Date
June 26, 2025, 9:10 a.m.
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_12_value
<8>[ 287.847268] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_12_value RESULT=fail>
Failure - kunit - drm_test_check_broadcast_rgb_cea_mode_yuv420_Full
<8>[ 284.703584] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_check_broadcast_rgb_cea_mode_yuv420_Full RESULT=fail>
Failure - kunit - drm_test_check_broadcast_rgb_cea_mode_yuv420_Automatic
<8>[ 284.595650] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_check_broadcast_rgb_cea_mode_yuv420_Automatic RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid_reject_max_clock
<8>[ 288.673914] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid_reject_max_clock RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid_reject_rate
<8>[ 288.550634] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid_reject_rate RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid_reject
<8>[ 288.431212] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid_reject RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_10_value
<8>[ 287.733710] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_10_value RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_8_value
<8>[ 287.609626] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_8_value RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid
<8>[ 288.310751] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_atomic_helper_connector_hdmi_reset
<8>[ 288.193006] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_atomic_helper_connector_hdmi_reset RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_test_check_tmds_char_value
<8>[ 288.079942] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_test_check_tmds_char_value RESULT=fail>
Failure - log-parser-boot - bug-bug-kernel-null-pointer-dereference-address
[ 182.689816] BUG: kernel NULL pointer dereference, address: 0000000000000690 [ 182.656363] BUG: kernel NULL pointer dereference, address: 0000000000000690 [ 182.722107] BUG: kernel NULL pointer dereference, address: 0000000000000690 [ 182.759977] BUG: kernel NULL pointer dereference, address: 0000000000000690
Failure - log-parser-boot - oops-oops-oops-smp-kasan-pti
[ 182.760934] Oops: Oops: 0002 [#52] SMP KASAN PTI [ 182.658507] Oops: Oops: 0002 [#49] SMP KASAN PTI [ 182.724158] Oops: Oops: 0002 [#51] SMP KASAN PTI [ 182.690589] Oops: Oops: 0002 [#50] SMP KASAN PTI
Failure - log-parser-boot - oops-oops-general-protection-fault-probably-for-non-canonical-address-smp-kasan-pti
[ 181.509710] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#7] SMP KASAN PTI [ 182.023810] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#26] SMP KASAN PTI [ 182.294159] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#36] SMP KASAN PTI [ 181.459934] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#5] SMP KASAN PTI [ 182.469089] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#42] SMP KASAN PTI [ 182.495140] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#43] SMP KASAN PTI [ 182.893675] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#57] SMP KASAN PTI [ 181.969165] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#24] SMP KASAN PTI [ 181.484038] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#6] SMP KASAN PTI [ 181.566601] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#9] SMP KASAN PTI [ 181.826335] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#19] SMP KASAN PTI [ 121.910368] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI [ 181.749504] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#16] SMP KASAN PTI [ 181.799906] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#18] SMP KASAN PTI [ 181.425690] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#4] SMP KASAN PTI [ 182.402048] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#40] SMP KASAN PTI [ 182.191487] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#32] SMP KASAN PTI [ 182.347190] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#38] SMP KASAN PTI [ 181.910201] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#22] SMP KASAN PTI [ 182.439076] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#41] SMP KASAN PTI [ 181.933636] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#23] SMP KASAN PTI [ 182.916234] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#58] SMP KASAN PTI [ 182.595366] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#47] SMP KASAN PTI [ 182.052599] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#27] SMP KASAN PTI [ 181.672289] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#13] SMP KASAN PTI [ 181.620492] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#11] SMP KASAN PTI [ 182.824068] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#54] SMP KASAN PTI [ 181.851220] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#20] SMP KASAN PTI [ 181.647458] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#12] SMP KASAN PTI [ 181.394450] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#3] SMP KASAN PTI [ 182.847185] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#55] SMP KASAN PTI [ 181.998666] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#25] SMP KASAN PTI [ 182.243208] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#34] SMP KASAN PTI [ 182.870091] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#56] SMP KASAN PTI [ 182.317660] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#37] SMP KASAN PTI [ 181.773478] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#17] SMP KASAN PTI [ 182.519717] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#44] SMP KASAN PTI [ 182.138632] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#30] SMP KASAN PTI [ 181.725451] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#15] SMP KASAN PTI [ 182.270290] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#35] SMP KASAN PTI [ 182.621479] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#48] SMP KASAN PTI [ 182.799987] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#53] SMP KASAN PTI [ 182.547187] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#45] SMP KASAN PTI [ 181.883740] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#21] SMP KASAN PTI [ 182.371435] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#39] SMP KASAN PTI [ 182.570760] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#46] SMP KASAN PTI [ 182.943483] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#59] SMP KASAN PTI [ 182.167277] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#31] SMP KASAN PTI [ 182.109707] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#29] SMP KASAN PTI [ 181.590907] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#10] SMP KASAN PTI [ 181.695395] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#14] SMP KASAN PTI [ 180.674783] Oops: general protection fault, probably for non-canonical address 0xe0f07c17000000d2: 0000 [#2] SMP KASAN PTI [ 182.079156] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#28] SMP KASAN PTI [ 181.540358] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#8] SMP KASAN PTI [ 182.217994] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#33] SMP KASAN PTI
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 57.875956] ================================================================== [ 57.876369] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0 [ 57.876369] [ 57.876731] Use-after-free read at 0x(____ptrval____) (in kfence-#138): [ 57.877027] test_krealloc+0x6fc/0xbe0 [ 57.877168] kunit_try_run_case+0x1a5/0x480 [ 57.877418] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 57.877675] kthread+0x337/0x6f0 [ 57.877835] ret_from_fork+0x116/0x1d0 [ 57.877982] ret_from_fork_asm+0x1a/0x30 [ 57.878164] [ 57.878320] kfence-#138: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 57.878320] [ 57.878667] allocated by task 366 on cpu 1 at 57.875154s (0.003511s ago): [ 57.878992] test_alloc+0x364/0x10f0 [ 57.879162] test_krealloc+0xad/0xbe0 [ 57.879334] kunit_try_run_case+0x1a5/0x480 [ 57.879476] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 57.879643] kthread+0x337/0x6f0 [ 57.879809] ret_from_fork+0x116/0x1d0 [ 57.879993] ret_from_fork_asm+0x1a/0x30 [ 57.880634] [ 57.880714] freed by task 366 on cpu 1 at 57.875474s (0.005238s ago): [ 57.880936] krealloc_noprof+0x108/0x340 [ 57.881629] test_krealloc+0x226/0xbe0 [ 57.881862] kunit_try_run_case+0x1a5/0x480 [ 57.882071] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 57.882513] kthread+0x337/0x6f0 [ 57.882630] ret_from_fork+0x116/0x1d0 [ 57.882822] ret_from_fork_asm+0x1a/0x30 [ 57.882973] [ 57.883115] CPU: 1 UID: 0 PID: 366 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 57.883563] Tainted: [B]=BAD_PAGE, [N]=TEST [ 57.883714] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 57.884105] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 57.796201] ================================================================== [ 57.796629] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 57.796629] [ 57.797022] Use-after-free read at 0x(____ptrval____) (in kfence-#137): [ 57.797488] test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 57.797667] kunit_try_run_case+0x1a5/0x480 [ 57.797814] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 57.797984] kthread+0x337/0x6f0 [ 57.798120] ret_from_fork+0x116/0x1d0 [ 57.798264] ret_from_fork_asm+0x1a/0x30 [ 57.798601] [ 57.798759] kfence-#137: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 57.798759] [ 57.799457] allocated by task 364 on cpu 0 at 57.771100s (0.028354s ago): [ 57.799698] test_alloc+0x2a6/0x10f0 [ 57.800020] test_memcache_typesafe_by_rcu+0x16f/0x670 [ 57.800267] kunit_try_run_case+0x1a5/0x480 [ 57.800416] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 57.800587] kthread+0x337/0x6f0 [ 57.800701] ret_from_fork+0x116/0x1d0 [ 57.800829] ret_from_fork_asm+0x1a/0x30 [ 57.800963] [ 57.801419] freed by task 364 on cpu 0 at 57.771240s (0.029794s ago): [ 57.801666] test_memcache_typesafe_by_rcu+0x1bf/0x670 [ 57.801891] kunit_try_run_case+0x1a5/0x480 [ 57.802182] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 57.802541] kthread+0x337/0x6f0 [ 57.802724] ret_from_fork+0x116/0x1d0 [ 57.802854] ret_from_fork_asm+0x1a/0x30 [ 57.802989] [ 57.803116] CPU: 0 UID: 0 PID: 364 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 57.804152] Tainted: [B]=BAD_PAGE, [N]=TEST [ 57.804543] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 57.804956] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 33.450484] ================================================================== [ 33.451171] BUG: KFENCE: invalid read in test_invalid_access+0xf0/0x210 [ 33.451171] [ 33.451596] Invalid read at 0x(____ptrval____): [ 33.452278] test_invalid_access+0xf0/0x210 [ 33.452630] kunit_try_run_case+0x1a5/0x480 [ 33.452845] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.453283] kthread+0x337/0x6f0 [ 33.453433] ret_from_fork+0x116/0x1d0 [ 33.453735] ret_from_fork_asm+0x1a/0x30 [ 33.454029] [ 33.454240] CPU: 1 UID: 0 PID: 360 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 33.454732] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.455116] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.455566] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 33.227457] ================================================================== [ 33.228370] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x24f/0x340 [ 33.228370] [ 33.228760] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#133): [ 33.229360] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 33.229586] kunit_try_run_case+0x1a5/0x480 [ 33.229732] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.229983] kthread+0x337/0x6f0 [ 33.230164] ret_from_fork+0x116/0x1d0 [ 33.230370] ret_from_fork_asm+0x1a/0x30 [ 33.230565] [ 33.230643] kfence-#133: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 33.230643] [ 33.231036] allocated by task 354 on cpu 1 at 33.227157s (0.003875s ago): [ 33.231329] test_alloc+0x364/0x10f0 [ 33.231456] test_kmalloc_aligned_oob_write+0xc8/0x340 [ 33.231665] kunit_try_run_case+0x1a5/0x480 [ 33.231866] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.232111] kthread+0x337/0x6f0 [ 33.232235] ret_from_fork+0x116/0x1d0 [ 33.232360] ret_from_fork_asm+0x1a/0x30 [ 33.232726] [ 33.232818] freed by task 354 on cpu 1 at 33.227317s (0.005499s ago): [ 33.233078] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 33.233340] kunit_try_run_case+0x1a5/0x480 [ 33.233515] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.233720] kthread+0x337/0x6f0 [ 33.233885] ret_from_fork+0x116/0x1d0 [ 33.234135] ret_from_fork_asm+0x1a/0x30 [ 33.234332] [ 33.234430] CPU: 1 UID: 0 PID: 354 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 33.234863] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.234997] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.235327] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 21.507498] ================================================================== [ 21.508683] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 21.509450] Read of size 1 at addr ffff888101126c1f by task kunit_try_catch/167 [ 21.509683] [ 21.510151] CPU: 0 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 21.510213] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.510242] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.510266] Call Trace: [ 21.510282] <TASK> [ 21.510304] dump_stack_lvl+0x73/0xb0 [ 21.510339] print_report+0xd1/0x650 [ 21.510361] ? __virt_addr_valid+0x1db/0x2d0 [ 21.510386] ? kmalloc_oob_left+0x361/0x3c0 [ 21.510405] ? kasan_complete_mode_report_info+0x64/0x200 [ 21.510430] ? kmalloc_oob_left+0x361/0x3c0 [ 21.510450] kasan_report+0x141/0x180 [ 21.510471] ? kmalloc_oob_left+0x361/0x3c0 [ 21.510495] __asan_report_load1_noabort+0x18/0x20 [ 21.510517] kmalloc_oob_left+0x361/0x3c0 [ 21.510538] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 21.510559] ? __schedule+0x10cc/0x2b60 [ 21.510585] ? __pfx_read_tsc+0x10/0x10 [ 21.510607] ? ktime_get_ts64+0x86/0x230 [ 21.510633] kunit_try_run_case+0x1a5/0x480 [ 21.510658] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.510680] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.510704] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.510728] ? __kthread_parkme+0x82/0x180 [ 21.510748] ? preempt_count_sub+0x50/0x80 [ 21.510827] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.510854] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.510877] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.510900] kthread+0x337/0x6f0 [ 21.510919] ? trace_preempt_on+0x20/0xc0 [ 21.510943] ? __pfx_kthread+0x10/0x10 [ 21.510962] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.510985] ? calculate_sigpending+0x7b/0xa0 [ 21.511031] ? __pfx_kthread+0x10/0x10 [ 21.511052] ret_from_fork+0x116/0x1d0 [ 21.511071] ? __pfx_kthread+0x10/0x10 [ 21.511090] ret_from_fork_asm+0x1a/0x30 [ 21.511122] </TASK> [ 21.511134] [ 21.524378] Allocated by task 26: [ 21.524845] kasan_save_stack+0x45/0x70 [ 21.525305] kasan_save_track+0x18/0x40 [ 21.525471] kasan_save_alloc_info+0x3b/0x50 [ 21.525966] __kasan_kmalloc+0xb7/0xc0 [ 21.526325] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 21.526789] kstrdup+0x3e/0xa0 [ 21.526997] devtmpfs_work_loop+0x96d/0xf30 [ 21.527412] devtmpfsd+0x3b/0x40 [ 21.527532] kthread+0x337/0x6f0 [ 21.527645] ret_from_fork+0x116/0x1d0 [ 21.527769] ret_from_fork_asm+0x1a/0x30 [ 21.528205] [ 21.528435] Freed by task 26: [ 21.528761] kasan_save_stack+0x45/0x70 [ 21.529230] kasan_save_track+0x18/0x40 [ 21.529659] kasan_save_free_info+0x3f/0x60 [ 21.530114] __kasan_slab_free+0x56/0x70 [ 21.530486] kfree+0x222/0x3f0 [ 21.530846] devtmpfs_work_loop+0xacb/0xf30 [ 21.531320] devtmpfsd+0x3b/0x40 [ 21.531686] kthread+0x337/0x6f0 [ 21.531852] ret_from_fork+0x116/0x1d0 [ 21.532290] ret_from_fork_asm+0x1a/0x30 [ 21.532668] [ 21.532741] The buggy address belongs to the object at ffff888101126c00 [ 21.532741] which belongs to the cache kmalloc-16 of size 16 [ 21.533505] The buggy address is located 15 bytes to the right of [ 21.533505] allocated 16-byte region [ffff888101126c00, ffff888101126c10) [ 21.534487] [ 21.534571] The buggy address belongs to the physical page: [ 21.534746] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101126 [ 21.535682] flags: 0x200000000000000(node=0|zone=2) [ 21.536180] page_type: f5(slab) [ 21.536608] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 21.537299] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 21.537691] page dumped because: kasan: bad access detected [ 21.537969] [ 21.538138] Memory state around the buggy address: [ 21.538553] ffff888101126b00: 00 00 fc fc 00 04 fc fc 00 04 fc fc 00 00 fc fc [ 21.539246] ffff888101126b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.539891] >ffff888101126c00: fa fb fc fc 00 07 fc fc fc fc fc fc fc fc fc fc [ 21.540474] ^ [ 21.540610] ffff888101126c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.540902] ffff888101126d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.541539] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 21.450700] ================================================================== [ 21.451325] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 21.451701] Write of size 1 at addr ffff888102d56478 by task kunit_try_catch/165 [ 21.452297] [ 21.452398] CPU: 1 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 21.452448] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.452460] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.452483] Call Trace: [ 21.452497] <TASK> [ 21.452517] dump_stack_lvl+0x73/0xb0 [ 21.452545] print_report+0xd1/0x650 [ 21.452599] ? __virt_addr_valid+0x1db/0x2d0 [ 21.452623] ? kmalloc_oob_right+0x6bd/0x7f0 [ 21.452643] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.452680] ? kmalloc_oob_right+0x6bd/0x7f0 [ 21.452701] kasan_report+0x141/0x180 [ 21.452721] ? kmalloc_oob_right+0x6bd/0x7f0 [ 21.452745] __asan_report_store1_noabort+0x1b/0x30 [ 21.452768] kmalloc_oob_right+0x6bd/0x7f0 [ 21.452789] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 21.452809] ? __schedule+0x10cc/0x2b60 [ 21.452833] ? __pfx_read_tsc+0x10/0x10 [ 21.452855] ? ktime_get_ts64+0x86/0x230 [ 21.452923] kunit_try_run_case+0x1a5/0x480 [ 21.452949] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.452982] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.453006] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.453030] ? __kthread_parkme+0x82/0x180 [ 21.453050] ? preempt_count_sub+0x50/0x80 [ 21.453073] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.453095] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.453117] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.453140] kthread+0x337/0x6f0 [ 21.453160] ? trace_preempt_on+0x20/0xc0 [ 21.453182] ? __pfx_kthread+0x10/0x10 [ 21.453202] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.453233] ? calculate_sigpending+0x7b/0xa0 [ 21.453256] ? __pfx_kthread+0x10/0x10 [ 21.453276] ret_from_fork+0x116/0x1d0 [ 21.453294] ? __pfx_kthread+0x10/0x10 [ 21.453313] ret_from_fork_asm+0x1a/0x30 [ 21.453344] </TASK> [ 21.453356] [ 21.464626] Allocated by task 165: [ 21.464948] kasan_save_stack+0x45/0x70 [ 21.465446] kasan_save_track+0x18/0x40 [ 21.465756] kasan_save_alloc_info+0x3b/0x50 [ 21.465953] __kasan_kmalloc+0xb7/0xc0 [ 21.466438] __kmalloc_cache_noprof+0x189/0x420 [ 21.466835] kmalloc_oob_right+0xa9/0x7f0 [ 21.467173] kunit_try_run_case+0x1a5/0x480 [ 21.467406] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.467820] kthread+0x337/0x6f0 [ 21.468162] ret_from_fork+0x116/0x1d0 [ 21.468489] ret_from_fork_asm+0x1a/0x30 [ 21.468667] [ 21.468759] The buggy address belongs to the object at ffff888102d56400 [ 21.468759] which belongs to the cache kmalloc-128 of size 128 [ 21.469585] The buggy address is located 5 bytes to the right of [ 21.469585] allocated 115-byte region [ffff888102d56400, ffff888102d56473) [ 21.470476] [ 21.470590] The buggy address belongs to the physical page: [ 21.471083] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d56 [ 21.471480] flags: 0x200000000000000(node=0|zone=2) [ 21.471999] page_type: f5(slab) [ 21.472251] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 21.472678] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.473194] page dumped because: kasan: bad access detected [ 21.473421] [ 21.473512] Memory state around the buggy address: [ 21.473718] ffff888102d56300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.474299] ffff888102d56380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.474672] >ffff888102d56400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 21.475218] ^ [ 21.475691] ffff888102d56480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.476182] ffff888102d56500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.476760] ================================================================== [ 21.477612] ================================================================== [ 21.478354] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 21.478858] Read of size 1 at addr ffff888102d56480 by task kunit_try_catch/165 [ 21.479471] [ 21.479572] CPU: 1 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 21.479625] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.479638] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.479662] Call Trace: [ 21.479684] <TASK> [ 21.479706] dump_stack_lvl+0x73/0xb0 [ 21.479738] print_report+0xd1/0x650 [ 21.479761] ? __virt_addr_valid+0x1db/0x2d0 [ 21.479939] ? kmalloc_oob_right+0x68a/0x7f0 [ 21.479970] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.479996] ? kmalloc_oob_right+0x68a/0x7f0 [ 21.480016] kasan_report+0x141/0x180 [ 21.480037] ? kmalloc_oob_right+0x68a/0x7f0 [ 21.480062] __asan_report_load1_noabort+0x18/0x20 [ 21.480085] kmalloc_oob_right+0x68a/0x7f0 [ 21.480105] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 21.480126] ? __schedule+0x10cc/0x2b60 [ 21.480150] ? __pfx_read_tsc+0x10/0x10 [ 21.480172] ? ktime_get_ts64+0x86/0x230 [ 21.480196] kunit_try_run_case+0x1a5/0x480 [ 21.480233] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.480255] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.480278] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.480302] ? __kthread_parkme+0x82/0x180 [ 21.480322] ? preempt_count_sub+0x50/0x80 [ 21.480344] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.480367] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.480390] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.480413] kthread+0x337/0x6f0 [ 21.480434] ? trace_preempt_on+0x20/0xc0 [ 21.480460] ? __pfx_kthread+0x10/0x10 [ 21.480481] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.480503] ? calculate_sigpending+0x7b/0xa0 [ 21.480527] ? __pfx_kthread+0x10/0x10 [ 21.480547] ret_from_fork+0x116/0x1d0 [ 21.480566] ? __pfx_kthread+0x10/0x10 [ 21.480585] ret_from_fork_asm+0x1a/0x30 [ 21.480615] </TASK> [ 21.480626] [ 21.492628] Allocated by task 165: [ 21.492813] kasan_save_stack+0x45/0x70 [ 21.493393] kasan_save_track+0x18/0x40 [ 21.493702] kasan_save_alloc_info+0x3b/0x50 [ 21.494098] __kasan_kmalloc+0xb7/0xc0 [ 21.494325] __kmalloc_cache_noprof+0x189/0x420 [ 21.494730] kmalloc_oob_right+0xa9/0x7f0 [ 21.495181] kunit_try_run_case+0x1a5/0x480 [ 21.495356] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.495695] kthread+0x337/0x6f0 [ 21.496006] ret_from_fork+0x116/0x1d0 [ 21.496637] ret_from_fork_asm+0x1a/0x30 [ 21.496940] [ 21.497139] The buggy address belongs to the object at ffff888102d56400 [ 21.497139] which belongs to the cache kmalloc-128 of size 128 [ 21.497756] The buggy address is located 13 bytes to the right of [ 21.497756] allocated 115-byte region [ffff888102d56400, ffff888102d56473) [ 21.498564] [ 21.498657] The buggy address belongs to the physical page: [ 21.498949] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d56 [ 21.499563] flags: 0x200000000000000(node=0|zone=2) [ 21.499820] page_type: f5(slab) [ 21.499968] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 21.500488] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.500947] page dumped because: kasan: bad access detected [ 21.501232] [ 21.501339] Memory state around the buggy address: [ 21.501562] ffff888102d56380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.502133] ffff888102d56400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 21.502462] >ffff888102d56480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.502966] ^ [ 21.503150] ffff888102d56500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.503464] ffff888102d56580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.503760] ================================================================== [ 21.421964] ================================================================== [ 21.422630] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 21.423403] Write of size 1 at addr ffff888102d56473 by task kunit_try_catch/165 [ 21.423741] [ 21.424908] CPU: 1 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 21.425305] Tainted: [N]=TEST [ 21.425339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.425577] Call Trace: [ 21.425651] <TASK> [ 21.425826] dump_stack_lvl+0x73/0xb0 [ 21.425920] print_report+0xd1/0x650 [ 21.425948] ? __virt_addr_valid+0x1db/0x2d0 [ 21.425973] ? kmalloc_oob_right+0x6f0/0x7f0 [ 21.425993] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.426037] ? kmalloc_oob_right+0x6f0/0x7f0 [ 21.426058] kasan_report+0x141/0x180 [ 21.426079] ? kmalloc_oob_right+0x6f0/0x7f0 [ 21.426104] __asan_report_store1_noabort+0x1b/0x30 [ 21.426127] kmalloc_oob_right+0x6f0/0x7f0 [ 21.426148] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 21.426169] ? __schedule+0x10cc/0x2b60 [ 21.426194] ? __pfx_read_tsc+0x10/0x10 [ 21.426217] ? ktime_get_ts64+0x86/0x230 [ 21.426255] kunit_try_run_case+0x1a5/0x480 [ 21.426281] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.426303] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.426327] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.426351] ? __kthread_parkme+0x82/0x180 [ 21.426373] ? preempt_count_sub+0x50/0x80 [ 21.426397] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.426420] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.426443] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.426466] kthread+0x337/0x6f0 [ 21.426485] ? trace_preempt_on+0x20/0xc0 [ 21.426509] ? __pfx_kthread+0x10/0x10 [ 21.426529] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.426552] ? calculate_sigpending+0x7b/0xa0 [ 21.426576] ? __pfx_kthread+0x10/0x10 [ 21.426597] ret_from_fork+0x116/0x1d0 [ 21.426615] ? __pfx_kthread+0x10/0x10 [ 21.426635] ret_from_fork_asm+0x1a/0x30 [ 21.426694] </TASK> [ 21.426764] [ 21.436504] Allocated by task 165: [ 21.437159] kasan_save_stack+0x45/0x70 [ 21.437420] kasan_save_track+0x18/0x40 [ 21.437578] kasan_save_alloc_info+0x3b/0x50 [ 21.437960] __kasan_kmalloc+0xb7/0xc0 [ 21.438195] __kmalloc_cache_noprof+0x189/0x420 [ 21.438410] kmalloc_oob_right+0xa9/0x7f0 [ 21.438586] kunit_try_run_case+0x1a5/0x480 [ 21.438771] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.439278] kthread+0x337/0x6f0 [ 21.439433] ret_from_fork+0x116/0x1d0 [ 21.439616] ret_from_fork_asm+0x1a/0x30 [ 21.439862] [ 21.440371] The buggy address belongs to the object at ffff888102d56400 [ 21.440371] which belongs to the cache kmalloc-128 of size 128 [ 21.440960] The buggy address is located 0 bytes to the right of [ 21.440960] allocated 115-byte region [ffff888102d56400, ffff888102d56473) [ 21.441524] [ 21.441693] The buggy address belongs to the physical page: [ 21.442634] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d56 [ 21.443250] flags: 0x200000000000000(node=0|zone=2) [ 21.444048] page_type: f5(slab) [ 21.444917] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 21.445278] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.446082] page dumped because: kasan: bad access detected [ 21.446363] [ 21.446468] Memory state around the buggy address: [ 21.446934] ffff888102d56300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.447366] ffff888102d56380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.447646] >ffff888102d56400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 21.448068] ^ [ 21.448595] ffff888102d56480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.449090] ffff888102d56500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.449410] ==================================================================
Failure - log-parser-boot - exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_vscale
------------[ cut here ]------------ [ 184.505701] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#1: kunit_try_catch/2859 [ 184.506215] Modules linked in: [ 184.506493] CPU: 1 UID: 0 PID: 2859 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 184.506926] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 184.507420] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 184.507854] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 184.508106] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 184.508799] RSP: 0000:ffff88810b807c78 EFLAGS: 00010286 [ 184.510082] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 184.510375] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffffb6c5c5f4 [ 184.510651] RBP: ffff88810b807ca0 R08: 0000000000000000 R09: ffffed102079a540 [ 184.510975] R10: ffff888103cd2a07 R11: 0000000000000000 R12: ffffffffb6c5c5e0 [ 184.511530] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810b807d38 [ 184.511857] FS: 0000000000000000(0000) GS:ffff8881a252e000(0000) knlGS:0000000000000000 [ 184.512176] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 184.512453] CR2: dffffc00000000c5 CR3: 00000000204bc000 CR4: 00000000000006f0 [ 184.512710] DR0: ffffffffb8c98480 DR1: ffffffffb8c98481 DR2: ffffffffb8c98483 [ 184.513071] DR3: ffffffffb8c98485 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 184.513324] Call Trace: [ 184.513456] <TASK> [ 184.513582] drm_test_rect_calc_vscale+0x108/0x270 [ 184.513773] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 184.514991] ? __schedule+0x10cc/0x2b60 [ 184.515209] ? __pfx_read_tsc+0x10/0x10 [ 184.515357] ? ktime_get_ts64+0x86/0x230 [ 184.515552] kunit_try_run_case+0x1a5/0x480 [ 184.515723] ? __pfx_kunit_try_run_case+0x10/0x10 [ 184.515956] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 184.516418] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 184.516627] ? __kthread_parkme+0x82/0x180 [ 184.516805] ? preempt_count_sub+0x50/0x80 [ 184.516962] ? __pfx_kunit_try_run_case+0x10/0x10 [ 184.517289] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 184.517502] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 184.518058] kthread+0x337/0x6f0 [ 184.518204] ? trace_preempt_on+0x20/0xc0 [ 184.518409] ? __pfx_kthread+0x10/0x10 [ 184.518601] ? _raw_spin_unlock_irq+0x47/0x80 [ 184.518799] ? calculate_sigpending+0x7b/0xa0 [ 184.519337] ? __pfx_kthread+0x10/0x10 [ 184.519511] ret_from_fork+0x116/0x1d0 [ 184.519646] ? __pfx_kthread+0x10/0x10 [ 184.519899] ret_from_fork_asm+0x1a/0x30 [ 184.520113] </TASK> [ 184.520248] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 184.480464] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#1: kunit_try_catch/2857 [ 184.481324] Modules linked in: [ 184.481514] CPU: 1 UID: 0 PID: 2857 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 184.481981] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 184.482487] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 184.483200] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 184.483461] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 184.484662] RSP: 0000:ffff88810b7bfc78 EFLAGS: 00010286 [ 184.485200] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 184.485496] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffffb6c5c5bc [ 184.485769] RBP: ffff88810b7bfca0 R08: 0000000000000000 R09: ffffed102079a500 [ 184.486459] R10: ffff888103cd2807 R11: 0000000000000000 R12: ffffffffb6c5c5a8 [ 184.487145] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810b7bfd38 [ 184.487460] FS: 0000000000000000(0000) GS:ffff8881a252e000(0000) knlGS:0000000000000000 [ 184.487748] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 184.488425] CR2: dffffc00000000c5 CR3: 00000000204bc000 CR4: 00000000000006f0 [ 184.489132] DR0: ffffffffb8c98480 DR1: ffffffffb8c98481 DR2: ffffffffb8c98483 [ 184.489422] DR3: ffffffffb8c98485 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 184.489703] Call Trace: [ 184.490317] <TASK> [ 184.490493] drm_test_rect_calc_vscale+0x108/0x270 [ 184.491854] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 184.492133] ? __schedule+0x10cc/0x2b60 [ 184.492301] ? __pfx_read_tsc+0x10/0x10 [ 184.492498] ? ktime_get_ts64+0x86/0x230 [ 184.492651] kunit_try_run_case+0x1a5/0x480 [ 184.492883] ? __pfx_kunit_try_run_case+0x10/0x10 [ 184.493751] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 184.494163] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 184.494398] ? __kthread_parkme+0x82/0x180 [ 184.494593] ? preempt_count_sub+0x50/0x80 [ 184.494781] ? __pfx_kunit_try_run_case+0x10/0x10 [ 184.495384] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 184.495619] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 184.495864] kthread+0x337/0x6f0 [ 184.496142] ? trace_preempt_on+0x20/0xc0 [ 184.496307] ? __pfx_kthread+0x10/0x10 [ 184.496498] ? _raw_spin_unlock_irq+0x47/0x80 [ 184.496670] ? calculate_sigpending+0x7b/0xa0 [ 184.497090] ? __pfx_kthread+0x10/0x10 [ 184.497262] ret_from_fork+0x116/0x1d0 [ 184.497468] ? __pfx_kthread+0x10/0x10 [ 184.497659] ret_from_fork_asm+0x1a/0x30 [ 184.497869] </TASK> [ 184.498133] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_hscale
