __pfx_kthread+0x10/0x10 [ 23.304816] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.304837] ? calculate_sigpending+0x7b/0xa0 [ 23.304861] ? __pfx_kthread+0x10/0x10 [ 23.304881] ret_from_fork+0x116/0x1d0 [ 23.304899] ? __pfx_kthread+0x10/0x10 [ 23.304918] ret_from_fork_asm+0x1a/0x30 [ 23.304959] </TASK> [ 23.304971] [ 23.313295] The buggy address belongs to the physical page: [ 23.313858] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103964 [ 23.314240] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.314900] flags: 0x200000000000040(head|node=0|zone=2) [ 23.315159] page_type: f8(unknown) [ 23.315392] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.315665] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.316648] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.317233] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.317639] head: 0200000000000002 ffffea00040e5901 00000000ffffffff 00000000ffffffff [ 23.317976] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.318307] page dumped because: kasan: bad access detected [ 23.318534] [ 23.318604] Memory state around the buggy address: [ 23.318818] ffff888103965f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.319235] ffff888103965f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.319521] >ffff888103966000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.319961] ^ [ 23.320105] ffff888103966080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.320460] ffff888103966100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.320774] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 22.703009] ================================================================== [ 22.703686] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x1bf/0x380 [ 22.704460] Read of size 1 at addr ffff888103ae5280 by task kunit_try_catch/244 [ 22.705285] [ 22.705550] CPU: 1 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 22.705604] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.705616] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.705644] Call Trace: [ 22.705657] <TASK> [ 22.705676] dump_stack_lvl+0x73/0xb0 [ 22.705707] print_report+0xd1/0x650 [ 22.705727] ? __virt_addr_valid+0x1db/0x2d0 [ 22.705751] ? kmem_cache_double_destroy+0x1bf/0x380 [ 22.705774] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.705798] ? kmem_cache_double_destroy+0x1bf/0x380 [ 22.705820] kasan_report+0x141/0x180 [ 22.705840] ? kmem_cache_double_destroy+0x1bf/0x380 [ 22.705865] ? kmem_cache_double_destroy+0x1bf/0x380 [ 22.705887] __kasan_check_byte+0x3d/0x50 [ 22.705907] kmem_cache_destroy+0x25/0x1d0 [ 22.705933] kmem_cache_double_destroy+0x1bf/0x380 [ 22.705979] ? __pfx_kmem_cache_double_destroy+0x10/0x10 [ 22.706000] ? finish_task_switch.isra.0+0x153/0x700 [ 22.706023] ? __switch_to+0x47/0xf50 [ 22.706050] ? __pfx_read_tsc+0x10/0x10 [ 22.706072] ? ktime_get_ts64+0x86/0x230 [ 22.706095] kunit_try_run_case+0x1a5/0x480 [ 22.706121] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.706142] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.706163] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.706188] ? __kthread_parkme+0x82/0x180 [ 22.706207] ? preempt_count_sub+0x50/0x80 [ 22.706229] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.706256] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.706278] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.706300] kthread+0x337/0x6f0 [ 22.706318] ? trace_preempt_on+0x20/0xc0 [ 22.706342] ? __pfx_kthread+0x10/0x10 [ 22.706360] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.706382] ? calculate_sigpending+0x7b/0xa0 [ 22.706405] ? __pfx_kthread+0x10/0x10 [ 22.706425] ret_from_fork+0x116/0x1d0 [ 22.706443] ? __pfx_kthread+0x10/0x10 [ 22.706462] ret_from_fork_asm+0x1a/0x30 [ 22.706492] </TASK> [ 22.706503] [ 22.718239] Allocated by task 244: [ 22.718369] kasan_save_stack+0x45/0x70 [ 22.718507] kasan_save_track+0x18/0x40 [ 22.718633] kasan_save_alloc_info+0x3b/0x50 [ 22.718770] __kasan_slab_alloc+0x91/0xa0 [ 22.719274] kmem_cache_alloc_noprof+0x123/0x3f0 [ 22.719456] __kmem_cache_create_args+0x169/0x240 [ 22.719652] kmem_cache_double_destroy+0xd5/0x380 [ 22.720144] kunit_try_run_case+0x1a5/0x480 [ 22.720437] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.720830] kthread+0x337/0x6f0 [ 22.721129] ret_from_fork+0x116/0x1d0 [ 22.721419] ret_from_fork_asm+0x1a/0x30 [ 22.721616] [ 22.721699] Freed by task 244: [ 22.722054] kasan_save_stack+0x45/0x70 [ 22.722388] kasan_save_track+0x18/0x40 [ 22.722579] kasan_save_free_info+0x3f/0x60 [ 22.722764] __kasan_slab_free+0x56/0x70 [ 22.723125] kmem_cache_free+0x249/0x420 [ 22.723500] slab_kmem_cache_release+0x2e/0x40 [ 22.723810] kmem_cache_release+0x16/0x20 [ 22.724092] kobject_put+0x181/0x450 [ 22.724446] sysfs_slab_release+0x16/0x20 [ 22.724719] kmem_cache_destroy+0xf0/0x1d0 [ 22.725099] kmem_cache_double_destroy+0x14e/0x380 [ 22.725505] kunit_try_run_case+0x1a5/0x480 [ 22.725696] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.726131] kthread+0x337/0x6f0 [ 22.726428] ret_from_fork+0x116/0x1d0 [ 22.726796] ret_from_fork_asm+0x1a/0x30 [ 22.727072] [ 22.727189] The buggy address belongs to the object at ffff888103ae5280 [ 22.727189] which belongs to the cache kmem_cache of size 208 [ 22.727664] The buggy address is located 0 bytes inside of [ 22.727664] freed 208-byte region [ffff888103ae5280, ffff888103ae5350) [ 22.728553] [ 22.728664] The buggy address belongs to the physical page: [ 22.729256] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ae5 [ 22.729778] flags: 0x200000000000000(node=0|zone=2) [ 22.730138] page_type: f5(slab) [ 22.730623] raw: 0200000000000000 ffff888100041000 dead000000000122 0000000000000000 [ 22.730968] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 22.731521] page dumped because: kasan: bad access detected [ 22.732321] [ 22.732424] Memory state around the buggy address: [ 22.732580] ffff888103ae5180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.733057] ffff888103ae5200: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.733605] >ffff888103ae5280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.733972] ^ [ 22.734235] ffff888103ae5300: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 22.734480] ffff888103ae5380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.734761] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 22.643210] ================================================================== [ 22.643668] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x3e3/0x510 [ 22.644199] Read of size 1 at addr ffff888103ac1000 by task kunit_try_catch/242 [ 22.644496] [ 22.644588] CPU: 1 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 22.644641] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.644654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.644676] Call Trace: [ 22.644690] <TASK> [ 22.644709] dump_stack_lvl+0x73/0xb0 [ 22.644739] print_report+0xd1/0x650 [ 22.644761] ? __virt_addr_valid+0x1db/0x2d0 [ 22.644787] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 22.644809] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.644835] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 22.644858] kasan_report+0x141/0x180 [ 22.644881] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 22.644914] __asan_report_load1_noabort+0x18/0x20 [ 22.644937] kmem_cache_rcu_uaf+0x3e3/0x510 [ 22.644973] ? __pfx_kmem_cache_rcu_uaf+0x10/0x10 [ 22.644994] ? finish_task_switch.isra.0+0x153/0x700 [ 22.645016] ? __switch_to+0x47/0xf50 [ 22.645052] ? __pfx_read_tsc+0x10/0x10 [ 22.645073] ? ktime_get_ts64+0x86/0x230 [ 22.645103] kunit_try_run_case+0x1a5/0x480 [ 22.645130] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.645151] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.645173] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.645199] ? __kthread_parkme+0x82/0x180 [ 22.645220] ? preempt_count_sub+0x50/0x80 [ 22.645246] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.645270] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.645294] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.645316] kthread+0x337/0x6f0 [ 22.645335] ? trace_preempt_on+0x20/0xc0 [ 22.645360] ? __pfx_kthread+0x10/0x10 [ 22.645381] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.645403] ? calculate_sigpending+0x7b/0xa0 [ 22.645428] ? __pfx_kthread+0x10/0x10 [ 22.645451] ret_from_fork+0x116/0x1d0 [ 22.645468] ? __pfx_kthread+0x10/0x10 [ 22.645489] ret_from_fork_asm+0x1a/0x30 [ 22.645530] </TASK> [ 22.645540] [ 22.653069] Allocated by task 242: [ 22.653318] kasan_save_stack+0x45/0x70 [ 22.653529] kasan_save_track+0x18/0x40 [ 22.653674] kasan_save_alloc_info+0x3b/0x50 [ 22.653935] __kasan_slab_alloc+0x91/0xa0 [ 22.654340] kmem_cache_alloc_noprof+0x123/0x3f0 [ 22.654527] kmem_cache_rcu_uaf+0x155/0x510 [ 22.654726] kunit_try_run_case+0x1a5/0x480 [ 22.655140] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.655319] kthread+0x337/0x6f0 [ 22.655432] ret_from_fork+0x116/0x1d0 [ 22.655571] ret_from_fork_asm+0x1a/0x30 [ 22.655757] [ 22.655841] Freed by task 0: [ 22.656065] kasan_save_stack+0x45/0x70 [ 22.656335] kasan_save_track+0x18/0x40 [ 22.656677] kasan_save_free_info+0x3f/0x60 [ 22.657384] __kasan_slab_free+0x56/0x70 [ 22.657527] slab_free_after_rcu_debug+0xe4/0x310 [ 22.657730] rcu_core+0x66f/0x1c40 [ 22.658470] rcu_core_si+0x12/0x20 [ 22.658644] handle_softirqs+0x209/0x730 [ 22.658792] __irq_exit_rcu+0xc9/0x110 [ 22.659656] irq_exit_rcu+0x12/0x20 [ 22.659964] sysvec_apic_timer_interrupt+0x81/0x90 [ 22.660216] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 22.660672] [ 22.660791] Last potentially related work creation: [ 22.661278] kasan_save_stack+0x45/0x70 [ 22.661441] kasan_record_aux_stack+0xb2/0xc0 [ 22.661773] kmem_cache_free+0x131/0x420 [ 22.662025] kmem_cache_rcu_uaf+0x194/0x510 [ 22.662435] kunit_try_run_case+0x1a5/0x480 [ 22.662634] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.663110] kthread+0x337/0x6f0 [ 22.663368] ret_from_fork+0x116/0x1d0 [ 22.663568] ret_from_fork_asm+0x1a/0x30 [ 22.663773] [ 22.663859] The buggy address belongs to the object at ffff888103ac1000 [ 22.663859] which belongs to the cache test_cache of size 200 [ 22.664604] The buggy address is located 0 bytes inside of [ 22.664604] freed 200-byte region [ffff888103ac1000, ffff888103ac10c8) [ 22.665289] [ 22.665389] The buggy address belongs to the physical page: [ 22.665630] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ac1 [ 22.666044] flags: 0x200000000000000(node=0|zone=2) [ 22.666530] page_type: f5(slab) [ 22.666670] raw: 0200000000000000 ffff888103ae5140 dead000000000122 0000000000000000 [ 22.667389] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 22.667705] page dumped because: kasan: bad access detected [ 22.668340] [ 22.668428] Memory state around the buggy address: [ 22.668867] ffff888103ac0f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.669374] ffff888103ac0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.669660] >ffff888103ac1000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.670285] ^ [ 22.670432] ffff888103ac1080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 22.671053] ffff888103ac1100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.671396] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 22.584365] ================================================================== [ 22.585317] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 22.585902] Free of addr ffff888102595001 by task kunit_try_catch/240 [ 22.586160] [ 22.586445] CPU: 0 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 22.586499] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.586513] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.586534] Call Trace: [ 22.586548] <TASK> [ 22.586565] dump_stack_lvl+0x73/0xb0 [ 22.586594] print_report+0xd1/0x650 [ 22.586614] ? __virt_addr_valid+0x1db/0x2d0 [ 22.586638] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.586663] ? kmem_cache_invalid_free+0x1d8/0x460 [ 22.586913] kasan_report_invalid_free+0x10a/0x130 [ 22.586968] ? kmem_cache_invalid_free+0x1d8/0x460 [ 22.586993] ? kmem_cache_invalid_free+0x1d8/0x460 [ 22.587017] check_slab_allocation+0x11f/0x130 [ 22.587038] __kasan_slab_pre_free+0x28/0x40 [ 22.587057] kmem_cache_free+0xed/0x420 [ 22.587076] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 22.587100] ? kmem_cache_invalid_free+0x1d8/0x460 [ 22.587125] kmem_cache_invalid_free+0x1d8/0x460 [ 22.587148] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 22.587169] ? finish_task_switch.isra.0+0x153/0x700 [ 22.587191] ? __switch_to+0x47/0xf50 [ 22.587219] ? __pfx_read_tsc+0x10/0x10 [ 22.587239] ? ktime_get_ts64+0x86/0x230 [ 22.587264] kunit_try_run_case+0x1a5/0x480 [ 22.587288] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.587309] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.587330] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.587354] ? __kthread_parkme+0x82/0x180 [ 22.587373] ? preempt_count_sub+0x50/0x80 [ 22.587394] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.587417] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.587439] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.587461] kthread+0x337/0x6f0 [ 22.587479] ? trace_preempt_on+0x20/0xc0 [ 22.587502] ? __pfx_kthread+0x10/0x10 [ 22.587521] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.587543] ? calculate_sigpending+0x7b/0xa0 [ 22.587566] ? __pfx_kthread+0x10/0x10 [ 22.587586] ret_from_fork+0x116/0x1d0 [ 22.587604] ? __pfx_kthread+0x10/0x10 [ 22.587623] ret_from_fork_asm+0x1a/0x30 [ 22.587653] </TASK> [ 22.587664] [ 22.603319] Allocated by task 240: [ 22.603658] kasan_save_stack+0x45/0x70 [ 22.604030] kasan_save_track+0x18/0x40 [ 22.604181] kasan_save_alloc_info+0x3b/0x50 [ 22.604624] __kasan_slab_alloc+0x91/0xa0 [ 22.604977] kmem_cache_alloc_noprof+0x123/0x3f0 [ 22.605447] kmem_cache_invalid_free+0x157/0x460 [ 22.605965] kunit_try_run_case+0x1a5/0x480 [ 22.606151] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.606558] kthread+0x337/0x6f0 [ 22.606916] ret_from_fork+0x116/0x1d0 [ 22.607225] ret_from_fork_asm+0x1a/0x30 [ 22.607560] [ 22.607780] The buggy address belongs to the object at ffff888102595000 [ 22.607780] which belongs to the cache test_cache of size 200 [ 22.608457] The buggy address is located 1 bytes inside of [ 22.608457] 200-byte region [ffff888102595000, ffff8881025950c8) [ 22.608775] [ 22.608977] The buggy address belongs to the physical page: [ 22.609403] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102595 [ 22.609968] flags: 0x200000000000000(node=0|zone=2) [ 22.610182] page_type: f5(slab) [ 22.610522] raw: 0200000000000000 ffff8881016b7b40 dead000000000122 0000000000000000 [ 22.610957] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 22.611541] page dumped because: kasan: bad access detected [ 22.611880] [ 22.612080] Memory state around the buggy address: [ 22.612318] ffff888102594f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.612776] ffff888102594f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.613357] >ffff888102595000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.613699] ^ [ 22.613994] ffff888102595080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 22.614433] ffff888102595100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.614716] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 22.553402] ================================================================== [ 22.553835] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 22.554319] Free of addr ffff888103ac0000 