------------[ cut here ]------------ [ 184.446532] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#1: kunit_try_catch/2847 [ 184.447384] Modules linked in: [ 184.447588] CPU: 1 UID: 0 PID: 2847 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 184.448401] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 184.448647] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 184.449054] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 184.449392] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 1b 0a 22 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 184.450292] RSP: 0000:ffff88810b877c78 EFLAGS: 00010286 [ 184.450619] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 184.450874] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffb6c5c5f8 [ 184.451178] RBP: ffff88810b877ca0 R08: 0000000000000000 R09: ffffed102079a420 [ 184.451600] R10: ffff888103cd2107 R11: 0000000000000000 R12: ffffffffb6c5c5e0 [ 184.451860] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810b877d38 [ 184.452419] FS: 0000000000000000(0000) GS:ffff8881a252e000(0000) knlGS:0000000000000000 [ 184.452737] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 184.453019] CR2: dffffc00000000c5 CR3: 00000000204bc000 CR4: 00000000000006f0 [ 184.453530] DR0: ffffffffb8c98480 DR1: ffffffffb8c98481 DR2: ffffffffb8c98483 [ 184.453818] DR3: ffffffffb8c98485 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 184.454206] Call Trace: [ 184.454341] <TASK> [ 184.454534] drm_test_rect_calc_hscale+0x108/0x270 [ 184.454771] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 184.455114] ? __schedule+0x10cc/0x2b60 [ 184.455302] ? __pfx_read_tsc+0x10/0x10 [ 184.455456] ? ktime_get_ts64+0x86/0x230 [ 184.455650] kunit_try_run_case+0x1a5/0x480 [ 184.455857] ? __pfx_kunit_try_run_case+0x10/0x10 [ 184.456160] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 184.456378] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 184.456563] ? __kthread_parkme+0x82/0x180 [ 184.456704] ? preempt_count_sub+0x50/0x80 [ 184.456901] ? __pfx_kunit_try_run_case+0x10/0x10 [ 184.457130] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 184.457771] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 184.458211] kthread+0x337/0x6f0 [ 184.458365] ? trace_preempt_on+0x20/0xc0 [ 184.458688] ? __pfx_kthread+0x10/0x10 [ 184.458847] ? _raw_spin_unlock_irq+0x47/0x80 [ 184.459280] ? calculate_sigpending+0x7b/0xa0 [ 184.459499] ? __pfx_kthread+0x10/0x10 [ 184.459676] ret_from_fork+0x116/0x1d0 [ 184.459856] ? __pfx_kthread+0x10/0x10 [ 184.460107] ret_from_fork_asm+0x1a/0x30 [ 184.460280] </TASK> [ 184.460401] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 184.423739] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#1: kunit_try_catch/2845 [ 184.424266] Modules linked in: [ 184.424456] CPU: 1 UID: 0 PID: 2845 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 184.424952] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 184.425696] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 184.426592] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 184.426983] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 1b 0a 22 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 184.427864] RSP: 0000:ffff88810b65fc78 EFLAGS: 00010286 [ 184.428098] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 184.428562] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffb6c5c5c0 [ 184.429074] RBP: ffff88810b65fca0 R08: 0000000000000000 R09: ffffed10205efc00 [ 184.429334] R10: ffff888102f7e007 R11: 0000000000000000 R12: ffffffffb6c5c5a8 [ 184.429745] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810b65fd38 [ 184.430314] FS: 0000000000000000(0000) GS:ffff8881a252e000(0000) knlGS:0000000000000000 [ 184.430657] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 184.430900] CR2: dffffc00000000c5 CR3: 00000000204bc000 CR4: 00000000000006f0 [ 184.431206] DR0: ffffffffb8c98480 DR1: ffffffffb8c98481 DR2: ffffffffb8c98483 [ 184.431485] DR3: ffffffffb8c98485 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 184.431768] Call Trace: [ 184.431880] <TASK> [ 184.432018] drm_test_rect_calc_hscale+0x108/0x270 [ 184.432840] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 184.433069] ? __schedule+0x10cc/0x2b60 [ 184.433287] ? __pfx_read_tsc+0x10/0x10 [ 184.433472] ? ktime_get_ts64+0x86/0x230 [ 184.434059] kunit_try_run_case+0x1a5/0x480 [ 184.434391] ? __pfx_kunit_try_run_case+0x10/0x10 [ 184.434698] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 184.435221] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 184.435567] ? __kthread_parkme+0x82/0x180 [ 184.435751] ? preempt_count_sub+0x50/0x80 [ 184.436269] ? __pfx_kunit_try_run_case+0x10/0x10 [ 184.436505] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 184.436969] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 184.437212] kthread+0x337/0x6f0 [ 184.437367] ? trace_preempt_on+0x20/0xc0 [ 184.437556] ? __pfx_kthread+0x10/0x10 [ 184.437738] ? _raw_spin_unlock_irq+0x47/0x80 [ 184.438331] ? calculate_sigpending+0x7b/0xa0 [ 184.438675] ? __pfx_kthread+0x10/0x10 [ 184.439096] ret_from_fork+0x116/0x1d0 [ 184.439269] ? __pfx_kthread+0x10/0x10 [ 184.439463] ret_from_fork_asm+0x1a/0x30 [ 184.439649] </TASK> [ 184.439755] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 32.915406] ================================================================== [ 32.915842] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x27e/0x560 [ 32.915842] [ 32.916306] Out-of-bounds read at 0x(____ptrval____) (105B right of kfence-#130): [ 32.916906] test_kmalloc_aligned_oob_read+0x27e/0x560 [ 32.917142] kunit_try_run_case+0x1a5/0x480 [ 32.917320] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.917574] kthread+0x337/0x6f0 [ 32.917750] ret_from_fork+0x116/0x1d0 [ 32.917913] ret_from_fork_asm+0x1a/0x30 [ 32.918068] [ 32.918167] kfence-#130: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 32.918167] [ 32.918509] allocated by task 352 on cpu 0 at 32.915153s (0.003353s ago): [ 32.918855] test_alloc+0x364/0x10f0 [ 32.919069] test_kmalloc_aligned_oob_read+0x105/0x560 [ 32.919269] kunit_try_run_case+0x1a5/0x480 [ 32.919480] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.919706] kthread+0x337/0x6f0 [ 32.919862] ret_from_fork+0x116/0x1d0 [ 32.920020] ret_from_fork_asm+0x1a/0x30 [ 32.920196] [ 32.920336] CPU: 0 UID: 0 PID: 352 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 32.920767] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.920972] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.921371] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-test_corruption
[ 28.547336] ================================================================== [ 28.547719] BUG: KFENCE: memory corruption in test_corruption+0x131/0x3e0 [ 28.547719] [ 28.548034] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#88): [ 28.548745] test_corruption+0x131/0x3e0 [ 28.548883] kunit_try_run_case+0x1a5/0x480 [ 28.549132] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.549397] kthread+0x337/0x6f0 [ 28.549584] ret_from_fork+0x116/0x1d0 [ 28.549752] ret_from_fork_asm+0x1a/0x30 [ 28.549980] [ 28.550131] kfence-#88: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 28.550131] [ 28.550515] allocated by task 342 on cpu 1 at 28.547174s (0.003338s ago): [ 28.550729] test_alloc+0x2a6/0x10f0 [ 28.550913] test_corruption+0xe6/0x3e0 [ 28.551189] kunit_try_run_case+0x1a5/0x480 [ 28.551406] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.551656] kthread+0x337/0x6f0 [ 28.551793] ret_from_fork+0x116/0x1d0 [ 28.551992] ret_from_fork_asm+0x1a/0x30 [ 28.552157] [ 28.552262] freed by task 342 on cpu 1 at 28.547252s (0.005007s ago): [ 28.552526] test_corruption+0x131/0x3e0 [ 28.552723] kunit_try_run_case+0x1a5/0x480 [ 28.552921] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.553303] kthread+0x337/0x6f0 [ 28.553473] ret_from_fork+0x116/0x1d0 [ 28.553626] ret_from_fork_asm+0x1a/0x30 [ 28.553843] [ 28.553944] CPU: 1 UID: 0 PID: 342 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 28.554482] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.554695] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.555051] ================================================================== [ 28.339349] ================================================================== [ 28.339847] BUG: KFENCE: memory corruption in test_corruption+0x2d2/0x3e0 [ 28.339847] [ 28.340323] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#86): [ 28.340907] test_corruption+0x2d2/0x3e0 [ 28.341666] kunit_try_run_case+0x1a5/0x480 [ 28.341879] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.342393] kthread+0x337/0x6f0 [ 28.342656] ret_from_fork+0x116/0x1d0 [ 28.342949] ret_from_fork_asm+0x1a/0x30 [ 28.343281] [ 28.343363] kfence-#86: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 28.343363] [ 28.343917] allocated by task 340 on cpu 0 at 28.339145s (0.004769s ago): [ 28.344458] test_alloc+0x364/0x10f0 [ 28.344726] test_corruption+0xe6/0x3e0 [ 28.344946] kunit_try_run_case+0x1a5/0x480 [ 28.345283] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.345545] kthread+0x337/0x6f0 [ 28.345827] ret_from_fork+0x116/0x1d0 [ 28.346181] ret_from_fork_asm+0x1a/0x30 [ 28.346414] [ 28.346490] freed by task 340 on cpu 0 at 28.339260s (0.007228s ago): [ 28.346995] test_corruption+0x2d2/0x3e0 [ 28.347369] kunit_try_run_case+0x1a5/0x480 [ 28.347552] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.347887] kthread+0x337/0x6f0 [ 28.348146] ret_from_fork+0x116/0x1d0 [ 28.348331] ret_from_fork_asm+0x1a/0x30 [ 28.348493] [ 28.348757] CPU: 0 UID: 0 PID: 340 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 28.349439] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.349658] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.350200] ================================================================== [ 28.651363] ================================================================== [ 28.651737] BUG: KFENCE: memory corruption in test_corruption+0x216/0x3e0 [ 28.651737] [ 28.652018] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#89): [ 28.652498] test_corruption+0x216/0x3e0 [ 28.652703] kunit_try_run_case+0x1a5/0x480 [ 28.652866] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.653072] kthread+0x337/0x6f0 [ 28.653253] ret_from_fork+0x116/0x1d0 [ 28.653629] ret_from_fork_asm+0x1a/0x30 [ 28.653788] [ 28.653879] kfence-#89: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 28.653879] [ 28.654234] allocated by task 342 on cpu 1 at 28.651206s (0.003025s ago): [ 28.654576] test_alloc+0x2a6/0x10f0 [ 28.654740] test_corruption+0x1cb/0x3e0 [ 28.654945] kunit_try_run_case+0x1a5/0x480 [ 28.655116] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.655390] kthread+0x337/0x6f0 [ 28.655558] ret_from_fork+0x116/0x1d0 [ 28.655764] ret_from_fork_asm+0x1a/0x30 [ 28.655931] [ 28.655999] freed by task 342 on cpu 1 at 28.651281s (0.004716s ago): [ 28.656448] test_corruption+0x216/0x3e0 [ 28.656638] kunit_try_run_case+0x1a5/0x480 [ 28.656910] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.657487] kthread+0x337/0x6f0 [ 28.657658] ret_from_fork+0x116/0x1d0 [ 28.657844] ret_from_fork_asm+0x1a/0x30 [ 28.657986] [ 28.658185] CPU: 1 UID: 0 PID: 342 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 28.658644] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.658784] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.659208] ================================================================== [ 28.443437] ================================================================== [ 28.443875] BUG: KFENCE: memory corruption in test_corruption+0x2df/0x3e0 [ 28.443875] [ 28.444185] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#87): [ 28.444659] test_corruption+0x2df/0x3e0 [ 28.444806] kunit_try_run_case+0x1a5/0x480 [ 28.445034] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.445458] kthread+0x337/0x6f0 [ 28.445602] ret_from_fork+0x116/0x1d0 [ 28.445803] ret_from_fork_asm+0x1a/0x30 [ 28.445987] [ 28.446145] kfence-#87: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 28.446145] [ 28.446550] allocated by task 340 on cpu 0 at 28.443146s (0.003401s ago): [ 28.446865] test_alloc+0x364/0x10f0 [ 28.447036] test_corruption+0x1cb/0x3e0 [ 28.447235] kunit_try_run_case+0x1a5/0x480 [ 28.447378] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.447563] kthread+0x337/0x6f0 [ 28.447729] ret_from_fork+0x116/0x1d0 [ 28.447935] ret_from_fork_asm+0x1a/0x30 [ 28.448305] [ 28.448418] freed by task 340 on cpu 0 at 28.443266s (0.005149s ago): [ 28.448666] test_corruption+0x2df/0x3e0 [ 28.448884] kunit_try_run_case+0x1a5/0x480 [ 28.449111] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.449300] kthread+0x337/0x6f0 [ 28.449414] ret_from_fork+0x116/0x1d0 [ 28.449543] ret_from_fork_asm+0x1a/0x30 [ 28.449738] [ 28.449855] CPU: 0 UID: 0 PID: 340 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 28.450619] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.450757] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.451020] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 28.027408] ================================================================== [ 28.027818] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1e1/0x260 [ 28.027818] [ 28.028171] Invalid free of 0x(____ptrval____) (in kfence-#83): [ 28.028569] test_invalid_addr_free+0x1e1/0x260 [ 28.028786] kunit_try_run_case+0x1a5/0x480 [ 28.028954] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.029332] kthread+0x337/0x6f0 [ 28.029464] ret_from_fork+0x116/0x1d0 [ 28.029595] ret_from_fork_asm+0x1a/0x30 [ 28.029731] [ 28.029799] kfence-#83: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 28.029799] [ 28.030566] allocated by task 336 on cpu 0 at 28.027248s (0.003304s ago): [ 28.030859] test_alloc+0x364/0x10f0 [ 28.030987] test_invalid_addr_free+0xdb/0x260 [ 28.031134] kunit_try_run_case+0x1a5/0x480 [ 28.031285] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.031451] kthread+0x337/0x6f0 [ 28.031562] ret_from_fork+0x116/0x1d0 [ 28.031685] ret_from_fork_asm+0x1a/0x30 [ 28.031814] [ 28.031905] CPU: 0 UID: 0 PID: 336 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 28.032249] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.032404] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.032710] ================================================================== [ 28.131326] ================================================================== [ 28.131717] BUG: KFENCE: invalid free in test_invalid_addr_free+0xfb/0x260 [ 28.131717] [ 28.132268] Invalid free of 0x(____ptrval____) (in kfence-#84): [ 28.132479] test_invalid_addr_free+0xfb/0x260 [ 28.132714] kunit_try_run_case+0x1a5/0x480 [ 28.132909] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.133135] kthread+0x337/0x6f0 [ 28.133269] ret_from_fork+0x116/0x1d0 [ 28.133401] ret_from_fork_asm+0x1a/0x30 [ 28.133600] [ 28.133694] kfence-#84: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 28.133694] [ 28.134089] allocated by task 338 on cpu 1 at 28.131176s (0.002911s ago): [ 28.134450] test_alloc+0x2a6/0x10f0 [ 28.134613] test_invalid_addr_free+0xdb/0x260 [ 28.134758] kunit_try_run_case+0x1a5/0x480 [ 28.134930] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.135359] kthread+0x337/0x6f0 [ 28.135527] ret_from_fork+0x116/0x1d0 [ 28.135693] ret_from_fork_asm+0x1a/0x30 [ 28.135862] [ 28.135982] CPU: 1 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 28.136456] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.136638] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.136971] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-free-in-test_double_free
[ 27.923429] ================================================================== [ 27.923870] BUG: KFENCE: invalid free in test_double_free+0x112/0x260 [ 27.923870] [ 27.924155] Invalid free of 0x(____ptrval____) (in kfence-#82): [ 27.924464] test_double_free+0x112/0x260 [ 27.924661] kunit_try_run_case+0x1a5/0x480 [ 27.924856] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.925716] kthread+0x337/0x6f0 [ 27.925892] ret_from_fork+0x116/0x1d0 [ 27.926131] ret_from_fork_asm+0x1a/0x30 [ 27.926414] [ 27.926507] kfence-#82: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 27.926507] [ 27.926868] allocated by task 334 on cpu 0 at 27.923245s (0.003620s ago): [ 27.927502] test_alloc+0x2a6/0x10f0 [ 27.927767] test_double_free+0xdb/0x260 [ 27.927925] kunit_try_run_case+0x1a5/0x480 [ 27.928321] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.928556] kthread+0x337/0x6f0 [ 27.928828] ret_from_fork+0x116/0x1d0 [ 27.929012] ret_from_fork_asm+0x1a/0x30 [ 27.929364] [ 27.929461] freed by task 334 on cpu 0 at 27.923307s (0.006151s ago): [ 27.929879] test_double_free+0xfa/0x260 [ 27.930103] kunit_try_run_case+0x1a5/0x480 [ 27.930299] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.930535] kthread+0x337/0x6f0 [ 27.930692] ret_from_fork+0x116/0x1d0 [ 27.930855] ret_from_fork_asm+0x1a/0x30 [ 27.931048] [ 27.931492] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 27.932035] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.932267] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.932764] ================================================================== [ 27.819415] ================================================================== [ 27.819890] BUG: KFENCE: invalid free in test_double_free+0x1d3/0x260 [ 27.819890] [ 27.820198] Invalid free of 0x(____ptrval____) (in kfence-#81): [ 27.820508] test_double_free+0x1d3/0x260 [ 27.820710] kunit_try_run_case+0x1a5/0x480 [ 27.820894] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.821158] kthread+0x337/0x6f0 [ 27.821296] ret_from_fork+0x116/0x1d0 [ 27.821429] ret_from_fork_asm+0x1a/0x30 [ 27.821628] [ 27.821720] kfence-#81: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 27.821720] [ 27.822166] allocated by task 332 on cpu 1 at 27.819160s (0.003004s ago): [ 27.822438] test_alloc+0x364/0x10f0 [ 27.822621] test_double_free+0xdb/0x260 [ 27.822808] kunit_try_run_case+0x1a5/0x480 [ 27.822985] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.823206] kthread+0x337/0x6f0 [ 27.823468] ret_from_fork+0x116/0x1d0 [ 27.823673] ret_from_fork_asm+0x1a/0x30 [ 27.823825] [ 27.823893] freed by task 332 on cpu 1 at 27.819253s (0.004637s ago): [ 27.824099] test_double_free+0x1e0/0x260 [ 27.824273] kunit_try_run_case+0x1a5/0x480 [ 27.824480] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.824852] kthread+0x337/0x6f0 [ 27.825013] ret_from_fork+0x116/0x1d0 [ 27.825274] ret_from_fork_asm+0x1a/0x30 [ 27.825408] [ 27.825501] CPU: 1 UID: 0 PID: 332 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 27.825970] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.826378] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.826709] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 27.403442] ================================================================== [ 27.403922] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 27.403922] [ 27.404497] Use-after-free read at 0x(____ptrval____) (in kfence-#77): [ 27.404704] test_use_after_free_read+0x129/0x270 [ 27.404940] kunit_try_run_case+0x1a5/0x480 [ 27.405258] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.405503] kthread+0x337/0x6f0 [ 27.405712] ret_from_fork+0x116/0x1d0 [ 27.405900] ret_from_fork_asm+0x1a/0x30 [ 27.406192] [ 27.406294] kfence-#77: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 27.406294] [ 27.406679] allocated by task 324 on cpu 1 at 27.403151s (0.003525s ago): [ 27.406906] test_alloc+0x364/0x10f0 [ 27.407108] test_use_after_free_read+0xdc/0x270 [ 27.407356] kunit_try_run_case+0x1a5/0x480 [ 27.407674] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.407855] kthread+0x337/0x6f0 [ 27.408021] ret_from_fork+0x116/0x1d0 [ 27.408869] ret_from_fork_asm+0x1a/0x30 [ 27.409087] [ 27.409158] freed by task 324 on cpu 1 at 27.403239s (0.005916s ago): [ 27.409597] test_use_after_free_read+0x1e7/0x270 [ 27.409884] kunit_try_run_case+0x1a5/0x480 [ 27.410046] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.410309] kthread+0x337/0x6f0 [ 27.410441] ret_from_fork+0x116/0x1d0 [ 27.410611] ret_from_fork_asm+0x1a/0x30 [ 27.410788] [ 27.410916] CPU: 1 UID: 0 PID: 324 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 27.411751] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.412008] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.412468] ================================================================== [ 27.507387] ================================================================== [ 27.507834] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 27.507834] [ 27.508299] Use-after-free read at 0x(____ptrval____) (in kfence-#78): [ 27.508607] test_use_after_free_read+0x129/0x270 [ 27.508802] kunit_try_run_case+0x1a5/0x480 [ 27.508946] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.509177] kthread+0x337/0x6f0 [ 27.509448] ret_from_fork+0x116/0x1d0 [ 27.509683] ret_from_fork_asm+0x1a/0x30 [ 27.509871] [ 27.509988] kfence-#78: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 27.509988] [ 27.510397] allocated by task 326 on cpu 0 at 27.507237s (0.003157s ago): [ 27.510626] test_alloc+0x2a6/0x10f0 [ 27.510758] test_use_after_free_read+0xdc/0x270 [ 27.510974] kunit_try_run_case+0x1a5/0x480 [ 27.511186] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.511641] kthread+0x337/0x6f0 [ 27.511943] ret_from_fork+0x116/0x1d0 [ 27.512524] ret_from_fork_asm+0x1a/0x30 [ 27.513064] [ 27.513158] freed by task 326 on cpu 0 at 27.507300s (0.005855s ago): [ 27.513487] test_use_after_free_read+0xfb/0x270 [ 27.513712] kunit_try_run_case+0x1a5/0x480 [ 27.513855] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.514131] kthread+0x337/0x6f0 [ 27.514337] ret_from_fork+0x116/0x1d0 [ 27.514598] ret_from_fork_asm+0x1a/0x30 [ 27.514731] [ 27.514887] CPU: 0 UID: 0 PID: 326 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 27.515799] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.515978] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.516541] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 26.987273] ================================================================== [ 26.987681] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 26.987681] [ 26.988202] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#73): [ 26.988561] test_out_of_bounds_write+0x10d/0x260 [ 26.988733] kunit_try_run_case+0x1a5/0x480 [ 26.988940] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.989325] kthread+0x337/0x6f0 [ 26.989485] ret_from_fork+0x116/0x1d0 [ 26.989627] ret_from_fork_asm+0x1a/0x30 [ 26.989804] [ 26.989874] kfence-#73: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 26.989874] [ 26.990338] allocated by task 320 on cpu 1 at 26.987126s (0.003209s ago): [ 26.990698] test_alloc+0x364/0x10f0 [ 26.990880] test_out_of_bounds_write+0xd4/0x260 [ 26.991105] kunit_try_run_case+0x1a5/0x480 [ 26.991288] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.991494] kthread+0x337/0x6f0 [ 26.991653] ret_from_fork+0x116/0x1d0 [ 26.991801] ret_from_fork_asm+0x1a/0x30 [ 26.991979] [ 26.992090] CPU: 1 UID: 0 PID: 320 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 26.992524] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.992660] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.992945] ================================================================== [ 27.299238] ================================================================== [ 27.299659] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 27.299659] [ 27.300177] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#76): [ 27.300580] test_out_of_bounds_write+0x10d/0x260 [ 27.300767] kunit_try_run_case+0x1a5/0x480 [ 27.300912] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.301262] kthread+0x337/0x6f0 [ 27.301460] ret_from_fork+0x116/0x1d0 [ 27.301669] ret_from_fork_asm+0x1a/0x30 [ 27.301874] [ 27.301992] kfence-#76: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 27.301992] [ 27.302362] allocated by task 322 on cpu 0 at 27.299154s (0.003205s ago): [ 27.302708] test_alloc+0x2a6/0x10f0 [ 27.302919] test_out_of_bounds_write+0xd4/0x260 [ 27.303137] kunit_try_run_case+0x1a5/0x480 [ 27.303327] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.303493] kthread+0x337/0x6f0 [ 27.303804] ret_from_fork+0x116/0x1d0 [ 27.303995] ret_from_fork_asm+0x1a/0x30 [ 27.304212] [ 27.304339] CPU: 0 UID: 0 PID: 322 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 27.304782] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.304979] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.305409] ==================================================================
Failure - kunit - drm_test_connector_helper_tv_get_modes_check_None
<8>[ 292.460094] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_connector_helper_tv_get_modes_check_None RESULT=fail>
Failure - kunit - drm_modes_analog_tv_drm_modes_analog_tv
<8>[ 290.634649] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_modes_analog_tv_drm_modes_analog_tv RESULT=fail>
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 26.779254] ================================================================== [ 26.779688] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 26.779688] [ 26.780185] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#71): [ 26.780526] test_out_of_bounds_read+0x126/0x4e0 [ 26.780748] kunit_try_run_case+0x1a5/0x480 [ 26.780914] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.781087] kthread+0x337/0x6f0 [ 26.781343] ret_from_fork+0x116/0x1d0 [ 26.781536] ret_from_fork_asm+0x1a/0x30 [ 26.781733] [ 26.781829] kfence-#71: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 26.781829] [ 26.782147] allocated by task 318 on cpu 0 at 26.779167s (0.002977s ago): [ 26.782517] test_alloc+0x2a6/0x10f0 [ 26.782685] test_out_of_bounds_read+0xed/0x4e0 [ 26.782864] kunit_try_run_case+0x1a5/0x480 [ 26.783007] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.783231] kthread+0x337/0x6f0 [ 26.783400] ret_from_fork+0x116/0x1d0 [ 26.783585] ret_from_fork_asm+0x1a/0x30 [ 26.783780] [ 26.783900] CPU: 0 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 26.784392] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.784680] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.785056] ================================================================== [ 26.883277] ================================================================== [ 26.883669] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 26.883669] [ 26.884114] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#72): [ 26.884443] test_out_of_bounds_read+0x216/0x4e0 [ 26.884661] kunit_try_run_case+0x1a5/0x480 [ 26.884834] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.885008] kthread+0x337/0x6f0 [ 26.885181] ret_from_fork+0x116/0x1d0 [ 26.885379] ret_from_fork_asm+0x1a/0x30 [ 26.885581] [ 26.885680] kfence-#72: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 26.885680] [ 26.885964] allocated by task 318 on cpu 0 at 26.883202s (0.002759s ago): [ 26.886286] test_alloc+0x2a6/0x10f0 [ 26.886540] test_out_of_bounds_read+0x1e2/0x4e0 [ 26.886739] kunit_try_run_case+0x1a5/0x480 [ 26.886882] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.887074] kthread+0x337/0x6f0 [ 26.887255] ret_from_fork+0x116/0x1d0 [ 26.887444] ret_from_fork_asm+0x1a/0x30 [ 26.887640] [ 26.887757] CPU: 0 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 26.888281] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.888469] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.888755] ================================================================== [ 26.363381] ================================================================== [ 26.363775] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 26.363775] [ 26.364318] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#67): [ 26.364654] test_out_of_bounds_read+0x216/0x4e0 [ 26.364846] kunit_try_run_case+0x1a5/0x480 [ 26.365083] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.365310] kthread+0x337/0x6f0 [ 26.365433] ret_from_fork+0x116/0x1d0 [ 26.365621] ret_from_fork_asm+0x1a/0x30 [ 26.365821] [ 26.365909] kfence-#67: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 26.365909] [ 26.366267] allocated by task 316 on cpu 0 at 26.363195s (0.003069s ago): [ 26.366604] test_alloc+0x364/0x10f0 [ 26.366759] test_out_of_bounds_read+0x1e2/0x4e0 [ 26.366953] kunit_try_run_case+0x1a5/0x480 [ 26.367103] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.367312] kthread+0x337/0x6f0 [ 26.367476] ret_from_fork+0x116/0x1d0 [ 26.367672] ret_from_fork_asm+0x1a/0x30 [ 26.367866] [ 26.367966] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 26.368606] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.368791] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.369235] ================================================================== [ 26.260289] ================================================================== [ 26.260710] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 26.260710] [ 26.261278] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#66): [ 26.261662] test_out_of_bounds_read+0x126/0x4e0 [ 26.261889] kunit_try_run_case+0x1a5/0x480 [ 26.262537] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.262760] kthread+0x337/0x6f0 [ 26.263102] ret_from_fork+0x116/0x1d0 [ 26.263372] ret_from_fork_asm+0x1a/0x30 [ 26.263533] [ 26.263697] kfence-#66: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 26.263697] [ 26.264238] allocated by task 316 on cpu 0 at 26.259092s (0.005142s ago): [ 26.264694] test_alloc+0x364/0x10f0 [ 26.264870] test_out_of_bounds_read+0xed/0x4e0 [ 26.265162] kunit_try_run_case+0x1a5/0x480 [ 26.265485] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.265782] kthread+0x337/0x6f0 [ 26.265939] ret_from_fork+0x116/0x1d0 [ 26.266262] ret_from_fork_asm+0x1a/0x30 [ 26.266543] [ 26.266670] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 26.267328] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.267648] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.268139] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-kmalloc_oob_memset_16
[ 22.286525] ================================================================== [ 22.288495] BUG: KFENCE: memory corruption in kmalloc_oob_memset_16+0x187/0x330 [ 22.288495] [ 22.288776] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . ] (in kfence-#44): [ 22.289938] kmalloc_oob_memset_16+0x187/0x330 [ 22.290495] kunit_try_run_case+0x1a5/0x480 [ 22.290940] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.291323] kthread+0x337/0x6f0 [ 22.291619] ret_from_fork+0x116/0x1d0 [ 22.292004] ret_from_fork_asm+0x1a/0x30 [ 22.292231] [ 22.292479] kfence-#44: 0x(____ptrval____)-0x(____ptrval____), size=120, cache=kmalloc-128 [ 22.292479] [ 22.292919] allocated by task 207 on cpu 1 at 22.283613s (0.009246s ago): [ 22.293328] kmalloc_oob_memset_16+0xac/0x330 [ 22.293566] kunit_try_run_case+0x1a5/0x480 [ 22.293749] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.293956] kthread+0x337/0x6f0 [ 22.294070] ret_from_fork+0x116/0x1d0 [ 22.294265] ret_from_fork_asm+0x1a/0x30 [ 22.294530] [ 22.294728] freed by task 207 on cpu 1 at 22.286026s (0.008622s ago): [ 22.294976] kmalloc_oob_memset_16+0x187/0x330 [ 22.295311] kunit_try_run_case+0x1a5/0x480 [ 22.295489] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.295707] kthread+0x337/0x6f0 [ 22.295871] ret_from_fork+0x116/0x1d0 [ 22.296001] ret_from_fork_asm+0x1a/0x30 [ 22.296233] [ 22.296382] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 22.296787] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.296965] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.297873] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-drm_encoder_cleanup
[ 180.631142] ================================================================== [ 180.631852] BUG: KASAN: slab-use-after-free in drm_encoder_cleanup+0x265/0x270 [ 180.632619] Read of size 8 at addr ffff88810713e870 by task kunit_try_catch/1678 [ 180.633360] [ 180.633555] CPU: 0 UID: 0 PID: 1678 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 180.633606] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 180.633619] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 180.633639] Call Trace: [ 180.633655] <TASK> [ 180.633693] dump_stack_lvl+0x73/0xb0 [ 180.633729] print_report+0xd1/0x650 [ 180.633767] ? __virt_addr_valid+0x1db/0x2d0 [ 180.633793] ? drm_encoder_cleanup+0x265/0x270 [ 180.633818] ? kasan_complete_mode_report_info+0x64/0x200 [ 180.633841] ? drm_encoder_cleanup+0x265/0x270 [ 180.633865] kasan_report+0x141/0x180 [ 180.633887] ? drm_encoder_cleanup+0x265/0x270 [ 180.633914] __asan_report_load8_noabort+0x18/0x20 [ 180.633938] drm_encoder_cleanup+0x265/0x270 [ 180.633963] drmm_encoder_alloc_release+0x36/0x60 [ 180.633987] drm_managed_release+0x15c/0x470 [ 180.634007] ? simple_release_fs+0x86/0xb0 [ 180.634034] drm_dev_put.part.0+0xa1/0x100 [ 180.634052] ? __pfx_devm_drm_dev_init_release+0x10/0x10 [ 180.634073] devm_drm_dev_init_release+0x17/0x30 [ 180.634093] devm_action_release+0x50/0x80 [ 180.634119] devres_release_all+0x186/0x240 [ 180.634151] ? __pfx_devres_release_all+0x10/0x10 [ 180.634169] ? kernfs_remove_by_name_ns+0x166/0x1d0 [ 180.634194] ? sysfs_remove_file_ns+0x56/0xa0 [ 180.634218] device_unbind_cleanup+0x1b/0x1b0 [ 180.634242] device_release_driver_internal+0x3e4/0x540 [ 180.634265] ? klist_devices_put+0x35/0x50 [ 180.634287] device_release_driver+0x16/0x20 [ 180.634309] bus_remove_device+0x1e9/0x3d0 [ 180.634333] device_del+0x397/0x980 [ 180.634358] ? __pfx_device_del+0x10/0x10 [ 180.634379] ? __kasan_check_write+0x18/0x20 [ 180.634401] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 180.634432] ? __pfx_device_unregister_wrapper+0x10/0x10 [ 180.634457] device_unregister+0x1b/0xa0 [ 180.634478] device_unregister_wrapper+0x12/0x20 [ 180.634499] __kunit_action_free+0x57/0x70 [ 180.634523] kunit_remove_resource+0x133/0x200 [ 180.634544] ? preempt_count_sub+0x50/0x80 [ 180.634568] kunit_cleanup+0x7a/0x120 [ 180.634592] kunit_try_run_case_cleanup+0xbd/0xf0 [ 180.634615] ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [ 180.634637] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 180.634659] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 180.634680] kthread+0x337/0x6f0 [ 180.634702] ? trace_preempt_on+0x20/0xc0 [ 180.634727] ? __pfx_kthread+0x10/0x10 [ 180.634747] ? _raw_spin_unlock_irq+0x47/0x80 [ 180.634773] ? calculate_sigpending+0x7b/0xa0 [ 180.634797] ? __pfx_kthread+0x10/0x10 [ 180.634818] ret_from_fork+0x116/0x1d0 [ 180.634839] ? __pfx_kthread+0x10/0x10 [ 180.634859] ret_from_fork_asm+0x1a/0x30 [ 180.634892] </TASK> [ 180.634905] [ 180.650797] Allocated by task 1677: [ 180.651235] kasan_save_stack+0x45/0x70 [ 180.651685] kasan_save_track+0x18/0x40 [ 180.652309] kasan_save_alloc_info+0x3b/0x50 [ 180.652801] __kasan_kmalloc+0xb7/0xc0 [ 180.653023] __kmalloc_noprof+0x1c9/0x500 [ 180.653298] __devm_drm_bridge_alloc+0x33/0x170 [ 180.653798] drm_test_bridge_init+0x188/0x5c0 [ 180.654113] drm_test_drm_bridge_get_current_state_atomic+0xea/0x870 [ 180.654317] kunit_try_run_case+0x1a5/0x480 [ 180.654460] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 180.654629] kthread+0x337/0x6f0 [ 180.654746] ret_from_fork+0x116/0x1d0 [ 180.654873] ret_from_fork_asm+0x1a/0x30 [ 180.655204] [ 180.655374] Freed by task 1678: [ 180.655661] kasan_save_stack+0x45/0x70 [ 180.656016] kasan_save_track+0x18/0x40 [ 180.656432] kasan_save_free_info+0x3f/0x60 [ 180.656877] __kasan_slab_free+0x56/0x70 [ 180.657279] kfree+0x222/0x3f0 [ 180.657567] drm_bridge_put.part.0+0xc7/0x100 [ 180.658004] drm_bridge_put_void+0x17/0x30 [ 180.658382] devm_action_release+0x50/0x80 [ 180.658754] devres_release_all+0x186/0x240 [ 180.659158] device_unbind_cleanup+0x1b/0x1b0 [ 180.659763] device_release_driver_internal+0x3e4/0x540 [ 180.660181] device_release_driver+0x16/0x20 [ 180.660463] bus_remove_device+0x1e9/0x3d0 [ 180.660939] device_del+0x397/0x980 [ 180.661190] device_unregister+0x1b/0xa0 [ 180.661476] device_unregister_wrapper+0x12/0x20 [ 180.662011] __kunit_action_free+0x57/0x70 [ 180.662344] kunit_remove_resource+0x133/0x200 [ 180.662781] kunit_cleanup+0x7a/0x120 [ 180.663083] kunit_try_run_case_cleanup+0xbd/0xf0 [ 180.663253] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 180.663423] kthread+0x337/0x6f0 [ 180.663539] ret_from_fork+0x116/0x1d0 [ 180.663666] ret_from_fork_asm+0x1a/0x30 [ 180.663800] [ 180.663872] The buggy address belongs to the object at ffff88810713e800 [ 180.663872] which belongs to the cache kmalloc-512 of size 512 [ 180.664273] The buggy address is located 112 bytes inside of [ 180.664273] freed 512-byte region [ffff88810713e800, ffff88810713ea00) [ 180.664898] [ 180.665083] The buggy address belongs to the physical page: [ 180.665341] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10713c [ 180.665625] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 180.665980] flags: 0x200000000000040(head|node=0|zone=2) [ 180.666223] page_type: f5(slab) [ 180.666349] raw: 0200000000000040 ffff888100041c80 dead000000000122 0000000000000000 [ 180.666702] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 180.667292] head: 0200000000000040 ffff888100041c80 dead000000000122 0000000000000000 [ 180.667566] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 180.667859] head: 0200000000000002 ffffea00041c4f01 00000000ffffffff 00000000ffffffff [ 180.668545] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 180.668848] page dumped because: kasan: bad access detected [ 180.669521] [ 180.669615] Memory state around the buggy address: [ 180.670176] ffff88810713e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 180.670896] ffff88810713e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 180.671456] >ffff88810713e800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 180.671929] ^ [ 180.672230] ffff88810713e880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 180.672503] ffff88810713e900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 180.672782] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 26.204719] ================================================================== [ 26.205316] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 26.205685] Write of size 1 at addr ffff8881024e1b78 by task kunit_try_catch/314 [ 26.206028] [ 26.206337] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 26.206396] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.206410] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.206434] Call Trace: [ 26.206455] <TASK> [ 26.206649] dump_stack_lvl+0x73/0xb0 [ 26.206686] print_report+0xd1/0x650 [ 26.206712] ? __virt_addr_valid+0x1db/0x2d0 [ 26.206738] ? strncpy_from_user+0x1a5/0x1d0 [ 26.206763] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.206791] ? strncpy_from_user+0x1a5/0x1d0 [ 26.206816] kasan_report+0x141/0x180 [ 26.206840] ? strncpy_from_user+0x1a5/0x1d0 [ 26.206868] __asan_report_store1_noabort+0x1b/0x30 [ 26.206892] strncpy_from_user+0x1a5/0x1d0 [ 26.206919] copy_user_test_oob+0x760/0x10f0 [ 26.206944] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.206969] ? finish_task_switch.isra.0+0x153/0x700 [ 26.206993] ? __switch_to+0x47/0xf50 [ 26.207021] ? __schedule+0x10cc/0x2b60 [ 26.207054] ? __pfx_read_tsc+0x10/0x10 [ 26.207077] ? ktime_get_ts64+0x86/0x230 [ 26.207103] kunit_try_run_case+0x1a5/0x480 [ 26.207129] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.207152] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.207178] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.207204] ? __kthread_parkme+0x82/0x180 [ 26.207235] ? preempt_count_sub+0x50/0x80 [ 26.207260] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.207285] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.207310] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.207333] kthread+0x337/0x6f0 [ 26.207354] ? trace_preempt_on+0x20/0xc0 [ 26.207378] ? __pfx_kthread+0x10/0x10 [ 26.207400] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.207424] ? calculate_sigpending+0x7b/0xa0 [ 26.207449] ? __pfx_kthread+0x10/0x10 [ 26.207471] ret_from_fork+0x116/0x1d0 [ 26.207491] ? __pfx_kthread+0x10/0x10 [ 26.207512] ret_from_fork_asm+0x1a/0x30 [ 26.207543] </TASK> [ 26.207556] [ 26.216526] Allocated by task 314: [ 26.216984] kasan_save_stack+0x45/0x70 [ 26.217187] kasan_save_track+0x18/0x40 [ 26.217393] kasan_save_alloc_info+0x3b/0x50 [ 26.217544] __kasan_kmalloc+0xb7/0xc0 [ 26.217749] __kmalloc_noprof+0x1c9/0x500 [ 26.217925] kunit_kmalloc_array+0x25/0x60 [ 26.218161] copy_user_test_oob+0xab/0x10f0 [ 26.218395] kunit_try_run_case+0x1a5/0x480 [ 26.218608] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.218846] kthread+0x337/0x6f0 [ 26.218960] ret_from_fork+0x116/0x1d0 [ 26.219105] ret_from_fork_asm+0x1a/0x30 [ 26.219344] [ 26.219457] The buggy address belongs to the object at ffff8881024e1b00 [ 26.219457] which belongs to the cache kmalloc-128 of size 128 [ 26.219982] The buggy address is located 0 bytes to the right of [ 26.219982] allocated 120-byte region [ffff8881024e1b00, ffff8881024e1b78) [ 26.220530] [ 26.220626] The buggy address belongs to the physical page: [ 26.220857] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024e1 [ 26.221125] flags: 0x200000000000000(node=0|zone=2) [ 26.221368] page_type: f5(slab) [ 26.221554] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.221927] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.222470] page dumped because: kasan: bad access detected [ 26.222642] [ 26.222706] Memory state around the buggy address: [ 26.222852] ffff8881024e1a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.223358] ffff8881024e1a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.223676] >ffff8881024e1b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.223979] ^ [ 26.224370] ffff8881024e1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.224623] ffff8881024e1c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.224838] ================================================================== [ 26.177695] ================================================================== [ 26.178344] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 26.178781] Write of size 121 at addr ffff8881024e1b00 by task kunit_try_catch/314 [ 26.179440] [ 26.179771] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 26.179831] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.179846] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.179873] Call Trace: [ 26.179897] <TASK> [ 26.179919] dump_stack_lvl+0x73/0xb0 [ 26.179952] print_report+0xd1/0x650 [ 26.179977] ? __virt_addr_valid+0x1db/0x2d0 [ 26.180003] ? strncpy_from_user+0x2e/0x1d0 [ 26.180027] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.180054] ? strncpy_from_user+0x2e/0x1d0 [ 26.180079] kasan_report+0x141/0x180 [ 26.180102] ? strncpy_from_user+0x2e/0x1d0 [ 26.180131] kasan_check_range+0x10c/0x1c0 [ 26.180155] __kasan_check_write+0x18/0x20 [ 26.180179] strncpy_from_user+0x2e/0x1d0 [ 26.180202] ? __kasan_check_read+0x15/0x20 [ 26.180244] copy_user_test_oob+0x760/0x10f0 [ 26.180269] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.180292] ? finish_task_switch.isra.0+0x153/0x700 [ 26.180316] ? __switch_to+0x47/0xf50 [ 26.180343] ? __schedule+0x10cc/0x2b60 [ 26.180368] ? __pfx_read_tsc+0x10/0x10 [ 26.180391] ? ktime_get_ts64+0x86/0x230 [ 26.180418] kunit_try_run_case+0x1a5/0x480 [ 26.180443] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.180467] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.180493] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.180518] ? __kthread_parkme+0x82/0x180 [ 26.180540] ? preempt_count_sub+0x50/0x80 [ 26.180563] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.180588] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.180613] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.180638] kthread+0x337/0x6f0 [ 26.180659] ? trace_preempt_on+0x20/0xc0 [ 26.180683] ? __pfx_kthread+0x10/0x10 [ 26.180704] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.180728] ? calculate_sigpending+0x7b/0xa0 [ 26.180753] ? __pfx_kthread+0x10/0x10 [ 26.180775] ret_from_fork+0x116/0x1d0 [ 26.180795] ? __pfx_kthread+0x10/0x10 [ 26.180816] ret_from_fork_asm+0x1a/0x30 [ 26.180848] </TASK> [ 26.180861] [ 26.192716] Allocated by task 314: [ 26.192890] kasan_save_stack+0x45/0x70 [ 26.193140] kasan_save_track+0x18/0x40 [ 26.193339] kasan_save_alloc_info+0x3b/0x50 [ 26.193546] __kasan_kmalloc+0xb7/0xc0 [ 26.193726] __kmalloc_noprof+0x1c9/0x500 [ 26.193920] kunit_kmalloc_array+0x25/0x60 [ 26.194592] copy_user_test_oob+0xab/0x10f0 [ 26.194787] kunit_try_run_case+0x1a5/0x480 [ 26.195307] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.195703] kthread+0x337/0x6f0 [ 26.195970] ret_from_fork+0x116/0x1d0 [ 26.196366] ret_from_fork_asm+0x1a/0x30 [ 26.196623] [ 26.196702] The buggy address belongs to the object at ffff8881024e1b00 [ 26.196702] which belongs to the cache kmalloc-128 of size 128 [ 26.197565] The buggy address is located 0 bytes inside of [ 26.197565] allocated 120-byte region [ffff8881024e1b00, ffff8881024e1b78) [ 26.198210] [ 26.198305] The buggy address belongs to the physical page: [ 26.198706] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024e1 [ 26.199163] flags: 0x200000000000000(node=0|zone=2) [ 26.199511] page_type: f5(slab) [ 26.199774] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.200303] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.200729] page dumped because: kasan: bad access detected [ 26.201083] [ 26.201300] Memory state around the buggy address: [ 26.201585] ffff8881024e1a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.201893] ffff8881024e1a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.202321] >ffff8881024e1b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.202716] ^ [ 26.203165] ffff8881024e1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.203603] ffff8881024e1c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.203998] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 26.117100] ================================================================== [ 26.117454] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 26.117786] Read of size 121 at addr ffff8881024e1b00 by task kunit_try_catch/314 [ 26.118258] [ 26.118373] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 26.118424] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.118438] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.118464] Call Trace: [ 26.118486] <TASK> [ 26.118507] dump_stack_lvl+0x73/0xb0 [ 26.118537] print_report+0xd1/0x650 [ 26.118561] ? __virt_addr_valid+0x1db/0x2d0 [ 26.118586] ? copy_user_test_oob+0x4aa/0x10f0 [ 26.118610] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.118638] ? copy_user_test_oob+0x4aa/0x10f0 [ 26.118662] kasan_report+0x141/0x180 [ 26.118685] ? copy_user_test_oob+0x4aa/0x10f0 [ 26.118713] kasan_check_range+0x10c/0x1c0 [ 26.118737] __kasan_check_read+0x15/0x20 [ 26.118761] copy_user_test_oob+0x4aa/0x10f0 [ 26.118787] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.118809] ? finish_task_switch.isra.0+0x153/0x700 [ 26.118833] ? __switch_to+0x47/0xf50 [ 26.118860] ? __schedule+0x10cc/0x2b60 [ 26.118885] ? __pfx_read_tsc+0x10/0x10 [ 26.118907] ? ktime_get_ts64+0x86/0x230 [ 26.118934] kunit_try_run_case+0x1a5/0x480 [ 26.118960] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.118983] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.119009] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.119043] ? __kthread_parkme+0x82/0x180 [ 26.119065] ? preempt_count_sub+0x50/0x80 [ 26.119088] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.119113] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.119138] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.119163] kthread+0x337/0x6f0 [ 26.119186] ? trace_preempt_on+0x20/0xc0 [ 26.119211] ? __pfx_kthread+0x10/0x10 [ 26.119245] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.119271] ? calculate_sigpending+0x7b/0xa0 [ 26.119298] ? __pfx_kthread+0x10/0x10 [ 26.119321] ret_from_fork+0x116/0x1d0 [ 26.119342] ? __pfx_kthread+0x10/0x10 [ 26.119365] ret_from_fork_asm+0x1a/0x30 [ 26.119398] </TASK> [ 26.119410] [ 26.126791] Allocated by task 314: [ 26.126913] kasan_save_stack+0x45/0x70 [ 26.127057] kasan_save_track+0x18/0x40 [ 26.127186] kasan_save_alloc_info+0x3b/0x50 [ 26.127406] __kasan_kmalloc+0xb7/0xc0 [ 26.127591] __kmalloc_noprof+0x1c9/0x500 [ 26.127789] kunit_kmalloc_array+0x25/0x60 [ 26.127992] copy_user_test_oob+0xab/0x10f0 [ 26.128199] kunit_try_run_case+0x1a5/0x480 [ 26.128415] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.128646] kthread+0x337/0x6f0 [ 26.128799] ret_from_fork+0x116/0x1d0 [ 26.128972] ret_from_fork_asm+0x1a/0x30 [ 26.129156] [ 26.129264] The buggy address belongs to the object at ffff8881024e1b00 [ 26.129264] which belongs to the cache kmalloc-128 of size 128 [ 26.129699] The buggy address is located 0 bytes inside of [ 26.129699] allocated 120-byte region [ffff8881024e1b00, ffff8881024e1b78) [ 26.130165] [ 26.130269] The buggy address belongs to the physical page: [ 26.130522] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024e1 [ 26.130849] flags: 0x200000000000000(node=0|zone=2) [ 26.131010] page_type: f5(slab) [ 26.131134] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.131372] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.131595] page dumped because: kasan: bad access detected [ 26.131857] [ 26.131947] Memory state around the buggy address: [ 26.132367] ffff8881024e1a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.132685] ffff8881024e1a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.132994] >ffff8881024e1b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.133212] ^ [ 26.133535] ffff8881024e1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.133817] ffff8881024e1c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.134099] ================================================================== [ 26.099920] ================================================================== [ 26.100318] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 26.100640] Write of size 121 at addr ffff8881024e1b00 by task kunit_try_catch/314 [ 26.100921] [ 26.101012] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 26.101088] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.101102] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.101129] Call Trace: [ 26.101150] <TASK> [ 26.101173] dump_stack_lvl+0x73/0xb0 [ 26.101205] print_report+0xd1/0x650 [ 26.101240] ? __virt_addr_valid+0x1db/0x2d0 [ 26.101266] ? copy_user_test_oob+0x3fd/0x10f0 [ 26.101291] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.101318] ? copy_user_test_oob+0x3fd/0x10f0 [ 26.101342] kasan_report+0x141/0x180 [ 26.101365] ? copy_user_test_oob+0x3fd/0x10f0 [ 26.101393] kasan_check_range+0x10c/0x1c0 [ 26.101417] __kasan_check_write+0x18/0x20 [ 26.101442] copy_user_test_oob+0x3fd/0x10f0 [ 26.101468] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.101491] ? finish_task_switch.isra.0+0x153/0x700 [ 26.101514] ? __switch_to+0x47/0xf50 [ 26.101541] ? __schedule+0x10cc/0x2b60 [ 26.101567] ? __pfx_read_tsc+0x10/0x10 [ 26.101591] ? ktime_get_ts64+0x86/0x230 [ 26.101617] kunit_try_run_case+0x1a5/0x480 [ 26.101644] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.101668] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.101694] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.101720] ? __kthread_parkme+0x82/0x180 [ 26.101742] ? preempt_count_sub+0x50/0x80 [ 26.101765] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.101790] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.101815] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.101839] kthread+0x337/0x6f0 [ 26.101861] ? trace_preempt_on+0x20/0xc0 [ 26.101885] ? __pfx_kthread+0x10/0x10 [ 26.101906] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.101930] ? calculate_sigpending+0x7b/0xa0 [ 26.101956] ? __pfx_kthread+0x10/0x10 [ 26.101978] ret_from_fork+0x116/0x1d0 [ 26.101998] ? __pfx_kthread+0x10/0x10 [ 26.102030] ret_from_fork_asm+0x1a/0x30 [ 26.102064] </TASK> [ 26.102077] [ 26.109060] Allocated by task 314: [ 26.109199] kasan_save_stack+0x45/0x70 [ 26.109360] kasan_save_track+0x18/0x40 [ 26.109488] kasan_save_alloc_info+0x3b/0x50 [ 26.109631] __kasan_kmalloc+0xb7/0xc0 [ 26.109954] __kmalloc_noprof+0x1c9/0x500 [ 26.110346] kunit_kmalloc_array+0x25/0x60 [ 26.110555] copy_user_test_oob+0xab/0x10f0 [ 26.110759] kunit_try_run_case+0x1a5/0x480 [ 26.110964] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.111199] kthread+0x337/0x6f0 [ 26.111347] ret_from_fork+0x116/0x1d0 [ 26.111497] ret_from_fork_asm+0x1a/0x30 [ 26.111632] [ 26.111698] The buggy address belongs to the object at ffff8881024e1b00 [ 26.111698] which belongs to the cache kmalloc-128 of size 128 [ 26.112098] The buggy address is located 0 bytes inside of [ 26.112098] allocated 120-byte region [ffff8881024e1b00, ffff8881024e1b78) [ 26.112640] [ 26.112735] The buggy address belongs to the physical page: [ 26.112991] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024e1 [ 26.113340] flags: 0x200000000000000(node=0|zone=2) [ 26.113505] page_type: f5(slab) [ 26.113624] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.113847] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.114099] page dumped because: kasan: bad access detected [ 26.114360] [ 26.114456] Memory state around the buggy address: [ 26.114684] ffff8881024e1a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.115075] ffff8881024e1a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.115366] >ffff8881024e1b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.115617] ^ [ 26.115825] ffff8881024e1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.116293] ffff8881024e1c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.116581] ================================================================== [ 26.152290] ================================================================== [ 26.152646] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 26.152928] Read of size 121 at addr ffff8881024e1b00 by task kunit_try_catch/314 [ 26.153316] [ 26.153410] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 26.153460] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.154495] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.154528] Call Trace: [ 26.154550] <TASK> [ 26.154569] dump_stack_lvl+0x73/0xb0 [ 26.154600] print_report+0xd1/0x650 [ 26.154624] ? __virt_addr_valid+0x1db/0x2d0 [ 26.154649] ? copy_user_test_oob+0x604/0x10f0 [ 26.154672] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.154700] ? copy_user_test_oob+0x604/0x10f0 [ 26.154724] kasan_report+0x141/0x180 [ 26.154747] ? copy_user_test_oob+0x604/0x10f0 [ 26.154775] kasan_check_range+0x10c/0x1c0 [ 26.154799] __kasan_check_read+0x15/0x20 [ 26.154824] copy_user_test_oob+0x604/0x10f0 [ 26.154850] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.154873] ? finish_task_switch.isra.0+0x153/0x700 [ 26.154900] ? __switch_to+0x47/0xf50 [ 26.154929] ? __schedule+0x10cc/0x2b60 [ 26.154955] ? __pfx_read_tsc+0x10/0x10 [ 26.154979] ? ktime_get_ts64+0x86/0x230 [ 26.155005] kunit_try_run_case+0x1a5/0x480 [ 26.155037] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.155061] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.155087] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.155114] ? __kthread_parkme+0x82/0x180 [ 26.155135] ? preempt_count_sub+0x50/0x80 [ 26.155160] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.155185] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.155209] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.155246] kthread+0x337/0x6f0 [ 26.155266] ? trace_preempt_on+0x20/0xc0 [ 26.155290] ? __pfx_kthread+0x10/0x10 [ 26.155311] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.155336] ? calculate_sigpending+0x7b/0xa0 [ 26.155360] ? __pfx_kthread+0x10/0x10 [ 26.155382] ret_from_fork+0x116/0x1d0 [ 26.155403] ? __pfx_kthread+0x10/0x10 [ 26.155423] ret_from_fork_asm+0x1a/0x30 [ 26.155455] </TASK> [ 26.155467] [ 26.165390] Allocated by task 314: [ 26.165685] kasan_save_stack+0x45/0x70 [ 26.165918] kasan_save_track+0x18/0x40 [ 26.166327] kasan_save_alloc_info+0x3b/0x50 [ 26.166528] __kasan_kmalloc+0xb7/0xc0 [ 26.166694] __kmalloc_noprof+0x1c9/0x500 [ 26.166894] kunit_kmalloc_array+0x25/0x60 [ 26.167076] copy_user_test_oob+0xab/0x10f0 [ 26.167352] kunit_try_run_case+0x1a5/0x480 [ 26.167919] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.168229] kthread+0x337/0x6f0 [ 26.168515] ret_from_fork+0x116/0x1d0 [ 26.168773] ret_from_fork_asm+0x1a/0x30 [ 26.169033] [ 26.169129] The buggy address belongs to the object at ffff8881024e1b00 [ 26.169129] which belongs to the cache kmalloc-128 of size 128 [ 26.169897] The buggy address is located 0 bytes inside of [ 26.169897] allocated 120-byte region [ffff8881024e1b00, ffff8881024e1b78) [ 26.170571] [ 26.170655] The buggy address belongs to the physical page: [ 26.171062] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024e1 [ 26.171509] flags: 0x200000000000000(node=0|zone=2) [ 26.171846] page_type: f5(slab) [ 26.172030] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.172691] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.173209] page dumped because: kasan: bad access detected [ 26.173560] [ 26.173803] Memory state around the buggy address: [ 26.174133] ffff8881024e1a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.174454] ffff8881024e1a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.174761] >ffff8881024e1b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.175364] ^ [ 26.175653] ffff8881024e1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.176089] ffff8881024e1c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.176485] ================================================================== [ 26.134623] ================================================================== [ 26.135228] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 26.135511] Write of size 121 at addr ffff8881024e1b00 by task kunit_try_catch/314 [ 26.135811] [ 26.135894] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 26.135942] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.135957] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.135982] Call Trace: [ 26.136000] <TASK> [ 26.136027] dump_stack_lvl+0x73/0xb0 [ 26.136055] print_report+0xd1/0x650 [ 26.136078] ? __virt_addr_valid+0x1db/0x2d0 [ 26.136115] ? copy_user_test_oob+0x557/0x10f0 [ 26.136139] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.136165] ? copy_user_test_oob+0x557/0x10f0 [ 26.136189] kasan_report+0x141/0x180 [ 26.136212] ? copy_user_test_oob+0x557/0x10f0 [ 26.136251] kasan_check_range+0x10c/0x1c0 [ 26.136276] __kasan_check_write+0x18/0x20 [ 26.136299] copy_user_test_oob+0x557/0x10f0 [ 26.136325] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.136348] ? finish_task_switch.isra.0+0x153/0x700 [ 26.136371] ? __switch_to+0x47/0xf50 [ 26.136397] ? __schedule+0x10cc/0x2b60 [ 26.136422] ? __pfx_read_tsc+0x10/0x10 [ 26.136446] ? ktime_get_ts64+0x86/0x230 [ 26.136471] kunit_try_run_case+0x1a5/0x480 [ 26.136497] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.136520] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.136545] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.136571] ? __kthread_parkme+0x82/0x180 [ 26.136592] ? preempt_count_sub+0x50/0x80 [ 26.136615] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.136641] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.136665] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.136691] kthread+0x337/0x6f0 [ 26.136712] ? trace_preempt_on+0x20/0xc0 [ 26.136736] ? __pfx_kthread+0x10/0x10 [ 26.136757] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.136781] ? calculate_sigpending+0x7b/0xa0 [ 26.136806] ? __pfx_kthread+0x10/0x10 [ 26.136828] ret_from_fork+0x116/0x1d0 [ 26.136847] ? __pfx_kthread+0x10/0x10 [ 26.136869] ret_from_fork_asm+0x1a/0x30 [ 26.136901] </TASK> [ 26.136913] [ 26.143883] Allocated by task 314: [ 26.144054] kasan_save_stack+0x45/0x70 [ 26.144266] kasan_save_track+0x18/0x40 [ 26.144455] kasan_save_alloc_info+0x3b/0x50 [ 26.144679] __kasan_kmalloc+0xb7/0xc0 [ 26.144844] __kmalloc_noprof+0x1c9/0x500 [ 26.144982] kunit_kmalloc_array+0x25/0x60 [ 26.145120] copy_user_test_oob+0xab/0x10f0 [ 26.145271] kunit_try_run_case+0x1a5/0x480 [ 26.145412] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.145580] kthread+0x337/0x6f0 [ 26.145700] ret_from_fork+0x116/0x1d0 [ 26.145888] ret_from_fork_asm+0x1a/0x30 [ 26.146166] [ 26.146265] The buggy address belongs to the object at ffff8881024e1b00 [ 26.146265] which belongs to the cache kmalloc-128 of size 128 [ 26.146795] The buggy address is located 0 bytes inside of [ 26.146795] allocated 120-byte region [ffff8881024e1b00, ffff8881024e1b78) [ 26.147757] [ 26.147831] The buggy address belongs to the physical page: [ 26.147999] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024e1 [ 26.148362] flags: 0x200000000000000(node=0|zone=2) [ 26.148591] page_type: f5(slab) [ 26.148750] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.149048] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.149305] page dumped because: kasan: bad access detected [ 26.149480] [ 26.149546] Memory state around the buggy address: [ 26.149700] ffff8881024e1a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.149929] ffff8881024e1a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.150382] >ffff8881024e1b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.150699] ^ [ 26.151016] ffff8881024e1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.151352] ffff8881024e1c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.151562] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-_copy_to_user
[ 26.072253] ================================================================== [ 26.072596] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70 [ 26.073030] Read of size 121 at addr ffff8881024e1b00 by task kunit_try_catch/314 [ 26.073663] [ 26.073790] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 26.073972] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.073991] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.074024] Call Trace: [ 26.074048] <TASK> [ 26.074070] dump_stack_lvl+0x73/0xb0 [ 26.074102] print_report+0xd1/0x650 [ 26.074128] ? __virt_addr_valid+0x1db/0x2d0 [ 26.074154] ? _copy_to_user+0x3c/0x70 [ 26.074174] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.074202] ? _copy_to_user+0x3c/0x70 [ 26.074237] kasan_report+0x141/0x180 [ 26.074260] ? _copy_to_user+0x3c/0x70 [ 26.074285] kasan_check_range+0x10c/0x1c0 [ 26.074309] __kasan_check_read+0x15/0x20 [ 26.074333] _copy_to_user+0x3c/0x70 [ 26.074354] copy_user_test_oob+0x364/0x10f0 [ 26.074380] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.074404] ? finish_task_switch.isra.0+0x153/0x700 [ 26.074427] ? __switch_to+0x47/0xf50 [ 26.074454] ? __schedule+0x10cc/0x2b60 [ 26.074480] ? __pfx_read_tsc+0x10/0x10 [ 26.074503] ? ktime_get_ts64+0x86/0x230 [ 26.074528] kunit_try_run_case+0x1a5/0x480 [ 26.074554] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.074577] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.074603] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.074629] ? __kthread_parkme+0x82/0x180 [ 26.074650] ? preempt_count_sub+0x50/0x80 [ 26.074674] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.074699] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.074723] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.074747] kthread+0x337/0x6f0 [ 26.074769] ? trace_preempt_on+0x20/0xc0 [ 26.074793] ? __pfx_kthread+0x10/0x10 [ 26.074815] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.074840] ? calculate_sigpending+0x7b/0xa0 [ 26.074864] ? __pfx_kthread+0x10/0x10 [ 26.074886] ret_from_fork+0x116/0x1d0 [ 26.074906] ? __pfx_kthread+0x10/0x10 [ 26.074929] ret_from_fork_asm+0x1a/0x30 [ 26.074961] </TASK> [ 26.074974] [ 26.084894] Allocated by task 314: [ 26.085086] kasan_save_stack+0x45/0x70 [ 26.085504] kasan_save_track+0x18/0x40 [ 26.085765] kasan_save_alloc_info+0x3b/0x50 [ 26.085937] __kasan_kmalloc+0xb7/0xc0 [ 26.086274] __kmalloc_noprof+0x1c9/0x500 [ 26.086463] kunit_kmalloc_array+0x25/0x60 [ 26.086666] copy_user_test_oob+0xab/0x10f0 [ 26.086850] kunit_try_run_case+0x1a5/0x480 [ 26.087333] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.087571] kthread+0x337/0x6f0 [ 26.087707] ret_from_fork+0x116/0x1d0 [ 26.088018] ret_from_fork_asm+0x1a/0x30 [ 26.088355] [ 26.088437] The buggy address belongs to the object at ffff8881024e1b00 [ 26.088437] which belongs to the cache kmalloc-128 of size 128 [ 26.089131] The buggy address is located 0 bytes inside of [ 26.089131] allocated 120-byte region [ffff8881024e1b00, ffff8881024e1b78) [ 26.089624] [ 26.089714] The buggy address belongs to the physical page: [ 26.089949] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024e1 [ 26.090663] flags: 0x200000000000000(node=0|zone=2) [ 26.090954] page_type: f5(slab) [ 26.091089] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.091569] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.091970] page dumped because: kasan: bad access detected [ 26.092325] [ 26.092399] Memory state around the buggy address: [ 26.092754] ffff8881024e1a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.093199] ffff8881024e1a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.093618] >ffff8881024e1b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.094014] ^ [ 26.094430] ffff8881024e1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.094794] ffff8881024e1c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.095216] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-_copy_from_user