by task kunit_try_catch/238 [ 22.554570] [ 22.554679] CPU: 1 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 22.554803] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.554815] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.554887] Call Trace: [ 22.554900] <TASK> [ 22.554956] dump_stack_lvl+0x73/0xb0 [ 22.554987] print_report+0xd1/0x650 [ 22.555024] ? __virt_addr_valid+0x1db/0x2d0 [ 22.555049] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.555073] ? kmem_cache_double_free+0x1e5/0x480 [ 22.555096] kasan_report_invalid_free+0x10a/0x130 [ 22.555117] ? kmem_cache_double_free+0x1e5/0x480 [ 22.555141] ? kmem_cache_double_free+0x1e5/0x480 [ 22.555164] check_slab_allocation+0x101/0x130 [ 22.555183] __kasan_slab_pre_free+0x28/0x40 [ 22.555218] kmem_cache_free+0xed/0x420 [ 22.555237] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 22.555260] ? kmem_cache_double_free+0x1e5/0x480 [ 22.555284] kmem_cache_double_free+0x1e5/0x480 [ 22.555306] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 22.555327] ? finish_task_switch.isra.0+0x153/0x700 [ 22.555348] ? __switch_to+0x47/0xf50 [ 22.555376] ? __pfx_read_tsc+0x10/0x10 [ 22.555397] ? ktime_get_ts64+0x86/0x230 [ 22.555421] kunit_try_run_case+0x1a5/0x480 [ 22.555447] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.555468] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.555489] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.555512] ? __kthread_parkme+0x82/0x180 [ 22.555532] ? preempt_count_sub+0x50/0x80 [ 22.555552] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.555575] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.555597] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.555618] kthread+0x337/0x6f0 [ 22.555637] ? trace_preempt_on+0x20/0xc0 [ 22.555660] ? __pfx_kthread+0x10/0x10 [ 22.555680] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.555701] ? calculate_sigpending+0x7b/0xa0 [ 22.555724] ? __pfx_kthread+0x10/0x10 [ 22.555744] ret_from_fork+0x116/0x1d0 [ 22.555761] ? __pfx_kthread+0x10/0x10 [ 22.555779] ret_from_fork_asm+0x1a/0x30 [ 22.555808] </TASK> [ 22.555818] [ 22.564753] Allocated by task 238: [ 22.565184] kasan_save_stack+0x45/0x70 [ 22.565325] kasan_save_track+0x18/0x40 [ 22.565451] kasan_save_alloc_info+0x3b/0x50 [ 22.565635] __kasan_slab_alloc+0x91/0xa0 [ 22.565826] kmem_cache_alloc_noprof+0x123/0x3f0 [ 22.566056] kmem_cache_double_free+0x14f/0x480 [ 22.566507] kunit_try_run_case+0x1a5/0x480 [ 22.566722] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.566964] kthread+0x337/0x6f0 [ 22.567078] ret_from_fork+0x116/0x1d0 [ 22.567426] ret_from_fork_asm+0x1a/0x30 [ 22.567712] [ 22.567874] Freed by task 238: [ 22.568050] kasan_save_stack+0x45/0x70 [ 22.568283] kasan_save_track+0x18/0x40 [ 22.568412] kasan_save_free_info+0x3f/0x60 [ 22.568589] __kasan_slab_free+0x56/0x70 [ 22.568902] kmem_cache_free+0x249/0x420 [ 22.569228] kmem_cache_double_free+0x16a/0x480 [ 22.569482] kunit_try_run_case+0x1a5/0x480 [ 22.569623] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.569829] kthread+0x337/0x6f0 [ 22.569999] ret_from_fork+0x116/0x1d0 [ 22.570442] ret_from_fork_asm+0x1a/0x30 [ 22.570742] [ 22.570839] The buggy address belongs to the object at ffff888103ac0000 [ 22.570839] which belongs to the cache test_cache of size 200 [ 22.571610] The buggy address is located 0 bytes inside of [ 22.571610] 200-byte region [ffff888103ac0000, ffff888103ac00c8) [ 22.572179] [ 22.572324] The buggy address belongs to the physical page: [ 22.572615] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ac0 [ 22.572905] flags: 0x200000000000000(node=0|zone=2) [ 22.573168] page_type: f5(slab) [ 22.573450] raw: 0200000000000000 ffff888103ae5000 dead000000000122 0000000000000000 [ 22.573751] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 22.574069] page dumped because: kasan: bad access detected [ 22.574413] [ 22.574487] Memory state around the buggy address: [ 22.574700] ffff888103abff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.574988] ffff888103abff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.575279] >ffff888103ac0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.575714] ^ [ 22.575869] ffff888103ac0080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 22.576367] ffff888103ac0100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.577190] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 22.512580] ================================================================== [ 22.513610] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 22.514538] Read of size 1 at addr ffff888103ae50c8 by task kunit_try_catch/236 [ 22.514814] [ 22.514901] CPU: 1 UID: 0 PID: 236 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 22.514959] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.515130] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.515178] Call Trace: [ 22.515192] <TASK> [ 22.515209] dump_stack_lvl+0x73/0xb0 [ 22.515238] print_report+0xd1/0x650 [ 22.515265] ? __virt_addr_valid+0x1db/0x2d0 [ 22.515289] ? kmem_cache_oob+0x402/0x530 [ 22.515309] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.515333] ? kmem_cache_oob+0x402/0x530 [ 22.515354] kasan_report+0x141/0x180 [ 22.515374] ? kmem_cache_oob+0x402/0x530 [ 22.515399] __asan_report_load1_noabort+0x18/0x20 [ 22.515421] kmem_cache_oob+0x402/0x530 [ 22.515440] ? trace_hardirqs_on+0x37/0xe0 [ 22.515462] ? __pfx_kmem_cache_oob+0x10/0x10 [ 22.515482] ? finish_task_switch.isra.0+0x153/0x700 [ 22.515504] ? __switch_to+0x47/0xf50 [ 22.515531] ? __pfx_read_tsc+0x10/0x10 [ 22.515551] ? ktime_get_ts64+0x86/0x230 [ 22.515575] kunit_try_run_case+0x1a5/0x480 [ 22.515600] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.515621] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.515641] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.515665] ? __kthread_parkme+0x82/0x180 [ 22.515684] ? preempt_count_sub+0x50/0x80 [ 22.515705] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.515727] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.515748] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.515770] kthread+0x337/0x6f0 [ 22.515788] ? trace_preempt_on+0x20/0xc0 [ 22.515836] ? __pfx_kthread+0x10/0x10 [ 22.515857] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.515878] ? calculate_sigpending+0x7b/0xa0 [ 22.515902] ? __pfx_kthread+0x10/0x10 [ 22.515922] ret_from_fork+0x116/0x1d0 [ 22.515949] ? __pfx_kthread+0x10/0x10 [ 22.515967] ret_from_fork_asm+0x1a/0x30 [ 22.515996] </TASK> [ 22.516006] [ 22.528823] Allocated by task 236: [ 22.528975] kasan_save_stack+0x45/0x70 [ 22.529127] kasan_save_track+0x18/0x40 [ 22.529302] kasan_save_alloc_info+0x3b/0x50 [ 22.529504] __kasan_slab_alloc+0x91/0xa0 [ 22.529644] kmem_cache_alloc_noprof+0x123/0x3f0 [ 22.529843] kmem_cache_oob+0x157/0x530 [ 22.530071] kunit_try_run_case+0x1a5/0x480 [ 22.530313] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.530529] kthread+0x337/0x6f0 [ 22.530679] ret_from_fork+0x116/0x1d0 [ 22.530849] ret_from_fork_asm+0x1a/0x30 [ 22.531074] [ 22.531138] The buggy address belongs to the object at ffff888103ae5000 [ 22.531138] which belongs to the cache test_cache of size 200 [ 22.531685] The buggy address is located 0 bytes to the right of [ 22.531685] allocated 200-byte region [ffff888103ae5000, ffff888103ae50c8) [ 22.532324] [ 22.532398] The buggy address belongs to the physical page: [ 22.532643] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ae5 [ 22.533356] flags: 0x200000000000000(node=0|zone=2) [ 22.534155] page_type: f5(slab) [ 22.534446] raw: 0200000000000000 ffff888100fdcdc0 dead000000000122 0000000000000000 [ 22.534768] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 22.535300] page dumped because: kasan: bad access detected [ 22.535625] [ 22.535721] Memory state around the buggy address: [ 22.535913] ffff888103ae4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.536429] ffff888103ae5000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.536861] >ffff888103ae5080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 22.537324] ^ [ 22.537672] ffff888103ae5100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.537975] ffff888103ae5180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.538446] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 22.476579] ================================================================== [ 22.477024] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x4d6/0x560 [ 22.477408] Read of size 8 at addr ffff88810258c8c0 by task kunit_try_catch/229 [ 22.477705] [ 22.477830] CPU: 0 UID: 0 PID: 229 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 22.477878] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.477890] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.477911] Call Trace: [ 22.477926] <TASK> [ 22.477954] dump_stack_lvl+0x73/0xb0 [ 22.477984] print_report+0xd1/0x650 [ 22.478005] ? __virt_addr_valid+0x1db/0x2d0 [ 22.478030] ? workqueue_uaf+0x4d6/0x560 [ 22.478083] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.478110] ? workqueue_uaf+0x4d6/0x560 [ 22.478131] kasan_report+0x141/0x180 [ 22.478154] ? workqueue_uaf+0x4d6/0x560 [ 22.478179] __asan_report_load8_noabort+0x18/0x20 [ 22.478203] workqueue_uaf+0x4d6/0x560 [ 22.478225] ? __pfx_workqueue_uaf+0x10/0x10 [ 22.478248] ? __schedule+0x10cc/0x2b60 [ 22.478530] ? __pfx_read_tsc+0x10/0x10 [ 22.478567] ? ktime_get_ts64+0x86/0x230 [ 22.478610] kunit_try_run_case+0x1a5/0x480 [ 22.478638] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.478663] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.478686] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.478711] ? __kthread_parkme+0x82/0x180 [ 22.478733] ? preempt_count_sub+0x50/0x80 [ 22.478757] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.478782] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.478806] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.479133] kthread+0x337/0x6f0 [ 22.479158] ? trace_preempt_on+0x20/0xc0 [ 22.479184] ? __pfx_kthread+0x10/0x10 [ 22.479206] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.479231] ? calculate_sigpending+0x7b/0xa0 [ 22.479255] ? __pfx_kthread+0x10/0x10 [ 22.479277] ret_from_fork+0x116/0x1d0 [ 22.479297] ? __pfx_kthread+0x10/0x10 [ 22.479318] ret_from_fork_asm+0x1a/0x30 [ 22.479348] </TASK> [ 22.479360] [ 22.488912] Allocated by task 229: [ 22.489085] kasan_save_stack+0x45/0x70 [ 22.489333] kasan_save_track+0x18/0x40 [ 22.489552] kasan_save_alloc_info+0x3b/0x50 [ 22.489735] __kasan_kmalloc+0xb7/0xc0 [ 22.489957] __kmalloc_cache_noprof+0x189/0x420 [ 22.490155] workqueue_uaf+0x152/0x560 [ 22.490276] kunit_try_run_case+0x1a5/0x480 [ 22.490411] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.491082] kthread+0x337/0x6f0 [ 22.491292] ret_from_fork+0x116/0x1d0 [ 22.491470] ret_from_fork_asm+0x1a/0x30 [ 22.491622] [ 22.491721] Freed by task 9: [ 22.492032] kasan_save_stack+0x45/0x70 [ 22.492243] kasan_save_track+0x18/0x40 [ 22.492510] kasan_save_free_info+0x3f/0x60 [ 22.492722] __kasan_slab_free+0x56/0x70 [ 22.493030] kfree+0x222/0x3f0 [ 22.493158] workqueue_uaf_work+0x12/0x20 [ 22.493284] process_one_work+0x5ee/0xf60 [ 22.493412] worker_thread+0x758/0x1220 [ 22.493538] kthread+0x337/0x6f0 [ 22.493799] ret_from_fork+0x116/0x1d0 [ 22.494113] ret_from_fork_asm+0x1a/0x30 [ 22.494331] [ 22.494431] Last potentially related work creation: [ 22.494714] kasan_save_stack+0x45/0x70 [ 22.495450] kasan_record_aux_stack+0xb2/0xc0 [ 22.495627] __queue_work+0x61a/0xe70 [ 22.496333] queue_work_on+0xb6/0xc0 [ 22.496477] workqueue_uaf+0x26d/0x560 [ 22.496877] kunit_try_run_case+0x1a5/0x480 [ 22.497351] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.497684] kthread+0x337/0x6f0 [ 22.497968] ret_from_fork+0x116/0x1d0 [ 22.498134] ret_from_fork_asm+0x1a/0x30 [ 22.498512] [ 22.498609] The buggy address belongs to the object at ffff88810258c8c0 [ 22.498609] which belongs to the cache kmalloc-32 of size 32 [ 22.499413] The buggy address is located 0 bytes inside of [ 22.499413] freed 32-byte region [ffff88810258c8c0, ffff88810258c8e0) [ 22.500017] [ 22.500117] The buggy address belongs to the physical page: [ 22.500374] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10258c [ 22.500702] flags: 0x200000000000000(node=0|zone=2) [ 22.501000] page_type: f5(slab) [ 22.501177] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 22.501500] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 22.501861] page dumped because: kasan: bad access detected [ 22.502202] [ 22.502297] Memory state around the buggy address: [ 22.502514] ffff88810258c780: 00 00 05 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 22.502823] ffff88810258c800: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 22.503370] >ffff88810258c880: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 22.503639] ^ [ 22.503865] ffff88810258c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.504174] ffff88810258c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.504457] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 22.436924] ================================================================== [ 22.437355] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x50/0x60 [ 22.437689] Read of size 4 at addr ffff88810258c800 by task swapper/0/0 [ 22.438039] [ 22.438128] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 22.438175] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.438187] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.438207] Call Trace: [ 22.438234] <IRQ> [ 22.438251] dump_stack_lvl+0x73/0xb0 [ 22.438280] print_report+0xd1/0x650 [ 22.438300] ? __virt_addr_valid+0x1db/0x2d0 [ 22.438324] ? rcu_uaf_reclaim+0x50/0x60 [ 22.438343] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.438367] ? rcu_uaf_reclaim+0x50/0x60 [ 22.438386] kasan_report+0x141/0x180 [ 22.438406] ? rcu_uaf_reclaim+0x50/0x60 [ 22.438429] __asan_report_load4_noabort+0x18/0x20 [ 22.438452] rcu_uaf_reclaim+0x50/0x60 [ 22.438519] rcu_core+0x66f/0x1c40 [ 22.438548] ? __pfx_rcu_core+0x10/0x10 [ 22.438569] ? ktime_get+0x6b/0x150 [ 22.438602] ? handle_softirqs+0x18e/0x730 [ 22.438627] rcu_core_si+0x12/0x20 [ 22.438646] handle_softirqs+0x209/0x730 [ 22.438666] ? hrtimer_interrupt+0x2fe/0x780 [ 22.438687] ? __pfx_handle_softirqs+0x10/0x10 [ 22.438710] __irq_exit_rcu+0xc9/0x110 [ 22.438729] irq_exit_rcu+0x12/0x20 [ 22.438748] sysvec_apic_timer_interrupt+0x81/0x90 [ 22.438769] </IRQ> [ 22.438795] <TASK> [ 22.438806] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 22.438946] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 22.439153] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d a3 bf 19 00 fb f4 <e9> 7c 1d 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 22.439231] RSP: 0000:ffffffffb1e07dd8 EFLAGS: 00010216 [ 22.439318] RAX: ffff8881a7e2e000 RBX: ffffffffb1e1cac0 RCX: ffffffffb0cef165 [ 22.439362] RDX: ffffed102b606193 RSI: 0000000000000004 RDI: 00000000000d84cc [ 22.439404] RBP: ffffffffb1e07de0 R08: 0000000000000001 R09: ffffed102b606192 [ 22.439446] R10: ffff88815b030c93 R11: 000000000000d400 R12: 0000000000000000 [ 22.439488] R13: fffffbfff63c3958 R14: ffffffffb29eacd0 R15: 0000000000000000 [ 22.439542] ? ct_kernel_exit.constprop.0+0xa5/0xd0 [ 22.439590] ? default_idle+0xd/0x20 [ 22.439609] arch_cpu_idle+0xd/0x20 [ 22.439628] default_idle_call+0x48/0x80 [ 22.439647] do_idle+0x379/0x4f0 [ 22.439672] ? __pfx_do_idle+0x10/0x10 [ 22.439698] cpu_startup_entry+0x5c/0x70 [ 22.439720] rest_init+0x11a/0x140 [ 22.439739] ? acpi_subsystem_init+0x5d/0x150 [ 22.439763] start_kernel+0x352/0x400 [ 