[ 26.045334] ================================================================== [ 26.045902] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 26.046487] Write of size 121 at addr ffff8881024e1b00 by task kunit_try_catch/314 [ 26.046801] [ 26.046907] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 26.046965] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.046980] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.047008] Call Trace: [ 26.047054] <TASK> [ 26.047080] dump_stack_lvl+0x73/0xb0 [ 26.047114] print_report+0xd1/0x650 [ 26.047141] ? __virt_addr_valid+0x1db/0x2d0 [ 26.047169] ? _copy_from_user+0x32/0x90 [ 26.047190] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.047228] ? _copy_from_user+0x32/0x90 [ 26.047249] kasan_report+0x141/0x180 [ 26.047272] ? _copy_from_user+0x32/0x90 [ 26.047297] kasan_check_range+0x10c/0x1c0 [ 26.047321] __kasan_check_write+0x18/0x20 [ 26.047345] _copy_from_user+0x32/0x90 [ 26.047367] copy_user_test_oob+0x2be/0x10f0 [ 26.047394] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.047418] ? finish_task_switch.isra.0+0x153/0x700 [ 26.047443] ? __switch_to+0x47/0xf50 [ 26.047619] ? __schedule+0x10cc/0x2b60 [ 26.047655] ? __pfx_read_tsc+0x10/0x10 [ 26.047681] ? ktime_get_ts64+0x86/0x230 [ 26.047708] kunit_try_run_case+0x1a5/0x480 [ 26.047734] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.047759] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.047785] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.047810] ? __kthread_parkme+0x82/0x180 [ 26.047833] ? preempt_count_sub+0x50/0x80 [ 26.047857] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.047883] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.047907] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.047932] kthread+0x337/0x6f0 [ 26.047952] ? trace_preempt_on+0x20/0xc0 [ 26.047979] ? __pfx_kthread+0x10/0x10 [ 26.048000] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.048036] ? calculate_sigpending+0x7b/0xa0 [ 26.048063] ? __pfx_kthread+0x10/0x10 [ 26.048085] ret_from_fork+0x116/0x1d0 [ 26.048105] ? __pfx_kthread+0x10/0x10 [ 26.048126] ret_from_fork_asm+0x1a/0x30 [ 26.048160] </TASK> [ 26.048174] [ 26.057822] Allocated by task 314: [ 26.058021] kasan_save_stack+0x45/0x70 [ 26.058212] kasan_save_track+0x18/0x40 [ 26.058396] kasan_save_alloc_info+0x3b/0x50 [ 26.058580] __kasan_kmalloc+0xb7/0xc0 [ 26.058741] __kmalloc_noprof+0x1c9/0x500 [ 26.058922] kunit_kmalloc_array+0x25/0x60 [ 26.059700] copy_user_test_oob+0xab/0x10f0 [ 26.059890] kunit_try_run_case+0x1a5/0x480 [ 26.060296] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.060646] kthread+0x337/0x6f0 [ 26.060792] ret_from_fork+0x116/0x1d0 [ 26.061123] ret_from_fork_asm+0x1a/0x30 [ 26.061431] [ 26.061521] The buggy address belongs to the object at ffff8881024e1b00 [ 26.061521] which belongs to the cache kmalloc-128 of size 128 [ 26.062292] The buggy address is located 0 bytes inside of [ 26.062292] allocated 120-byte region [ffff8881024e1b00, ffff8881024e1b78) [ 26.062967] [ 26.063064] The buggy address belongs to the physical page: [ 26.063557] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024e1 [ 26.063981] flags: 0x200000000000000(node=0|zone=2) [ 26.064378] page_type: f5(slab) [ 26.064523] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.064931] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.065373] page dumped because: kasan: bad access detected [ 26.065714] [ 26.065811] Memory state around the buggy address: [ 26.066203] ffff8881024e1a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.066615] ffff8881024e1a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.067023] >ffff8881024e1b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.067411] ^ [ 26.067799] ffff8881024e1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.068234] ffff8881024e1c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.068609] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 25.985103] ================================================================== [ 25.985617] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 25.985917] Read of size 8 at addr ffff8881024e1a78 by task kunit_try_catch/310 [ 25.986340] [ 25.986481] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.986778] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.986817] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.986858] Call Trace: [ 25.986875] <TASK> [ 25.986898] dump_stack_lvl+0x73/0xb0 [ 25.986934] print_report+0xd1/0x650 [ 25.986962] ? __virt_addr_valid+0x1db/0x2d0 [ 25.986989] ? copy_to_kernel_nofault+0x225/0x260 [ 25.987013] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.987049] ? copy_to_kernel_nofault+0x225/0x260 [ 25.987075] kasan_report+0x141/0x180 [ 25.987098] ? copy_to_kernel_nofault+0x225/0x260 [ 25.987129] __asan_report_load8_noabort+0x18/0x20 [ 25.987157] copy_to_kernel_nofault+0x225/0x260 [ 25.987183] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 25.987208] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 25.987246] ? finish_task_switch.isra.0+0x153/0x700 [ 25.987273] ? __schedule+0x10cc/0x2b60 [ 25.987299] ? trace_hardirqs_on+0x37/0xe0 [ 25.987330] ? trace_hardirqs_on+0x37/0xe0 [ 25.987353] ? __pfx_read_tsc+0x10/0x10 [ 25.987379] ? ktime_get_ts64+0x86/0x230 [ 25.987544] kunit_try_run_case+0x1a5/0x480 [ 25.987572] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.987598] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.987625] ? __kthread_parkme+0x82/0x180 [ 25.987647] ? preempt_count_sub+0x50/0x80 [ 25.987671] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.987697] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.987721] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.987747] kthread+0x337/0x6f0 [ 25.987768] ? trace_preempt_on+0x20/0xc0 [ 25.987806] ? __pfx_kthread+0x10/0x10 [ 25.987828] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.987852] ? calculate_sigpending+0x7b/0xa0 [ 25.987879] ? __pfx_kthread+0x10/0x10 [ 25.987901] ret_from_fork+0x116/0x1d0 [ 25.987923] ? __pfx_kthread+0x10/0x10 [ 25.987944] ret_from_fork_asm+0x1a/0x30 [ 25.987978] </TASK> [ 25.987991] [ 25.997670] Allocated by task 310: [ 25.997860] kasan_save_stack+0x45/0x70 [ 25.998057] kasan_save_track+0x18/0x40 [ 25.998637] kasan_save_alloc_info+0x3b/0x50 [ 25.998793] __kasan_kmalloc+0xb7/0xc0 [ 25.999087] __kmalloc_cache_noprof+0x189/0x420 [ 25.999288] copy_to_kernel_nofault_oob+0x12f/0x560 [ 25.999682] kunit_try_run_case+0x1a5/0x480 [ 25.999915] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.000284] kthread+0x337/0x6f0 [ 26.000512] ret_from_fork+0x116/0x1d0 [ 26.000650] ret_from_fork_asm+0x1a/0x30 [ 26.000973] [ 26.001049] The buggy address belongs to the object at ffff8881024e1a00 [ 26.001049] which belongs to the cache kmalloc-128 of size 128 [ 26.001690] The buggy address is located 0 bytes to the right of [ 26.001690] allocated 120-byte region [ffff8881024e1a00, ffff8881024e1a78) [ 26.002349] [ 26.002460] The buggy address belongs to the physical page: [ 26.002721] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024e1 [ 26.003053] flags: 0x200000000000000(node=0|zone=2) [ 26.003591] page_type: f5(slab) [ 26.003832] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.004147] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.004465] page dumped because: kasan: bad access detected [ 26.004685] [ 26.004756] Memory state around the buggy address: [ 26.005296] ffff8881024e1900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.005642] ffff8881024e1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.005970] >ffff8881024e1a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.006501] ^ [ 26.006891] ffff8881024e1a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.007232] ffff8881024e1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.007641] ================================================================== [ 26.008408] ================================================================== [ 26.008849] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 26.009302] Write of size 8 at addr ffff8881024e1a78 by task kunit_try_catch/310 [ 26.009611] [ 26.009723] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 26.009780] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.009997] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.010178] Call Trace: [ 26.010197] <TASK> [ 26.010232] dump_stack_lvl+0x73/0xb0 [ 26.010327] print_report+0xd1/0x650 [ 26.010355] ? __virt_addr_valid+0x1db/0x2d0 [ 26.010383] ? copy_to_kernel_nofault+0x99/0x260 [ 26.010410] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.010439] ? copy_to_kernel_nofault+0x99/0x260 [ 26.010464] kasan_report+0x141/0x180 [ 26.010488] ? copy_to_kernel_nofault+0x99/0x260 [ 26.010607] kasan_check_range+0x10c/0x1c0 [ 26.010634] __kasan_check_write+0x18/0x20 [ 26.010659] copy_to_kernel_nofault+0x99/0x260 [ 26.010685] copy_to_kernel_nofault_oob+0x288/0x560 [ 26.010710] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 26.010733] ? finish_task_switch.isra.0+0x153/0x700 [ 26.010760] ? __schedule+0x10cc/0x2b60 [ 26.010802] ? trace_hardirqs_on+0x37/0xe0 [ 26.010833] ? trace_hardirqs_on+0x37/0xe0 [ 26.010855] ? __pfx_read_tsc+0x10/0x10 [ 26.010879] ? ktime_get_ts64+0x86/0x230 [ 26.010904] kunit_try_run_case+0x1a5/0x480 [ 26.010932] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.010957] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.010984] ? __kthread_parkme+0x82/0x180 [ 26.011006] ? preempt_count_sub+0x50/0x80 [ 26.011046] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.011072] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.011097] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.011122] kthread+0x337/0x6f0 [ 26.011143] ? trace_preempt_on+0x20/0xc0 [ 26.011166] ? __pfx_kthread+0x10/0x10 [ 26.011188] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.011212] ? calculate_sigpending+0x7b/0xa0 [ 26.011249] ? __pfx_kthread+0x10/0x10 [ 26.011272] ret_from_fork+0x116/0x1d0 [ 26.011292] ? __pfx_kthread+0x10/0x10 [ 26.011314] ret_from_fork_asm+0x1a/0x30 [ 26.011346] </TASK> [ 26.011359] [ 26.021581] Allocated by task 310: [ 26.021744] kasan_save_stack+0x45/0x70 [ 26.022306] kasan_save_track+0x18/0x40 [ 26.022582] kasan_save_alloc_info+0x3b/0x50 [ 26.022889] __kasan_kmalloc+0xb7/0xc0 [ 26.023038] __kmalloc_cache_noprof+0x189/0x420 [ 26.023270] copy_to_kernel_nofault_oob+0x12f/0x560 [ 26.023510] kunit_try_run_case+0x1a5/0x480 [ 26.023997] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.024445] kthread+0x337/0x6f0 [ 26.024662] ret_from_fork+0x116/0x1d0 [ 26.025062] ret_from_fork_asm+0x1a/0x30 [ 26.025446] [ 26.025585] The buggy address belongs to the object at ffff8881024e1a00 [ 26.025585] which belongs to the cache kmalloc-128 of size 128 [ 26.026454] The buggy address is located 0 bytes to the right of [ 26.026454] allocated 120-byte region [ffff8881024e1a00, ffff8881024e1a78) [ 26.027087] [ 26.027242] The buggy address belongs to the physical page: [ 26.027573] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024e1 [ 26.027895] flags: 0x200000000000000(node=0|zone=2) [ 26.028322] page_type: f5(slab) [ 26.028493] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.028949] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.029454] page dumped because: kasan: bad access detected [ 26.029761] [ 26.029851] Memory state around the buggy address: [ 26.030300] ffff8881024e1900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.030694] ffff8881024e1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.030968] >ffff8881024e1a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.031578] ^ [ 26.031994] ffff8881024e1a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.032414] ffff8881024e1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.032729] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 25.471365] ================================================================== [ 25.471758] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1818/0x5450 [ 25.472476] Write of size 8 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.472861] [ 25.473060] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.473114] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.473127] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.473154] Call Trace: [ 25.473177] <TASK> [ 25.473202] dump_stack_lvl+0x73/0xb0 [ 25.473252] print_report+0xd1/0x650 [ 25.473277] ? __virt_addr_valid+0x1db/0x2d0 [ 25.473314] ? kasan_atomics_helper+0x1818/0x5450 [ 25.473336] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.473363] ? kasan_atomics_helper+0x1818/0x5450 [ 25.473385] kasan_report+0x141/0x180 [ 25.473407] ? kasan_atomics_helper+0x1818/0x5450 [ 25.473433] kasan_check_range+0x10c/0x1c0 [ 25.473456] __kasan_check_write+0x18/0x20 [ 25.473480] kasan_atomics_helper+0x1818/0x5450 [ 25.473503] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.473528] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.473555] ? kasan_atomics+0x152/0x310 [ 25.473582] kasan_atomics+0x1dc/0x310 [ 25.473604] ? __pfx_kasan_atomics+0x10/0x10 [ 25.473628] ? trace_hardirqs_on+0x37/0xe0 [ 25.473652] ? __pfx_read_tsc+0x10/0x10 [ 25.473676] ? ktime_get_ts64+0x86/0x230 [ 25.473702] kunit_try_run_case+0x1a5/0x480 [ 25.473728] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.473753] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.473780] ? __kthread_parkme+0x82/0x180 [ 25.473802] ? preempt_count_sub+0x50/0x80 [ 25.473827] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.473851] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.473875] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.473900] kthread+0x337/0x6f0 [ 25.473922] ? trace_preempt_on+0x20/0xc0 [ 25.473944] ? __pfx_kthread+0x10/0x10 [ 25.473965] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.473991] ? calculate_sigpending+0x7b/0xa0 [ 25.474036] ? __pfx_kthread+0x10/0x10 [ 25.474059] ret_from_fork+0x116/0x1d0 [ 25.474079] ? __pfx_kthread+0x10/0x10 [ 25.474100] ret_from_fork_asm+0x1a/0x30 [ 25.474132] </TASK> [ 25.474145] [ 25.486526] Allocated by task 294: [ 25.486692] kasan_save_stack+0x45/0x70 [ 25.486846] kasan_save_track+0x18/0x40 [ 25.486975] kasan_save_alloc_info+0x3b/0x50 [ 25.487412] __kasan_kmalloc+0xb7/0xc0 [ 25.487757] __kmalloc_cache_noprof+0x189/0x420 [ 25.488192] kasan_atomics+0x95/0x310 [ 25.488560] kunit_try_run_case+0x1a5/0x480 [ 25.488948] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.489457] kthread+0x337/0x6f0 [ 25.489757] ret_from_fork+0x116/0x1d0 [ 25.490132] ret_from_fork_asm+0x1a/0x30 [ 25.490512] [ 25.490688] The buggy address belongs to the object at ffff888100aaa000 [ 25.490688] which belongs to the cache kmalloc-64 of size 64 [ 25.491445] The buggy address is located 0 bytes to the right of [ 25.491445] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.492516] [ 25.492591] The buggy address belongs to the physical page: [ 25.492763] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.493001] flags: 0x200000000000000(node=0|zone=2) [ 25.493471] page_type: f5(slab) [ 25.493790] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.494460] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.495125] page dumped because: kasan: bad access detected [ 25.495612] [ 25.495760] Memory state around the buggy address: [ 25.496226] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.496706] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.497195] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.497699] ^ [ 25.497895] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.498515] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.498724] ================================================================== [ 25.045418] ================================================================== [ 25.045764] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe78/0x5450 [ 25.046153] Write of size 4 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.046492] [ 25.046603] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.046654] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.046668] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.046693] Call Trace: [ 25.046715] <TASK> [ 25.046735] dump_stack_lvl+0x73/0xb0 [ 25.046763] print_report+0xd1/0x650 [ 25.046786] ? __virt_addr_valid+0x1db/0x2d0 [ 25.046811] ? kasan_atomics_helper+0xe78/0x5450 [ 25.046833] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.046861] ? kasan_atomics_helper+0xe78/0x5450 [ 25.046883] kasan_report+0x141/0x180 [ 25.046906] ? kasan_atomics_helper+0xe78/0x5450 [ 25.046932] kasan_check_range+0x10c/0x1c0 [ 25.046956] __kasan_check_write+0x18/0x20 [ 25.046981] kasan_atomics_helper+0xe78/0x5450 [ 25.047031] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.047060] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.047086] ? kasan_atomics+0x152/0x310 [ 25.047114] kasan_atomics+0x1dc/0x310 [ 25.047137] ? __pfx_kasan_atomics+0x10/0x10 [ 25.047161] ? trace_hardirqs_on+0x37/0xe0 [ 25.047186] ? __pfx_read_tsc+0x10/0x10 [ 25.047209] ? ktime_get_ts64+0x86/0x230 [ 25.047244] kunit_try_run_case+0x1a5/0x480 [ 25.047270] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.047296] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.047324] ? __kthread_parkme+0x82/0x180 [ 25.047350] ? preempt_count_sub+0x50/0x80 [ 25.047377] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.047404] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.047429] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.047454] kthread+0x337/0x6f0 [ 25.047475] ? trace_preempt_on+0x20/0xc0 [ 25.047500] ? __pfx_kthread+0x10/0x10 [ 25.047521] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.047546] ? calculate_sigpending+0x7b/0xa0 [ 25.047571] ? __pfx_kthread+0x10/0x10 [ 25.047593] ret_from_fork+0x116/0x1d0 [ 25.047613] ? __pfx_kthread+0x10/0x10 [ 25.047634] ret_from_fork_asm+0x1a/0x30 [ 25.047667] </TASK> [ 25.047679] [ 25.054745] Allocated by task 294: [ 25.054919] kasan_save_stack+0x45/0x70 [ 25.055122] kasan_save_track+0x18/0x40 [ 25.055302] kasan_save_alloc_info+0x3b/0x50 [ 25.055492] __kasan_kmalloc+0xb7/0xc0 [ 25.055656] __kmalloc_cache_noprof+0x189/0x420 [ 25.055842] kasan_atomics+0x95/0x310 [ 25.055991] kunit_try_run_case+0x1a5/0x480 [ 25.056214] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.056447] kthread+0x337/0x6f0 [ 25.056591] ret_from_fork+0x116/0x1d0 [ 25.056723] ret_from_fork_asm+0x1a/0x30 [ 25.056917] [ 25.057025] The buggy address belongs to the object at ffff888100aaa000 [ 25.057025] which belongs to the cache kmalloc-64 of size 64 [ 25.057492] The buggy address is located 0 bytes to the right of [ 25.057492] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.057919] [ 25.057994] The buggy address belongs to the physical page: [ 25.058182] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.058545] flags: 0x200000000000000(node=0|zone=2) [ 25.058775] page_type: f5(slab) [ 25.058946] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.059331] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.059626] page dumped because: kasan: bad access detected [ 25.059811] [ 25.059875] Memory state around the buggy address: [ 25.060046] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.060372] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.060693] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.060989] ^ [ 25.061201] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.061500] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.061771] ================================================================== [ 25.062430] ================================================================== [ 25.062765] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf10/0x5450 [ 25.063152] Write of size 4 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.063495] [ 25.063599] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.063645] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.063658] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.063682] Call Trace: [ 25.063700] <TASK> [ 25.063718] dump_stack_lvl+0x73/0xb0 [ 25.063745] print_report+0xd1/0x650 [ 25.063768] ? __virt_addr_valid+0x1db/0x2d0 [ 25.063792] ? kasan_atomics_helper+0xf10/0x5450 [ 25.063815] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.063841] ? kasan_atomics_helper+0xf10/0x5450 [ 25.063864] kasan_report+0x141/0x180 [ 25.063887] ? kasan_atomics_helper+0xf10/0x5450 [ 25.063913] kasan_check_range+0x10c/0x1c0 [ 25.063937] __kasan_check_write+0x18/0x20 [ 25.063962] kasan_atomics_helper+0xf10/0x5450 [ 25.063985] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.064036] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.064062] ? kasan_atomics+0x152/0x310 [ 25.064089] kasan_atomics+0x1dc/0x310 [ 25.064112] ? __pfx_kasan_atomics+0x10/0x10 [ 25.064135] ? trace_hardirqs_on+0x37/0xe0 [ 25.064159] ? __pfx_read_tsc+0x10/0x10 [ 25.064183] ? ktime_get_ts64+0x86/0x230 [ 25.064209] kunit_try_run_case+0x1a5/0x480 [ 25.065287] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.065332] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.065364] ? __kthread_parkme+0x82/0x180 [ 25.065387] ? preempt_count_sub+0x50/0x80 [ 25.065414] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.065440] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.065465] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.065489] kthread+0x337/0x6f0 [ 25.065510] ? trace_preempt_on+0x20/0xc0 [ 25.065534] ? __pfx_kthread+0x10/0x10 [ 25.065556] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.065580] ? calculate_sigpending+0x7b/0xa0 [ 25.065604] ? __pfx_kthread+0x10/0x10 [ 25.065626] ret_from_fork+0x116/0x1d0 [ 25.065646] ? __pfx_kthread+0x10/0x10 [ 25.065667] ret_from_fork_asm+0x1a/0x30 [ 25.065698] </TASK> [ 25.065711] [ 25.081420] Allocated by task 294: [ 25.081613] kasan_save_stack+0x45/0x70 [ 25.081819] kasan_save_track+0x18/0x40 [ 25.081990] kasan_save_alloc_info+0x3b/0x50 [ 25.082180] __kasan_kmalloc+0xb7/0xc0 [ 25.082361] __kmalloc_cache_noprof+0x189/0x420 [ 25.082566] kasan_atomics+0x95/0x310 [ 25.082738] kunit_try_run_case+0x1a5/0x480 [ 25.082921] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.083806] kthread+0x337/0x6f0 [ 25.084080] ret_from_fork+0x116/0x1d0 [ 25.084237] ret_from_fork_asm+0x1a/0x30 [ 25.084630] [ 25.084726] The buggy address belongs to the object at ffff888100aaa000 [ 25.084726] which belongs to the cache kmalloc-64 of size 64 [ 25.085613] The buggy address is located 0 bytes to the right of [ 25.085613] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.086395] [ 25.086620] The buggy address belongs to the physical page: [ 25.087042] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.087553] flags: 0x200000000000000(node=0|zone=2) [ 25.087956] page_type: f5(slab) [ 25.088316] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.088802] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.089301] page dumped because: kasan: bad access detected [ 25.089725] [ 25.089817] Memory state around the buggy address: [ 25.090196] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.090511] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.090802] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.091399] ^ [ 25.091672] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.092149] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.092639] ================================================================== [ 25.094113] ================================================================== [ 25.094469] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xfa9/0x5450 [ 25.094786] Write of size 4 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.095342] [ 25.095717] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.095779] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.095794] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.095819] Call Trace: [ 25.095843] <TASK> [ 25.095902] dump_stack_lvl+0x73/0xb0 [ 25.095936] print_report+0xd1/0x650 [ 25.095959] ? __virt_addr_valid+0x1db/0x2d0 [ 25.095984] ? kasan_atomics_helper+0xfa9/0x5450 [ 25.096006] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.096044] ? kasan_atomics_helper+0xfa9/0x5450 [ 25.096066] kasan_report+0x141/0x180 [ 25.096090] ? kasan_atomics_helper+0xfa9/0x5450 [ 25.096116] kasan_check_range+0x10c/0x1c0 [ 25.096141] __kasan_check_write+0x18/0x20 [ 25.096165] kasan_atomics_helper+0xfa9/0x5450 [ 25.096188] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.096213] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.096252] ? kasan_atomics+0x152/0x310 [ 25.096279] kasan_atomics+0x1dc/0x310 [ 25.096302] ? __pfx_kasan_atomics+0x10/0x10 [ 25.096325] ? trace_hardirqs_on+0x37/0xe0 [ 25.096350] ? __pfx_read_tsc+0x10/0x10 [ 25.096373] ? ktime_get_ts64+0x86/0x230 [ 25.096399] kunit_try_run_case+0x1a5/0x480 [ 25.096425] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.096450] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.096478] ? __kthread_parkme+0x82/0x180 [ 25.096500] ? preempt_count_sub+0x50/0x80 [ 25.096524] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.096549] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.096574] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.096598] kthread+0x337/0x6f0 [ 25.096619] ? trace_preempt_on+0x20/0xc0 [ 25.096642] ? __pfx_kthread+0x10/0x10 [ 25.096664] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.096688] ? calculate_sigpending+0x7b/0xa0 [ 25.096714] ? __pfx_kthread+0x10/0x10 [ 25.096737] ret_from_fork+0x116/0x1d0 [ 25.096757] ? __pfx_kthread+0x10/0x10 [ 25.096778] ret_from_fork_asm+0x1a/0x30 [ 25.096810] </TASK> [ 25.096822] [ 25.107819] Allocated by task 294: [ 25.108150] kasan_save_stack+0x45/0x70 [ 25.108358] kasan_save_track+0x18/0x40 [ 25.108535] kasan_save_alloc_info+0x3b/0x50 [ 25.108723] __kasan_kmalloc+0xb7/0xc0 [ 25.108884] __kmalloc_cache_noprof+0x189/0x420 [ 25.109157] kasan_atomics+0x95/0x310 [ 25.109310] kunit_try_run_case+0x1a5/0x480 [ 25.109454] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.109664] kthread+0x337/0x6f0 [ 25.109828] ret_from_fork+0x116/0x1d0 [ 25.110012] ret_from_fork_asm+0x1a/0x30 [ 25.110179] [ 25.110256] The buggy address belongs to the object at ffff888100aaa000 [ 25.110256] which belongs to the cache kmalloc-64 of size 64 [ 25.110876] The buggy address is located 0 bytes to the right of [ 25.110876] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.111466] [ 25.111564] The buggy address belongs to the physical page: [ 25.111816] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.112197] flags: 0x200000000000000(node=0|zone=2) [ 25.112368] page_type: f5(slab) [ 25.112633] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.112922] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.113201] page dumped because: kasan: bad access detected [ 25.113381] [ 25.113469] Memory state around the buggy address: [ 25.113688] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.114007] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.114277] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.114588] ^ [ 25.114809] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.115131] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.115443] ================================================================== [ 24.768893] ================================================================== [ 24.769173] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x565/0x5450 [ 24.770364] Write of size 4 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 24.770718] [ 24.770838] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.770894] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.770908] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.770933] Call Trace: [ 24.770955] <TASK> [ 24.770978] dump_stack_lvl+0x73/0xb0 [ 24.771010] print_report+0xd1/0x650 [ 24.771042] ? __virt_addr_valid+0x1db/0x2d0 [ 24.771069] ? kasan_atomics_helper+0x565/0x5450 [ 24.771091] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.771118] ? kasan_atomics_helper+0x565/0x5450 [ 24.771140] kasan_report+0x141/0x180 [ 24.771162] ? kasan_atomics_helper+0x565/0x5450 [ 24.771189] kasan_check_range+0x10c/0x1c0 [ 24.771212] __kasan_check_write+0x18/0x20 [ 24.771464] kasan_atomics_helper+0x565/0x5450 [ 24.771487] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.771513] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.771540] ? kasan_atomics+0x152/0x310 [ 24.771589] kasan_atomics+0x1dc/0x310 [ 24.771613] ? __pfx_kasan_atomics+0x10/0x10 [ 24.771636] ? trace_hardirqs_on+0x37/0xe0 [ 24.771660] ? __pfx_read_tsc+0x10/0x10 [ 24.771684] ? ktime_get_ts64+0x86/0x230 [ 24.771710] kunit_try_run_case+0x1a5/0x480 [ 24.771737] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.771784] ? queued_spin_lock_slowpath+0x116/0xb40 [ 24.771812] ? __kthread_parkme+0x82/0x180 [ 24.771834] ? preempt_count_sub+0x50/0x80 [ 24.771858] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.771884] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.771908] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.771933] kthread+0x337/0x6f0 [ 24.771953] ? trace_preempt_on+0x20/0xc0 [ 24.771976] ? __pfx_kthread+0x10/0x10 [ 24.771997] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.772033] ? calculate_sigpending+0x7b/0xa0 [ 24.772059] ? __pfx_kthread+0x10/0x10 [ 24.772081] ret_from_fork+0x116/0x1d0 [ 24.772102] ? __pfx_kthread+0x10/0x10 [ 24.772126] ret_from_fork_asm+0x1a/0x30 [ 24.772162] </TASK> [ 24.772175] [ 24.781800] Allocated by task 294: [ 24.782005] kasan_save_stack+0x45/0x70 [ 24.782200] kasan_save_track+0x18/0x40 [ 24.782345] kasan_save_alloc_info+0x3b/0x50 [ 24.782491] __kasan_kmalloc+0xb7/0xc0 [ 24.782677] __kmalloc_cache_noprof+0x189/0x420 [ 24.782898] kasan_atomics+0x95/0x310 [ 24.783058] kunit_try_run_case+0x1a5/0x480 [ 24.783261] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.783453] kthread+0x337/0x6f0 [ 24.783618] ret_from_fork+0x116/0x1d0 [ 24.783803] ret_from_fork_asm+0x1a/0x30 [ 24.783998] [ 24.784097] The buggy address belongs to the object at ffff888100aaa000 [ 24.784097] which belongs to the cache kmalloc-64 of size 64 [ 24.784528] The buggy address is located 0 bytes to the right of [ 24.784528] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 24.785297] [ 24.785722] The buggy address belongs to the physical page: [ 24.785960] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 24.786508] flags: 0x200000000000000(node=0|zone=2) [ 24.786717] page_type: f5(slab) [ 24.786874] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.787492] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.787859] page dumped because: kasan: bad access detected [ 24.788258] [ 24.788335] Memory state around the buggy address: [ 24.788568] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.788870] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.789420] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.789785] ^ [ 24.790146] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.790575] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.790995] ================================================================== [ 25.349827] ================================================================== [ 25.350400] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x50d4/0x5450 [ 25.350699] Write of size 8 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.350920] [ 25.351003] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.351057] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.351070] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.351095] Call Trace: [ 25.351116] <TASK> [ 25.351136] dump_stack_lvl+0x73/0xb0 [ 25.351164] print_report+0xd1/0x650 [ 25.351187] ? __virt_addr_valid+0x1db/0x2d0 [ 25.351212] ? kasan_atomics_helper+0x50d4/0x5450 [ 25.351246] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.351275] ? kasan_atomics_helper+0x50d4/0x5450 [ 25.351297] kasan_report+0x141/0x180 [ 25.351320] ? kasan_atomics_helper+0x50d4/0x5450 [ 25.351346] __asan_report_store8_noabort+0x1b/0x30 [ 25.351371] kasan_atomics_helper+0x50d4/0x5450 [ 25.351395] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.351421] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.351447] ? kasan_atomics+0x152/0x310 [ 25.351476] kasan_atomics+0x1dc/0x310 [ 25.351498] ? __pfx_kasan_atomics+0x10/0x10 [ 25.351522] ? trace_hardirqs_on+0x37/0xe0 [ 25.351546] ? __pfx_read_tsc+0x10/0x10 [ 25.351570] ? ktime_get_ts64+0x86/0x230 [ 25.351596] kunit_try_run_case+0x1a5/0x480 [ 25.351623] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.351648] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.351675] ? __kthread_parkme+0x82/0x180 [ 25.351697] ? preempt_count_sub+0x50/0x80 [ 25.351721] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.351747] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.351772] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.351796] kthread+0x337/0x6f0 [ 25.351816] ? trace_preempt_on+0x20/0xc0 [ 25.351839] ? __pfx_kthread+0x10/0x10 [ 25.351860] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.351885] ? calculate_sigpending+0x7b/0xa0 [ 25.351911] ? __pfx_kthread+0x10/0x10 [ 25.351932] ret_from_fork+0x116/0x1d0 [ 25.351953] ? __pfx_kthread+0x10/0x10 [ 25.351974] ret_from_fork_asm+0x1a/0x30 [ 25.352006] </TASK> [ 25.352019] [ 25.359520] Allocated by task 294: [ 25.359660] kasan_save_stack+0x45/0x70 [ 25.359802] kasan_save_track+0x18/0x40 [ 25.359932] kasan_save_alloc_info+0x3b/0x50 [ 25.360074] __kasan_kmalloc+0xb7/0xc0 [ 25.360199] __kmalloc_cache_noprof+0x189/0x420 [ 25.360470] kasan_atomics+0x95/0x310 [ 25.360655] kunit_try_run_case+0x1a5/0x480 [ 25.360859] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.361102] kthread+0x337/0x6f0 [ 25.361276] ret_from_fork+0x116/0x1d0 [ 25.361459] ret_from_fork_asm+0x1a/0x30 [ 25.361653] [ 25.361742] The buggy address belongs to the object at ffff888100aaa000 [ 25.361742] which belongs to the cache kmalloc-64 of size 64 [ 25.362130] The buggy address is located 0 bytes to the right of [ 25.362130] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.362966] [ 25.363069] The buggy address belongs to the physical page: [ 25.363318] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.363559] flags: 0x200000000000000(node=0|zone=2) [ 25.363720] page_type: f5(slab) [ 25.363888] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.364483] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.364791] page dumped because: kasan: bad access detected [ 25.365030] [ 25.365120] Memory state around the buggy address: [ 25.365350] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.365617] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.365908] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.366238] ^ [ 25.366445] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.366758] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.367107] ================================================================== [ 25.408283] ================================================================== [ 25.408574] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x164f/0x5450 [ 25.409032] Write of size 8 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.409335] [ 25.409438] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.409492] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.409507] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.409531] Call Trace: [ 25.409553] <TASK> [ 25.409573] dump_stack_lvl+0x73/0xb0 [ 25.409603] print_report+0xd1/0x650 [ 25.409626] ? __virt_addr_valid+0x1db/0x2d0 [ 25.409651] ? kasan_atomics_helper+0x164f/0x5450 [ 25.409674] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.409701] ? kasan_atomics_helper+0x164f/0x5450 [ 25.409723] kasan_report+0x141/0x180 [ 25.409746] ? kasan_atomics_helper+0x164f/0x5450 [ 25.409772] kasan_check_range+0x10c/0x1c0 [ 25.409797] __kasan_check_write+0x18/0x20 [ 25.409821] kasan_atomics_helper+0x164f/0x5450 [ 25.409845] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.409871] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.409897] ? kasan_atomics+0x152/0x310 [ 25.409924] kasan_atomics+0x1dc/0x310 [ 25.409947] ? __pfx_kasan_atomics+0x10/0x10 [ 25.409970] ? trace_hardirqs_on+0x37/0xe0 [ 25.409995] ? __pfx_read_tsc+0x10/0x10 [ 25.410027] ? ktime_get_ts64+0x86/0x230 [ 25.410053] kunit_try_run_case+0x1a5/0x480 [ 25.410079] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.410105] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.410133] ? __kthread_parkme+0x82/0x180 [ 25.410155] ? preempt_count_sub+0x50/0x80 [ 25.410180] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.410205] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.410241] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.410266] kthread+0x337/0x6f0 [ 25.410287] ? trace_preempt_on+0x20/0xc0 [ 25.410310] ? __pfx_kthread+0x10/0x10 [ 25.410331] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.410357] ? calculate_sigpending+0x7b/0xa0 [ 25.410382] ? __pfx_kthread+0x10/0x10 [ 25.410405] ret_from_fork+0x116/0x1d0 [ 25.410426] ? __pfx_kthread+0x10/0x10 [ 25.410448] ret_from_fork_asm+0x1a/0x30 [ 25.410480] </TASK> [ 25.410492] [ 25.417713] Allocated by task 294: [ 25.417896] kasan_save_stack+0x45/0x70 [ 25.418124] kasan_save_track+0x18/0x40 [ 25.418268] kasan_save_alloc_info+0x3b/0x50 [ 25.418411] __kasan_kmalloc+0xb7/0xc0 [ 25.418539] __kmalloc_cache_noprof+0x189/0x420 [ 25.418690] kasan_atomics+0x95/0x310 [ 25.418815] kunit_try_run_case+0x1a5/0x480 [ 25.419004] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.419290] kthread+0x337/0x6f0 [ 25.419461] ret_from_fork+0x116/0x1d0 [ 25.419648] ret_from_fork_asm+0x1a/0x30 [ 25.419844] [ 25.419934] The buggy address belongs to the object at ffff888100aaa000 [ 25.419934] which belongs to the cache kmalloc-64 of size 64 [ 25.420881] The buggy address is located 0 bytes to the right of [ 25.420881] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.421420] [ 25.421490] The buggy address belongs to the physical page: [ 25.421712] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.422090] flags: 0x200000000000000(node=0|zone=2) [ 25.422315] page_type: f5(slab) [ 25.422476] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.422787] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.423128] page dumped because: kasan: bad access detected [ 25.423311] [ 25.423382] Memory state around the buggy address: [ 25.423535] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.423749] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.423977] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.424633] ^ [ 25.424854] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.425165] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.425661] ================================================================== [ 25.294272] ================================================================== [ 25.294644] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x13b5/0x5450 [ 25.295140] Read of size 8 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.295390] [ 25.295501] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.295551] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.295568] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.295593] Call Trace: [ 25.295616] <TASK> [ 25.295636] dump_stack_lvl+0x73/0xb0 [ 25.295666] print_report+0xd1/0x650 [ 25.295690] ? __virt_addr_valid+0x1db/0x2d0 [ 25.295715] ? kasan_atomics_helper+0x13b5/0x5450 [ 25.295737] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.295764] ? kasan_atomics_helper+0x13b5/0x5450 [ 25.295786] kasan_report+0x141/0x180 [ 25.295808] ? kasan_atomics_helper+0x13b5/0x5450 [ 25.295834] kasan_check_range+0x10c/0x1c0 [ 25.295858] __kasan_check_read+0x15/0x20 [ 25.295882] kasan_atomics_helper+0x13b5/0x5450 [ 25.295905] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.295930] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.295956] ? kasan_atomics+0x152/0x310 [ 25.295983] kasan_atomics+0x1dc/0x310 [ 25.296007] ? __pfx_kasan_atomics+0x10/0x10 [ 25.296029] ? trace_hardirqs_on+0x37/0xe0 [ 25.296076] ? __pfx_read_tsc+0x10/0x10 [ 25.296102] ? ktime_get_ts64+0x86/0x230 [ 25.296128] kunit_try_run_case+0x1a5/0x480 [ 25.296165] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.296191] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.296234] ? __kthread_parkme+0x82/0x180 [ 25.296256] ? preempt_count_sub+0x50/0x80 [ 25.296281] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.296306] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.296330] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.296355] kthread+0x337/0x6f0 [ 25.296376] ? trace_preempt_on+0x20/0xc0 [ 25.296400] ? __pfx_kthread+0x10/0x10 [ 25.296422] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.296447] ? calculate_sigpending+0x7b/0xa0 [ 25.296472] ? __pfx_kthread+0x10/0x10 [ 25.296495] ret_from_fork+0x116/0x1d0 [ 25.296515] ? __pfx_kthread+0x10/0x10 [ 25.296536] ret_from_fork_asm+0x1a/0x30 [ 25.296569] </TASK> [ 25.296581] [ 25.304030] Allocated by task 294: [ 25.304245] kasan_save_stack+0x45/0x70 [ 25.304451] kasan_save_track+0x18/0x40 [ 25.304664] kasan_save_alloc_info+0x3b/0x50 [ 25.304868] __kasan_kmalloc+0xb7/0xc0 [ 25.305194] __kmalloc_cache_noprof+0x189/0x420 [ 25.305356] kasan_atomics+0x95/0x310 [ 25.305483] kunit_try_run_case+0x1a5/0x480 [ 25.305623] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.305790] kthread+0x337/0x6f0 [ 25.305904] ret_from_fork+0x116/0x1d0 [ 25.306055] ret_from_fork_asm+0x1a/0x30 [ 25.306259] [ 25.306350] The buggy address belongs to the object at ffff888100aaa000 [ 25.306350] which belongs to the cache kmalloc-64 of size 64 [ 25.306883] The buggy address is located 0 bytes to the right of [ 25.306883] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.307950] [ 25.308043] The buggy address belongs to the physical page: [ 25.308320] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.308656] flags: 0x200000000000000(node=0|zone=2) [ 25.308819] page_type: f5(slab) [ 25.308965] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.309660] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.309978] page dumped because: kasan: bad access detected [ 25.310274] [ 25.310365] Memory state around the buggy address: [ 25.310572] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.310921] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.311248] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.311530] ^ [ 25.311757] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.312038] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.312276] ================================================================== [ 24.906089] ================================================================== [ 24.906345] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x992/0x5450 [ 24.906575] Write of size 4 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 24.907238] [ 24.907350] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.907401] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.907415] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.907439] Call Trace: [ 24.907460] <TASK> [ 24.907479] dump_stack_lvl+0x73/0xb0 [ 24.907509] print_report+0xd1/0x650 [ 24.907532] ? __virt_addr_valid+0x1db/0x2d0 [ 24.907558] ? kasan_atomics_helper+0x992/0x5450 [ 24.907580] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.907608] ? kasan_atomics_helper+0x992/0x5450 [ 24.907631] kasan_report+0x141/0x180 [ 24.907653] ? kasan_atomics_helper+0x992/0x5450 [ 24.907680] kasan_check_range+0x10c/0x1c0 [ 24.907704] __kasan_check_write+0x18/0x20 [ 24.907728] kasan_atomics_helper+0x992/0x5450 [ 24.907751] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.907778] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.907804] ? kasan_atomics+0x152/0x310 [ 24.907831] kasan_atomics+0x1dc/0x310 [ 24.907855] ? __pfx_kasan_atomics+0x10/0x10 [ 24.907879] ? trace_hardirqs_on+0x37/0xe0 [ 24.907903] ? __pfx_read_tsc+0x10/0x10 [ 24.907926] ? ktime_get_ts64+0x86/0x230 [ 24.907952] kunit_try_run_case+0x1a5/0x480 [ 24.907978] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.908004] ? queued_spin_lock_slowpath+0x116/0xb40 [ 24.908032] ? __kthread_parkme+0x82/0x180 [ 24.908053] ? preempt_count_sub+0x50/0x80 [ 24.908079] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.908104] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.908129] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.908154] kthread+0x337/0x6f0 [ 24.908175] ? trace_preempt_on+0x20/0xc0 [ 24.908198] ? __pfx_kthread+0x10/0x10 [ 24.908231] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.908256] ? calculate_sigpending+0x7b/0xa0 [ 24.908282] ? __pfx_kthread+0x10/0x10 [ 24.908304] ret_from_fork+0x116/0x1d0 [ 24.908325] ? __pfx_kthread+0x10/0x10 [ 24.908347] ret_from_fork_asm+0x1a/0x30 [ 24.908378] </TASK> [ 24.908392] [ 24.915820] Allocated by task 294: [ 24.915952] kasan_save_stack+0x45/0x70 [ 24.916095] kasan_save_track+0x18/0x40 [ 24.916274] kasan_save_alloc_info+0x3b/0x50 [ 24.916493] __kasan_kmalloc+0xb7/0xc0 [ 24.916680] __kmalloc_cache_noprof+0x189/0x420 [ 24.916899] kasan_atomics+0x95/0x310 [ 24.917149] kunit_try_run_case+0x1a5/0x480 [ 24.917367] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.917622] kthread+0x337/0x6f0 [ 24.917784] ret_from_fork+0x116/0x1d0 [ 24.917974] ret_from_fork_asm+0x1a/0x30 [ 24.918171] [ 24.918248] The buggy address belongs to the object at ffff888100aaa000 [ 24.918248] which belongs to the cache kmalloc-64 of size 64 [ 24.918594] The buggy address is located 0 bytes to the right of [ 24.918594] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 24.918953] [ 24.919024] The buggy address belongs to the physical page: [ 24.919207] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 24.919460] flags: 0x200000000000000(node=0|zone=2) [ 24.919623] page_type: f5(slab) [ 24.919792] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.920141] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.920496] page dumped because: kasan: bad access detected [ 24.920766] [ 24.920854] Memory state around the buggy address: [ 24.921075] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.921405] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.921797] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.922068] ^ [ 24.922240] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.922450] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.922658] ================================================================== [ 24.940658] ================================================================== [ 24.940902] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xac7/0x5450 [ 24.941127] Write of size 4 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 24.941358] [ 24.941439] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.941487] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.941500] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.941523] Call Trace: [ 24.941542] <TASK> [ 24.941560] dump_stack_lvl+0x73/0xb0 [ 24.941588] print_report+0xd1/0x650 [ 24.941611] ? __virt_addr_valid+0x1db/0x2d0 [ 24.941635] ? kasan_atomics_helper+0xac7/0x5450 [ 24.941656] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.941682] ? kasan_atomics_helper+0xac7/0x5450 [ 24.941704] kasan_report+0x141/0x180 [ 24.941726] ? kasan_atomics_helper+0xac7/0x5450 [ 24.941752] kasan_check_range+0x10c/0x1c0 [ 24.941775] __kasan_check_write+0x18/0x20 [ 24.941798] kasan_atomics_helper+0xac7/0x5450 [ 24.941821] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.941848] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.941872] ? kasan_atomics+0x152/0x310 [ 24.941899] kasan_atomics+0x1dc/0x310 [ 24.941922] ? __pfx_kasan_atomics+0x10/0x10 [ 24.942205] ? trace_hardirqs_on+0x37/0xe0 [ 24.942241] ? __pfx_read_tsc+0x10/0x10 [ 24.942265] ? ktime_get_ts64+0x86/0x230 [ 24.942293] kunit_try_run_case+0x1a5/0x480 [ 24.942320] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.942347] ? queued_spin_lock_slowpath+0x116/0xb40 [ 24.942375] ? __kthread_parkme+0x82/0x180 [ 24.942397] ? preempt_count_sub+0x50/0x80 [ 24.942421] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.942446] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.942470] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.942496] kthread+0x337/0x6f0 [ 24.942517] ? trace_preempt_on+0x20/0xc0 [ 24.942540] ? __pfx_kthread+0x10/0x10 [ 24.942562] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.942586] ? calculate_sigpending+0x7b/0xa0 [ 24.942612] ? __pfx_kthread+0x10/0x10 [ 24.942633] ret_from_fork+0x116/0x1d0 [ 24.942654] ? __pfx_kthread+0x10/0x10 [ 24.942675] ret_from_fork_asm+0x1a/0x30 [ 24.942706] </TASK> [ 24.942719] [ 24.950272] Allocated by task 294: [ 24.950449] kasan_save_stack+0x45/0x70 [ 24.950649] kasan_save_track+0x18/0x40 [ 24.950869] kasan_save_alloc_info+0x3b/0x50 [ 24.951094] __kasan_kmalloc+0xb7/0xc0 [ 24.951293] __kmalloc_cache_noprof+0x189/0x420 [ 24.951542] kasan_atomics+0x95/0x310 [ 24.951677] kunit_try_run_case+0x1a5/0x480 [ 24.951818] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.951984] kthread+0x337/0x6f0 [ 24.952097] ret_from_fork+0x116/0x1d0 [ 24.952232] ret_from_fork_asm+0x1a/0x30 [ 24.952365] [ 24.952430] The buggy address belongs to the object at ffff888100aaa000 [ 24.952430] which belongs to the cache kmalloc-64 of size 64 [ 24.952796] The buggy address is located 0 bytes to the right of [ 24.952796] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 24.953355] [ 24.953534] The buggy address belongs to the physical page: [ 24.953801] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 24.954317] flags: 0x200000000000000(node=0|zone=2) [ 24.954548] page_type: f5(slab) [ 24.954717] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.955057] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.955320] page dumped because: kasan: bad access detected [ 24.955487] [ 24.955551] Memory state around the buggy address: [ 24.955701] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.955911] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.956422] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.956739] ^ [ 24.956968] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.957272] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.957610] ================================================================== [ 25.593045] ================================================================== [ 25.593345] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1b22/0x5450 [ 25.593576] Write of size 8 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.593986] [ 25.594157] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.594208] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.594232] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.594256] Call Trace: [ 25.594276] <TASK> [ 25.594295] dump_stack_lvl+0x73/0xb0 [ 25.594322] print_report+0xd1/0x650 [ 25.594346] ? __virt_addr_valid+0x1db/0x2d0 [ 25.594370] ? kasan_atomics_helper+0x1b22/0x5450 [ 25.594392] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.594419] ? kasan_atomics_helper+0x1b22/0x5450 [ 25.594455] kasan_report+0x141/0x180 [ 25.594478] ? kasan_atomics_helper+0x1b22/0x5450 [ 25.594517] kasan_check_range+0x10c/0x1c0 [ 25.594542] __kasan_check_write+0x18/0x20 [ 25.594565] kasan_atomics_helper+0x1b22/0x5450 [ 25.594598] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.594625] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.594658] ? kasan_atomics+0x152/0x310 [ 25.594685] kasan_atomics+0x1dc/0x310 [ 25.594708] ? __pfx_kasan_atomics+0x10/0x10 [ 25.594741] ? trace_hardirqs_on+0x37/0xe0 [ 25.594764] ? __pfx_read_tsc+0x10/0x10 [ 25.594787] ? ktime_get_ts64+0x86/0x230 [ 25.594812] kunit_try_run_case+0x1a5/0x480 [ 25.594837] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.594863] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.594891] ? __kthread_parkme+0x82/0x180 [ 25.594911] ? preempt_count_sub+0x50/0x80 [ 25.594935] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.594959] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.594984] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.595032] kthread+0x337/0x6f0 [ 25.595053] ? trace_preempt_on+0x20/0xc0 [ 25.595086] ? __pfx_kthread+0x10/0x10 [ 25.595108] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.595133] ? calculate_sigpending+0x7b/0xa0 [ 25.595158] ? __pfx_kthread+0x10/0x10 [ 25.595180] ret_from_fork+0x116/0x1d0 [ 25.595200] ? __pfx_kthread+0x10/0x10 [ 25.595237] ret_from_fork_asm+0x1a/0x30 [ 25.595270] </TASK> [ 25.595292] [ 25.602337] Allocated by task 294: [ 25.602509] kasan_save_stack+0x45/0x70 [ 25.602700] kasan_save_track+0x18/0x40 [ 25.602885] kasan_save_alloc_info+0x3b/0x50 [ 25.603171] __kasan_kmalloc+0xb7/0xc0 [ 25.603361] __kmalloc_cache_noprof+0x189/0x420 [ 25.603576] kasan_atomics+0x95/0x310 [ 25.603755] kunit_try_run_case+0x1a5/0x480 [ 25.603955] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.604341] kthread+0x337/0x6f0 [ 25.604504] ret_from_fork+0x116/0x1d0 [ 25.604677] ret_from_fork_asm+0x1a/0x30 [ 25.604811] [ 25.604875] The buggy address belongs to the object at ffff888100aaa000 [ 25.604875] which belongs to the cache kmalloc-64 of size 64 [ 25.605672] The buggy address is located 0 bytes to the right of [ 25.605672] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.606263] [ 25.606398] The buggy address belongs to the physical page: [ 25.606669] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.606982] flags: 0x200000000000000(node=0|zone=2) [ 25.607338] page_type: f5(slab) [ 25.607522] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.607798] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.608020] page dumped because: kasan: bad access detected [ 25.608278] [ 25.608367] Memory state around the buggy address: [ 25.608788] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.609092] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.609423] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.609924] ^ [ 25.610814] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.611146] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.611532] ================================================================== [ 25.665901] ================================================================== [ 25.666356] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1ce1/0x5450 [ 25.666639] Write of size 8 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.666915] [ 25.667189] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.667260] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.667275] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.667299] Call Trace: [ 25.667321] <TASK> [ 25.667344] dump_stack_lvl+0x73/0xb0 [ 25.667375] print_report+0xd1/0x650 [ 25.667400] ? __virt_addr_valid+0x1db/0x2d0 [ 25.667426] ? kasan_atomics_helper+0x1ce1/0x5450 [ 25.667449] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.667475] ? kasan_atomics_helper+0x1ce1/0x5450 [ 25.667498] kasan_report+0x141/0x180 [ 25.667521] ? kasan_atomics_helper+0x1ce1/0x5450 [ 25.667547] kasan_check_range+0x10c/0x1c0 [ 25.667571] __kasan_check_write+0x18/0x20 [ 25.667595] kasan_atomics_helper+0x1ce1/0x5450 [ 25.667618] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.667645] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.667670] ? kasan_atomics+0x152/0x310 [ 25.667698] kasan_atomics+0x1dc/0x310 [ 25.667721] ? __pfx_kasan_atomics+0x10/0x10 [ 25.667744] ? trace_hardirqs_on+0x37/0xe0 [ 25.667768] ? __pfx_read_tsc+0x10/0x10 [ 25.667791] ? ktime_get_ts64+0x86/0x230 [ 25.667817] kunit_try_run_case+0x1a5/0x480 [ 25.667845] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.667869] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.667897] ? __kthread_parkme+0x82/0x180 [ 25.667919] ? preempt_count_sub+0x50/0x80 [ 25.667944] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.667969] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.667994] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.668018] kthread+0x337/0x6f0 [ 25.668049] ? trace_preempt_on+0x20/0xc0 [ 25.668072] ? __pfx_kthread+0x10/0x10 [ 25.668095] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.668119] ? calculate_sigpending+0x7b/0xa0 [ 25.668144] ? __pfx_kthread+0x10/0x10 [ 25.668167] ret_from_fork+0x116/0x1d0 [ 25.668188] ? __pfx_kthread+0x10/0x10 [ 25.668209] ret_from_fork_asm+0x1a/0x30 [ 25.668254] </TASK> [ 25.668266] [ 25.675264] Allocated by task 294: [ 25.675608] kasan_save_stack+0x45/0x70 [ 25.675808] kasan_save_track+0x18/0x40 [ 25.675992] kasan_save_alloc_info+0x3b/0x50 [ 25.676135] __kasan_kmalloc+0xb7/0xc0 [ 25.676281] __kmalloc_cache_noprof+0x189/0x420 [ 25.676433] kasan_atomics+0x95/0x310 [ 25.676595] kunit_try_run_case+0x1a5/0x480 [ 25.676775] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.676977] kthread+0x337/0x6f0 [ 25.677296] ret_from_fork+0x116/0x1d0 [ 25.677490] ret_from_fork_asm+0x1a/0x30 [ 25.677654] [ 25.677737] The buggy address belongs to the object at ffff888100aaa000 [ 25.677737] which belongs to the cache kmalloc-64 of size 64 [ 25.678236] The buggy address is located 0 bytes to the right of [ 25.678236] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.678641] [ 25.678735] The buggy address belongs to the physical page: [ 25.678986] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.679317] flags: 0x200000000000000(node=0|zone=2) [ 25.679520] page_type: f5(slab) [ 25.679677] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.679942] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.680270] page dumped because: kasan: bad access detected [ 25.680443] [ 25.680510] Memory state around the buggy address: [ 25.680661] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.680871] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.681172] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.681449] ^ [ 25.681640] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.681959] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.682490] ================================================================== [ 25.555813] ================================================================== [ 25.556478] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x19e3/0x5450 [ 25.557291] Write of size 8 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.558054] [ 25.558254] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.558317] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.558331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.558367] Call Trace: [ 25.558390] <TASK> [ 25.558412] dump_stack_lvl+0x73/0xb0 [ 25.558443] print_report+0xd1/0x650 [ 25.558468] ? __virt_addr_valid+0x1db/0x2d0 [ 25.558493] ? kasan_atomics_helper+0x19e3/0x5450 [ 25.558515] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.558541] ? kasan_atomics_helper+0x19e3/0x5450 [ 25.558573] kasan_report+0x141/0x180 [ 25.558596] ? kasan_atomics_helper+0x19e3/0x5450 [ 25.558622] kasan_check_range+0x10c/0x1c0 [ 25.558645] __kasan_check_write+0x18/0x20 [ 25.558669] kasan_atomics_helper+0x19e3/0x5450 [ 25.558701] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.558727] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.558753] ? kasan_atomics+0x152/0x310 [ 25.558790] kasan_atomics+0x1dc/0x310 [ 25.558814] ? __pfx_kasan_atomics+0x10/0x10 [ 25.558836] ? trace_hardirqs_on+0x37/0xe0 [ 25.558861] ? __pfx_read_tsc+0x10/0x10 [ 25.558883] ? ktime_get_ts64+0x86/0x230 [ 25.558908] kunit_try_run_case+0x1a5/0x480 [ 25.558934] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.558959] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.558986] ? __kthread_parkme+0x82/0x180 [ 25.559009] ? preempt_count_sub+0x50/0x80 [ 25.559049] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.559074] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.559098] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.559124] kthread+0x337/0x6f0 [ 25.559143] ? trace_preempt_on+0x20/0xc0 [ 25.559166] ? __pfx_kthread+0x10/0x10 [ 25.559187] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.559212] ? calculate_sigpending+0x7b/0xa0 [ 25.559246] ? __pfx_kthread+0x10/0x10 [ 25.559268] ret_from_fork+0x116/0x1d0 [ 25.559289] ? __pfx_kthread+0x10/0x10 [ 25.559311] ret_from_fork_asm+0x1a/0x30 [ 25.559343] </TASK> [ 25.559356] [ 25.566746] Allocated by task 294: [ 25.566877] kasan_save_stack+0x45/0x70 [ 25.567012] kasan_save_track+0x18/0x40 [ 25.567209] kasan_save_alloc_info+0x3b/0x50 [ 25.567434] __kasan_kmalloc+0xb7/0xc0 [ 25.567615] __kmalloc_cache_noprof+0x189/0x420 [ 25.567832] kasan_atomics+0x95/0x310 [ 25.568142] kunit_try_run_case+0x1a5/0x480 [ 25.568294] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.568463] kthread+0x337/0x6f0 [ 25.568640] ret_from_fork+0x116/0x1d0 [ 25.568822] ret_from_fork_asm+0x1a/0x30 [ 25.569053] [ 25.569146] The buggy address belongs to the object at ffff888100aaa000 [ 25.569146] which belongs to the cache kmalloc-64 of size 64 [ 25.569726] The buggy address is located 0 bytes to the right of [ 25.569726] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.570244] [ 25.570314] The buggy address belongs to the physical page: [ 25.570562] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.570939] flags: 0x200000000000000(node=0|zone=2) [ 25.571175] page_type: f5(slab) [ 25.571313] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.571541] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.571760] page dumped because: kasan: bad access detected [ 25.571986] [ 25.572072] Memory state around the buggy address: [ 25.572305] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.572643] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.572871] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.573258] ^ [ 25.573477] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.573756] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.574056] ================================================================== [ 24.621997] ================================================================== [ 24.622391] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4ba2/0x5450 [ 24.622635] Write of size 4 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 24.622857] [ 24.622941] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.622992] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.623004] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.623034] Call Trace: [ 24.623048] <TASK> [ 24.623068] dump_stack_lvl+0x73/0xb0 [ 24.623096] print_report+0xd1/0x650 [ 24.623117] ? __virt_addr_valid+0x1db/0x2d0 [ 24.623141] ? kasan_atomics_helper+0x4ba2/0x5450 [ 24.623161] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.623187] ? kasan_atomics_helper+0x4ba2/0x5450 [ 24.623207] kasan_report+0x141/0x180 [ 24.623239] ? kasan_atomics_helper+0x4ba2/0x5450 [ 24.623264] __asan_report_store4_noabort+0x1b/0x30 [ 24.623341] kasan_atomics_helper+0x4ba2/0x5450 [ 24.623365] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.623517] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.623544] ? kasan_atomics+0x152/0x310 [ 24.623573] kasan_atomics+0x1dc/0x310 [ 24.623595] ? __pfx_kasan_atomics+0x10/0x10 [ 24.623618] ? trace_hardirqs_on+0x37/0xe0 [ 24.623642] ? __pfx_read_tsc+0x10/0x10 [ 24.623664] ? ktime_get_ts64+0x86/0x230 [ 24.623688] kunit_try_run_case+0x1a5/0x480 [ 24.623712] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.623736] ? queued_spin_lock_slowpath+0x116/0xb40 [ 24.623762] ? __kthread_parkme+0x82/0x180 [ 24.623784] ? preempt_count_sub+0x50/0x80 [ 24.623808] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.623832] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.623855] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.623878] kthread+0x337/0x6f0 [ 24.623898] ? trace_preempt_on+0x20/0xc0 [ 24.623920] ? __pfx_kthread+0x10/0x10 [ 24.623941] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.623966] ? calculate_sigpending+0x7b/0xa0 [ 24.623990] ? __pfx_kthread+0x10/0x10 [ 24.624011] ret_from_fork+0x116/0x1d0 [ 24.624030] ? __pfx_kthread+0x10/0x10 [ 24.624050] ret_from_fork_asm+0x1a/0x30 [ 24.624081] </TASK> [ 24.624092] [ 24.636047] Allocated by task 294: [ 24.636392] kasan_save_stack+0x45/0x70 [ 24.636542] kasan_save_track+0x18/0x40 [ 24.636671] kasan_save_alloc_info+0x3b/0x50 [ 24.636812] __kasan_kmalloc+0xb7/0xc0 [ 24.636935] __kmalloc_cache_noprof+0x189/0x420 [ 24.637197] kasan_atomics+0x95/0x310 [ 24.637554] kunit_try_run_case+0x1a5/0x480 [ 24.638079] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.638572] kthread+0x337/0x6f0 [ 24.638882] ret_from_fork+0x116/0x1d0 [ 24.639287] ret_from_fork_asm+0x1a/0x30 [ 24.639589] [ 24.639659] The buggy address belongs to the object at ffff888100aaa000 [ 24.639659] which belongs to the cache kmalloc-64 of size 64 [ 24.640014] The buggy address is located 0 bytes to the right of [ 24.640014] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 24.640443] [ 24.640548] The buggy address belongs to the physical page: [ 24.640766] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 24.641028] flags: 0x200000000000000(node=0|zone=2) [ 24.641309] page_type: f5(slab) [ 24.641477] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.641803] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.642039] page dumped because: kasan: bad access detected [ 24.642360] [ 24.642466] Memory state around the buggy address: [ 24.642690] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.642924] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.643292] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.643587] ^ [ 24.643745] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.643971] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.644404] ================================================================== [ 24.708446] ================================================================== [ 24.708783] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b54/0x5450 [ 24.709187] Read of size 4 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 24.709500] [ 24.709602] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.709652] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.709675] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.709699] Call Trace: [ 24.709719] <TASK> [ 24.709739] dump_stack_lvl+0x73/0xb0 [ 24.709779] print_report+0xd1/0x650 [ 24.709802] ? __virt_addr_valid+0x1db/0x2d0 [ 24.709825] ? kasan_atomics_helper+0x4b54/0x5450 [ 24.709847] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.709874] ? kasan_atomics_helper+0x4b54/0x5450 [ 24.709895] kasan_report+0x141/0x180 [ 24.709918] ? kasan_atomics_helper+0x4b54/0x5450 [ 24.709945] __asan_report_load4_noabort+0x18/0x20 [ 24.709970] kasan_atomics_helper+0x4b54/0x5450 [ 24.709993] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.710019] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.710045] ? kasan_atomics+0x152/0x310 [ 24.710073] kasan_atomics+0x1dc/0x310 [ 24.710096] ? __pfx_kasan_atomics+0x10/0x10 [ 24.710119] ? trace_hardirqs_on+0x37/0xe0 [ 24.710143] ? __pfx_read_tsc+0x10/0x10 [ 24.710166] ? ktime_get_ts64+0x86/0x230 [ 24.710192] kunit_try_run_case+0x1a5/0x480 [ 24.710227] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.710262] ? queued_spin_lock_slowpath+0x116/0xb40 [ 24.710289] ? __kthread_parkme+0x82/0x180 [ 24.710311] ? preempt_count_sub+0x50/0x80 [ 24.710346] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.710371] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.710395] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.710420] kthread+0x337/0x6f0 [ 24.710441] ? trace_preempt_on+0x20/0xc0 [ 24.710464] ? __pfx_kthread+0x10/0x10 [ 24.710486] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.710510] ? calculate_sigpending+0x7b/0xa0 [ 24.710535] ? __pfx_kthread+0x10/0x10 [ 24.710557] ret_from_fork+0x116/0x1d0 [ 24.710578] ? __pfx_kthread+0x10/0x10 [ 24.710599] ret_from_fork_asm+0x1a/0x30 [ 24.710631] </TASK> [ 24.710643] [ 24.718434] Allocated by task 294: [ 24.718641] kasan_save_stack+0x45/0x70 [ 24.718862] kasan_save_track+0x18/0x40 [ 24.719136] kasan_save_alloc_info+0x3b/0x50 [ 24.719381] __kasan_kmalloc+0xb7/0xc0 [ 24.719550] __kmalloc_cache_noprof+0x189/0x420 [ 24.719779] kasan_atomics+0x95/0x310 [ 24.719928] kunit_try_run_case+0x1a5/0x480 [ 24.720071] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.720337] kthread+0x337/0x6f0 [ 24.720529] ret_from_fork+0x116/0x1d0 [ 24.720738] ret_from_fork_asm+0x1a/0x30 [ 24.720921] [ 24.721061] The buggy address belongs to the object at ffff888100aaa000 [ 24.721061] which belongs to the cache kmalloc-64 of size 64 [ 24.721618] The buggy address is located 0 bytes to the right of [ 24.721618] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 24.722167] [ 24.722305] The buggy address belongs to the physical page: [ 24.722562] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 24.722803] flags: 0x200000000000000(node=0|zone=2) [ 24.722966] page_type: f5(slab) [ 24.723090] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.723427] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.724190] page dumped because: kasan: bad access detected [ 24.724465] [ 24.724554] Memory state around the buggy address: [ 24.724766] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.724979] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.725506] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.725858] ^ [ 24.726158] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.726384] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.726594] ================================================================== [ 25.902633] ================================================================== [ 25.902884] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x224c/0x5450 [ 25.903122] Write of size 8 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.904037] [ 25.904305] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.904361] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.904375] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.904399] Call Trace: [ 25.905090] <TASK> [ 25.905177] dump_stack_lvl+0x73/0xb0 [ 25.905386] print_report+0xd1/0x650 [ 25.905704] ? __virt_addr_valid+0x1db/0x2d0 [ 25.905741] ? kasan_atomics_helper+0x224c/0x5450 [ 25.905765] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.905792] ? kasan_atomics_helper+0x224c/0x5450 [ 25.905814] kasan_report+0x141/0x180 [ 25.905837] ? kasan_atomics_helper+0x224c/0x5450 [ 25.905863] kasan_check_range+0x10c/0x1c0 [ 25.905887] __kasan_check_write+0x18/0x20 [ 25.905911] kasan_atomics_helper+0x224c/0x5450 [ 25.905934] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.905959] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.905985] ? kasan_atomics+0x152/0x310 [ 25.906041] kasan_atomics+0x1dc/0x310 [ 25.906065] ? __pfx_kasan_atomics+0x10/0x10 [ 25.906087] ? trace_hardirqs_on+0x37/0xe0 [ 25.906111] ? __pfx_read_tsc+0x10/0x10 [ 25.906134] ? ktime_get_ts64+0x86/0x230 [ 25.906160] kunit_try_run_case+0x1a5/0x480 [ 25.906185] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.906211] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.906248] ? __kthread_parkme+0x82/0x180 [ 25.906269] ? preempt_count_sub+0x50/0x80 [ 25.906294] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.906319] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.906345] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.906370] kthread+0x337/0x6f0 [ 25.906390] ? trace_preempt_on+0x20/0xc0 [ 25.906414] ? __pfx_kthread+0x10/0x10 [ 25.906435] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.906460] ? calculate_sigpending+0x7b/0xa0 [ 25.906486] ? __pfx_kthread+0x10/0x10 [ 25.906507] ret_from_fork+0x116/0x1d0 [ 25.906527] ? __pfx_kthread+0x10/0x10 [ 25.906548] ret_from_fork_asm+0x1a/0x30 [ 25.906581] </TASK> [ 25.906593] [ 25.918183] Allocated by task 294: [ 25.918539] kasan_save_stack+0x45/0x70 [ 25.918910] kasan_save_track+0x18/0x40 [ 25.919293] kasan_save_alloc_info+0x3b/0x50 [ 25.919806] __kasan_kmalloc+0xb7/0xc0 [ 25.920230] __kmalloc_cache_noprof+0x189/0x420 [ 25.920698] kasan_atomics+0x95/0x310 [ 25.921056] kunit_try_run_case+0x1a5/0x480 [ 25.921455] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.921923] kthread+0x337/0x6f0 [ 25.922295] ret_from_fork+0x116/0x1d0 [ 25.922638] ret_from_fork_asm+0x1a/0x30 [ 25.923000] [ 25.923176] The buggy address belongs to the object at ffff888100aaa000 [ 25.923176] which belongs to the cache kmalloc-64 of size 64 [ 25.923822] The buggy address is located 0 bytes to the right of [ 25.923822] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.924473] [ 