22.439785] x86_64_start_reservations+0x1c/0x30 [ 22.439869] x86_64_start_kernel+0x10d/0x120 [ 22.439899] common_startup_64+0x13e/0x148 [ 22.439932] </TASK> [ 22.439956] [ 22.453196] Allocated by task 227: [ 22.453514] kasan_save_stack+0x45/0x70 [ 22.453715] kasan_save_track+0x18/0x40 [ 22.453978] kasan_save_alloc_info+0x3b/0x50 [ 22.454167] __kasan_kmalloc+0xb7/0xc0 [ 22.454597] __kmalloc_cache_noprof+0x189/0x420 [ 22.454772] rcu_uaf+0xb0/0x330 [ 22.455156] kunit_try_run_case+0x1a5/0x480 [ 22.455499] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.455689] kthread+0x337/0x6f0 [ 22.455935] ret_from_fork+0x116/0x1d0 [ 22.456292] ret_from_fork_asm+0x1a/0x30 [ 22.456531] [ 22.456617] Freed by task 0: [ 22.456755] kasan_save_stack+0x45/0x70 [ 22.457211] kasan_save_track+0x18/0x40 [ 22.457395] kasan_save_free_info+0x3f/0x60 [ 22.457672] __kasan_slab_free+0x56/0x70 [ 22.457960] kfree+0x222/0x3f0 [ 22.458098] rcu_uaf_reclaim+0x1f/0x60 [ 22.458249] rcu_core+0x66f/0x1c40 [ 22.458403] rcu_core_si+0x12/0x20 [ 22.458554] handle_softirqs+0x209/0x730 [ 22.458711] __irq_exit_rcu+0xc9/0x110 [ 22.459211] irq_exit_rcu+0x12/0x20 [ 22.459427] sysvec_apic_timer_interrupt+0x81/0x90 [ 22.459770] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 22.460140] [ 22.460268] Last potentially related work creation: [ 22.460479] kasan_save_stack+0x45/0x70 [ 22.460648] kasan_record_aux_stack+0xb2/0xc0 [ 22.460918] __call_rcu_common.constprop.0+0x7b/0x9e0 [ 22.461171] call_rcu+0x12/0x20 [ 22.461308] rcu_uaf+0x168/0x330 [ 22.461460] kunit_try_run_case+0x1a5/0x480 [ 22.461673] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.462014] kthread+0x337/0x6f0 [ 22.462546] ret_from_fork+0x116/0x1d0 [ 22.462726] ret_from_fork_asm+0x1a/0x30 [ 22.463068] [ 22.463149] The buggy address belongs to the object at ffff88810258c800 [ 22.463149] which belongs to the cache kmalloc-32 of size 32 [ 22.463660] The buggy address is located 0 bytes inside of [ 22.463660] freed 32-byte region [ffff88810258c800, ffff88810258c820) [ 22.464227] [ 22.464376] The buggy address belongs to the physical page: [ 22.464665] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10258c [ 22.465107] flags: 0x200000000000000(node=0|zone=2) [ 22.465359] page_type: f5(slab) [ 22.465543] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 22.465972] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 22.466416] page dumped because: kasan: bad access detected [ 22.466671] [ 22.466751] Memory state around the buggy address: [ 22.466973] ffff88810258c700: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 22.467281] ffff88810258c780: 00 00 05 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 22.467851] >ffff88810258c800: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 22.468497] ^ [ 22.468644] ffff88810258c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.469403] ffff88810258c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.469797] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 22.358165] ================================================================== [ 22.359072] BUG: KASAN: slab-use-after-free in ksize_uaf+0x19d/0x6c0 [ 22.359366] Read of size 1 at addr ffff8881039c3700 by task kunit_try_catch/225 [ 22.359739] [ 22.359828] CPU: 1 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 22.359880] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.359892] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.359913] Call Trace: [ 22.359926] <TASK> [ 22.359954] dump_stack_lvl+0x73/0xb0 [ 22.359992] print_report+0xd1/0x650 [ 22.360013] ? __virt_addr_valid+0x1db/0x2d0 [ 22.360036] ? ksize_uaf+0x19d/0x6c0 [ 22.360054] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.360078] ? ksize_uaf+0x19d/0x6c0 [ 22.360097] kasan_report+0x141/0x180 [ 22.360129] ? ksize_uaf+0x19d/0x6c0 [ 22.360159] ? ksize_uaf+0x19d/0x6c0 [ 22.360178] __kasan_check_byte+0x3d/0x50 [ 22.360209] ksize+0x20/0x60 [ 22.360232] ksize_uaf+0x19d/0x6c0 [ 22.360259] ? __pfx_ksize_uaf+0x10/0x10 [ 22.360278] ? __schedule+0x10cc/0x2b60 [ 22.360302] ? __pfx_read_tsc+0x10/0x10 [ 22.360339] ? ktime_get_ts64+0x86/0x230 [ 22.360364] kunit_try_run_case+0x1a5/0x480 [ 22.360395] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.360416] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.360561] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.360592] ? __kthread_parkme+0x82/0x180 [ 22.360612] ? preempt_count_sub+0x50/0x80 [ 22.360640] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.360662] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.360684] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.360705] kthread+0x337/0x6f0 [ 22.360723] ? trace_preempt_on+0x20/0xc0 [ 22.360745] ? __pfx_kthread+0x10/0x10 [ 22.360763] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.360784] ? calculate_sigpending+0x7b/0xa0 [ 22.360806] ? __pfx_kthread+0x10/0x10 [ 22.360826] ret_from_fork+0x116/0x1d0 [ 22.360843] ? __pfx_kthread+0x10/0x10 [ 22.360862] ret_from_fork_asm+0x1a/0x30 [ 22.360890] </TASK> [ 22.360901] [ 22.369242] Allocated by task 225: [ 22.369400] kasan_save_stack+0x45/0x70 [ 22.369592] kasan_save_track+0x18/0x40 [ 22.369829] kasan_save_alloc_info+0x3b/0x50 [ 22.370219] __kasan_kmalloc+0xb7/0xc0 [ 22.370369] __kmalloc_cache_noprof+0x189/0x420 [ 22.370515] ksize_uaf+0xaa/0x6c0 [ 22.370627] kunit_try_run_case+0x1a5/0x480 [ 22.370819] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.371081] kthread+0x337/0x6f0 [ 22.371246] ret_from_fork+0x116/0x1d0 [ 22.371444] ret_from_fork_asm+0x1a/0x30 [ 22.371604] [ 22.371704] Freed by task 225: [ 22.371884] kasan_save_stack+0x45/0x70 [ 22.372073] kasan_save_track+0x18/0x40 [ 22.372335] kasan_save_free_info+0x3f/0x60 [ 22.372514] __kasan_slab_free+0x56/0x70 [ 22.372704] kfree+0x222/0x3f0 [ 22.372883] ksize_uaf+0x12c/0x6c0 [ 22.373228] kunit_try_run_case+0x1a5/0x480 [ 22.373433] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.373664] kthread+0x337/0x6f0 [ 22.373856] ret_from_fork+0x116/0x1d0 [ 22.374026] ret_from_fork_asm+0x1a/0x30 [ 22.374258] [ 22.374325] The buggy address belongs to the object at ffff8881039c3700 [ 22.374325] which belongs to the cache kmalloc-128 of size 128 [ 22.374666] The buggy address is located 0 bytes inside of [ 22.374666] freed 128-byte region [ffff8881039c3700, ffff8881039c3780) [ 22.375316] [ 22.375419] The buggy address belongs to the physical page: [ 22.375706] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039c3 [ 22.376182] flags: 0x200000000000000(node=0|zone=2) [ 22.376354] page_type: f5(slab) [ 22.376467] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.376716] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.377360] page dumped because: kasan: bad access detected [ 22.377610] [ 22.377677] Memory state around the buggy address: [ 22.377876] ffff8881039c3600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.378198] ffff8881039c3680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.378522] >ffff8881039c3700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.378809] ^ [ 22.379015] ffff8881039c3780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.379392] ffff8881039c3800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.379595] ================================================================== [ 22.380174] ================================================================== [ 22.380750] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5fe/0x6c0 [ 22.381293] Read of size 1 at addr ffff8881039c3700 by task kunit_try_catch/225 [ 22.381541] [ 22.381655] CPU: 1 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 22.381697] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.381709] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.381740] Call Trace: [ 22.381753] <TASK> [ 22.381768] dump_stack_lvl+0x73/0xb0 [ 22.381791] print_report+0xd1/0x650 [ 22.381810] ? __virt_addr_valid+0x1db/0x2d0 [ 22.381882] ? ksize_uaf+0x5fe/0x6c0 [ 22.381914] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.381947] ? ksize_uaf+0x5fe/0x6c0 [ 22.381968] kasan_report+0x141/0x180 [ 22.381988] ? ksize_uaf+0x5fe/0x6c0 [ 22.382011] __asan_report_load1_noabort+0x18/0x20 [ 22.382042] ksize_uaf+0x5fe/0x6c0 [ 22.382060] ? __pfx_ksize_uaf+0x10/0x10 [ 22.382079] ? __schedule+0x10cc/0x2b60 [ 22.382112] ? __pfx_read_tsc+0x10/0x10 [ 22.382133] ? ktime_get_ts64+0x86/0x230 [ 22.382155] kunit_try_run_case+0x1a5/0x480 [ 22.382179] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.382201] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.382230] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.382253] ? __kthread_parkme+0x82/0x180 [ 22.382271] ? preempt_count_sub+0x50/0x80 [ 22.382303] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.382325] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.382347] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.382377] kthread+0x337/0x6f0 [ 22.382395] ? trace_preempt_on+0x20/0xc0 [ 22.382415] ? __pfx_kthread+0x10/0x10 [ 22.382436] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.382467] ? calculate_sigpending+0x7b/0xa0 [ 22.382489] ? __pfx_kthread+0x10/0x10 [ 22.382508] ret_from_fork+0x116/0x1d0 [ 22.382534] ? __pfx_kthread+0x10/0x10 [ 22.382553] ret_from_fork_asm+0x1a/0x30 [ 22.382581] </TASK> [ 22.382590] [ 22.390496] Allocated by task 225: [ 22.390650] kasan_save_stack+0x45/0x70 [ 22.390845] kasan_save_track+0x18/0x40 [ 22.391025] kasan_save_alloc_info+0x3b/0x50 [ 22.391289] __kasan_kmalloc+0xb7/0xc0 [ 22.391451] __kmalloc_cache_noprof+0x189/0x420 [ 22.391675] ksize_uaf+0xaa/0x6c0 [ 22.391793] kunit_try_run_case+0x1a5/0x480 [ 22.392102] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.392359] kthread+0x337/0x6f0 [ 22.392546] ret_from_fork+0x116/0x1d0 [ 22.392725] ret_from_fork_asm+0x1a/0x30 [ 22.392977] [ 22.393097] Freed by task 225: [ 22.393361] kasan_save_stack+0x45/0x70 [ 22.393566] kasan_save_track+0x18/0x40 [ 22.393763] kasan_save_free_info+0x3f/0x60 [ 22.393999] __kasan_slab_free+0x56/0x70 [ 22.394270] kfree+0x222/0x3f0 [ 22.394390] ksize_uaf+0x12c/0x6c0 [ 22.394502] kunit_try_run_case+0x1a5/0x480 [ 22.394634] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.394793] kthread+0x337/0x6f0 [ 22.395155] ret_from_fork+0x116/0x1d0 [ 22.395372] ret_from_fork_asm+0x1a/0x30 [ 22.395605] [ 22.395692] The buggy address belongs to the object at ffff8881039c3700 [ 22.395692] which belongs to the cache kmalloc-128 of size 128 [ 22.396267] The buggy address is located 0 bytes inside of [ 22.396267] freed 128-byte region [ffff8881039c3700, ffff8881039c3780) [ 22.396594] [ 22.396655] The buggy address belongs to the physical page: [ 22.396813] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039c3 [ 22.397191] flags: 0x200000000000000(node=0|zone=2) [ 22.397506] page_type: f5(slab) [ 22.397845] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.398389] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.398712] page dumped because: kasan: bad access detected [ 22.399064] [ 22.399138] Memory state around the buggy address: [ 22.399383] ffff8881039c3600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.399656] ffff8881039c3680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.399912] >ffff8881039c3700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.400431] ^ [ 22.400667] ffff8881039c3780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.401007] ffff8881039c3800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.401232] ================================================================== [ 22.402223] ================================================================== [ 22.402588] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5e4/0x6c0 [ 22.402987] Read of size 1 at addr ffff8881039c3778 by task kunit_try_catch/225 [ 22.403386] [ 22.403469] CPU: 1 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 22.403512] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.403524] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.403544] Call Trace: [ 22.403558] <TASK> [ 22.403571] dump_stack_lvl+0x73/0xb0 [ 22.403594] print_report+0xd1/0x650 [ 22.403613] ? __virt_addr_valid+0x1db/0x2d0 [ 22.403633] ? ksize_uaf+0x5e4/0x6c0 [ 22.403651] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.403675] ? ksize_uaf+0x5e4/0x6c0 [ 22.403693] kasan_report+0x141/0x180 [ 22.403713] ? ksize_uaf+0x5e4/0x6c0 [ 22.403735] __asan_report_load1_noabort+0x18/0x20 [ 22.403757] ksize_uaf+0x5e4/0x6c0 [ 22.403775] ? __pfx_ksize_uaf+0x10/0x10 [ 22.403794] ? __schedule+0x10cc/0x2b60 [ 22.403817] ? __pfx_read_tsc+0x10/0x10 [ 22.403837] ? ktime_get_ts64+0x86/0x230 [ 22.403860] kunit_try_run_case+0x1a5/0x480 [ 22.403883] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.403987] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.404007] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.404030] ? __kthread_parkme+0x82/0x180 [ 22.404060] ? preempt_count_sub+0x50/0x80 [ 22.404081] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.404103] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.404125] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.404147] kthread+0x337/0x6f0 [ 22.404165] ? trace_preempt_on+0x20/0xc0 [ 22.404186] ? __pfx_kthread+0x10/0x10 [ 22.404204] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.404226] ? calculate_sigpending+0x7b/0xa0 [ 22.404247] ? __pfx_kthread+0x10/0x10 [ 22.404267] ret_from_fork+0x116/0x1d0 [ 22.404284] ? __pfx_kthread+0x10/0x10 [ 22.404302] ret_from_fork_asm+0x1a/0x30 [ 22.404335] </TASK> [ 22.404345] [ 22.412917] Allocated by task 225: [ 22.413054] kasan_save_stack+0x45/0x70 [ 22.413182] kasan_save_track+0x18/0x40 [ 22.413303] kasan_save_alloc_info+0x3b/0x50 [ 22.413497] __kasan_kmalloc+0xb7/0xc0 [ 22.413683] __kmalloc_cache_noprof+0x189/0x420 [ 22.413889] ksize_uaf+0xaa/0x6c0 [ 22.414057] kunit_try_run_case+0x1a5/0x480 [ 22.414300] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.414620] kthread+0x337/0x6f0 [ 22.414769] ret_from_fork+0x116/0x1d0 [ 22.415016] ret_from_fork_asm+0x1a/0x30 [ 22.415191] [ 22.415293] Freed by task 225: [ 22.415441] kasan_save_stack+0x45/0x70 [ 22.415682] kasan_save_track+0x18/0x40 [ 22.415885] kasan_save_free_info+0x3f/0x60 [ 22.416178] __kasan_slab_free+0x56/0x70 [ 22.416392] kfree+0x222/0x3f0 [ 22.416547] ksize_uaf+0x12c/0x6c0 [ 22.416723] kunit_try_run_case+0x1a5/0x480 [ 22.416926] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.417188] kthread+0x337/0x6f0 [ 22.417375] ret_from_fork+0x116/0x1d0 [ 22.417716] ret_from_fork_asm+0x1a/0x30 [ 22.418062] [ 22.418247] The buggy address belongs to the object at ffff8881039c3700 [ 22.418247] which belongs to the cache kmalloc-128 of size 128 [ 22.418746] The buggy address is located 120 bytes inside of [ 22.418746] freed 128-byte region [ffff8881039c3700, ffff8881039c3780) [ 22.419304] [ 22.419491] The buggy address belongs to the physical page: [ 22.419837] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039c3 [ 22.420109] flags: 0x200000000000000(node=0|zone=2) [ 22.420258] page_type: f5(slab) [ 22.420375] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.420828] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.421209] page dumped because: kasan: bad access detected [ 22.421597] [ 22.421764] Memory state around the buggy address: [ 22.422133] ffff8881039c3600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.422440] ffff8881039c3680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.422647] >ffff8881039c3700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.422857] ^ [ 