25.924638] The buggy address belongs to the physical page: [ 25.925163] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.925854] flags: 0x200000000000000(node=0|zone=2) [ 25.926359] page_type: f5(slab) [ 25.926702] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.927379] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.927757] page dumped because: kasan: bad access detected [ 25.928268] [ 25.928399] Memory state around the buggy address: [ 25.928765] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.928972] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.929389] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.929831] ^ [ 25.929979] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.930198] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.930409] ================================================================== [ 25.499376] ================================================================== [ 25.500198] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x18b1/0x5450 [ 25.500853] Write of size 8 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.501535] [ 25.501724] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.501788] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.501802] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.501827] Call Trace: [ 25.501848] <TASK> [ 25.501878] dump_stack_lvl+0x73/0xb0 [ 25.501908] print_report+0xd1/0x650 [ 25.501932] ? __virt_addr_valid+0x1db/0x2d0 [ 25.501968] ? kasan_atomics_helper+0x18b1/0x5450 [ 25.501990] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.502036] ? kasan_atomics_helper+0x18b1/0x5450 [ 25.502057] kasan_report+0x141/0x180 [ 25.502080] ? kasan_atomics_helper+0x18b1/0x5450 [ 25.502106] kasan_check_range+0x10c/0x1c0 [ 25.502130] __kasan_check_write+0x18/0x20 [ 25.502153] kasan_atomics_helper+0x18b1/0x5450 [ 25.502176] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.502202] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.502236] ? kasan_atomics+0x152/0x310 [ 25.502263] kasan_atomics+0x1dc/0x310 [ 25.502286] ? __pfx_kasan_atomics+0x10/0x10 [ 25.502309] ? trace_hardirqs_on+0x37/0xe0 [ 25.502332] ? __pfx_read_tsc+0x10/0x10 [ 25.502355] ? ktime_get_ts64+0x86/0x230 [ 25.502381] kunit_try_run_case+0x1a5/0x480 [ 25.502407] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.502433] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.502460] ? __kthread_parkme+0x82/0x180 [ 25.502482] ? preempt_count_sub+0x50/0x80 [ 25.502506] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.502531] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.502555] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.502580] kthread+0x337/0x6f0 [ 25.502600] ? trace_preempt_on+0x20/0xc0 [ 25.502623] ? __pfx_kthread+0x10/0x10 [ 25.502645] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.502669] ? calculate_sigpending+0x7b/0xa0 [ 25.502694] ? __pfx_kthread+0x10/0x10 [ 25.502715] ret_from_fork+0x116/0x1d0 [ 25.502735] ? __pfx_kthread+0x10/0x10 [ 25.502757] ret_from_fork_asm+0x1a/0x30 [ 25.502789] </TASK> [ 25.502801] [ 25.515071] Allocated by task 294: [ 25.515433] kasan_save_stack+0x45/0x70 [ 25.515807] kasan_save_track+0x18/0x40 [ 25.516177] kasan_save_alloc_info+0x3b/0x50 [ 25.516491] __kasan_kmalloc+0xb7/0xc0 [ 25.516619] __kmalloc_cache_noprof+0x189/0x420 [ 25.516769] kasan_atomics+0x95/0x310 [ 25.516894] kunit_try_run_case+0x1a5/0x480 [ 25.517123] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.517615] kthread+0x337/0x6f0 [ 25.517912] ret_from_fork+0x116/0x1d0 [ 25.518291] ret_from_fork_asm+0x1a/0x30 [ 25.518664] [ 25.518815] The buggy address belongs to the object at ffff888100aaa000 [ 25.518815] which belongs to the cache kmalloc-64 of size 64 [ 25.519889] The buggy address is located 0 bytes to the right of [ 25.519889] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.520706] [ 25.520781] The buggy address belongs to the physical page: [ 25.520951] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.521603] flags: 0x200000000000000(node=0|zone=2) [ 25.522044] page_type: f5(slab) [ 25.522353] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.523066] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.523715] page dumped because: kasan: bad access detected [ 25.523884] [ 25.523950] Memory state around the buggy address: [ 25.524336] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.524961] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.525592] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.525960] ^ [ 25.526380] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.526923] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.527148] ================================================================== [ 25.849261] ================================================================== [ 25.849611] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fb2/0x5450 [ 25.850363] Read of size 8 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.850644] [ 25.850752] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.850803] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.850817] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.850842] Call Trace: [ 25.850864] <TASK> [ 25.850885] dump_stack_lvl+0x73/0xb0 [ 25.850915] print_report+0xd1/0x650 [ 25.850939] ? __virt_addr_valid+0x1db/0x2d0 [ 25.850964] ? kasan_atomics_helper+0x4fb2/0x5450 [ 25.850986] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.851032] ? kasan_atomics_helper+0x4fb2/0x5450 [ 25.851055] kasan_report+0x141/0x180 [ 25.851078] ? kasan_atomics_helper+0x4fb2/0x5450 [ 25.851104] __asan_report_load8_noabort+0x18/0x20 [ 25.851129] kasan_atomics_helper+0x4fb2/0x5450 [ 25.851151] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.851178] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.851204] ? kasan_atomics+0x152/0x310 [ 25.851244] kasan_atomics+0x1dc/0x310 [ 25.851267] ? __pfx_kasan_atomics+0x10/0x10 [ 25.851290] ? trace_hardirqs_on+0x37/0xe0 [ 25.851314] ? __pfx_read_tsc+0x10/0x10 [ 25.851338] ? ktime_get_ts64+0x86/0x230 [ 25.851364] kunit_try_run_case+0x1a5/0x480 [ 25.851390] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.851416] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.851444] ? __kthread_parkme+0x82/0x180 [ 25.851465] ? preempt_count_sub+0x50/0x80 [ 25.851490] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.851514] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.851539] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.851563] kthread+0x337/0x6f0 [ 25.851584] ? trace_preempt_on+0x20/0xc0 [ 25.851607] ? __pfx_kthread+0x10/0x10 [ 25.851629] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.851654] ? calculate_sigpending+0x7b/0xa0 [ 25.851678] ? __pfx_kthread+0x10/0x10 [ 25.851700] ret_from_fork+0x116/0x1d0 [ 25.851720] ? __pfx_kthread+0x10/0x10 [ 25.851741] ret_from_fork_asm+0x1a/0x30 [ 25.851773] </TASK> [ 25.851784] [ 25.858919] Allocated by task 294: [ 25.859095] kasan_save_stack+0x45/0x70 [ 25.859243] kasan_save_track+0x18/0x40 [ 25.859372] kasan_save_alloc_info+0x3b/0x50 [ 25.859515] __kasan_kmalloc+0xb7/0xc0 [ 25.859639] __kmalloc_cache_noprof+0x189/0x420 [ 25.859787] kasan_atomics+0x95/0x310 [ 25.859912] kunit_try_run_case+0x1a5/0x480 [ 25.860176] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.860437] kthread+0x337/0x6f0 [ 25.860602] ret_from_fork+0x116/0x1d0 [ 25.860783] ret_from_fork_asm+0x1a/0x30 [ 25.860974] [ 25.861057] The buggy address belongs to the object at ffff888100aaa000 [ 25.861057] which belongs to the cache kmalloc-64 of size 64 [ 25.861817] The buggy address is located 0 bytes to the right of [ 25.861817] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.862361] [ 25.862430] The buggy address belongs to the physical page: [ 25.862597] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.862833] flags: 0x200000000000000(node=0|zone=2) [ 25.863115] page_type: f5(slab) [ 25.863291] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.863622] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.863955] page dumped because: kasan: bad access detected [ 25.864201] [ 25.864301] Memory state around the buggy address: [ 25.864504] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.864760] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.865060] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.865346] ^ [ 25.865542] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.865832] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.866163] ================================================================== [ 24.598410] ================================================================== [ 24.599138] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4bbc/0x5450 [ 24.599521] Read of size 4 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 24.599807] [ 24.599932] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.599987] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.600063] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.600091] Call Trace: [ 24.600106] <TASK> [ 24.600127] dump_stack_lvl+0x73/0xb0 [ 24.600157] print_report+0xd1/0x650 [ 24.600181] ? __virt_addr_valid+0x1db/0x2d0 [ 24.600207] ? kasan_atomics_helper+0x4bbc/0x5450 [ 24.600238] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.600264] ? kasan_atomics_helper+0x4bbc/0x5450 [ 24.600285] kasan_report+0x141/0x180 [ 24.600306] ? kasan_atomics_helper+0x4bbc/0x5450 [ 24.600330] __asan_report_load4_noabort+0x18/0x20 [ 24.600355] kasan_atomics_helper+0x4bbc/0x5450 [ 24.600375] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.600437] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.600461] ? kasan_atomics+0x152/0x310 [ 24.600512] kasan_atomics+0x1dc/0x310 [ 24.600533] ? __pfx_kasan_atomics+0x10/0x10 [ 24.600555] ? trace_hardirqs_on+0x37/0xe0 [ 24.600578] ? __pfx_read_tsc+0x10/0x10 [ 24.600600] ? ktime_get_ts64+0x86/0x230 [ 24.600624] kunit_try_run_case+0x1a5/0x480 [ 24.600649] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.600673] ? queued_spin_lock_slowpath+0x116/0xb40 [ 24.600723] ? __kthread_parkme+0x82/0x180 [ 24.600744] ? preempt_count_sub+0x50/0x80 [ 24.600767] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.600801] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.600826] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.600848] kthread+0x337/0x6f0 [ 24.600868] ? trace_preempt_on+0x20/0xc0 [ 24.600890] ? __pfx_kthread+0x10/0x10 [ 24.600909] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.600932] ? calculate_sigpending+0x7b/0xa0 [ 24.600955] ? __pfx_kthread+0x10/0x10 [ 24.600976] ret_from_fork+0x116/0x1d0 [ 24.600994] ? __pfx_kthread+0x10/0x10 [ 24.601014] ret_from_fork_asm+0x1a/0x30 [ 24.601045] </TASK> [ 24.601057] [ 24.612771] Allocated by task 294: [ 24.612982] kasan_save_stack+0x45/0x70 [ 24.613200] kasan_save_track+0x18/0x40 [ 24.613395] kasan_save_alloc_info+0x3b/0x50 [ 24.613567] __kasan_kmalloc+0xb7/0xc0 [ 24.613686] __kmalloc_cache_noprof+0x189/0x420 [ 24.613830] kasan_atomics+0x95/0x310 [ 24.613953] kunit_try_run_case+0x1a5/0x480 [ 24.614362] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.614707] kthread+0x337/0x6f0 [ 24.614868] ret_from_fork+0x116/0x1d0 [ 24.615090] ret_from_fork_asm+0x1a/0x30 [ 24.615287] [ 24.615378] The buggy address belongs to the object at ffff888100aaa000 [ 24.615378] which belongs to the cache kmalloc-64 of size 64 [ 24.616102] The buggy address is located 0 bytes to the right of [ 24.616102] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 24.616648] [ 24.616723] The buggy address belongs to the physical page: [ 24.616942] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 24.617430] flags: 0x200000000000000(node=0|zone=2) [ 24.617747] page_type: f5(slab) [ 24.617907] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.618121] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.618678] page dumped because: kasan: bad access detected [ 24.618915] [ 24.618998] Memory state around the buggy address: [ 24.619315] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.619626] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.619981] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.620341] ^ [ 24.620497] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.620809] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.621143] ================================================================== [ 24.645238] ================================================================== [ 24.645541] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b88/0x5450 [ 24.645824] Read of size 4 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 24.646636] [ 24.646754] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.646807] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.646820] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.646855] Call Trace: [ 24.646877] <TASK> [ 24.646897] dump_stack_lvl+0x73/0xb0 [ 24.646940] print_report+0xd1/0x650 [ 24.646963] ? __virt_addr_valid+0x1db/0x2d0 [ 24.646986] ? kasan_atomics_helper+0x4b88/0x5450 [ 24.647007] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.647051] ? kasan_atomics_helper+0x4b88/0x5450 [ 24.647083] kasan_report+0x141/0x180 [ 24.647105] ? kasan_atomics_helper+0x4b88/0x5450 [ 24.647130] __asan_report_load4_noabort+0x18/0x20 [ 24.647165] kasan_atomics_helper+0x4b88/0x5450 [ 24.647194] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.647236] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.647261] ? kasan_atomics+0x152/0x310 [ 24.647287] kasan_atomics+0x1dc/0x310 [ 24.647309] ? __pfx_kasan_atomics+0x10/0x10 [ 24.647331] ? trace_hardirqs_on+0x37/0xe0 [ 24.647354] ? __pfx_read_tsc+0x10/0x10 [ 24.647376] ? ktime_get_ts64+0x86/0x230 [ 24.647410] kunit_try_run_case+0x1a5/0x480 [ 24.647435] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.647459] ? queued_spin_lock_slowpath+0x116/0xb40 [ 24.647497] ? __kthread_parkme+0x82/0x180 [ 24.647518] ? preempt_count_sub+0x50/0x80 [ 24.647541] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.647574] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.647598] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.647621] kthread+0x337/0x6f0 [ 24.647651] ? trace_preempt_on+0x20/0xc0 [ 24.647674] ? __pfx_kthread+0x10/0x10 [ 24.647694] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.647718] ? calculate_sigpending+0x7b/0xa0 [ 24.647751] ? __pfx_kthread+0x10/0x10 [ 24.647772] ret_from_fork+0x116/0x1d0 [ 24.647791] ? __pfx_kthread+0x10/0x10 [ 24.647812] ret_from_fork_asm+0x1a/0x30 [ 24.647854] </TASK> [ 24.647865] [ 24.656416] Allocated by task 294: [ 24.656616] kasan_save_stack+0x45/0x70 [ 24.656877] kasan_save_track+0x18/0x40 [ 24.657008] kasan_save_alloc_info+0x3b/0x50 [ 24.657175] __kasan_kmalloc+0xb7/0xc0 [ 24.657378] __kmalloc_cache_noprof+0x189/0x420 [ 24.657785] kasan_atomics+0x95/0x310 [ 24.657972] kunit_try_run_case+0x1a5/0x480 [ 24.658238] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.658511] kthread+0x337/0x6f0 [ 24.658743] ret_from_fork+0x116/0x1d0 [ 24.658930] ret_from_fork_asm+0x1a/0x30 [ 24.659116] [ 24.659182] The buggy address belongs to the object at ffff888100aaa000 [ 24.659182] which belongs to the cache kmalloc-64 of size 64 [ 24.659670] The buggy address is located 0 bytes to the right of [ 24.659670] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 24.660466] [ 24.660556] The buggy address belongs to the physical page: [ 24.660792] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 24.661444] flags: 0x200000000000000(node=0|zone=2) [ 24.661695] page_type: f5(slab) [ 24.661816] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.662203] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.662748] page dumped because: kasan: bad access detected [ 24.663021] [ 24.663153] Memory state around the buggy address: [ 24.663446] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.663677] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.664237] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.664595] ^ [ 24.664791] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.665127] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.665489] ================================================================== [ 24.869981] ================================================================== [ 24.870349] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x860/0x5450 [ 24.871153] Write of size 4 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 24.871516] [ 24.871623] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.871675] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.871690] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.871716] Call Trace: [ 24.871738] <TASK> [ 24.871761] dump_stack_lvl+0x73/0xb0 [ 24.871792] print_report+0xd1/0x650 [ 24.871817] ? __virt_addr_valid+0x1db/0x2d0 [ 24.871843] ? kasan_atomics_helper+0x860/0x5450 [ 24.871865] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.871893] ? kasan_atomics_helper+0x860/0x5450 [ 24.871915] kasan_report+0x141/0x180 [ 24.871938] ? kasan_atomics_helper+0x860/0x5450 [ 24.871964] kasan_check_range+0x10c/0x1c0 [ 24.871987] __kasan_check_write+0x18/0x20 [ 24.872011] kasan_atomics_helper+0x860/0x5450 [ 24.872035] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.872061] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.872088] ? kasan_atomics+0x152/0x310 [ 24.872115] kasan_atomics+0x1dc/0x310 [ 24.872138] ? __pfx_kasan_atomics+0x10/0x10 [ 24.872161] ? trace_hardirqs_on+0x37/0xe0 [ 24.872185] ? __pfx_read_tsc+0x10/0x10 [ 24.872209] ? ktime_get_ts64+0x86/0x230 [ 24.872248] kunit_try_run_case+0x1a5/0x480 [ 24.872274] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.872300] ? queued_spin_lock_slowpath+0x116/0xb40 [ 24.872328] ? __kthread_parkme+0x82/0x180 [ 24.872349] ? preempt_count_sub+0x50/0x80 [ 24.872374] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.872399] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.872424] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.872448] kthread+0x337/0x6f0 [ 24.872469] ? trace_preempt_on+0x20/0xc0 [ 24.872492] ? __pfx_kthread+0x10/0x10 [ 24.872514] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.872538] ? calculate_sigpending+0x7b/0xa0 [ 24.872564] ? __pfx_kthread+0x10/0x10 [ 24.872586] ret_from_fork+0x116/0x1d0 [ 24.872606] ? __pfx_kthread+0x10/0x10 [ 24.872627] ret_from_fork_asm+0x1a/0x30 [ 24.872661] </TASK> [ 24.872673] [ 24.880101] Allocated by task 294: [ 24.880308] kasan_save_stack+0x45/0x70 [ 24.880487] kasan_save_track+0x18/0x40 [ 24.880674] kasan_save_alloc_info+0x3b/0x50 [ 24.880853] __kasan_kmalloc+0xb7/0xc0 [ 24.881030] __kmalloc_cache_noprof+0x189/0x420 [ 24.881212] kasan_atomics+0x95/0x310 [ 24.881390] kunit_try_run_case+0x1a5/0x480 [ 24.881566] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.881772] kthread+0x337/0x6f0 [ 24.881888] ret_from_fork+0x116/0x1d0 [ 24.882016] ret_from_fork_asm+0x1a/0x30 [ 24.882230] [ 24.882321] The buggy address belongs to the object at ffff888100aaa000 [ 24.882321] which belongs to the cache kmalloc-64 of size 64 [ 24.882862] The buggy address is located 0 bytes to the right of [ 24.882862] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 24.883365] [ 24.883440] The buggy address belongs to the physical page: [ 24.883610] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 24.883915] flags: 0x200000000000000(node=0|zone=2) [ 24.884193] page_type: f5(slab) [ 24.884523] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.884853] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.885202] page dumped because: kasan: bad access detected [ 24.885429] [ 24.885494] Memory state around the buggy address: [ 24.885645] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.885856] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.886186] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.886508] ^ [ 24.886732] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.886999] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.887317] ================================================================== [ 25.831536] ================================================================== [ 25.831897] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x20c8/0x5450 [ 25.832595] Write of size 8 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.833089] [ 25.833209] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.833278] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.833292] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.833318] Call Trace: [ 25.833340] <TASK> [ 25.833362] dump_stack_lvl+0x73/0xb0 [ 25.833395] print_report+0xd1/0x650 [ 25.833420] ? __virt_addr_valid+0x1db/0x2d0 [ 25.833445] ? kasan_atomics_helper+0x20c8/0x5450 [ 25.833468] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.833495] ? kasan_atomics_helper+0x20c8/0x5450 [ 25.833517] kasan_report+0x141/0x180 [ 25.833541] ? kasan_atomics_helper+0x20c8/0x5450 [ 25.833567] kasan_check_range+0x10c/0x1c0 [ 25.833591] __kasan_check_write+0x18/0x20 [ 25.833615] kasan_atomics_helper+0x20c8/0x5450 [ 25.833639] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.833666] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.833692] ? kasan_atomics+0x152/0x310 [ 25.833721] kasan_atomics+0x1dc/0x310 [ 25.833745] ? __pfx_kasan_atomics+0x10/0x10 [ 25.833767] ? trace_hardirqs_on+0x37/0xe0 [ 25.833792] ? __pfx_read_tsc+0x10/0x10 [ 25.833816] ? ktime_get_ts64+0x86/0x230 [ 25.833841] kunit_try_run_case+0x1a5/0x480 [ 25.833868] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.833894] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.833921] ? __kthread_parkme+0x82/0x180 [ 25.833943] ? preempt_count_sub+0x50/0x80 [ 25.833968] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.833993] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.834018] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.834043] kthread+0x337/0x6f0 [ 25.834064] ? trace_preempt_on+0x20/0xc0 [ 25.834086] ? __pfx_kthread+0x10/0x10 [ 25.834107] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.834132] ? calculate_sigpending+0x7b/0xa0 [ 25.834157] ? __pfx_kthread+0x10/0x10 [ 25.834180] ret_from_fork+0x116/0x1d0 [ 25.834200] ? __pfx_kthread+0x10/0x10 [ 25.834230] ret_from_fork_asm+0x1a/0x30 [ 25.834262] </TASK> [ 25.834275] [ 25.841567] Allocated by task 294: [ 25.841744] kasan_save_stack+0x45/0x70 [ 25.841897] kasan_save_track+0x18/0x40 [ 25.842033] kasan_save_alloc_info+0x3b/0x50 [ 25.842261] __kasan_kmalloc+0xb7/0xc0 [ 25.842445] __kmalloc_cache_noprof+0x189/0x420 [ 25.842623] kasan_atomics+0x95/0x310 [ 25.842760] kunit_try_run_case+0x1a5/0x480 [ 25.842918] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.843364] kthread+0x337/0x6f0 [ 25.843532] ret_from_fork+0x116/0x1d0 [ 25.843723] ret_from_fork_asm+0x1a/0x30 [ 25.843884] [ 25.843951] The buggy address belongs to the object at ffff888100aaa000 [ 25.843951] which belongs to the cache kmalloc-64 of size 64 [ 25.844362] The buggy address is located 0 bytes to the right of [ 25.844362] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.844908] [ 25.845002] The buggy address belongs to the physical page: [ 25.845294] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.845603] flags: 0x200000000000000(node=0|zone=2) [ 25.845765] page_type: f5(slab) [ 25.845882] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.846111] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.846455] page dumped because: kasan: bad access detected [ 25.846706] [ 25.846884] Memory state around the buggy address: [ 25.847132] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.847437] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.847723] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.847991] ^ [ 25.848200] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.848464] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.848673] ================================================================== [ 25.612661] ================================================================== [ 25.612897] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1c18/0x5450 [ 25.613124] Write of size 8 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.614529] [ 25.614883] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.614940] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.614956] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.614980] Call Trace: [ 25.615001] <TASK> [ 25.615023] dump_stack_lvl+0x73/0xb0 [ 25.615062] print_report+0xd1/0x650 [ 25.615087] ? __virt_addr_valid+0x1db/0x2d0 [ 25.615112] ? kasan_atomics_helper+0x1c18/0x5450 [ 25.615136] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.615162] ? kasan_atomics_helper+0x1c18/0x5450 [ 25.615184] kasan_report+0x141/0x180 [ 25.615207] ? kasan_atomics_helper+0x1c18/0x5450 [ 25.615246] kasan_check_range+0x10c/0x1c0 [ 25.615270] __kasan_check_write+0x18/0x20 [ 25.615294] kasan_atomics_helper+0x1c18/0x5450 [ 25.615317] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.615344] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.615369] ? kasan_atomics+0x152/0x310 [ 25.615420] kasan_atomics+0x1dc/0x310 [ 25.615443] ? __pfx_kasan_atomics+0x10/0x10 [ 25.615465] ? trace_hardirqs_on+0x37/0xe0 [ 25.615489] ? __pfx_read_tsc+0x10/0x10 [ 25.615512] ? ktime_get_ts64+0x86/0x230 [ 25.615537] kunit_try_run_case+0x1a5/0x480 [ 25.615563] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.615588] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.615615] ? __kthread_parkme+0x82/0x180 [ 25.615637] ? preempt_count_sub+0x50/0x80 [ 25.615660] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.615687] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.615711] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.615735] kthread+0x337/0x6f0 [ 25.615757] ? trace_preempt_on+0x20/0xc0 [ 25.615779] ? __pfx_kthread+0x10/0x10 [ 25.615800] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.615825] ? calculate_sigpending+0x7b/0xa0 [ 25.615851] ? __pfx_kthread+0x10/0x10 [ 25.615873] ret_from_fork+0x116/0x1d0 [ 25.615893] ? __pfx_kthread+0x10/0x10 [ 25.615913] ret_from_fork_asm+0x1a/0x30 [ 25.615946] </TASK> [ 25.615958] [ 25.626843] Allocated by task 294: [ 25.627179] kasan_save_stack+0x45/0x70 [ 25.627396] kasan_save_track+0x18/0x40 [ 25.627560] kasan_save_alloc_info+0x3b/0x50 [ 25.627745] __kasan_kmalloc+0xb7/0xc0 [ 25.627909] __kmalloc_cache_noprof+0x189/0x420 [ 25.628549] kasan_atomics+0x95/0x310 [ 25.628814] kunit_try_run_case+0x1a5/0x480 [ 25.629149] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.629579] kthread+0x337/0x6f0 [ 25.629848] ret_from_fork+0x116/0x1d0 [ 25.630216] ret_from_fork_asm+0x1a/0x30 [ 25.630539] [ 25.630755] The buggy address belongs to the object at ffff888100aaa000 [ 25.630755] which belongs to the cache kmalloc-64 of size 64 [ 25.631496] The buggy address is located 0 bytes to the right of [ 25.631496] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.631987] [ 25.632145] The buggy address belongs to the physical page: [ 25.632382] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.632691] flags: 0x200000000000000(node=0|zone=2) [ 25.632901] page_type: f5(slab) [ 25.633389] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.633910] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.634446] page dumped because: kasan: bad access detected [ 25.634865] [ 25.635112] Memory state around the buggy address: [ 25.635448] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.636070] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.636550] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.636846] ^ [ 25.637087] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.637657] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.638163] ================================================================== [ 24.792147] ================================================================== [ 24.792477] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5fe/0x5450 [ 24.793008] Write of size 4 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 24.793546] [ 24.793767] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.793922] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.793943] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.793967] Call Trace: [ 24.793988] <TASK> [ 24.794008] dump_stack_lvl+0x73/0xb0 [ 24.794037] print_report+0xd1/0x650 [ 24.794061] ? __virt_addr_valid+0x1db/0x2d0 [ 24.794086] ? kasan_atomics_helper+0x5fe/0x5450 [ 24.794108] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.794134] ? kasan_atomics_helper+0x5fe/0x5450 [ 24.794156] kasan_report+0x141/0x180 [ 24.794178] ? kasan_atomics_helper+0x5fe/0x5450 [ 24.794204] kasan_check_range+0x10c/0x1c0 [ 24.794241] __kasan_check_write+0x18/0x20 [ 24.794265] kasan_atomics_helper+0x5fe/0x5450 [ 24.794287] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.794313] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.794339] ? kasan_atomics+0x152/0x310 [ 24.794366] kasan_atomics+0x1dc/0x310 [ 24.794389] ? __pfx_kasan_atomics+0x10/0x10 [ 24.794412] ? trace_hardirqs_on+0x37/0xe0 [ 24.794436] ? __pfx_read_tsc+0x10/0x10 [ 24.794459] ? ktime_get_ts64+0x86/0x230 [ 24.794484] kunit_try_run_case+0x1a5/0x480 [ 24.794510] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.794536] ? queued_spin_lock_slowpath+0x116/0xb40 [ 24.794563] ? __kthread_parkme+0x82/0x180 [ 24.794584] ? preempt_count_sub+0x50/0x80 [ 24.794608] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.794633] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.794657] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.794682] kthread+0x337/0x6f0 [ 24.794703] ? trace_preempt_on+0x20/0xc0 [ 24.794725] ? __pfx_kthread+0x10/0x10 [ 24.794747] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.794772] ? calculate_sigpending+0x7b/0xa0 [ 24.794796] ? __pfx_kthread+0x10/0x10 [ 24.794818] ret_from_fork+0x116/0x1d0 [ 24.794837] ? __pfx_kthread+0x10/0x10 [ 24.794859] ret_from_fork_asm+0x1a/0x30 [ 24.794890] </TASK> [ 24.794902] [ 24.805737] Allocated by task 294: [ 24.805935] kasan_save_stack+0x45/0x70 [ 24.806405] kasan_save_track+0x18/0x40 [ 24.806690] kasan_save_alloc_info+0x3b/0x50 [ 24.806996] __kasan_kmalloc+0xb7/0xc0 [ 24.807410] __kmalloc_cache_noprof+0x189/0x420 [ 24.807740] kasan_atomics+0x95/0x310 [ 24.808020] kunit_try_run_case+0x1a5/0x480 [ 24.808335] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.808695] kthread+0x337/0x6f0 [ 24.808858] ret_from_fork+0x116/0x1d0 [ 24.809003] ret_from_fork_asm+0x1a/0x30 [ 24.809281] [ 24.809647] The buggy address belongs to the object at ffff888100aaa000 [ 24.809647] which belongs to the cache kmalloc-64 of size 64 [ 24.810332] The buggy address is located 0 bytes to the right of [ 24.810332] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 24.810931] [ 24.811043] The buggy address belongs to the physical page: [ 24.811313] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 24.811626] flags: 0x200000000000000(node=0|zone=2) [ 24.811867] page_type: f5(slab) [ 24.812029] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.812713] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.813082] page dumped because: kasan: bad access detected [ 24.813457] [ 24.813549] Memory state around the buggy address: [ 24.813946] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.814367] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.814780] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.815239] ^ [ 24.815555] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.815959] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.816368] ================================================================== [ 25.385241] ================================================================== [ 25.385912] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b6/0x5450 [ 25.386646] Write of size 8 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.387052] [ 25.387165] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.387228] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.387242] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.387268] Call Trace: [ 25.387290] <TASK> [ 25.387313] dump_stack_lvl+0x73/0xb0 [ 25.387355] print_report+0xd1/0x650 [ 25.387379] ? __virt_addr_valid+0x1db/0x2d0 [ 25.387404] ? kasan_atomics_helper+0x15b6/0x5450 [ 25.387439] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.387467] ? kasan_atomics_helper+0x15b6/0x5450 [ 25.387489] kasan_report+0x141/0x180 [ 25.387512] ? kasan_atomics_helper+0x15b6/0x5450 [ 25.387538] kasan_check_range+0x10c/0x1c0 [ 25.387563] __kasan_check_write+0x18/0x20 [ 25.387587] kasan_atomics_helper+0x15b6/0x5450 [ 25.387611] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.387638] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.387664] ? kasan_atomics+0x152/0x310 [ 25.387692] kasan_atomics+0x1dc/0x310 [ 25.387716] ? __pfx_kasan_atomics+0x10/0x10 [ 25.387739] ? trace_hardirqs_on+0x37/0xe0 [ 25.387764] ? __pfx_read_tsc+0x10/0x10 [ 25.387788] ? ktime_get_ts64+0x86/0x230 [ 25.387814] kunit_try_run_case+0x1a5/0x480 [ 25.387840] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.387866] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.387894] ? __kthread_parkme+0x82/0x180 [ 25.387916] ? preempt_count_sub+0x50/0x80 [ 25.387941] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.387965] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.387991] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.388016] kthread+0x337/0x6f0 [ 25.388037] ? trace_preempt_on+0x20/0xc0 [ 25.388060] ? __pfx_kthread+0x10/0x10 [ 25.388082] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.388107] ? calculate_sigpending+0x7b/0xa0 [ 25.388132] ? __pfx_kthread+0x10/0x10 [ 25.388155] ret_from_fork+0x116/0x1d0 [ 25.388175] ? __pfx_kthread+0x10/0x10 [ 25.388196] ret_from_fork_asm+0x1a/0x30 [ 25.388237] </TASK> [ 25.388250] [ 25.399893] Allocated by task 294: [ 25.400145] kasan_save_stack+0x45/0x70 [ 25.400335] kasan_save_track+0x18/0x40 [ 25.400507] kasan_save_alloc_info+0x3b/0x50 [ 25.400650] __kasan_kmalloc+0xb7/0xc0 [ 25.400775] __kmalloc_cache_noprof+0x189/0x420 [ 25.400923] kasan_atomics+0x95/0x310 [ 25.401085] kunit_try_run_case+0x1a5/0x480 [ 25.401304] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.401561] kthread+0x337/0x6f0 [ 25.401724] ret_from_fork+0x116/0x1d0 [ 25.401906] ret_from_fork_asm+0x1a/0x30 [ 25.402200] [ 25.402287] The buggy address belongs to the object at ffff888100aaa000 [ 25.402287] which belongs to the cache kmalloc-64 of size 64 [ 25.402633] The buggy address is located 0 bytes to the right of [ 25.402633] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.403375] [ 25.403473] The buggy address belongs to the physical page: [ 25.403690] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.404064] flags: 0x200000000000000(node=0|zone=2) [ 25.404240] page_type: f5(slab) [ 25.404414] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.404714] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.404943] page dumped because: kasan: bad access detected [ 25.405110] [ 25.405198] Memory state around the buggy address: [ 25.405429] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.405941] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.406258] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.406561] ^ [ 25.406711] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.406921] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.407470] ================================================================== [ 25.312857] ================================================================== [ 25.313308] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4eae/0x5450 [ 25.313776] Read of size 8 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.314193] [ 25.314291] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.314342] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.314355] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.314380] Call Trace: [ 25.314402] <TASK> [ 25.314422] dump_stack_lvl+0x73/0xb0 [ 25.314450] print_report+0xd1/0x650 [ 25.314473] ? __virt_addr_valid+0x1db/0x2d0 [ 25.314498] ? kasan_atomics_helper+0x4eae/0x5450 [ 25.314519] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.314547] ? kasan_atomics_helper+0x4eae/0x5450 [ 25.314569] kasan_report+0x141/0x180 [ 25.314592] ? kasan_atomics_helper+0x4eae/0x5450 [ 25.314618] __asan_report_load8_noabort+0x18/0x20 [ 25.314644] kasan_atomics_helper+0x4eae/0x5450 [ 25.314667] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.314694] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.314733] ? kasan_atomics+0x152/0x310 [ 25.314760] kasan_atomics+0x1dc/0x310 [ 25.314790] ? __pfx_kasan_atomics+0x10/0x10 [ 25.314813] ? trace_hardirqs_on+0x37/0xe0 [ 25.314837] ? __pfx_read_tsc+0x10/0x10 [ 25.314861] ? ktime_get_ts64+0x86/0x230 [ 25.314887] kunit_try_run_case+0x1a5/0x480 [ 25.314913] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.314940] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.314967] ? __kthread_parkme+0x82/0x180 [ 25.314989] ? preempt_count_sub+0x50/0x80 [ 25.315014] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.315045] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.315070] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.315095] kthread+0x337/0x6f0 [ 25.315116] ? trace_preempt_on+0x20/0xc0 [ 25.315139] ? __pfx_kthread+0x10/0x10 [ 25.315160] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.315184] ? calculate_sigpending+0x7b/0xa0 [ 25.315209] ? __pfx_kthread+0x10/0x10 [ 25.315241] ret_from_fork+0x116/0x1d0 [ 25.315262] ? __pfx_kthread+0x10/0x10 [ 25.315284] ret_from_fork_asm+0x1a/0x30 [ 25.315316] </TASK> [ 25.315328] [ 25.322699] Allocated by task 294: [ 25.322882] kasan_save_stack+0x45/0x70 [ 25.323079] kasan_save_track+0x18/0x40 [ 25.323273] kasan_save_alloc_info+0x3b/0x50 [ 25.323419] __kasan_kmalloc+0xb7/0xc0 [ 25.323545] __kmalloc_cache_noprof+0x189/0x420 [ 25.323692] kasan_atomics+0x95/0x310 [ 25.323818] kunit_try_run_case+0x1a5/0x480 [ 25.324016] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.324278] kthread+0x337/0x6f0 [ 25.324444] ret_from_fork+0x116/0x1d0 [ 25.324653] ret_from_fork_asm+0x1a/0x30 [ 25.324848] [ 25.324939] The buggy address belongs to the object at ffff888100aaa000 [ 25.324939] which belongs to the cache kmalloc-64 of size 64 [ 25.325594] The buggy address is located 0 bytes to the right of [ 25.325594] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.326033] [ 25.326142] The buggy address belongs to the physical page: [ 25.326417] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.326655] flags: 0x200000000000000(node=0|zone=2) [ 25.326817] page_type: f5(slab) [ 25.326966] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.327658] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.327991] page dumped because: kasan: bad access detected [ 25.328323] [ 25.328436] Memory state around the buggy address: [ 25.328600] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.328925] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.329237] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.329526] ^ [ 25.329737] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.330070] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.330367] ================================================================== [ 25.444934] ================================================================== [ 25.445358] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x177f/0x5450 [ 25.445829] Write of size 8 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.446168] [ 25.446284] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.446335] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.446350] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.446373] Call Trace: [ 25.446393] <TASK> [ 25.446414] dump_stack_lvl+0x73/0xb0 [ 25.446442] print_report+0xd1/0x650 [ 25.446465] ? __virt_addr_valid+0x1db/0x2d0 [ 25.446490] ? kasan_atomics_helper+0x177f/0x5450 [ 25.446511] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.446538] ? kasan_atomics_helper+0x177f/0x5450 [ 25.446561] kasan_report+0x141/0x180 [ 25.446584] ? kasan_atomics_helper+0x177f/0x5450 [ 25.446610] kasan_check_range+0x10c/0x1c0 [ 25.446634] __kasan_check_write+0x18/0x20 [ 25.446658] kasan_atomics_helper+0x177f/0x5450 [ 25.446681] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.446708] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.446733] ? kasan_atomics+0x152/0x310 [ 25.446762] kasan_atomics+0x1dc/0x310 [ 25.446785] ? __pfx_kasan_atomics+0x10/0x10 [ 25.446808] ? trace_hardirqs_on+0x37/0xe0 [ 25.446832] ? __pfx_read_tsc+0x10/0x10 [ 25.446855] ? ktime_get_ts64+0x86/0x230 [ 25.446881] kunit_try_run_case+0x1a5/0x480 [ 25.446906] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.446932] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.446959] ? __kthread_parkme+0x82/0x180 [ 25.446981] ? preempt_count_sub+0x50/0x80 [ 25.447006] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.447049] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.447074] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.447099] kthread+0x337/0x6f0 [ 25.447120] ? trace_preempt_on+0x20/0xc0 [ 25.447144] ? __pfx_kthread+0x10/0x10 [ 25.447165] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.447190] ? calculate_sigpending+0x7b/0xa0 [ 25.447215] ? __pfx_kthread+0x10/0x10 [ 25.447248] ret_from_fork+0x116/0x1d0 [ 25.447269] ? __pfx_kthread+0x10/0x10 [ 25.447290] ret_from_fork_asm+0x1a/0x30 [ 25.447323] </TASK> [ 25.447335] [ 25.457244] Allocated by task 294: [ 25.457607] kasan_save_stack+0x45/0x70 [ 25.458039] kasan_save_track+0x18/0x40 [ 25.458435] kasan_save_alloc_info+0x3b/0x50 [ 25.458859] __kasan_kmalloc+0xb7/0xc0 [ 25.459251] __kmalloc_cache_noprof+0x189/0x420 [ 25.459667] kasan_atomics+0x95/0x310 [ 25.460023] kunit_try_run_case+0x1a5/0x480 [ 25.460425] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.460901] kthread+0x337/0x6f0 [ 25.461237] ret_from_fork+0x116/0x1d0 [ 25.461586] ret_from_fork_asm+0x1a/0x30 [ 25.461937] [ 25.462025] The buggy address belongs to the object at ffff888100aaa000 [ 25.462025] which belongs to the cache kmalloc-64 of size 64 [ 25.462738] The buggy address is located 0 bytes to the right of [ 25.462738] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.463342] [ 25.463512] The buggy address belongs to the physical page: [ 25.463995] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.464711] flags: 0x200000000000000(node=0|zone=2) [ 25.465179] page_type: f5(slab) [ 25.465497] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.465943] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.466553] page dumped because: kasan: bad access detected [ 25.467070] [ 25.467142] Memory state around the buggy address: [ 25.467302] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.467925] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.468561] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.468906] ^ [ 25.469210] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.469823] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.470454] ================================================================== [ 25.183637] ================================================================== [ 25.184165] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1148/0x5450 [ 25.184435] Write of size 4 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.184657] [ 25.184740] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.184789] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.184803] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.184827] Call Trace: [ 25.184847] <TASK> [ 25.184867] dump_stack_lvl+0x73/0xb0 [ 25.184894] print_report+0xd1/0x650 [ 25.184918] ? __virt_addr_valid+0x1db/0x2d0 [ 25.184942] ? kasan_atomics_helper+0x1148/0x5450 [ 25.184964] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.184991] ? kasan_atomics_helper+0x1148/0x5450 [ 25.185015] kasan_report+0x141/0x180 [ 25.185048] ? kasan_atomics_helper+0x1148/0x5450 [ 25.185075] kasan_check_range+0x10c/0x1c0 [ 25.185099] __kasan_check_write+0x18/0x20 [ 25.185122] kasan_atomics_helper+0x1148/0x5450 [ 25.185154] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.185180] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.185206] ? kasan_atomics+0x152/0x310 [ 25.185251] kasan_atomics+0x1dc/0x310 [ 25.185275] ? __pfx_kasan_atomics+0x10/0x10 [ 25.185297] ? trace_hardirqs_on+0x37/0xe0 [ 25.185322] ? __pfx_read_tsc+0x10/0x10 [ 25.185347] ? ktime_get_ts64+0x86/0x230 [ 25.185383] kunit_try_run_case+0x1a5/0x480 [ 25.185408] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.185444] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.185472] ? __kthread_parkme+0x82/0x180 [ 25.185494] ? preempt_count_sub+0x50/0x80 [ 25.185519] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.185544] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.185568] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.185593] kthread+0x337/0x6f0 [ 25.185614] ? trace_preempt_on+0x20/0xc0 [ 25.185637] ? __pfx_kthread+0x10/0x10 [ 25.185659] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.185682] ? calculate_sigpending+0x7b/0xa0 [ 25.185708] ? __pfx_kthread+0x10/0x10 [ 25.185730] ret_from_fork+0x116/0x1d0 [ 25.185751] ? __pfx_kthread+0x10/0x10 [ 25.185772] ret_from_fork_asm+0x1a/0x30 [ 25.185804] </TASK> [ 25.185817] [ 25.195112] Allocated by task 294: [ 25.195255] kasan_save_stack+0x45/0x70 [ 25.195660] kasan_save_track+0x18/0x40 [ 25.195826] kasan_save_alloc_info+0x3b/0x50 [ 25.196026] __kasan_kmalloc+0xb7/0xc0 [ 25.196155] __kmalloc_cache_noprof+0x189/0x420 [ 25.196315] kasan_atomics+0x95/0x310 [ 25.196548] kunit_try_run_case+0x1a5/0x480 [ 25.196772] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.197026] kthread+0x337/0x6f0 [ 25.197191] ret_from_fork+0x116/0x1d0 [ 25.197386] ret_from_fork_asm+0x1a/0x30 [ 25.197542] [ 25.197652] The buggy address belongs to the object at ffff888100aaa000 [ 25.197652] which belongs to the cache kmalloc-64 of size 64 [ 25.198232] The buggy address is located 0 bytes to the right of [ 25.198232] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.198642] [ 25.198712] The buggy address belongs to the physical page: [ 25.198941] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.199574] flags: 0x200000000000000(node=0|zone=2) [ 25.199954] page_type: f5(slab) [ 25.200179] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.200471] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.200799] page dumped because: kasan: bad access detected [ 25.201037] [ 25.201116] Memory state around the buggy address: [ 25.201345] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.201647] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.201946] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.202271] ^ [ 25.202476] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.202762] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.203053] ================================================================== [ 25.768854] ================================================================== [ 25.769349] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f71/0x5450 [ 25.769594] Read of size 8 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.770095] [ 25.770205] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.770264] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.770278] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.770303] Call Trace: [ 25.770323] <TASK> [ 25.770342] dump_stack_lvl+0x73/0xb0 [ 25.770372] print_report+0xd1/0x650 [ 25.770395] ? __virt_addr_valid+0x1db/0x2d0 [ 25.770421] ? kasan_atomics_helper+0x4f71/0x5450 [ 25.770443] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.770470] ? kasan_atomics_helper+0x4f71/0x5450 [ 25.770492] kasan_report+0x141/0x180 [ 25.770515] ? kasan_atomics_helper+0x4f71/0x5450 [ 25.770541] __asan_report_load8_noabort+0x18/0x20 [ 25.770566] kasan_atomics_helper+0x4f71/0x5450 [ 25.770589] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.770615] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.770641] ? kasan_atomics+0x152/0x310 [ 25.770668] kasan_atomics+0x1dc/0x310 [ 25.770691] ? __pfx_kasan_atomics+0x10/0x10 [ 25.770714] ? trace_hardirqs_on+0x37/0xe0 [ 25.770737] ? __pfx_read_tsc+0x10/0x10 [ 25.770759] ? ktime_get_ts64+0x86/0x230 [ 25.770785] kunit_try_run_case+0x1a5/0x480 [ 25.770809] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.770834] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.770862] ? __kthread_parkme+0x82/0x180 [ 25.770883] ? preempt_count_sub+0x50/0x80 [ 25.770907] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.770932] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.770957] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.770981] kthread+0x337/0x6f0 [ 25.771002] ? trace_preempt_on+0x20/0xc0 [ 25.771024] ? __pfx_kthread+0x10/0x10 [ 25.771051] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.771076] ? calculate_sigpending+0x7b/0xa0 [ 25.771100] ? __pfx_kthread+0x10/0x10 [ 25.771122] ret_from_fork+0x116/0x1d0 [ 25.771142] ? __pfx_kthread+0x10/0x10 [ 25.771163] ret_from_fork_asm+0x1a/0x30 [ 25.771194] </TASK> [ 25.771207] [ 25.778949] Allocated by task 294: [ 25.779268] kasan_save_stack+0x45/0x70 [ 25.779448] kasan_save_track+0x18/0x40 [ 25.779616] kasan_save_alloc_info+0x3b/0x50 [ 25.779794] __kasan_kmalloc+0xb7/0xc0 [ 25.779947] __kmalloc_cache_noprof+0x189/0x420 [ 25.780094] kasan_atomics+0x95/0x310 [ 25.780391] kunit_try_run_case+0x1a5/0x480 [ 25.780596] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.780843] kthread+0x337/0x6f0 [ 25.781049] ret_from_fork+0x116/0x1d0 [ 25.781205] ret_from_fork_asm+0x1a/0x30 [ 25.781379] [ 25.781473] The buggy address belongs to the object at ffff888100aaa000 [ 25.781473] which belongs to the cache kmalloc-64 of size 64 [ 25.781909] The buggy address is located 0 bytes to the right of [ 25.781909] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.782395] [ 25.782493] The buggy address belongs to the physical page: [ 25.782705] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.783014] flags: 0x200000000000000(node=0|zone=2) [ 25.783262] page_type: f5(slab) [ 25.783383] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.783608] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.783859] page dumped because: kasan: bad access detected [ 25.784103] [ 25.784191] Memory state around the buggy address: [ 25.784470] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.784775] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.784985] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.785437] ^ [ 25.785618] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.785828] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.786183] ================================================================== [ 25.116073] ================================================================== [ 25.116495] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a36/0x5450 [ 25.116763] Read of size 4 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.117080] [ 25.117163] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.117214] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.117239] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.117262] Call Trace: [ 25.117282] <TASK> [ 25.117303] dump_stack_lvl+0x73/0xb0 [ 25.117332] print_report+0xd1/0x650 [ 25.117354] ? __virt_addr_valid+0x1db/0x2d0 [ 25.117377] ? kasan_atomics_helper+0x4a36/0x5450 [ 25.117399] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.117426] ? kasan_atomics_helper+0x4a36/0x5450 [ 25.117447] kasan_report+0x141/0x180 [ 25.117470] ? kasan_atomics_helper+0x4a36/0x5450 [ 25.117496] __asan_report_load4_noabort+0x18/0x20 [ 25.117521] kasan_atomics_helper+0x4a36/0x5450 [ 25.117544] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.117570] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.117595] ? kasan_atomics+0x152/0x310 [ 25.117637] kasan_atomics+0x1dc/0x310 [ 25.117661] ? __pfx_kasan_atomics+0x10/0x10 [ 25.117684] ? trace_hardirqs_on+0x37/0xe0 [ 25.117708] ? __pfx_read_tsc+0x10/0x10 [ 25.117732] ? ktime_get_ts64+0x86/0x230 [ 25.117757] kunit_try_run_case+0x1a5/0x480 [ 25.117784] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.117809] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.117837] ? __kthread_parkme+0x82/0x180 [ 25.117858] ? preempt_count_sub+0x50/0x80 [ 25.117884] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.117908] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.117933] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.117958] kthread+0x337/0x6f0 [ 25.117979] ? trace_preempt_on+0x20/0xc0 [ 25.118002] ? __pfx_kthread+0x10/0x10 [ 25.118025] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.118050] ? calculate_sigpending+0x7b/0xa0 [ 25.118075] ? __pfx_kthread+0x10/0x10 [ 25.118097] ret_from_fork+0x116/0x1d0 [ 25.118117] ? __pfx_kthread+0x10/0x10 [ 25.118139] ret_from_fork_asm+0x1a/0x30 [ 25.118171] </TASK> [ 25.118183] [ 25.127312] Allocated by task 294: [ 25.127469] kasan_save_stack+0x45/0x70 [ 25.127624] kasan_save_track+0x18/0x40 [ 25.127750] kasan_save_alloc_info+0x3b/0x50 [ 25.127890] __kasan_kmalloc+0xb7/0xc0 [ 25.128014] __kmalloc_cache_noprof+0x189/0x420 [ 25.128161] kasan_atomics+0x95/0x310 [ 25.128468] kunit_try_run_case+0x1a5/0x480 [ 25.128994] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.129455] kthread+0x337/0x6f0 [ 25.129808] ret_from_fork+0x116/0x1d0 [ 25.130252] ret_from_fork_asm+0x1a/0x30 [ 25.130641] [ 25.130795] The buggy address belongs to the object at ffff888100aaa000 [ 25.130795] which belongs to the cache kmalloc-64 of size 64 [ 25.131936] The buggy address is located 0 bytes to the right of [ 25.131936] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.133190] [ 25.133361] The buggy address belongs to the physical page: [ 25.133857] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.134657] flags: 0x200000000000000(node=0|zone=2) [ 25.135154] page_type: f5(slab) [ 25.135316] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.135543] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.135757] page dumped because: kasan: bad access detected [ 25.135918] [ 25.135979] Memory state around the buggy address: [ 25.136585] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.137383] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.138015] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.138651] ^ [ 25.139052] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.139491] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.139697] ================================================================== [ 25.700662] ================================================================== [ 25.701118] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1e12/0x5450 [ 25.701475] Write of size 8 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.701809] [ 25.701912] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.701959] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.701973] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.701996] Call Trace: [ 25.702022] <TASK> [ 25.702039] dump_stack_lvl+0x73/0xb0 [ 25.702066] print_report+0xd1/0x650 [ 25.702089] ? __virt_addr_valid+0x1db/0x2d0 [ 25.702114] ? kasan_atomics_helper+0x1e12/0x5450 [ 25.702136] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.702163] ? kasan_atomics_helper+0x1e12/0x5450 [ 25.702184] kasan_report+0x141/0x180 [ 25.702207] ? kasan_atomics_helper+0x1e12/0x5450 [ 25.702244] kasan_check_range+0x10c/0x1c0 [ 25.702268] __kasan_check_write+0x18/0x20 [ 25.702293] kasan_atomics_helper+0x1e12/0x5450 [ 25.702316] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.702342] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.702368] ? kasan_atomics+0x152/0x310 [ 25.702395] kasan_atomics+0x1dc/0x310 [ 25.702418] ? __pfx_kasan_atomics+0x10/0x10 [ 25.702441] ? trace_hardirqs_on+0x37/0xe0 [ 25.702465] ? __pfx_read_tsc+0x10/0x10 [ 25.702487] ? ktime_get_ts64+0x86/0x230 [ 25.702512] kunit_try_run_case+0x1a5/0x480 [ 25.702538] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.702564] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.702591] ? __kthread_parkme+0x82/0x180 [ 25.702613] ? preempt_count_sub+0x50/0x80 [ 25.702636] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.702662] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.702686] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.702710] kthread+0x337/0x6f0 [ 25.702732] ? trace_preempt_on+0x20/0xc0 [ 25.702756] ? __pfx_kthread+0x10/0x10 [ 25.702778] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.702803] ? calculate_sigpending+0x7b/0xa0 [ 25.702828] ? __pfx_kthread+0x10/0x10 [ 25.702849] ret_from_fork+0x116/0x1d0 [ 25.702870] ? __pfx_kthread+0x10/0x10 [ 25.702891] ret_from_fork_asm+0x1a/0x30 [ 25.702922] </TASK> [ 25.702934] [ 25.712921] Allocated by task 294: [ 25.713164] kasan_save_stack+0x45/0x70 [ 25.713359] kasan_save_track+0x18/0x40 [ 25.713529] kasan_save_alloc_info+0x3b/0x50 [ 25.713703] __kasan_kmalloc+0xb7/0xc0 [ 25.713856] __kmalloc_cache_noprof+0x189/0x420 [ 25.714493] kasan_atomics+0x95/0x310 [ 25.714819] kunit_try_run_case+0x1a5/0x480 [ 25.715395] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.715643] kthread+0x337/0x6f0 [ 25.715787] ret_from_fork+0x116/0x1d0 [ 25.715947] ret_from_fork_asm+0x1a/0x30 [ 25.716350] [ 25.716576] The buggy address belongs to the object at ffff888100aaa000 [ 25.716576] which belongs to the cache kmalloc-64 of size 64 [ 25.717284] The buggy address is located 0 bytes to the right of [ 25.717284] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.717775] [ 25.717859] The buggy address belongs to the physical page: [ 25.718347] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.718886] flags: 0x200000000000000(node=0|zone=2) [ 25.719306] page_type: f5(slab) [ 25.719583] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.720205] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.720523] page dumped because: kasan: bad access detected [ 25.720739] [ 25.720817] Memory state around the buggy address: [ 25.721003] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.721301] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.721576] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.721866] ^ [ 25.722463] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.722924] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.723460] ================================================================== [ 25.574579] ================================================================== [ 25.574952] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1a7f/0x5450 [ 25.575427] Write of size 8 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.575846] [ 25.575931] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.575979] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.575993] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.576026] Call Trace: [ 25.576046] <TASK> [ 25.576065] dump_stack_lvl+0x73/0xb0 [ 25.576095] print_report+0xd1/0x650 [ 25.576119] ? __virt_addr_valid+0x1db/0x2d0 [ 25.576143] ? kasan_atomics_helper+0x1a7f/0x5450 [ 25.576165] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.576192] ? kasan_atomics_helper+0x1a7f/0x5450 [ 25.576213] kasan_report+0x141/0x180 [ 25.576248] ? kasan_atomics_helper+0x1a7f/0x5450 [ 25.576274] kasan_check_range+0x10c/0x1c0 [ 25.576298] __kasan_check_write+0x18/0x20 [ 25.576321] kasan_atomics_helper+0x1a7f/0x5450 [ 25.576345] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.576371] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.576396] ? kasan_atomics+0x152/0x310 [ 25.576423] kasan_atomics+0x1dc/0x310 [ 25.576446] ? __pfx_kasan_atomics+0x10/0x10 [ 25.576469] ? trace_hardirqs_on+0x37/0xe0 [ 25.576502] ? __pfx_read_tsc+0x10/0x10 [ 25.576525] ? ktime_get_ts64+0x86/0x230 [ 25.576550] kunit_try_run_case+0x1a5/0x480 [ 25.576589] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.576614] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.576641] ? __kthread_parkme+0x82/0x180 [ 25.576672] ? preempt_count_sub+0x50/0x80 [ 25.576696] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.576720] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.576757] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.576782] kthread+0x337/0x6f0 [ 25.576802] ? trace_preempt_on+0x20/0xc0 [ 25.576834] ? __pfx_kthread+0x10/0x10 [ 25.576856] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.576881] ? calculate_sigpending+0x7b/0xa0 [ 25.576917] ? __pfx_kthread+0x10/0x10 [ 25.576940] ret_from_fork+0x116/0x1d0 [ 25.576961] ? __pfx_kthread+0x10/0x10 [ 25.576990] ret_from_fork_asm+0x1a/0x30 [ 25.577023] </TASK> [ 25.577036] [ 25.584651] Allocated by task 294: [ 25.584843] kasan_save_stack+0x45/0x70 [ 25.585047] kasan_save_track+0x18/0x40 [ 25.585228] kasan_save_alloc_info+0x3b/0x50 [ 25.585440] __kasan_kmalloc+0xb7/0xc0 [ 25.585611] __kmalloc_cache_noprof+0x189/0x420 [ 25.585825] kasan_atomics+0x95/0x310 [ 25.585953] kunit_try_run_case+0x1a5/0x480 [ 25.586312] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.586540] kthread+0x337/0x6f0 [ 25.586724] ret_from_fork+0x116/0x1d0 [ 25.586894] ret_from_fork_asm+0x1a/0x30 [ 25.587037] [ 25.587104] The buggy address belongs to the object at ffff888100aaa000 [ 25.587104] which belongs to the cache kmalloc-64 of size 64 [ 25.587463] The buggy address is located 0 bytes to the right of [ 25.587463] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.587821] [ 25.587889] The buggy address belongs to the physical page: [ 25.588056] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.588771] flags: 0x200000000000000(node=0|zone=2) [ 25.589003] page_type: f5(slab) [ 25.589295] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.589632] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.589962] page dumped because: kasan: bad access detected [ 25.590233] [ 25.590330] Memory state around the buggy address: [ 25.590522] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.590735] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.590946] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.591548] ^ [ 25.591774] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.592194] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.592424] ================================================================== [ 24.817677] ================================================================== [ 24.818139] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x697/0x5450 [ 24.818619] Write of size 4 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 24.818934] [ 24.819047] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.819102] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.819116] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.819320] Call Trace: [ 24.819348] <TASK> [ 24.819371] dump_stack_lvl+0x73/0xb0 [ 24.819405] print_report+0xd1/0x650 [ 24.819431] ? __virt_addr_valid+0x1db/0x2d0 [ 24.819457] ? kasan_atomics_helper+0x697/0x5450 [ 24.819479] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.819506] ? kasan_atomics_helper+0x697/0x5450 [ 24.819528] kasan_report+0x141/0x180 [ 24.819552] ? kasan_atomics_helper+0x697/0x5450 [ 24.819577] kasan_check_range+0x10c/0x1c0 [ 24.819601] __kasan_check_write+0x18/0x20 [ 24.819624] kasan_atomics_helper+0x697/0x5450 [ 24.819647] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.819674] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.819700] ? kasan_atomics+0x152/0x310 [ 24.819726] kasan_atomics+0x1dc/0x310 [ 24.819750] ? __pfx_kasan_atomics+0x10/0x10 [ 24.819772] ? trace_hardirqs_on+0x37/0xe0 [ 24.819797] ? __pfx_read_tsc+0x10/0x10 [ 24.819820] ? ktime_get_ts64+0x86/0x230 [ 24.819846] kunit_try_run_case+0x1a5/0x480 [ 24.819873] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.819898] ? queued_spin_lock_slowpath+0x116/0xb40 [ 24.819926] ? __kthread_parkme+0x82/0x180 [ 24.819950] ? preempt_count_sub+0x50/0x80 [ 24.819974] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.819999] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.820033] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.820058] kthread+0x337/0x6f0 [ 24.820079] ? trace_preempt_on+0x20/0xc0 [ 24.820102] ? __pfx_kthread+0x10/0x10 [ 24.820123] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.820147] ? calculate_sigpending+0x7b/0xa0 [ 24.820172] ? __pfx_kthread+0x10/0x10 [ 24.820194] ret_from_fork+0x116/0x1d0 [ 24.820216] ? __pfx_kthread+0x10/0x10 [ 24.820249] ret_from_fork_asm+0x1a/0x30 [ 24.820283] </TASK> [ 24.820296] [ 24.827232] Allocated by task 294: [ 24.827359] kasan_save_stack+0x45/0x70 [ 24.827558] kasan_save_track+0x18/0x40 [ 24.827706] kasan_save_alloc_info+0x3b/0x50 [ 24.827846] __kasan_kmalloc+0xb7/0xc0 [ 24.827966] __kmalloc_cache_noprof+0x189/0x420 [ 24.828175] kasan_atomics+0x95/0x310 [ 24.828363] kunit_try_run_case+0x1a5/0x480 [ 24.828536] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.828699] kthread+0x337/0x6f0 [ 24.828812] ret_from_fork+0x116/0x1d0 [ 24.828984] ret_from_fork_asm+0x1a/0x30 [ 24.829187] [ 24.829287] The buggy address belongs to the object at ffff888100aaa000 [ 24.829287] which belongs to the cache kmalloc-64 of size 64 [ 24.829815] The buggy address is located 0 bytes to the right of [ 24.829815] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 24.830331] [ 24.830401] The buggy address belongs to the physical page: [ 24.830650] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 24.830893] flags: 0x200000000000000(node=0|zone=2) [ 24.831056] page_type: f5(slab) [ 24.831172] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.831402] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.831621] page dumped because: kasan: bad access detected [ 24.831862] [ 24.831949] Memory state around the buggy address: [ 24.832167] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.832510] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.832992] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.833362] ^ [ 24.833512] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.833723] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.833932] ================================================================== [ 25.367745] ================================================================== [ 25.368118] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x151d/0x5450 [ 25.368468] Write of size 8 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.368782] [ 25.368894] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.368956] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.368970] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.368994] Call Trace: [ 25.369027] <TASK> [ 25.369049] dump_stack_lvl+0x73/0xb0 [ 25.369078] print_report+0xd1/0x650 [ 25.369102] ? __virt_addr_valid+0x1db/0x2d0 [ 25.369127] ? kasan_atomics_helper+0x151d/0x5450 [ 25.369150] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.369178] ? kasan_atomics_helper+0x151d/0x5450 [ 25.369200] kasan_report+0x141/0x180 [ 25.369233] ? kasan_atomics_helper+0x151d/0x5450 [ 25.369260] kasan_check_range+0x10c/0x1c0 [ 25.369284] __kasan_check_write+0x18/0x20 [ 25.369308] kasan_atomics_helper+0x151d/0x5450 [ 25.369331] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.369358] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.369384] ? kasan_atomics+0x152/0x310 [ 25.369411] kasan_atomics+0x1dc/0x310 [ 25.369434] ? __pfx_kasan_atomics+0x10/0x10 [ 25.369457] ? trace_hardirqs_on+0x37/0xe0 [ 25.369482] ? __pfx_read_tsc+0x10/0x10 [ 25.369506] ? ktime_get_ts64+0x86/0x230 [ 25.369531] kunit_try_run_case+0x1a5/0x480 [ 25.369557] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.369583] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.369609] ? __kthread_parkme+0x82/0x180 [ 25.369631] ? preempt_count_sub+0x50/0x80 [ 25.369656] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.369681] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.369705] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.369729] kthread+0x337/0x6f0 [ 25.369750] ? trace_preempt_on+0x20/0xc0 [ 25.369773] ? __pfx_kthread+0x10/0x10 [ 25.369795] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.369820] ? calculate_sigpending+0x7b/0xa0 [ 25.369845] ? __pfx_kthread+0x10/0x10 [ 25.369867] ret_from_fork+0x116/0x1d0 [ 25.369887] ? __pfx_kthread+0x10/0x10 [ 25.369908] ret_from_fork_asm+0x1a/0x30 [ 25.369940] </TASK> [ 25.369952] [ 25.377535] Allocated by task 294: [ 25.377701] kasan_save_stack+0x45/0x70 [ 25.377899] kasan_save_track+0x18/0x40 [ 25.378143] kasan_save_alloc_info+0x3b/0x50 [ 25.378303] __kasan_kmalloc+0xb7/0xc0 [ 25.378433] __kmalloc_cache_noprof+0x189/0x420 [ 25.378583] kasan_atomics+0x95/0x310 [ 25.378710] kunit_try_run_case+0x1a5/0x480 [ 25.378855] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.379138] kthread+0x337/0x6f0 [ 