22.423388] ffff8881039c3780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.423773] ffff8881039c3800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.424346] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 22.284171] ================================================================== [ 22.284757] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 22.285456] Read of size 1 at addr ffff88810257ec73 by task kunit_try_catch/223 [ 22.285698] [ 22.285810] CPU: 0 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 22.285856] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.285869] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.285891] Call Trace: [ 22.285903] <TASK> [ 22.285922] dump_stack_lvl+0x73/0xb0 [ 22.285961] print_report+0xd1/0x650 [ 22.285981] ? __virt_addr_valid+0x1db/0x2d0 [ 22.286004] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 22.286024] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.286048] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 22.286069] kasan_report+0x141/0x180 [ 22.286089] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 22.286114] __asan_report_load1_noabort+0x18/0x20 [ 22.286136] ksize_unpoisons_memory+0x81c/0x9b0 [ 22.286157] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 22.286178] ? finish_task_switch.isra.0+0x153/0x700 [ 22.286199] ? __switch_to+0x47/0xf50 [ 22.286223] ? __schedule+0x10cc/0x2b60 [ 22.286268] ? __pfx_read_tsc+0x10/0x10 [ 22.287018] ? ktime_get_ts64+0x86/0x230 [ 22.287050] kunit_try_run_case+0x1a5/0x480 [ 22.287078] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.287099] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.287142] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.287166] ? __kthread_parkme+0x82/0x180 [ 22.287186] ? preempt_count_sub+0x50/0x80 [ 22.287208] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.287230] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.287253] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.287275] kthread+0x337/0x6f0 [ 22.287293] ? trace_preempt_on+0x20/0xc0 [ 22.287316] ? __pfx_kthread+0x10/0x10 [ 22.287334] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.287356] ? calculate_sigpending+0x7b/0xa0 [ 22.287379] ? __pfx_kthread+0x10/0x10 [ 22.287398] ret_from_fork+0x116/0x1d0 [ 22.287416] ? __pfx_kthread+0x10/0x10 [ 22.287434] ret_from_fork_asm+0x1a/0x30 [ 22.287463] </TASK> [ 22.287474] [ 22.300257] Allocated by task 223: [ 22.300397] kasan_save_stack+0x45/0x70 [ 22.300533] kasan_save_track+0x18/0x40 [ 22.300657] kasan_save_alloc_info+0x3b/0x50 [ 22.300794] __kasan_kmalloc+0xb7/0xc0 [ 22.301068] __kmalloc_cache_noprof+0x189/0x420 [ 22.301465] ksize_unpoisons_memory+0xc7/0x9b0 [ 22.301703] kunit_try_run_case+0x1a5/0x480 [ 22.302136] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.302571] kthread+0x337/0x6f0 [ 22.302684] ret_from_fork+0x116/0x1d0 [ 22.302805] ret_from_fork_asm+0x1a/0x30 [ 22.303378] [ 22.303530] The buggy address belongs to the object at ffff88810257ec00 [ 22.303530] which belongs to the cache kmalloc-128 of size 128 [ 22.304757] The buggy address is located 0 bytes to the right of [ 22.304757] allocated 115-byte region [ffff88810257ec00, ffff88810257ec73) [ 22.305680] [ 22.305754] The buggy address belongs to the physical page: [ 22.306009] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10257e [ 22.306716] flags: 0x200000000000000(node=0|zone=2) [ 22.307399] page_type: f5(slab) [ 22.307741] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.308296] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.308523] page dumped because: kasan: bad access detected [ 22.308685] [ 22.308746] Memory state around the buggy address: [ 22.309160] ffff88810257eb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.309823] ffff88810257eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.310494] >ffff88810257ec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.311288] ^ [ 22.311872] ffff88810257ec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.312623] ffff88810257ed00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.313219] ================================================================== [ 22.335001] ================================================================== [ 22.335359] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 22.335603] Read of size 1 at addr ffff88810257ec7f by task kunit_try_catch/223 [ 22.335813] [ 22.336081] CPU: 0 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 22.336128] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.336139] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.336159] Call Trace: [ 22.336172] <TASK> [ 22.336187] dump_stack_lvl+0x73/0xb0 [ 22.336211] print_report+0xd1/0x650 [ 22.336230] ? __virt_addr_valid+0x1db/0x2d0 [ 22.336252] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 22.336272] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.336296] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 22.336317] kasan_report+0x141/0x180 [ 22.336341] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 22.336366] __asan_report_load1_noabort+0x18/0x20 [ 22.336388] ksize_unpoisons_memory+0x7b6/0x9b0 [ 22.336410] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 22.336430] ? finish_task_switch.isra.0+0x153/0x700 [ 22.336450] ? __switch_to+0x47/0xf50 [ 22.336473] ? __schedule+0x10cc/0x2b60 [ 22.336495] ? __pfx_read_tsc+0x10/0x10 [ 22.336515] ? ktime_get_ts64+0x86/0x230 [ 22.336538] kunit_try_run_case+0x1a5/0x480 [ 22.336562] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.336583] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.336602] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.336625] ? __kthread_parkme+0x82/0x180 [ 22.336643] ? preempt_count_sub+0x50/0x80 [ 22.336664] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.336687] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.336708] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.336730] kthread+0x337/0x6f0 [ 22.336760] ? trace_preempt_on+0x20/0xc0 [ 22.336780] ? __pfx_kthread+0x10/0x10 [ 22.336800] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.336888] ? calculate_sigpending+0x7b/0xa0 [ 22.336910] ? __pfx_kthread+0x10/0x10 [ 22.336929] ret_from_fork+0x116/0x1d0 [ 22.336968] ? __pfx_kthread+0x10/0x10 [ 22.336987] ret_from_fork_asm+0x1a/0x30 [ 22.337015] </TASK> [ 22.337025] [ 22.345794] Allocated by task 223: [ 22.346080] kasan_save_stack+0x45/0x70 [ 22.346378] kasan_save_track+0x18/0x40 [ 22.346630] kasan_save_alloc_info+0x3b/0x50 [ 22.346770] __kasan_kmalloc+0xb7/0xc0 [ 22.346890] __kmalloc_cache_noprof+0x189/0x420 [ 22.347044] ksize_unpoisons_memory+0xc7/0x9b0 [ 22.347185] kunit_try_run_case+0x1a5/0x480 [ 22.347324] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.347679] kthread+0x337/0x6f0 [ 22.347839] ret_from_fork+0x116/0x1d0 [ 22.348022] ret_from_fork_asm+0x1a/0x30 [ 22.348203] [ 22.348288] The buggy address belongs to the object at ffff88810257ec00 [ 22.348288] which belongs to the cache kmalloc-128 of size 128 [ 22.349079] The buggy address is located 12 bytes to the right of [ 22.349079] allocated 115-byte region [ffff88810257ec00, ffff88810257ec73) [ 22.349434] [ 22.349498] The buggy address belongs to the physical page: [ 22.349953] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10257e [ 22.350386] flags: 0x200000000000000(node=0|zone=2) [ 22.350571] page_type: f5(slab) [ 22.350683] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.350933] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.351604] page dumped because: kasan: bad access detected [ 22.351924] [ 22.352005] Memory state around the buggy address: [ 22.352204] ffff88810257eb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.352547] ffff88810257eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.352991] >ffff88810257ec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.353375] ^ [ 22.353741] ffff88810257ec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.354222] ffff88810257ed00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.354454] ================================================================== [ 22.313621] ================================================================== [ 22.314286] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 22.315045] Read of size 1 at addr ffff88810257ec78 by task kunit_try_catch/223 [ 22.316082] [ 22.316294] CPU: 0 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 22.316347] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.316360] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.316379] Call Trace: [ 22.316405] <TASK> [ 22.316422] dump_stack_lvl+0x73/0xb0 [ 22.316447] print_report+0xd1/0x650 [ 22.316479] ? __virt_addr_valid+0x1db/0x2d0 [ 22.316500] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 22.316521] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.316545] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 22.316567] kasan_report+0x141/0x180 [ 22.316586] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 22.316612] __asan_report_load1_noabort+0x18/0x20 [ 22.316634] ksize_unpoisons_memory+0x7e9/0x9b0 [ 22.316656] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 22.316677] ? finish_task_switch.isra.0+0x153/0x700 [ 22.316697] ? __switch_to+0x47/0xf50 [ 22.316721] ? __schedule+0x10cc/0x2b60 [ 22.316744] ? __pfx_read_tsc+0x10/0x10 [ 22.316764] ? ktime_get_ts64+0x86/0x230 [ 22.316787] kunit_try_run_case+0x1a5/0x480 [ 22.316821] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.316842] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.316862] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.316885] ? __kthread_parkme+0x82/0x180 [ 22.316903] ? preempt_count_sub+0x50/0x80 [ 22.316924] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.316956] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.316978] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.317000] kthread+0x337/0x6f0 [ 22.317017] ? trace_preempt_on+0x20/0xc0 [ 22.317038] ? __pfx_kthread+0x10/0x10 [ 22.317057] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.317079] ? calculate_sigpending+0x7b/0xa0 [ 22.317100] ? __pfx_kthread+0x10/0x10 [ 22.317120] ret_from_fork+0x116/0x1d0 [ 22.317138] ? __pfx_kthread+0x10/0x10 [ 22.317157] ret_from_fork_asm+0x1a/0x30 [ 22.317185] </TASK> [ 22.317195] [ 22.325678] Allocated by task 223: [ 22.325803] kasan_save_stack+0x45/0x70 [ 22.325935] kasan_save_track+0x18/0x40 [ 22.326209] kasan_save_alloc_info+0x3b/0x50 [ 22.326454] __kasan_kmalloc+0xb7/0xc0 [ 22.326660] __kmalloc_cache_noprof+0x189/0x420 [ 22.327100] ksize_unpoisons_memory+0xc7/0x9b0 [ 22.327418] kunit_try_run_case+0x1a5/0x480 [ 22.327648] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.327981] kthread+0x337/0x6f0 [ 22.328105] ret_from_fork+0x116/0x1d0 [ 22.328411] ret_from_fork_asm+0x1a/0x30 [ 22.328626] [ 22.328716] The buggy address belongs to the object at ffff88810257ec00 [ 22.328716] which belongs to the cache kmalloc-128 of size 128 [ 22.329275] The buggy address is located 5 bytes to the right of [ 22.329275] allocated 115-byte region [ffff88810257ec00, ffff88810257ec73) [ 22.330043] [ 22.330154] The buggy address belongs to the physical page: [ 22.330387] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10257e [ 22.330636] flags: 0x200000000000000(node=0|zone=2) [ 22.330788] page_type: f5(slab) [ 22.330978] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.331303] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.331771] page dumped because: kasan: bad access detected [ 22.331929] [ 22.332000] Memory state around the buggy address: [ 22.332348] ffff88810257eb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.332887] ffff88810257eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.333231] >ffff88810257ec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.333510] ^ [ 22.333879] ffff88810257ec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.334206] ffff88810257ed00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.334489] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-kfree_sensitive
[ 22.255360] ================================================================== [ 22.255864] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 22.256404] Free of addr ffff8881016c54a0 by task kunit_try_catch/221 [ 22.256934] [ 22.257138] CPU: 0 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 22.257251] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.257266] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.257287] Call Trace: [ 22.257302] <TASK> [ 22.257321] dump_stack_lvl+0x73/0xb0 [ 22.257351] print_report+0xd1/0x650 [ 22.257374] ? __virt_addr_valid+0x1db/0x2d0 [ 22.257400] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.257426] ? kfree_sensitive+0x2e/0x90 [ 22.257451] kasan_report_invalid_free+0x10a/0x130 [ 22.257476] ? kfree_sensitive+0x2e/0x90 [ 22.257501] ? kfree_sensitive+0x2e/0x90 [ 22.257525] check_slab_allocation+0x101/0x130 [ 22.257547] __kasan_slab_pre_free+0x28/0x40 [ 22.257568] kfree+0xf0/0x3f0 [ 22.257590] ? kfree_sensitive+0x2e/0x90 [ 22.257615] kfree_sensitive+0x2e/0x90 [ 22.257638] kmalloc_double_kzfree+0x19c/0x350 [ 22.257661] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 22.257685] ? __schedule+0x10cc/0x2b60 [ 22.257710] ? __pfx_read_tsc+0x10/0x10 [ 22.257733] ? ktime_get_ts64+0x86/0x230 [ 22.257758] kunit_try_run_case+0x1a5/0x480 [ 22.257785] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.257854] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.257881] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.257908] ? __kthread_parkme+0x82/0x180 [ 22.257929] ? preempt_count_sub+0x50/0x80 [ 22.257966] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.257991] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.258016] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.258040] kthread+0x337/0x6f0 [ 22.258060] ? trace_preempt_on+0x20/0xc0 [ 22.258084] ? __pfx_kthread+0x10/0x10 [ 22.258105] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.258129] ? calculate_sigpending+0x7b/0xa0 [ 22.258154] ? __pfx_kthread+0x10/0x10 [ 22.258176] ret_from_fork+0x116/0x1d0 [ 22.258196] ? __pfx_kthread+0x10/0x10 [ 22.258217] ret_from_fork_asm+0x1a/0x30 [ 22.258248] </TASK> [ 22.258261] [ 22.269803] Allocated by task 221: [ 22.269973] kasan_save_stack+0x45/0x70 [ 22.270173] kasan_save_track+0x18/0x40 [ 22.270466] kasan_save_alloc_info+0x3b/0x50 [ 22.270654] __kasan_kmalloc+0xb7/0xc0 [ 22.270800] __kmalloc_cache_noprof+0x189/0x420 [ 22.271058] kmalloc_double_kzfree+0xa9/0x350 [ 22.271203] kunit_try_run_case+0x1a5/0x480 [ 22.271364] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.271601] kthread+0x337/0x6f0 [ 22.271790] ret_from_fork+0x116/0x1d0 [ 22.272128] ret_from_fork_asm+0x1a/0x30 [ 22.272282] [ 22.272377] Freed by task 221: [ 22.272508] kasan_save_stack+0x45/0x70 [ 22.272630] kasan_save_track+0x18/0x40 [ 22.272773] kasan_save_free_info+0x3f/0x60 [ 22.273253] __kasan_slab_free+0x56/0x70 [ 22.273430] kfree+0x222/0x3f0 [ 22.273568] kfree_sensitive+0x67/0x90 [ 22.273710] kmalloc_double_kzfree+0x12b/0x350 [ 22.273931] kunit_try_run_case+0x1a5/0x480 [ 22.274148] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.274318] kthread+0x337/0x6f0 [ 22.274426] ret_from_fork+0x116/0x1d0 [ 22.274544] ret_from_fork_asm+0x1a/0x30 [ 22.274674] [ 22.274759] The buggy address belongs to the object at ffff8881016c54a0 [ 22.274759] which belongs to the cache kmalloc-16 of size 16 [ 22.275617] The buggy address is located 0 bytes inside of [ 22.275617] 16-byte region [ffff8881016c54a0, ffff8881016c54b0) [ 22.276150] [ 22.276345] The buggy address belongs to the physical page: [ 22.276571] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1016c5 [ 22.276848] flags: 0x200000000000000(node=0|zone=2) [ 22.277032] page_type: f5(slab) [ 22.277143] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 22.277428] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 22.277845] page dumped because: kasan: bad access detected [ 22.278250] [ 22.278344] Memory state around the buggy address: [ 22.278500] ffff8881016c5380: fa fb fc fc fa fb fc fc fa fb fc fc 00 05 fc fc [ 22.278766] ffff8881016c5400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 22.279365] >ffff8881016c5480: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 22.279629] ^ [ 22.279797] ffff8881016c5500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.280136] ffff8881016c5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.280342] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 22.216459] ================================================================== [ 22.218146] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350 [ 22.219342] Read of size 1 at addr ffff8881016c54a0 by task kunit_try_catch/221 [ 22.220389] [ 22.220491] CPU: 0 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 22.220543] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.220556] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.220577] Call Trace: [ 22.220595] <TASK> [ 22.220616] dump_stack_lvl+0x73/0xb0 [ 22.220650] print_report+0xd1/0x650 [ 22.220675] ? __virt_addr_valid+0x1db/0x2d0 [ 22.220701] ? kmalloc_double_kzfree+0x19c/0x350 [ 22.220725] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.220751] ? kmalloc_double_kzfree+0x19c/0x350 [ 22.220775] kasan_report+0x141/0x180 [ 22.220797] ? kmalloc_double_kzfree+0x19c/0x350 [ 22.221031] ? kmalloc_double_kzfree+0x19c/0x350 [ 22.221059] __kasan_check_byte+0x3d/0x50 [ 22.221085] kfree_sensitive+0x22/0x90 [ 22.221114] kmalloc_double_kzfree+0x19c/0x350 [ 22.221180] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 22.221205] ? __schedule+0x10cc/0x2b60 [ 22.221234] ? __pfx_read_tsc+0x10/0x10 [ 22.221258] ? ktime_get_ts64+0x86/0x230 [ 22.221284] kunit_try_run_case+0x1a5/0x480 [ 22.221314] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.221339] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.221361] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.221386] ? __kthread_parkme+0x82/0x180 [ 22.221408] ? preempt_count_sub+0x50/0x80 [ 22.221432] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.221457] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.221480] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.221504] kthread+0x337/0x6f0 [ 22.221525] ? trace_preempt_on+0x20/0xc0 [ 22.221549] ? __pfx_kthread+0x10/0x10 [ 22.221570] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.221593] ? calculate_sigpending+0x7b/0xa0 [ 22.221618] ? __pfx_kthread+0x10/0x10 [ 22.221640] ret_from_fork+0x116/0x1d0 [ 22.221659] ? __pfx_kthread+0x10/0x10 [ 22.221680] ret_from_fork_asm+0x1a/0x30 [ 22.221712] </TASK> [ 22.221725] [ 22.236346] Allocated by task 221: [ 22.236483] kasan_save_stack+0x45/0x70 [ 22.236839] kasan_save_track+0x18/0x40 [ 22.237184] kasan_save_alloc_info+0x3b/0x50 [ 22.238631] __kasan_kmalloc+0xb7/0xc0 [ 22.238925] __kmalloc_cache_noprof+0x189/0x420 [ 22.239376] kmalloc_double_kzfree+0xa9/0x350 [ 22.239522] kunit_try_run_case+0x1a5/0x480 [ 22.239663] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.239826] kthread+0x337/0x6f0 [ 22.239935] ret_from_fork+0x116/0x1d0 [ 22.240066] ret_from_fork_asm+0x1a/0x30 [ 22.240301] [ 22.240388] Freed by task 221: [ 22.240494] kasan_save_stack+0x45/0x70 [ 22.240623] kasan_save_track+0x18/0x40 [ 22.240747] kasan_save_free_info+0x3f/0x60 [ 22.240883] __kasan_slab_free+0x56/0x70 [ 22.241023] kfree+0x222/0x3f0 [ 22.241131] kfree_sensitive+0x67/0x90 [ 22.241258] kmalloc_double_kzfree+0x12b/0x350 [ 22.241400] kunit_try_run_case+0x1a5/0x480 [ 22.241537] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.241701] kthread+0x337/0x6f0 [ 22.241812] ret_from_fork+0x116/0x1d0 [ 22.242291] ret_from_fork_asm+0x1a/0x30 [ 22.242688] [ 22.242841] The buggy address belongs to the object at ffff8881016c54a0 [ 22.242841] which belongs to the cache kmalloc-16 of size 16 [ 22.244157] The buggy address is located 0 bytes inside of [ 22.244157] freed 16-byte region [ffff8881016c54a0, ffff8881016c54b0) [ 22.245391] [ 22.245571] The buggy address belongs to the physical page: [ 22.246070] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1016c5 [ 22.246994] flags: 0x200000000000000(node=0|zone=2) [ 22.247567] page_type: f5(slab) [ 22.248116] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 22.248822] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 22.249571] page dumped because: kasan: bad access detected [ 22.250126] [ 22.250316] Memory state around the buggy address: [ 22.250807] ffff8881016c5380: fa fb fc fc fa fb fc fc fa fb fc fc 00 05 fc fc [ 22.251476] ffff8881016c5400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 22.252081] >ffff8881016c5480: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 22.252715] ^ [ 22.253001] ffff8881016c5500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.253748] ffff8881016c5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.254210] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 22.178916] ================================================================== [ 22.180319] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x4a8/0x520 [ 22.180770] Read of size 1 at addr ffff888102590028 by task kunit_try_catch/217 [ 22.181366] [ 22.181595] CPU: 0 UID: 0 PID: 217 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 22.181650] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.181663] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.181685] Call Trace: [ 22.181700] <TASK> [ 22.181721] dump_stack_lvl+0x73/0xb0 [ 22.181775] print_report+0xd1/0x650 [ 22.181803] ? __virt_addr_valid+0x1db/0x2d0 [ 22.181827] ? kmalloc_uaf2+0x4a8/0x520 [ 22.181845] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.181869] ? kmalloc_uaf2+0x4a8/0x520 [ 22.181887] kasan_report+0x141/0x180 [ 22.181907] ? kmalloc_uaf2+0x4a8/0x520 [ 22.181929] __asan_report_load1_noabort+0x18/0x20 [ 22.181960] kmalloc_uaf2+0x4a8/0x520 [ 22.181979] ? __pfx_kmalloc_uaf2+0x10/0x10 [ 22.182065] ? finish_task_switch.isra.0+0x153/0x700 [ 22.182094] ? __switch_to+0x47/0xf50 [ 22.182129] ? __schedule+0x10cc/0x2b60 [ 22.182155] ? __pfx_read_tsc+0x10/0x10 [ 22.182176] ? ktime_get_ts64+0x86/0x230 [ 22.182201] kunit_try_run_case+0x1a5/0x480 [ 22.182227] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.182249] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.182269] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.182292] ? __kthread_parkme+0x82/0x180 [ 22.182311] ? preempt_count_sub+0x50/0x80 [ 22.182332] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.182354] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.182376] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.182398] kthread+0x337/0x6f0 [ 22.182416] ? trace_preempt_on+0x20/0xc0 [ 22.182439] ? __pfx_kthread+0x10/0x10 [ 22.182458] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.182480] ? calculate_sigpending+0x7b/0xa0 [ 22.182503] ? __pfx_kthread+0x10/0x10 [ 22.182523] ret_from_fork+0x116/0x1d0 [ 22.182540] ? __pfx_kthread+0x10/0x10 [ 22.182558] ret_from_fork_asm+0x1a/0x30 [ 22.182588] </TASK> [ 22.182600] [ 22.195018] Allocated by task 217: [ 22.195395] kasan_save_stack+0x45/0x70 [ 22.195754] kasan_save_track+0x18/0x40 [ 22.196204] kasan_save_alloc_info+0x3b/0x50 [ 22.196457] __kasan_kmalloc+0xb7/0xc0 [ 22.196577] __kmalloc_cache_noprof+0x189/0x420 [ 22.196720] kmalloc_uaf2+0xc6/0x520 [ 22.196906] kunit_try_run_case+0x1a5/0x480 [ 22.197289] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.197892] kthread+0x337/0x6f0 [ 22.198213] ret_from_fork+0x116/0x1d0 [ 22.198570] ret_from_fork_asm+0x1a/0x30 [ 22.199033] [ 22.199194] Freed by task 217: [ 22.199517] kasan_save_stack+0x45/0x70 [ 22.199711] kasan_save_track+0x18/0x40 [ 22.199905] kasan_save_free_info+0x3f/0x60 [ 22.200306] __kasan_slab_free+0x56/0x70 [ 22.200679] kfree+0x222/0x3f0 [ 22.201040] kmalloc_uaf2+0x14c/0x520 [ 22.201260] kunit_try_run_case+0x1a5/0x480 [ 22.201606] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.201764] kthread+0x337/0x6f0 [ 22.201929] ret_from_fork+0x116/0x1d0 [ 22.202315] ret_from_fork_asm+0x1a/0x30 [ 22.202664] [ 22.202827] The buggy address belongs to the object at ffff888102590000 [ 22.202827] which belongs to the cache kmalloc-64 of size 64 [ 22.203991] The buggy address is located 40 bytes inside of [ 22.203991] freed 64-byte region [ffff888102590000, ffff888102590040) [ 22.204707] [ 22.204864] The buggy address belongs to the physical page: [ 22.205431] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102590 [ 22.205851] flags: 0x200000000000000(node=0|zone=2) [ 22.206378] page_type: f5(slab) [ 22.206647] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 22.207060] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.207661] page dumped because: kasan: bad access detected [ 22.207866] [ 22.208034] Memory state around the buggy address: [ 22.208466] ffff88810258ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.209150] ffff88810258ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.209354] >ffff888102590000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.209547] ^ [ 22.209682] ffff888102590080: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 22.209877] ffff888102590100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.210458] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 22.144667] ================================================================== [ 22.145365] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x1a3/0x360 [ 22.146336] Write of size 33 at addr ffff888103958d80 by task kunit_try_catch/215 [ 22.146841] [ 22.146952] CPU: 1 UID: 0 PID: 215 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 22.147004] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.147016] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.147038] Call Trace: [ 22.147052] <TASK> [ 22.147071] dump_stack_lvl+0x73/0xb0 [ 22.147101] print_report+0xd1/0x650 [ 22.147133] ? __virt_addr_valid+0x1db/0x2d0 [ 22.147156] ? kmalloc_uaf_memset+0x1a3/0x360 [ 22.147176] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.147200] ? kmalloc_uaf_memset+0x1a3/0x360 [ 22.147220] kasan_report+0x141/0x180 [ 22.147239] ? kmalloc_uaf_memset+0x1a3/0x360 [ 22.147302] kasan_check_range+0x10c/0x1c0 [ 22.147324] __asan_memset+0x27/0x50 [ 22.147346] kmalloc_uaf_memset+0x1a3/0x360 [ 22.147571] ? __pfx_kmalloc_uaf_memset+0x10/0x10 [ 22.147593] ? __schedule+0x10cc/0x2b60 [ 22.147618] ? __pfx_read_tsc+0x10/0x10 [ 22.147639] ? ktime_get_ts64+0x86/0x230 [ 22.147664] kunit_try_run_case+0x1a5/0x480 [ 22.147689] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.147711] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.147730] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.147755] ? __kthread_parkme+0x82/0x180 [ 22.147775] ? preempt_count_sub+0x50/0x80 [ 22.147797] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.147819] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.147841] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.147863] kthread+0x337/0x6f0 [ 22.147882] ? trace_preempt_on+0x20/0xc0 [ 22.147904] ? __pfx_kthread+0x10/0x10 [ 22.147923] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.147958] ? calculate_sigpending+0x7b/0xa0 [ 22.147981] ? __pfx_kthread+0x10/0x10 [ 22.148000] ret_from_fork+0x116/0x1d0 [ 22.148019] ? __pfx_kthread+0x10/0x10 [ 22.148037] ret_from_fork_asm+0x1a/0x30 [ 22.148067] </TASK> [ 22.148078] [ 22.161258] Allocated by task 215: [ 22.161645] kasan_save_stack+0x45/0x70 [ 22.161836] kasan_save_track+0x18/0x40 [ 22.161973] kasan_save_alloc_info+0x3b/0x50 [ 22.162115] __kasan_kmalloc+0xb7/0xc0 [ 22.162237] __kmalloc_cache_noprof+0x189/0x420 [ 22.162383] kmalloc_uaf_memset+0xa9/0x360 [ 22.162516] kunit_try_run_case+0x1a5/0x480 [ 22.162657] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.162822] kthread+0x337/0x6f0 [ 22.162934] ret_from_fork+0x116/0x1d0 [ 22.163280] ret_from_fork_asm+0x1a/0x30 [ 22.163621] [ 22.163767] Freed by task 215: [ 22.164038] kasan_save_stack+0x45/0x70 [ 22.164442] kasan_save_track+0x18/0x40 [ 22.164781] kasan_save_free_info+0x3f/0x60 [ 22.165228] __kasan_slab_free+0x56/0x70 [ 22.165672] kfree+0x222/0x3f0 [ 22.165947] kmalloc_uaf_memset+0x12b/0x360 [ 22.166343] kunit_try_run_case+0x1a5/0x480 [ 22.166699] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.167162] kthread+0x337/0x6f0 [ 22.167442] ret_from_fork+0x116/0x1d0 [ 22.167760] ret_from_fork_asm+0x1a/0x30 [ 22.168128] [ 22.168279] The buggy address belongs to the object at ffff888103958d80 [ 22.168279] which belongs to the cache kmalloc-64 of size 64 [ 22.169310] The buggy address is located 0 bytes inside of [ 22.169310] freed 64-byte region [ffff888103958d80, ffff888103958dc0) [ 22.170361] [ 22.170517] The buggy address belongs to the physical page: [ 22.170780] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103958 [ 22.171026] flags: 0x200000000000000(node=0|zone=2) [ 22.171218] page_type: f5(slab) [ 22.171469] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 22.171708] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.171926] page dumped because: kasan: bad access detected [ 22.172097] [ 22.172447] Memory state around the buggy address: [ 22.172660] ffff888103958c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.172926] ffff888103958d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.173184] >ffff888103958d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.173537] ^ [ 22.173695] ffff888103958e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.173914] ffff888103958e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.174257] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 22.107764] ================================================================== [ 22.109139] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x320/0x380 [ 22.109914] Read of size 1 at addr ffff888102797f28 by task kunit_try_catch/213 [ 22.110785] [ 22.111056] CPU: 1 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 22.111115] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.111128] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.111149] Call Trace: [ 22.111169] <TASK> [ 22.111192] dump_stack_lvl+0x73/0xb0 [ 22.111225] print_report+0xd1/0x650 [ 22.111250] ? __virt_addr_valid+0x1db/0x2d0 [ 22.111278] ? kmalloc_uaf+0x320/0x380 [ 22.111299] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.111326] ? kmalloc_uaf+0x320/0x380 [ 22.111348] kasan_report+0x141/0x180 [ 22.111372] ? kmalloc_uaf+0x320/0x380 [ 22.111400] __asan_report_load1_noabort+0x18/0x20 [ 22.111425] kmalloc_uaf+0x320/0x380 [ 22.111446] ? __pfx_kmalloc_uaf+0x10/0x10 [ 22.111468] ? __schedule+0x10cc/0x2b60 [ 22.111495] ? __pfx_read_tsc+0x10/0x10 [ 22.111518] ? ktime_get_ts64+0x86/0x230 [ 22.111548] kunit_try_run_case+0x1a5/0x480 [ 22.111577] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.111600] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.111622] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.111648] ? __kthread_parkme+0x82/0x180 [ 22.111671] ? preempt_count_sub+0x50/0x80 [ 22.111698] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.111725] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.111749] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.111773] kthread+0x337/0x6f0 [ 22.111794] ? trace_preempt_on+0x20/0xc0 [ 22.111819] ? __pfx_kthread+0x10/0x10 [ 22.111844] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.111868] ? calculate_sigpending+0x7b/0xa0 [ 22.111893] ? __pfx_kthread+0x10/0x10 [ 22.111916] ret_from_fork+0x116/0x1d0 [ 22.111936] ? __pfx_kthread+0x10/0x10 [ 22.111969] ret_from_fork_asm+0x1a/0x30 [ 22.112006] </TASK> [ 22.112019] [ 22.124429] Allocated by task 213: [ 22.124638] kasan_save_stack+0x45/0x70 [ 22.124784] kasan_save_track+0x18/0x40 [ 22.125503] kasan_save_alloc_info+0x3b/0x50 [ 22.125911] __kasan_kmalloc+0xb7/0xc0 [ 22.126332] __kmalloc_cache_noprof+0x189/0x420 [ 22.126618] kmalloc_uaf+0xaa/0x380 [ 22.126737] kunit_try_run_case+0x1a5/0x480 [ 22.126968] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.127473] kthread+0x337/0x6f0 [ 22.127772] ret_from_fork+0x116/0x1d0 [ 22.128211] ret_from_fork_asm+0x1a/0x30 [ 22.128587] [ 22.128735] Freed by task 213: [ 22.129019] kasan_save_stack+0x45/0x70 [ 22.129165] kasan_save_track+0x18/0x40 [ 22.129459] kasan_save_free_info+0x3f/0x60 [ 22.129883] __kasan_slab_free+0x56/0x70 [ 22.130268] kfree+0x222/0x3f0 [ 22.130527] kmalloc_uaf+0x12c/0x380 [ 22.130654] kunit_try_run_case+0x1a5/0x480 [ 22.130796] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.131330] kthread+0x337/0x6f0 [ 22.131641] ret_from_fork+0x116/0x1d0 [ 22.132082] ret_from_fork_asm+0x1a/0x30 [ 22.132488] [ 22.132639] The buggy address belongs to the object at ffff888102797f20 [ 22.132639] which belongs to the cache kmalloc-16 of size 16 [ 22.133461] The buggy address is located 8 bytes inside of [ 22.133461] freed 16-byte region [ffff888102797f20, ffff888102797f30) [ 22.134153] [ 22.134309] The buggy address belongs to the physical page: [ 22.134752] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102797 [ 22.135396] flags: 0x200000000000000(node=0|zone=2) [ 22.135947] page_type: f5(slab) [ 22.136202] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 22.136528] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 22.136746] page dumped because: kasan: bad access detected [ 22.136912] [ 22.137069] Memory state around the buggy address: [ 22.137534] ffff888102797e00: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 22.138203] ffff888102797e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 22.138419] >ffff888102797f00: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 22.138621] ^ [ 22.138764] ffff888102797f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.139028] ffff888102798000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.139325] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 22.076556] ================================================================== [ 22.077494] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 22.077730] Read of size 64 at addr ffff888103958d04 by task kunit_try_catch/211 [ 22.078421] [ 22.078611] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 22.078660] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.078672] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.078718] Call Trace: [ 22.078751] <TASK> [ 22.078767] dump_stack_lvl+0x73/0xb0 [ 22.078792] print_report+0xd1/0x650 [ 22.078819] ? __virt_addr_valid+0x1db/0x2d0 [ 22.078841] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 22.078862] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.078886] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 22.078907] kasan_report+0x141/0x180 [ 22.078927] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 22.078961] kasan_check_range+0x10c/0x1c0 [ 22.078982] __asan_memmove+0x27/0x70 [ 22.079004] kmalloc_memmove_invalid_size+0x16f/0x330 [ 22.079026] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 22.079048] ? __schedule+0x10cc/0x2b60 [ 22.079071] ? __pfx_read_tsc+0x10/0x10 [ 22.079091] ? ktime_get_ts64+0x86/0x230 [ 22.079116] kunit_try_run_case+0x1a5/0x480 [ 22.079139] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.079160] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.079179] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.079202] ? __kthread_parkme+0x82/0x180 [ 22.079220] ? preempt_count_sub+0x50/0x80 [ 22.079241] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.079263] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.079285] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.079307] kthread+0x337/0x6f0 [ 22.079324] ? trace_preempt_on+0x20/0xc0 [ 22.079346] ? __pfx_kthread+0x10/0x10 [ 22.079364] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.079386] ? calculate_sigpending+0x7b/0xa0 [ 22.079407] ? __pfx_kthread+0x10/0x10 [ 22.079426] ret_from_fork+0x116/0x1d0 [ 22.079443] ? __pfx_kthread+0x10/0x10 [ 22.079462] ret_from_fork_asm+0x1a/0x30 [ 22.079490] </TASK> [ 22.079500] [ 22.093008] Allocated by task 211: [ 22.093349] kasan_save_stack+0x45/0x70 [ 22.093615] kasan_save_track+0x18/0x40 [ 22.093851] kasan_save_alloc_info+0x3b/0x50 [ 22.094298] __kasan_kmalloc+0xb7/0xc0 [ 22.094683] __kmalloc_cache_noprof+0x189/0x420 [ 22.094998] kmalloc_memmove_invalid_size+0xac/0x330 [ 22.095446] kunit_try_run_case+0x1a5/0x480 [ 22.095600] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.095765] kthread+0x337/0x6f0 [ 22.095907] ret_from_fork+0x116/0x1d0 [ 22.096042] ret_from_fork_asm+0x1a/0x30 [ 22.096399] [ 22.096553] The buggy address belongs to the object at ffff888103958d00 [ 22.096553] which belongs to the cache kmalloc-64 of size 64 [ 22.097745] The buggy address is located 4 bytes inside of [ 22.097745] allocated 64-byte region [ffff888103958d00, ffff888103958d40) [ 22.098330] [ 22.098433] The buggy address belongs to the physical page: [ 22.098632] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103958 [ 22.098868] flags: 0x200000000000000(node=0|zone=2) [ 22.099198] page_type: f5(slab) [ 22.099512] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 22.100218] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.100945] page dumped because: kasan: bad access detected [ 22.101483] [ 22.101629] Memory state around the buggy address: [ 22.101838] ffff888103958c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.102089] ffff888103958c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.102428] >ffff888103958d00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 22.103050] ^ [ 22.103383] ffff888103958d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.103588] ffff888103958e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.103788] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 22.045502] ================================================================== [ 22.045995] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 22.047031] Read of size 18446744073709551614 at addr ffff888103958c84 by task kunit_try_catch/209 [ 22.047641] [ 22.047739] CPU: 1 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 22.047789] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.047802] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.047833] Call Trace: [ 22.047850] <TASK> [ 22.047871] dump_stack_lvl+0x73/0xb0 [ 22.047926] print_report+0xd1/0x650 [ 22.047978] ? __virt_addr_valid+0x1db/0x2d0 [ 22.048008] ? kmalloc_memmove_negative_size+0x171/0x330 [ 22.048044] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.048071] ? kmalloc_memmove_negative_size+0x171/0x330 [ 22.048131] kasan_report+0x141/0x180 [ 22.048157] ? kmalloc_memmove_negative_size+0x171/0x330 [ 22.048208] kasan_check_range+0x10c/0x1c0 [ 22.048237] __asan_memmove+0x27/0x70 [ 22.048263] kmalloc_memmove_negative_size+0x171/0x330 [ 22.048289] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 22.048316] ? __schedule+0x10cc/0x2b60 [ 22.048350] ? __pfx_read_tsc+0x10/0x10 [ 22.048373] ? ktime_get_ts64+0x86/0x230 [ 22.048404] kunit_try_run_case+0x1a5/0x480 [ 22.048433] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.048457] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.048479] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.048506] ? __kthread_parkme+0x82/0x180 [ 22.048529] ? preempt_count_sub+0x50/0x80 [ 22.048558] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.048584] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.048609] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.048633] kthread+0x337/0x6f0 [ 22.048654] ? trace_preempt_on+0x20/0xc0 [ 22.048680] ? __pfx_kthread+0x10/0x10 [ 22.048703] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.048727] ? calculate_sigpending+0x7b/0xa0 [ 22.048753] ? __pfx_kthread+0x10/0x10 [ 22.048777] ret_from_fork+0x116/0x1d0 [ 22.048797] ? __pfx_kthread+0x10/0x10 [ 22.048820] ret_from_fork_asm+0x1a/0x30 [ 22.048864] </TASK> [ 22.048876] [ 22.061697] Allocated by task 209: [ 22.061872] kasan_save_stack+0x45/0x70 [ 22.062254] kasan_save_track+0x18/0x40 [ 22.062654] kasan_save_alloc_info+0x3b/0x50 [ 22.063143] __kasan_kmalloc+0xb7/0xc0 [ 22.063419] __kmalloc_cache_noprof+0x189/0x420 [ 22.063564] kmalloc_memmove_negative_size+0xac/0x330 [ 22.063715] kunit_try_run_case+0x1a5/0x480 [ 22.063981] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.064526] kthread+0x337/0x6f0 [ 22.064836] ret_from_fork+0x116/0x1d0 [ 22.065268] ret_from_fork_asm+0x1a/0x30 [ 22.065636] [ 22.065807] The buggy address belongs to the object at ffff888103958c80 [ 22.065807] which belongs to the cache kmalloc-64 of size 64 [ 22.067038] The buggy address is located 4 bytes inside of [ 22.067038] 64-byte region [ffff888103958c80, ffff888103958cc0) [ 22.067490] [ 22.067560] The buggy address belongs to the physical page: [ 22.067730] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103958 [ 22.068269] flags: 0x200000000000000(node=0|zone=2) [ 22.068793] page_type: f5(slab) [ 22.069206] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 22.069848] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.070743] page dumped because: kasan: bad access detected [ 22.071377] [ 22.071599] Memory state around the buggy address: [ 22.071885] ffff888103958b80: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc [ 22.072377] ffff888103958c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.072595] >ffff888103958c80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 22.072799] ^ [ 22.072917] ffff888103958d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.073263] ffff888103958d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.073565] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 22.011406] ================================================================== [ 22.011899] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 22.012359] Write of size 16 at addr ffff88810257eb69 by task kunit_try_catch/207 [ 22.013045] [ 22.013213] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 22.013260] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.013272] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.013355] Call Trace: [ 22.013382] <TASK> [ 22.013397] dump_stack_lvl+0x73/0xb0 [ 22.013436] print_report+0xd1/0x650 [ 22.013456] ? __virt_addr_valid+0x1db/0x2d0 [ 22.013479] ? kmalloc_oob_memset_16+0x166/0x330 [ 22.013498] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.013522] ? kmalloc_oob_memset_16+0x166/0x330 [ 22.013552] kasan_report+0x141/0x180 [ 22.013571] ? kmalloc_oob_memset_16+0x166/0x330 [ 22.013595] kasan_check_range+0x10c/0x1c0 [ 22.013627] __asan_memset+0x27/0x50 [ 22.013648] kmalloc_oob_memset_16+0x166/0x330 [ 22.013668] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 22.013688] ? __schedule+0x10cc/0x2b60 [ 22.013712] ? __pfx_read_tsc+0x10/0x10 [ 22.013732] ? ktime_get_ts64+0x86/0x230 [ 22.013756] kunit_try_run_case+0x1a5/0x480 [ 22.013781] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.013802] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.013861] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.013885] ? __kthread_parkme+0x82/0x180 [ 22.013904] ? preempt_count_sub+0x50/0x80 [ 22.013924] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.013957] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.013979] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.014001] kthread+0x337/0x6f0 [ 22.014019] ? trace_preempt_on+0x20/0xc0 [ 22.014041] ? __pfx_kthread+0x10/0x10 [ 22.014059] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.014081] ? calculate_sigpending+0x7b/0xa0 [ 22.014102] ? __pfx_kthread+0x10/0x10 [ 22.014123] ret_from_fork+0x116/0x1d0 [ 22.014140] ? __pfx_kthread+0x10/0x10 [ 22.014158] ret_from_fork_asm+0x1a/0x30 [ 22.014187] </TASK> [ 22.014198] [ 22.026375] Allocated by task 207: [ 22.026511] kasan_save_stack+0x45/0x70 [ 22.026649] kasan_save_track+0x18/0x40 [ 22.026774] kasan_save_alloc_info+0x3b/0x50 [ 22.027347] __kasan_kmalloc+0xb7/0xc0 [ 22.027487] __kmalloc_cache_noprof+0x189/0x420 [ 22.027632] kmalloc_oob_memset_16+0xac/0x330 [ 22.027767] kunit_try_run_case+0x1a5/0x480 [ 22.028451] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.029139] kthread+0x337/0x6f0 [ 22.029579] ret_from_fork+0x116/0x1d0 [ 22.030104] ret_from_fork_asm+0x1a/0x30 [ 22.030593] [ 22.030898] The buggy address belongs to the object at ffff88810257eb00 [ 22.030898] which belongs to the cache kmalloc-128 of size 128 [ 22.031737] The buggy address is located 105 bytes inside of [ 22.031737] allocated 120-byte region [ffff88810257eb00, ffff88810257eb78) [ 22.033244] [ 22.033566] The buggy address belongs to the physical page: [ 22.034110] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10257e [ 22.034873] flags: 0x200000000000000(node=0|zone=2) [ 22.035071] page_type: f5(slab) [ 22.035453] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.036523] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.037200] page dumped because: kasan: bad access detected [ 22.037793] [ 22.038167] Memory state around the buggy address: [ 22.038383] ffff88810257ea00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.038593] ffff88810257ea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.038799] >ffff88810257eb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.039411] ^ [ 22.040146] ffff88810257eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.040865] ffff88810257ec00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.041543] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 21.986696] ================================================================== [ 21.987248] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 21.987617] Write of size 8 at addr ffff8881039c3671 by task kunit_try_catch/205 [ 21.987874] [ 21.987994] CPU: 1 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 21.988040] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.988052] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.988073] Call Trace: [ 21.988086] <TASK> [ 21.988101] dump_stack_lvl+0x73/0xb0 [ 21.988126] print_report+0xd1/0x650 [ 21.988153] ? __virt_addr_valid+0x1db/0x2d0 [ 21.988175] ? kmalloc_oob_memset_8+0x166/0x330 [ 21.988194] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.988218] ? kmalloc_oob_memset_8+0x166/0x330 [ 21.988237] kasan_report+0x141/0x180 [ 21.988257] ? kmalloc_oob_memset_8+0x166/0x330 [ 21.988281] kasan_check_range+0x10c/0x1c0 [ 21.988303] __asan_memset+0x27/0x50 [ 21.988324] kmalloc_oob_memset_8+0x166/0x330 [ 21.988349] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 21.988370] ? __schedule+0x10cc/0x2b60 [ 21.988393] ? __pfx_read_tsc+0x10/0x10 [ 21.988412] ? ktime_get_ts64+0x86/0x230 [ 21.988435] kunit_try_run_case+0x1a5/0x480 [ 21.988458] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.988479] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.988500] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.988524] ? __kthread_parkme+0x82/0x180 [ 21.988543] ? preempt_count_sub+0x50/0x80 [ 21.988564] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.988586] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.988607] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.988628] kthread+0x337/0x6f0 [ 21.988646] ? trace_preempt_on+0x20/0xc0 [ 21.988666] ? __pfx_kthread+0x10/0x10 [ 21.988685] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.988706] ? calculate_sigpending+0x7b/0xa0 [ 21.988728] ? __pfx_kthread+0x10/0x10 [ 21.988747] ret_from_fork+0x116/0x1d0 [ 21.988764] ? __pfx_kthread+0x10/0x10 [ 21.988782] ret_from_fork_asm+0x1a/0x30 [ 21.988811] </TASK> [ 21.988821] [ 21.998249] Allocated by task 205: [ 21.998646] kasan_save_stack+0x45/0x70 [ 21.998951] kasan_save_track+0x18/0x40 [ 21.999126] kasan_save_alloc_info+0x3b/0x50 [ 21.999426] __kasan_kmalloc+0xb7/0xc0 [ 22.000014] __kmalloc_cache_noprof+0x189/0x420 [ 22.000248] kmalloc_oob_memset_8+0xac/0x330 [ 22.000533] kunit_try_run_case+0x1a5/0x480 [ 22.000692] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.000930] kthread+0x337/0x6f0 [ 22.001340] ret_from_fork+0x116/0x1d0 [ 22.001590] ret_from_fork_asm+0x1a/0x30 [ 22.001769] [ 22.001901] The buggy address belongs to the object at ffff8881039c3600 [ 22.001901] which belongs to the cache kmalloc-128 of size 128 [ 22.002374] The buggy address is located 113 bytes inside of [ 22.002374] allocated 120-byte region [ffff8881039c3600, ffff8881039c3678) [ 22.002851] [ 22.003121] The buggy address belongs to the physical page: [ 22.003353] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039c3 [ 22.003680] flags: 0x200000000000000(node=0|zone=2) [ 22.003947] page_type: f5(slab) [ 22.004087] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.004383] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.005190] page dumped because: kasan: bad access detected [ 22.005458] [ 22.005531] Memory state around the buggy address: [ 22.005987] ffff8881039c3500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.006405] ffff8881039c3580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.006771] >ffff8881039c3600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.007304] ^ [ 22.007598] ffff8881039c3680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.008325] ffff8881039c3700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.008615] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 21.455409] ================================================================== [ 21.456053] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 21.456341] Read of size 1 at addr ffff888102c00000 by task kunit_try_catch/183 [ 21.456618] [ 21.456740] CPU: 0 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 21.456788] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.456800] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.456836] Call Trace: [ 21.456852] <TASK> [ 21.456870] dump_stack_lvl+0x73/0xb0 [ 21.456899] print_report+0xd1/0x650 [ 21.456921] ? __virt_addr_valid+0x1db/0x2d0 [ 21.456954] ? page_alloc_uaf+0x356/0x3d0 [ 21.456977] ? kasan_addr_to_slab+0x11/0xa0 [ 21.456998] ? page_alloc_uaf+0x356/0x3d0 [ 21.457021] kasan_report+0x141/0x180 [ 21.457042] ? page_alloc_uaf+0x356/0x3d0 [ 21.457069] __asan_report_load1_noabort+0x18/0x20 [ 21.457094] page_alloc_uaf+0x356/0x3d0 [ 21.457132] ? __pfx_page_alloc_uaf+0x10/0x10 [ 21.457155] ? __schedule+0x10cc/0x2b60 [ 21.457181] ? __pfx_read_tsc+0x10/0x10 [ 21.457203] ? ktime_get_ts64+0x86/0x230 [ 21.457231] kunit_try_run_case+0x1a5/0x480 [ 21.457258] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.457282] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.457304] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.457330] ? __kthread_parkme+0x82/0x180 [ 21.457352] ? preempt_count_sub+0x50/0x80 [ 21.457376] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.457401] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.457426] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.457450] kthread+0x337/0x6f0 [ 21.457471] ? trace_preempt_on+0x20/0xc0 [ 21.457495] ? __pfx_kthread+0x10/0x10 [ 21.457516] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.457540] ? calculate_sigpending+0x7b/0xa0 [ 21.457565] ? __pfx_kthread+0x10/0x10 [ 21.457587] ret_from_fork+0x116/0x1d0 [ 21.457607] ? __pfx_kthread+0x10/0x10 [ 21.457628] ret_from_fork_asm+0x1a/0x30 [ 21.457660] </TASK> [ 21.457671] [ 21.464374] The buggy address belongs to the physical page: [ 21.464627] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c00 [ 21.464980] flags: 0x200000000000000(node=0|zone=2) [ 21.465175] page_type: f0(buddy) [ 21.465334] raw: 0200000000000000 ffff88817fffb4f0 ffff88817fffb4f0 0000000000000000 [ 21.465667] raw: 0000000000000000 0000000000000006 00000000f0000000 0000000000000000 [ 21.465984] page dumped because: kasan: bad access detected [ 21.466231] [ 21.466322] Memory state around the buggy address: [ 21.466535] ffff888102bfff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.466738] ffff888102bfff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.467018] >ffff888102c00000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.467316] ^ [ 21.467474] ffff888102c00080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.467749] ffff888102c00100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.467994] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-kfree
[ 21.429215] ================================================================== [ 21.429720] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 21.430122] Free of addr ffff888102918001 by task kunit_try_catch/179 [ 21.430374] [ 21.430484] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 21.430533] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.430545] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.430564] Call Trace: [ 21.430577] <TASK> [ 21.430594] dump_stack_lvl+0x73/0xb0 [ 21.430636] print_report+0xd1/0x650 [ 21.430825] ? __virt_addr_valid+0x1db/0x2d0 [ 21.430856] ? kasan_addr_to_slab+0x11/0xa0 [ 21.430875] ? kfree+0x274/0x3f0 [ 21.430896] kasan_report_invalid_free+0x10a/0x130 [ 21.430918] ? kfree+0x274/0x3f0 [ 21.430950] ? kfree+0x274/0x3f0 [ 21.431068] __kasan_kfree_large+0x86/0xd0 [ 21.431089] free_large_kmalloc+0x52/0x110 [ 21.431110] kfree+0x274/0x3f0 [ 21.431143] kmalloc_large_invalid_free+0x120/0x2b0 [ 21.431165] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 21.431186] ? __schedule+0x10cc/0x2b60 [ 21.431210] ? __pfx_read_tsc+0x10/0x10 [ 21.431232] ? ktime_get_ts64+0x86/0x230 [ 21.431256] kunit_try_run_case+0x1a5/0x480 [ 21.431282] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.431303] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.431322] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.431346] ? __kthread_parkme+0x82/0x180 [ 21.431365] ? preempt_count_sub+0x50/0x80 [ 21.431387] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.431409] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.431431] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.431453] kthread+0x337/0x6f0 [ 21.431473] ? trace_preempt_on+0x20/0xc0 [ 21.431495] ? __pfx_kthread+0x10/0x10 [ 21.431514] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.431535] ? calculate_sigpending+0x7b/0xa0 [ 21.431557] ? __pfx_kthread+0x10/0x10 [ 21.431577] ret_from_fork+0x116/0x1d0 [ 21.431594] ? __pfx_kthread+0x10/0x10 [ 21.431612] ret_from_fork_asm+0x1a/0x30 [ 21.431642] </TASK> [ 21.431652] [ 21.441541] The buggy address belongs to the physical page: [ 21.441922] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102918 [ 21.442375] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.442727] flags: 0x200000000000040(head|node=0|zone=2) [ 21.443191] page_type: f8(unknown) [ 21.443354] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.443802] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.444157] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.444480] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.444796] head: 0200000000000002 ffffea00040a4601 00000000ffffffff 00000000ffffffff [ 21.445112] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.445771] page dumped because: kasan: bad access detected [ 21.446170] [ 21.446267] Memory state around the buggy address: [ 21.446447] ffff888102917f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.447066] ffff888102917f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.447541] >ffff888102918000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.447989] ^ [ 21.448244] ffff888102918080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.448581] ffff888102918100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.448895] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 21.408390] ================================================================== [ 21.409014] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f1/0x340 [ 21.409546] Read of size 1 at addr ffff888102ccc000 by task kunit_try_catch/177 [ 21.410233] [ 21.410359] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 21.410411] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.410575] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.410600] Call Trace: [ 21.410615] <TASK> [ 21.410633] dump_stack_lvl+0x73/0xb0 [ 21.410662] print_report+0xd1/0x650 [ 21.410684] ? __virt_addr_valid+0x1db/0x2d0 [ 21.410707] ? kmalloc_large_uaf+0x2f1/0x340 [ 21.410727] ? kasan_addr_to_slab+0x11/0xa0 [ 21.410746] ? kmalloc_large_uaf+0x2f1/0x340 [ 21.410767] kasan_report+0x141/0x180 [ 21.410789] ? kmalloc_large_uaf+0x2f1/0x340 [ 21.410816] __asan_report_load1_noabort+0x18/0x20 [ 21.410840] kmalloc_large_uaf+0x2f1/0x340 [ 21.410860] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 21.410880] ? __schedule+0x10cc/0x2b60 [ 21.410905] ? __pfx_read_tsc+0x10/0x10 [ 21.410925] ? ktime_get_ts64+0x86/0x230 [ 21.410965] kunit_try_run_case+0x1a5/0x480 [ 21.410990] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.411012] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.411031] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.411055] ? __kthread_parkme+0x82/0x180 [ 21.411075] ? preempt_count_sub+0x50/0x80 [ 21.411098] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.411122] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.411145] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.411166] kthread+0x337/0x6f0 [ 21.411185] ? trace_preempt_on+0x20/0xc0 [ 21.411208] ? __pfx_kthread+0x10/0x10 [ 21.411227] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.411249] ? calculate_sigpending+0x7b/0xa0 [ 21.411272] ? __pfx_kthread+0x10/0x10 [ 21.411293] ret_from_fork+0x116/0x1d0 [ 21.411311] ? __pfx_kthread+0x10/0x10 [ 21.411330] ret_from_fork_asm+0x1a/0x30 [ 21.411365] </TASK> [ 21.411376] [ 21.421050] The buggy address belongs to the physical page: [ 21.421439] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ccc [ 21.421852] flags: 0x200000000000000(node=0|zone=2) [ 21.422344] raw: 0200000000000000 ffffea00040b1008 ffff88815b139fc0 0000000000000000 [ 21.422654] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 21.422992] page dumped because: kasan: bad access detected [ 21.423522] [ 21.423614] Memory state around the buggy address: [ 21.423995] ffff888102ccbf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.424336] ffff888102ccbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.424629] >ffff888102ccc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.425118] ^ [ 21.425315] ffff888102ccc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.425667] ffff888102ccc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.426180] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 21.381411] ================================================================== [ 21.382445] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 21.382686] Write of size 1 at addr ffff888102cce00a by task kunit_try_catch/175 [ 21.382901] [ 21.383006] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 21.383079] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.383111] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.383132] Call Trace: [ 21.383145] <TASK> [ 21.383162] dump_stack_lvl+0x73/0xb0 [ 21.383188] print_report+0xd1/0x650 [ 21.383209] ? __virt_addr_valid+0x1db/0x2d0 [ 21.383232] ? kmalloc_large_oob_right+0x2e9/0x330 [ 21.383253] ? kasan_addr_to_slab+0x11/0xa0 [ 21.383272] ? kmalloc_large_oob_right+0x2e9/0x330 [ 21.383345] kasan_report+0x141/0x180 [ 21.383396] ? kmalloc_large_oob_right+0x2e9/0x330 [ 21.383424] __asan_report_store1_noabort+0x1b/0x30 [ 21.383447] kmalloc_large_oob_right+0x2e9/0x330 [ 21.383468] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 21.383490] ? __schedule+0x10cc/0x2b60 [ 21.383515] ? __pfx_read_tsc+0x10/0x10 [ 21.383535] ? ktime_get_ts64+0x86/0x230 [ 21.383561] kunit_try_run_case+0x1a5/0x480 [ 21.383587] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.383609] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.383628] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.383652] ? __kthread_parkme+0x82/0x180 [ 21.383673] ? preempt_count_sub+0x50/0x80 [ 21.383731] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.383756] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.383779] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.383847] kthread+0x337/0x6f0 [ 21.383866] ? trace_preempt_on+0x20/0xc0 [ 21.383889] ? __pfx_kthread+0x10/0x10 [ 21.383946] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.383969] ? calculate_sigpending+0x7b/0xa0 [ 21.383992] ? __pfx_kthread+0x10/0x10 [ 21.384013] ret_from_fork+0x116/0x1d0 [ 21.384032] ? __pfx_kthread+0x10/0x10 [ 21.384053] ret_from_fork_asm+0x1a/0x30 [ 21.384089] </TASK> [ 21.384100] [ 21.394348] The buggy address belongs to the physical page: [ 21.394766] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ccc [ 21.395364] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.396008] flags: 0x200000000000040(head|node=0|zone=2) [ 21.396277] page_type: f8(unknown) [ 21.396571] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.397116] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.397544] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.398434] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.399473] head: 0200000000000002 ffffea00040b3301 00000000ffffffff 00000000ffffffff [ 21.400412] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.400978] page dumped because: kasan: bad access detected [ 21.401588] [ 21.402024] Memory state around the buggy address: [ 21.402208] ffff888102ccdf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.402420] ffff888102ccdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.402626] >ffff888102cce000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.403133] ^ [ 21.403613] ffff888102cce080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.404418] ffff888102cce100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.405265] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 21.346174] ================================================================== [ 21.346654] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 21.347239] Write of size 1 at addr ffff888103991f00 by task kunit_try_catch/173 [ 21.347479] [ 21.347586] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 21.347633] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.347645] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.347666] Call Trace: [ 21.347678] <TASK> [ 21.347694] dump_stack_lvl+0x73/0xb0 [ 21.347721] print_report+0xd1/0x650 [ 21.347740] ? __virt_addr_valid+0x1db/0x2d0 [ 21.347762] ? kmalloc_big_oob_right+0x316/0x370 [ 21.347781] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.347805] ? kmalloc_big_oob_right+0x316/0x370 [ 21.347898] kasan_report+0x141/0x180 [ 21.347918] ? kmalloc_big_oob_right+0x316/0x370 [ 21.347956] __asan_report_store1_noabort+0x1b/0x30 [ 21.347979] kmalloc_big_oob_right+0x316/0x370 [ 21.347999] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 21.348020] ? __schedule+0x10cc/0x2b60 [ 21.348043] ? __pfx_read_tsc+0x10/0x10 [ 21.348063] ? ktime_get_ts64+0x86/0x230 [ 21.348085] kunit_try_run_case+0x1a5/0x480 [ 21.348110] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.348132] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.348151] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.348174] ? __kthread_parkme+0x82/0x180 [ 21.348193] ? preempt_count_sub+0x50/0x80 [ 21.348215] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.348237] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.348259] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.348282] kthread+0x337/0x6f0 [ 21.348300] ? trace_preempt_on+0x20/0xc0 [ 21.348321] ? __pfx_kthread+0x10/0x10 [ 21.348344] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.348365] ? calculate_sigpending+0x7b/0xa0 [ 21.348386] ? __pfx_kthread+0x10/0x10 [ 21.348406] ret_from_fork+0x116/0x1d0 [ 21.348423] ? __pfx_kthread+0x10/0x10 [ 21.348441] ret_from_fork_asm+0x1a/0x30 [ 21.348470] </TASK> [ 21.348480] [ 21.358646] Allocated by task 173: [ 21.358782] kasan_save_stack+0x45/0x70 [ 21.359470] kasan_save_track+0x18/0x40 [ 21.360016] kasan_save_alloc_info+0x3b/0x50 [ 21.360562] __kasan_kmalloc+0xb7/0xc0 [ 21.361109] __kmalloc_cache_noprof+0x189/0x420 [ 21.361723] kmalloc_big_oob_right+0xa9/0x370 [ 21.362141] kunit_try_run_case+0x1a5/0x480 [ 21.362638] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.363282] kthread+0x337/0x6f0 [ 21.363559] ret_from_fork+0x116/0x1d0 [ 21.363703] ret_from_fork_asm+0x1a/0x30 [ 21.364041] [ 21.364306] The buggy address belongs to the object at ffff888103990000 [ 21.364306] which belongs to the cache kmalloc-8k of size 8192 [ 21.365761] The buggy address is located 0 bytes to the right of [ 21.365761] allocated 7936-byte region [ffff888103990000, ffff888103991f00) [ 21.366977] [ 21.367054] The buggy address belongs to the physical page: [ 21.367717] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103990 [ 21.368756] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.369517] flags: 0x200000000000040(head|node=0|zone=2) [ 21.370213] page_type: f5(slab) [ 21.370599] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 21.371050] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 21.372080] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 21.372647] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 21.373087] head: 0200000000000003 ffffea00040e6401 00000000ffffffff 00000000ffffffff [ 21.373933] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 21.374958] page dumped because: kasan: bad access detected [ 21.375704] [ 21.375949] Memory state around the buggy address: [ 21.376435] ffff888103991e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.376668] ffff888103991e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.376877] >ffff888103991f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.377091] ^ [ 21.377258] ffff888103991f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.377476] ffff888103992000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.378093] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 21.307353] ================================================================== [ 21.307807] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 21.308464] Write of size 1 at addr ffff88810257e778 by task kunit_try_catch/171 [ 21.308743] [ 21.308847] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 21.308893] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.308905] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.308926] Call Trace: [ 21.308950] <TASK> [ 21.308967] dump_stack_lvl+0x73/0xb0 [ 21.308992] print_report+0xd1/0x650 [ 21.309012] ? __virt_addr_valid+0x1db/0x2d0 [ 21.309033] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 21.309056] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.309079] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 21.309102] kasan_report+0x141/0x180 [ 21.309122] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 21.309148] __asan_report_store1_noabort+0x1b/0x30 [ 21.309170] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 21.309192] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 21.309265] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 21.309289] ? trace_hardirqs_on+0x37/0xe0 [ 21.309310] ? __pfx_read_tsc+0x10/0x10 [ 21.309331] ? ktime_get_ts64+0x86/0x230 [ 21.309353] kunit_try_run_case+0x1a5/0x480 [ 21.309378] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.309410] ? queued_spin_lock_slowpath+0x116/0xb40 [ 21.309430] ? __kthread_parkme+0x82/0x180 [ 21.309448] ? preempt_count_sub+0x50/0x80 [ 21.309471] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.309493] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.309515] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.309537] kthread+0x337/0x6f0 [ 21.309555] ? trace_preempt_on+0x20/0xc0 [ 21.309575] ? __pfx_kthread+0x10/0x10 [ 21.309594] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.309617] ? calculate_sigpending+0x7b/0xa0 [ 21.309639] ? __pfx_kthread+0x10/0x10 [ 21.309658] ret_from_fork+0x116/0x1d0 [ 21.309676] ? __pfx_kthread+0x10/0x10 [ 21.309695] ret_from_fork_asm+0x1a/0x30 [ 21.309722] </TASK> [ 21.309733] [ 21.316757] Allocated by task 171: [ 21.316924] kasan_save_stack+0x45/0x70 [ 21.317185] kasan_save_track+0x18/0x40 [ 21.317366] kasan_save_alloc_info+0x3b/0x50 [ 21.317706] __kasan_kmalloc+0xb7/0xc0 [ 21.317827] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 21.318009] kmalloc_track_caller_oob_right+0x99/0x520 [ 21.318500] kunit_try_run_case+0x1a5/0x480 [ 21.318709] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.319049] kthread+0x337/0x6f0 [ 21.319191] ret_from_fork+0x116/0x1d0 [ 21.319313] ret_from_fork_asm+0x1a/0x30 [ 21.319441] [ 21.319503] The buggy address belongs to the object at ffff88810257e700 [ 21.319503] which belongs to the cache kmalloc-128 of size 128 [ 21.320408] The buggy address is located 0 bytes to the right of [ 21.320408] allocated 120-byte region [ffff88810257e700, ffff88810257e778) [ 21.320766] [ 21.320873] The buggy address belongs to the physical page: [ 21.321285] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10257e [ 21.321657] flags: 0x200000000000000(node=0|zone=2) [ 21.322019] page_type: f5(slab) [ 21.322189] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 21.322442] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.322667] page dumped because: kasan: bad access detected [ 21.323082] [ 21.323205] Memory state around the buggy address: [ 21.323431] ffff88810257e600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.323711] ffff88810257e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.324041] >ffff88810257e700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.324320] ^ [ 21.324611] ffff88810257e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.324972] ffff88810257e800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.325253] ================================================================== [ 21.325807] ================================================================== [ 21.326277] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 21.326777] Write of size 1 at addr ffff88810257e878 by task kunit_try_catch/171 [ 21.327108] [ 21.327249] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 21.327294] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.327305] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.327325] Call Trace: [ 21.327337] <TASK> [ 21.327350] dump_stack_lvl+0x73/0xb0 [ 21.327374] print_report+0xd1/0x650 [ 21.327393] ? __virt_addr_valid+0x1db/0x2d0 [ 21.327414] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 21.327436] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.327460] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 21.327482] kasan_report+0x141/0x180 [ 21.327503] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 21.327530] __asan_report_store1_noabort+0x1b/0x30 [ 21.327552] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 21.327574] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 21.327597] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 21.327617] ? trace_hardirqs_on+0x37/0xe0 [ 21.327638] ? __pfx_read_tsc+0x10/0x10 [ 21.327657] ? ktime_get_ts64+0x86/0x230 [ 21.327679] kunit_try_run_case+0x1a5/0x480 [ 21.327702] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.327725] ? queued_spin_lock_slowpath+0x116/0xb40 [ 21.327745] ? __kthread_parkme+0x82/0x180 [ 21.327763] ? preempt_count_sub+0x50/0x80 [ 21.327784] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.327807] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.327828] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.327850] kthread+0x337/0x6f0 [ 21.327868] ? trace_preempt_on+0x20/0xc0 [ 21.327924] ? __pfx_kthread+0x10/0x10 [ 21.327959] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.327981] ? calculate_sigpending+0x7b/0xa0 [ 21.328002] ? __pfx_kthread+0x10/0x10 [ 21.328022] ret_from_fork+0x116/0x1d0 [ 21.328040] ? __pfx_kthread+0x10/0x10 [ 21.328058] ret_from_fork_asm+0x1a/0x30 [ 21.328086] </TASK> [ 21.328096] [ 21.335133] Allocated by task 171: [ 21.335312] kasan_save_stack+0x45/0x70 [ 21.335502] kasan_save_track+0x18/0x40 [ 21.335685] kasan_save_alloc_info+0x3b/0x50 [ 21.336023] __kasan_kmalloc+0xb7/0xc0 [ 21.336224] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 21.336433] kmalloc_track_caller_oob_right+0x19a/0x520 [ 21.336601] kunit_try_run_case+0x1a5/0x480 [ 21.336805] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.337074] kthread+0x337/0x6f0 [ 21.337409] ret_from_fork+0x116/0x1d0 [ 21.337594] ret_from_fork_asm+0x1a/0x30 [ 21.337760] [ 21.337925] The buggy address belongs to the object at ffff88810257e800 [ 21.337925] which belongs to the cache kmalloc-128 of size 128 [ 21.338414] The buggy address is located 0 bytes to the right of [ 21.338414] allocated 120-byte region [ffff88810257e800, ffff88810257e878) [ 21.338953] [ 21.339022] The buggy address belongs to the physical page: [ 21.339411] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10257e [ 21.339709] flags: 0x200000000000000(node=0|zone=2) [ 21.339974] page_type: f5(slab) [ 21.340125] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 21.340388] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.340716] page dumped because: kasan: bad access detected [ 21.340977] [ 21.341060] Memory state around the buggy address: [ 21.341264] ffff88810257e700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.341563] ffff88810257e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.341840] >ffff88810257e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.342110] ^ [ 21.342555] ffff88810257e880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.342878] ffff88810257e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.343158] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 21.277829] ================================================================== [ 21.278381] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0 [ 21.278686] Read of size 1 at addr ffff8881039d5000 by task kunit_try_catch/169 [ 21.278979] [ 21.279197] CPU: 0 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 21.279246] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.279258] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.279278] Call Trace: [ 21.279291] <TASK> [ 21.279309] dump_stack_lvl+0x73/0xb0 [ 21.279337] print_report+0xd1/0x650 [ 21.279358] ? __virt_addr_valid+0x1db/0x2d0 [ 21.279381] ? kmalloc_node_oob_right+0x369/0x3c0 [ 21.279402] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.279426] ? kmalloc_node_oob_right+0x369/0x3c0 [ 21.279447] kasan_report+0x141/0x180 [ 21.279467] ? kmalloc_node_oob_right+0x369/0x3c0 [ 21.279493] __asan_report_load1_noabort+0x18/0x20 [ 21.279515] kmalloc_node_oob_right+0x369/0x3c0 [ 21.279537] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 21.279559] ? __schedule+0x10cc/0x2b60 [ 21.279583] ? __pfx_read_tsc+0x10/0x10 [ 21.279604] ? ktime_get_ts64+0x86/0x230 [ 21.279628] kunit_try_run_case+0x1a5/0x480 [ 21.279653] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.279674] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.279694] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.279717] ? __kthread_parkme+0x82/0x180 [ 21.279736] ? preempt_count_sub+0x50/0x80 [ 21.279758] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.279781] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.279802] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.279824] kthread+0x337/0x6f0 [ 21.279842] ? trace_preempt_on+0x20/0xc0 [ 21.279864] ? __pfx_kthread+0x10/0x10 [ 21.279883] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.279904] ? calculate_sigpending+0x7b/0xa0 [ 21.279927] ? __pfx_kthread+0x10/0x10 [ 21.280005] ret_from_fork+0x116/0x1d0 [ 21.280026] ? __pfx_kthread+0x10/0x10 [ 21.280045] ret_from_fork_asm+0x1a/0x30 [ 21.280075] </TASK> [ 21.280085] [ 21.289042] Allocated by task 169: [ 21.289228] kasan_save_stack+0x45/0x70 [ 21.289688] kasan_save_track+0x18/0x40 [ 21.289913] kasan_save_alloc_info+0x3b/0x50 [ 21.290234] __kasan_kmalloc+0xb7/0xc0 [ 21.290372] __kmalloc_cache_node_noprof+0x188/0x420 [ 21.290602] kmalloc_node_oob_right+0xab/0x3c0 [ 21.290789] kunit_try_run_case+0x1a5/0x480 [ 21.291048] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.291269] kthread+0x337/0x6f0 [ 21.291424] ret_from_fork+0x116/0x1d0 [ 21.291620] ret_from_fork_asm+0x1a/0x30 [ 21.291762] [ 21.291917] The buggy address belongs to the object at ffff8881039d4000 [ 21.291917] which belongs to the cache kmalloc-4k of size 4096 [ 21.292438] The buggy address is located 0 bytes to the right of [ 21.292438] allocated 4096-byte region [ffff8881039d4000, ffff8881039d5000) [ 21.292912] [ 21.293114] The buggy address belongs to the physical page: [ 21.293415] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039d0 [ 21.293910] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.294190] flags: 0x200000000000040(head|node=0|zone=2) [ 21.294573] page_type: f5(slab) [ 21.294704] raw: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 21.295018] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 21.295479] head: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 21.295727] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 21.296113] head: 0200000000000003 ffffea00040e7401 00000000ffffffff 00000000ffffffff [ 21.296521] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 21.296827] page dumped because: kasan: bad access detected [ 21.297133] [ 21.297233] Memory state around the buggy address: [ 21.297424] ffff8881039d4f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.297688] ffff8881039d4f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.298124] >ffff8881039d5000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.298410] ^ [ 21.298571] ffff8881039d5080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.298873] ffff8881039d5100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.299267] ==================================================================