25.379316] ret_from_fork+0x116/0x1d0 [ 25.379498] ret_from_fork_asm+0x1a/0x30 [ 25.379690] [ 25.379783] The buggy address belongs to the object at ffff888100aaa000 [ 25.379783] which belongs to the cache kmalloc-64 of size 64 [ 25.380162] The buggy address is located 0 bytes to the right of [ 25.380162] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.380631] [ 25.380727] The buggy address belongs to the physical page: [ 25.380979] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.381354] flags: 0x200000000000000(node=0|zone=2) [ 25.381628] page_type: f5(slab) [ 25.381834] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.382173] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.382408] page dumped because: kasan: bad access detected [ 25.382572] [ 25.382637] Memory state around the buggy address: [ 25.382787] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.383250] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.383595] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.383904] ^ [ 25.384109] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.384330] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.384539] ================================================================== [ 24.687865] ================================================================== [ 24.688387] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df/0x5450 [ 24.688775] Read of size 4 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 24.689248] [ 24.689406] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.689458] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.689472] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.689497] Call Trace: [ 24.689562] <TASK> [ 24.689600] dump_stack_lvl+0x73/0xb0 [ 24.689688] print_report+0xd1/0x650 [ 24.689725] ? __virt_addr_valid+0x1db/0x2d0 [ 24.689751] ? kasan_atomics_helper+0x3df/0x5450 [ 24.689773] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.689801] ? kasan_atomics_helper+0x3df/0x5450 [ 24.689822] kasan_report+0x141/0x180 [ 24.689845] ? kasan_atomics_helper+0x3df/0x5450 [ 24.689871] kasan_check_range+0x10c/0x1c0 [ 24.689895] __kasan_check_read+0x15/0x20 [ 24.689919] kasan_atomics_helper+0x3df/0x5450 [ 24.689941] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.689968] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.689995] ? kasan_atomics+0x152/0x310 [ 24.690035] kasan_atomics+0x1dc/0x310 [ 24.690058] ? __pfx_kasan_atomics+0x10/0x10 [ 24.690081] ? trace_hardirqs_on+0x37/0xe0 [ 24.690105] ? __pfx_read_tsc+0x10/0x10 [ 24.690128] ? ktime_get_ts64+0x86/0x230 [ 24.690153] kunit_try_run_case+0x1a5/0x480 [ 24.690179] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.690204] ? queued_spin_lock_slowpath+0x116/0xb40 [ 24.690244] ? __kthread_parkme+0x82/0x180 [ 24.690265] ? preempt_count_sub+0x50/0x80 [ 24.690289] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.690314] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.690339] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.690364] kthread+0x337/0x6f0 [ 24.690385] ? trace_preempt_on+0x20/0xc0 [ 24.690408] ? __pfx_kthread+0x10/0x10 [ 24.690430] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.690454] ? calculate_sigpending+0x7b/0xa0 [ 24.690479] ? __pfx_kthread+0x10/0x10 [ 24.690502] ret_from_fork+0x116/0x1d0 [ 24.690522] ? __pfx_kthread+0x10/0x10 [ 24.690543] ret_from_fork_asm+0x1a/0x30 [ 24.690575] </TASK> [ 24.690588] [ 24.700198] Allocated by task 294: [ 24.700379] kasan_save_stack+0x45/0x70 [ 24.700588] kasan_save_track+0x18/0x40 [ 24.700764] kasan_save_alloc_info+0x3b/0x50 [ 24.700911] __kasan_kmalloc+0xb7/0xc0 [ 24.701051] __kmalloc_cache_noprof+0x189/0x420 [ 24.701293] kasan_atomics+0x95/0x310 [ 24.701489] kunit_try_run_case+0x1a5/0x480 [ 24.701642] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.701830] kthread+0x337/0x6f0 [ 24.702050] ret_from_fork+0x116/0x1d0 [ 24.702247] ret_from_fork_asm+0x1a/0x30 [ 24.702465] [ 24.702535] The buggy address belongs to the object at ffff888100aaa000 [ 24.702535] which belongs to the cache kmalloc-64 of size 64 [ 24.703042] The buggy address is located 0 bytes to the right of [ 24.703042] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 24.703576] [ 24.703662] The buggy address belongs to the physical page: [ 24.703897] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 24.704276] flags: 0x200000000000000(node=0|zone=2) [ 24.704490] page_type: f5(slab) [ 24.704644] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.704947] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.705288] page dumped because: kasan: bad access detected [ 24.705456] [ 24.705519] Memory state around the buggy address: [ 24.705725] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.706047] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.706530] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.706770] ^ [ 24.706945] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.707502] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.707863] ================================================================== [ 25.527728] ================================================================== [ 25.528419] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x194a/0x5450 [ 25.529161] Write of size 8 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.529947] [ 25.530190] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.530376] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.530399] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.530425] Call Trace: [ 25.530526] <TASK> [ 25.530553] dump_stack_lvl+0x73/0xb0 [ 25.530702] print_report+0xd1/0x650 [ 25.530737] ? __virt_addr_valid+0x1db/0x2d0 [ 25.530762] ? kasan_atomics_helper+0x194a/0x5450 [ 25.530860] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.530887] ? kasan_atomics_helper+0x194a/0x5450 [ 25.530922] kasan_report+0x141/0x180 [ 25.530945] ? kasan_atomics_helper+0x194a/0x5450 [ 25.530978] kasan_check_range+0x10c/0x1c0 [ 25.531002] __kasan_check_write+0x18/0x20 [ 25.531037] kasan_atomics_helper+0x194a/0x5450 [ 25.531061] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.531086] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.531112] ? kasan_atomics+0x152/0x310 [ 25.531140] kasan_atomics+0x1dc/0x310 [ 25.531163] ? __pfx_kasan_atomics+0x10/0x10 [ 25.531186] ? trace_hardirqs_on+0x37/0xe0 [ 25.531209] ? __pfx_read_tsc+0x10/0x10 [ 25.531243] ? ktime_get_ts64+0x86/0x230 [ 25.531270] kunit_try_run_case+0x1a5/0x480 [ 25.531295] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.531320] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.531349] ? __kthread_parkme+0x82/0x180 [ 25.531371] ? preempt_count_sub+0x50/0x80 [ 25.531396] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.531421] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.531446] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.531471] kthread+0x337/0x6f0 [ 25.531492] ? trace_preempt_on+0x20/0xc0 [ 25.531514] ? __pfx_kthread+0x10/0x10 [ 25.531536] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.531560] ? calculate_sigpending+0x7b/0xa0 [ 25.531585] ? __pfx_kthread+0x10/0x10 [ 25.531607] ret_from_fork+0x116/0x1d0 [ 25.531627] ? __pfx_kthread+0x10/0x10 [ 25.531648] ret_from_fork_asm+0x1a/0x30 [ 25.531680] </TASK> [ 25.531693] [ 25.543894] Allocated by task 294: [ 25.544172] kasan_save_stack+0x45/0x70 [ 25.544464] kasan_save_track+0x18/0x40 [ 25.544598] kasan_save_alloc_info+0x3b/0x50 [ 25.544740] __kasan_kmalloc+0xb7/0xc0 [ 25.544867] __kmalloc_cache_noprof+0x189/0x420 [ 25.545037] kasan_atomics+0x95/0x310 [ 25.545393] kunit_try_run_case+0x1a5/0x480 [ 25.545784] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.546277] kthread+0x337/0x6f0 [ 25.546598] ret_from_fork+0x116/0x1d0 [ 25.546939] ret_from_fork_asm+0x1a/0x30 [ 25.547349] [ 25.547504] The buggy address belongs to the object at ffff888100aaa000 [ 25.547504] which belongs to the cache kmalloc-64 of size 64 [ 25.548566] The buggy address is located 0 bytes to the right of [ 25.548566] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.549143] [ 25.549216] The buggy address belongs to the physical page: [ 25.549398] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.549636] flags: 0x200000000000000(node=0|zone=2) [ 25.549798] page_type: f5(slab) [ 25.549916] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.550192] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.550610] page dumped because: kasan: bad access detected [ 25.551275] [ 25.551433] Memory state around the buggy address: [ 25.551878] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.552570] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.553203] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.553826] ^ [ 25.554138] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.554684] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.554892] ================================================================== [ 24.834449] ================================================================== [ 24.834813] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x72f/0x5450 [ 24.835354] Write of size 4 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 24.835696] [ 24.835811] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.835861] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.835873] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.835898] Call Trace: [ 24.835920] <TASK> [ 24.835940] dump_stack_lvl+0x73/0xb0 [ 24.835972] print_report+0xd1/0x650 [ 24.835997] ? __virt_addr_valid+0x1db/0x2d0 [ 24.836030] ? kasan_atomics_helper+0x72f/0x5450 [ 24.836051] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.836078] ? kasan_atomics_helper+0x72f/0x5450 [ 24.836101] kasan_report+0x141/0x180 [ 24.836123] ? kasan_atomics_helper+0x72f/0x5450 [ 24.836149] kasan_check_range+0x10c/0x1c0 [ 24.836173] __kasan_check_write+0x18/0x20 [ 24.836198] kasan_atomics_helper+0x72f/0x5450 [ 24.836233] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.836260] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.836286] ? kasan_atomics+0x152/0x310 [ 24.836313] kasan_atomics+0x1dc/0x310 [ 24.836336] ? __pfx_kasan_atomics+0x10/0x10 [ 24.836359] ? trace_hardirqs_on+0x37/0xe0 [ 24.836382] ? __pfx_read_tsc+0x10/0x10 [ 24.836405] ? ktime_get_ts64+0x86/0x230 [ 24.836431] kunit_try_run_case+0x1a5/0x480 [ 24.836458] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.836483] ? queued_spin_lock_slowpath+0x116/0xb40 [ 24.836510] ? __kthread_parkme+0x82/0x180 [ 24.836532] ? preempt_count_sub+0x50/0x80 [ 24.836556] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.836581] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.836605] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.836630] kthread+0x337/0x6f0 [ 24.836651] ? trace_preempt_on+0x20/0xc0 [ 24.836673] ? __pfx_kthread+0x10/0x10 [ 24.836695] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.836719] ? calculate_sigpending+0x7b/0xa0 [ 24.836743] ? __pfx_kthread+0x10/0x10 [ 24.836765] ret_from_fork+0x116/0x1d0 [ 24.836785] ? __pfx_kthread+0x10/0x10 [ 24.836806] ret_from_fork_asm+0x1a/0x30 [ 24.836838] </TASK> [ 24.836851] [ 24.844408] Allocated by task 294: [ 24.844552] kasan_save_stack+0x45/0x70 [ 24.844746] kasan_save_track+0x18/0x40 [ 24.844909] kasan_save_alloc_info+0x3b/0x50 [ 24.845123] __kasan_kmalloc+0xb7/0xc0 [ 24.845260] __kmalloc_cache_noprof+0x189/0x420 [ 24.845412] kasan_atomics+0x95/0x310 [ 24.845595] kunit_try_run_case+0x1a5/0x480 [ 24.845792] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.846059] kthread+0x337/0x6f0 [ 24.846178] ret_from_fork+0x116/0x1d0 [ 24.846316] ret_from_fork_asm+0x1a/0x30 [ 24.846487] [ 24.846577] The buggy address belongs to the object at ffff888100aaa000 [ 24.846577] which belongs to the cache kmalloc-64 of size 64 [ 24.847135] The buggy address is located 0 bytes to the right of [ 24.847135] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 24.847519] [ 24.847589] The buggy address belongs to the physical page: [ 24.847760] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 24.847997] flags: 0x200000000000000(node=0|zone=2) [ 24.848241] page_type: f5(slab) [ 24.848406] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.848752] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.849152] page dumped because: kasan: bad access detected [ 24.849361] [ 24.849425] Memory state around the buggy address: [ 24.849575] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.849786] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.850027] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.850352] ^ [ 24.850575] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.850900] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.851522] ================================================================== [ 24.888053] ================================================================== [ 24.888377] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x8f9/0x5450 [ 24.888642] Write of size 4 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 24.889478] [ 24.889612] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.889665] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.889679] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.889704] Call Trace: [ 24.889726] <TASK> [ 24.889748] dump_stack_lvl+0x73/0xb0 [ 24.889792] print_report+0xd1/0x650 [ 24.889818] ? __virt_addr_valid+0x1db/0x2d0 [ 24.889844] ? kasan_atomics_helper+0x8f9/0x5450 [ 24.889866] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.889893] ? kasan_atomics_helper+0x8f9/0x5450 [ 24.889916] kasan_report+0x141/0x180 [ 24.889939] ? kasan_atomics_helper+0x8f9/0x5450 [ 24.889965] kasan_check_range+0x10c/0x1c0 [ 24.889990] __kasan_check_write+0x18/0x20 [ 24.890014] kasan_atomics_helper+0x8f9/0x5450 [ 24.890051] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.890079] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.890105] ? kasan_atomics+0x152/0x310 [ 24.890132] kasan_atomics+0x1dc/0x310 [ 24.890156] ? __pfx_kasan_atomics+0x10/0x10 [ 24.890178] ? trace_hardirqs_on+0x37/0xe0 [ 24.890203] ? __pfx_read_tsc+0x10/0x10 [ 24.890239] ? ktime_get_ts64+0x86/0x230 [ 24.890265] kunit_try_run_case+0x1a5/0x480 [ 24.890291] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.890317] ? queued_spin_lock_slowpath+0x116/0xb40 [ 24.890345] ? __kthread_parkme+0x82/0x180 [ 24.890367] ? preempt_count_sub+0x50/0x80 [ 24.890392] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.890417] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.890442] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.890467] kthread+0x337/0x6f0 [ 24.890488] ? trace_preempt_on+0x20/0xc0 [ 24.890512] ? __pfx_kthread+0x10/0x10 [ 24.890533] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.890557] ? calculate_sigpending+0x7b/0xa0 [ 24.890582] ? __pfx_kthread+0x10/0x10 [ 24.890604] ret_from_fork+0x116/0x1d0 [ 24.890624] ? __pfx_kthread+0x10/0x10 [ 24.890646] ret_from_fork_asm+0x1a/0x30 [ 24.890677] </TASK> [ 24.890690] [ 24.898316] Allocated by task 294: [ 24.898472] kasan_save_stack+0x45/0x70 [ 24.898608] kasan_save_track+0x18/0x40 [ 24.898737] kasan_save_alloc_info+0x3b/0x50 [ 24.898881] __kasan_kmalloc+0xb7/0xc0 [ 24.899089] __kmalloc_cache_noprof+0x189/0x420 [ 24.899319] kasan_atomics+0x95/0x310 [ 24.899503] kunit_try_run_case+0x1a5/0x480 [ 24.899706] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.899920] kthread+0x337/0x6f0 [ 24.900106] ret_from_fork+0x116/0x1d0 [ 24.900279] ret_from_fork_asm+0x1a/0x30 [ 24.900440] [ 24.900537] The buggy address belongs to the object at ffff888100aaa000 [ 24.900537] which belongs to the cache kmalloc-64 of size 64 [ 24.900939] The buggy address is located 0 bytes to the right of [ 24.900939] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 24.901575] [ 24.901671] The buggy address belongs to the physical page: [ 24.901872] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 24.902257] flags: 0x200000000000000(node=0|zone=2) [ 24.902442] page_type: f5(slab) [ 24.902603] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.902835] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.903071] page dumped because: kasan: bad access detected [ 24.903296] [ 24.903363] Memory state around the buggy address: [ 24.903515] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.903737] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.904168] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.904493] ^ [ 24.904714] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.905026] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.905390] ================================================================== [ 24.993451] ================================================================== [ 24.993694] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a84/0x5450 [ 24.994291] Read of size 4 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 24.994616] [ 24.994725] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.994776] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.994790] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.994813] Call Trace: [ 24.994833] <TASK> [ 24.994852] dump_stack_lvl+0x73/0xb0 [ 24.994881] print_report+0xd1/0x650 [ 24.994904] ? __virt_addr_valid+0x1db/0x2d0 [ 24.994929] ? kasan_atomics_helper+0x4a84/0x5450 [ 24.994951] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.994978] ? kasan_atomics_helper+0x4a84/0x5450 [ 24.995000] kasan_report+0x141/0x180 [ 24.995022] ? kasan_atomics_helper+0x4a84/0x5450 [ 24.995055] __asan_report_load4_noabort+0x18/0x20 [ 24.995080] kasan_atomics_helper+0x4a84/0x5450 [ 24.995103] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.995129] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.995155] ? kasan_atomics+0x152/0x310 [ 24.995182] kasan_atomics+0x1dc/0x310 [ 24.995205] ? __pfx_kasan_atomics+0x10/0x10 [ 24.995238] ? trace_hardirqs_on+0x37/0xe0 [ 24.995263] ? __pfx_read_tsc+0x10/0x10 [ 24.995287] ? ktime_get_ts64+0x86/0x230 [ 24.995313] kunit_try_run_case+0x1a5/0x480 [ 24.995339] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.995364] ? queued_spin_lock_slowpath+0x116/0xb40 [ 24.995391] ? __kthread_parkme+0x82/0x180 [ 24.995413] ? preempt_count_sub+0x50/0x80 [ 24.995437] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.995462] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.995487] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.995511] kthread+0x337/0x6f0 [ 24.995531] ? trace_preempt_on+0x20/0xc0 [ 24.995555] ? __pfx_kthread+0x10/0x10 [ 24.995586] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.995611] ? calculate_sigpending+0x7b/0xa0 [ 24.995637] ? __pfx_kthread+0x10/0x10 [ 24.995659] ret_from_fork+0x116/0x1d0 [ 24.995679] ? __pfx_kthread+0x10/0x10 [ 24.995701] ret_from_fork_asm+0x1a/0x30 [ 24.995733] </TASK> [ 24.995745] [ 25.003209] Allocated by task 294: [ 25.003410] kasan_save_stack+0x45/0x70 [ 25.003614] kasan_save_track+0x18/0x40 [ 25.003807] kasan_save_alloc_info+0x3b/0x50 [ 25.004026] __kasan_kmalloc+0xb7/0xc0 [ 25.004250] __kmalloc_cache_noprof+0x189/0x420 [ 25.004479] kasan_atomics+0x95/0x310 [ 25.004672] kunit_try_run_case+0x1a5/0x480 [ 25.004831] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.005001] kthread+0x337/0x6f0 [ 25.005139] ret_from_fork+0x116/0x1d0 [ 25.005276] ret_from_fork_asm+0x1a/0x30 [ 25.005413] [ 25.005507] The buggy address belongs to the object at ffff888100aaa000 [ 25.005507] which belongs to the cache kmalloc-64 of size 64 [ 25.006070] The buggy address is located 0 bytes to the right of [ 25.006070] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.006588] [ 25.006660] The buggy address belongs to the physical page: [ 25.006911] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.007214] flags: 0x200000000000000(node=0|zone=2) [ 25.007385] page_type: f5(slab) [ 25.007501] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.007727] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.008079] page dumped because: kasan: bad access detected [ 25.008341] [ 25.008431] Memory state around the buggy address: [ 25.008657] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.008971] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.009322] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.009640] ^ [ 25.009866] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.010133] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.010353] ================================================================== [ 25.276013] ================================================================== [ 25.276321] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49ce/0x5450 [ 25.276690] Read of size 4 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.277095] [ 25.277198] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.277269] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.277284] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.277329] Call Trace: [ 25.277351] <TASK> [ 25.277370] dump_stack_lvl+0x73/0xb0 [ 25.277411] print_report+0xd1/0x650 [ 25.277435] ? __virt_addr_valid+0x1db/0x2d0 [ 25.277460] ? kasan_atomics_helper+0x49ce/0x5450 [ 25.277481] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.277508] ? kasan_atomics_helper+0x49ce/0x5450 [ 25.277539] kasan_report+0x141/0x180 [ 25.277562] ? kasan_atomics_helper+0x49ce/0x5450 [ 25.277589] __asan_report_load4_noabort+0x18/0x20 [ 25.277623] kasan_atomics_helper+0x49ce/0x5450 [ 25.277647] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.277673] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.277708] ? kasan_atomics+0x152/0x310 [ 25.277735] kasan_atomics+0x1dc/0x310 [ 25.277768] ? __pfx_kasan_atomics+0x10/0x10 [ 25.277791] ? trace_hardirqs_on+0x37/0xe0 [ 25.277816] ? __pfx_read_tsc+0x10/0x10 [ 25.277839] ? ktime_get_ts64+0x86/0x230 [ 25.277864] kunit_try_run_case+0x1a5/0x480 [ 25.277890] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.277916] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.277944] ? __kthread_parkme+0x82/0x180 [ 25.277966] ? preempt_count_sub+0x50/0x80 [ 25.277991] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.278016] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.278041] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.278066] kthread+0x337/0x6f0 [ 25.278087] ? trace_preempt_on+0x20/0xc0 [ 25.278110] ? __pfx_kthread+0x10/0x10 [ 25.278132] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.278156] ? calculate_sigpending+0x7b/0xa0 [ 25.278181] ? __pfx_kthread+0x10/0x10 [ 25.278203] ret_from_fork+0x116/0x1d0 [ 25.278232] ? __pfx_kthread+0x10/0x10 [ 25.278253] ret_from_fork_asm+0x1a/0x30 [ 25.278286] </TASK> [ 25.278298] [ 25.285652] Allocated by task 294: [ 25.285783] kasan_save_stack+0x45/0x70 [ 25.285925] kasan_save_track+0x18/0x40 [ 25.286054] kasan_save_alloc_info+0x3b/0x50 [ 25.286197] __kasan_kmalloc+0xb7/0xc0 [ 25.286451] __kmalloc_cache_noprof+0x189/0x420 [ 25.286667] kasan_atomics+0x95/0x310 [ 25.286871] kunit_try_run_case+0x1a5/0x480 [ 25.287146] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.287389] kthread+0x337/0x6f0 [ 25.287506] ret_from_fork+0x116/0x1d0 [ 25.287633] ret_from_fork_asm+0x1a/0x30 [ 25.287766] [ 25.287831] The buggy address belongs to the object at ffff888100aaa000 [ 25.287831] which belongs to the cache kmalloc-64 of size 64 [ 25.288176] The buggy address is located 0 bytes to the right of [ 25.288176] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.289324] [ 25.289419] The buggy address belongs to the physical page: [ 25.289701] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.290075] flags: 0x200000000000000(node=0|zone=2) [ 25.290323] page_type: f5(slab) [ 25.290505] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.290882] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.291121] page dumped because: kasan: bad access detected [ 25.291493] [ 25.291583] Memory state around the buggy address: [ 25.291825] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.292080] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.292482] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.292788] ^ [ 25.292975] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.293315] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.293618] ================================================================== [ 25.725052] ================================================================== [ 25.725461] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1eaa/0x5450 [ 25.726161] Write of size 8 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.726477] [ 25.726580] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.726634] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.726649] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.726674] Call Trace: [ 25.726697] <TASK> [ 25.726719] dump_stack_lvl+0x73/0xb0 [ 25.726751] print_report+0xd1/0x650 [ 25.726775] ? __virt_addr_valid+0x1db/0x2d0 [ 25.726800] ? kasan_atomics_helper+0x1eaa/0x5450 [ 25.726822] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.726849] ? kasan_atomics_helper+0x1eaa/0x5450 [ 25.726872] kasan_report+0x141/0x180 [ 25.726894] ? kasan_atomics_helper+0x1eaa/0x5450 [ 25.726921] kasan_check_range+0x10c/0x1c0 [ 25.726945] __kasan_check_write+0x18/0x20 [ 25.726968] kasan_atomics_helper+0x1eaa/0x5450 [ 25.726991] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.727208] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.727260] ? kasan_atomics+0x152/0x310 [ 25.727289] kasan_atomics+0x1dc/0x310 [ 25.727314] ? __pfx_kasan_atomics+0x10/0x10 [ 25.727337] ? trace_hardirqs_on+0x37/0xe0 [ 25.727399] ? __pfx_read_tsc+0x10/0x10 [ 25.727424] ? ktime_get_ts64+0x86/0x230 [ 25.727450] kunit_try_run_case+0x1a5/0x480 [ 25.727475] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.727500] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.727528] ? __kthread_parkme+0x82/0x180 [ 25.727549] ? preempt_count_sub+0x50/0x80 [ 25.727575] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.727599] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.727624] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.727648] kthread+0x337/0x6f0 [ 25.727669] ? trace_preempt_on+0x20/0xc0 [ 25.727692] ? __pfx_kthread+0x10/0x10 [ 25.727712] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.727737] ? calculate_sigpending+0x7b/0xa0 [ 25.727763] ? __pfx_kthread+0x10/0x10 [ 25.727784] ret_from_fork+0x116/0x1d0 [ 25.727805] ? __pfx_kthread+0x10/0x10 [ 25.727825] ret_from_fork_asm+0x1a/0x30 [ 25.727858] </TASK> [ 25.727870] [ 25.738370] Allocated by task 294: [ 25.738825] kasan_save_stack+0x45/0x70 [ 25.739159] kasan_save_track+0x18/0x40 [ 25.739492] kasan_save_alloc_info+0x3b/0x50 [ 25.739690] __kasan_kmalloc+0xb7/0xc0 [ 25.739857] __kmalloc_cache_noprof+0x189/0x420 [ 25.740239] kasan_atomics+0x95/0x310 [ 25.740537] kunit_try_run_case+0x1a5/0x480 [ 25.740848] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.741353] kthread+0x337/0x6f0 [ 25.741510] ret_from_fork+0x116/0x1d0 [ 25.741671] ret_from_fork_asm+0x1a/0x30 [ 25.741846] [ 25.741931] The buggy address belongs to the object at ffff888100aaa000 [ 25.741931] which belongs to the cache kmalloc-64 of size 64 [ 25.742949] The buggy address is located 0 bytes to the right of [ 25.742949] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.743901] [ 25.744135] The buggy address belongs to the physical page: [ 25.744551] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.745075] flags: 0x200000000000000(node=0|zone=2) [ 25.745310] page_type: f5(slab) [ 25.745469] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.745770] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.746323] page dumped because: kasan: bad access detected [ 25.746672] [ 25.746887] Memory state around the buggy address: [ 25.747311] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.747781] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.748257] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.748557] ^ [ 25.748746] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.749268] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.749705] ================================================================== [ 25.011692] ================================================================== [ 25.012107] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd47/0x5450 [ 25.012465] Write of size 4 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.012814] [ 25.012923] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.012974] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.012987] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.013032] Call Trace: [ 25.013054] <TASK> [ 25.013074] dump_stack_lvl+0x73/0xb0 [ 25.013104] print_report+0xd1/0x650 [ 25.013128] ? __virt_addr_valid+0x1db/0x2d0 [ 25.013153] ? kasan_atomics_helper+0xd47/0x5450 [ 25.013175] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.013202] ? kasan_atomics_helper+0xd47/0x5450 [ 25.013234] kasan_report+0x141/0x180 [ 25.013256] ? kasan_atomics_helper+0xd47/0x5450 [ 25.013281] kasan_check_range+0x10c/0x1c0 [ 25.013306] __kasan_check_write+0x18/0x20 [ 25.013329] kasan_atomics_helper+0xd47/0x5450 [ 25.013352] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.013378] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.013404] ? kasan_atomics+0x152/0x310 [ 25.013431] kasan_atomics+0x1dc/0x310 [ 25.013454] ? __pfx_kasan_atomics+0x10/0x10 [ 25.013477] ? trace_hardirqs_on+0x37/0xe0 [ 25.013502] ? __pfx_read_tsc+0x10/0x10 [ 25.013524] ? ktime_get_ts64+0x86/0x230 [ 25.013550] kunit_try_run_case+0x1a5/0x480 [ 25.013575] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.013600] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.013628] ? __kthread_parkme+0x82/0x180 [ 25.013650] ? preempt_count_sub+0x50/0x80 [ 25.013674] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.013699] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.013723] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.013748] kthread+0x337/0x6f0 [ 25.013770] ? trace_preempt_on+0x20/0xc0 [ 25.013792] ? __pfx_kthread+0x10/0x10 [ 25.013814] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.013838] ? calculate_sigpending+0x7b/0xa0 [ 25.013863] ? __pfx_kthread+0x10/0x10 [ 25.013885] ret_from_fork+0x116/0x1d0 [ 25.013905] ? __pfx_kthread+0x10/0x10 [ 25.013926] ret_from_fork_asm+0x1a/0x30 [ 25.013958] </TASK> [ 25.013970] [ 25.020878] Allocated by task 294: [ 25.021029] kasan_save_stack+0x45/0x70 [ 25.021233] kasan_save_track+0x18/0x40 [ 25.021412] kasan_save_alloc_info+0x3b/0x50 [ 25.021618] __kasan_kmalloc+0xb7/0xc0 [ 25.021796] __kmalloc_cache_noprof+0x189/0x420 [ 25.022023] kasan_atomics+0x95/0x310 [ 25.022202] kunit_try_run_case+0x1a5/0x480 [ 25.022410] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.022656] kthread+0x337/0x6f0 [ 25.022820] ret_from_fork+0x116/0x1d0 [ 25.022999] ret_from_fork_asm+0x1a/0x30 [ 25.023207] [ 25.023307] The buggy address belongs to the object at ffff888100aaa000 [ 25.023307] which belongs to the cache kmalloc-64 of size 64 [ 25.023668] The buggy address is located 0 bytes to the right of [ 25.023668] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.024038] [ 25.024134] The buggy address belongs to the physical page: [ 25.024391] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.024752] flags: 0x200000000000000(node=0|zone=2) [ 25.024985] page_type: f5(slab) [ 25.025176] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.025532] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.025863] page dumped because: kasan: bad access detected [ 25.026101] [ 25.026165] Memory state around the buggy address: [ 25.026352] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.026662] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.026940] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.027241] ^ [ 25.027461] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.027735] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.028023] ================================================================== [ 24.727362] ================================================================== [ 24.727713] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a0/0x5450 [ 24.728434] Write of size 4 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 24.728827] [ 24.728975] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.729030] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.729056] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.729083] Call Trace: [ 24.729133] <TASK> [ 24.729155] dump_stack_lvl+0x73/0xb0 [ 24.729185] print_report+0xd1/0x650 [ 24.729230] ? __virt_addr_valid+0x1db/0x2d0 [ 24.729255] ? kasan_atomics_helper+0x4a0/0x5450 [ 24.729277] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.729304] ? kasan_atomics_helper+0x4a0/0x5450 [ 24.729326] kasan_report+0x141/0x180 [ 24.729348] ? kasan_atomics_helper+0x4a0/0x5450 [ 24.729374] kasan_check_range+0x10c/0x1c0 [ 24.729398] __kasan_check_write+0x18/0x20 [ 24.729421] kasan_atomics_helper+0x4a0/0x5450 [ 24.729444] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.729470] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.729510] ? kasan_atomics+0x152/0x310 [ 24.729538] kasan_atomics+0x1dc/0x310 [ 24.729562] ? __pfx_kasan_atomics+0x10/0x10 [ 24.729584] ? trace_hardirqs_on+0x37/0xe0 [ 24.729608] ? __pfx_read_tsc+0x10/0x10 [ 24.729631] ? ktime_get_ts64+0x86/0x230 [ 24.729657] kunit_try_run_case+0x1a5/0x480 [ 24.729684] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.729710] ? queued_spin_lock_slowpath+0x116/0xb40 [ 24.729737] ? __kthread_parkme+0x82/0x180 [ 24.729758] ? preempt_count_sub+0x50/0x80 [ 24.729782] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.729808] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.729833] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.729858] kthread+0x337/0x6f0 [ 24.729879] ? trace_preempt_on+0x20/0xc0 [ 24.729901] ? __pfx_kthread+0x10/0x10 [ 24.729922] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.729947] ? calculate_sigpending+0x7b/0xa0 [ 24.729972] ? __pfx_kthread+0x10/0x10 [ 24.729994] ret_from_fork+0x116/0x1d0 [ 24.730051] ? __pfx_kthread+0x10/0x10 [ 24.730073] ret_from_fork_asm+0x1a/0x30 [ 24.730134] </TASK> [ 24.730146] [ 24.737758] Allocated by task 294: [ 24.737888] kasan_save_stack+0x45/0x70 [ 24.738054] kasan_save_track+0x18/0x40 [ 24.738258] kasan_save_alloc_info+0x3b/0x50 [ 24.738546] __kasan_kmalloc+0xb7/0xc0 [ 24.738779] __kmalloc_cache_noprof+0x189/0x420 [ 24.739000] kasan_atomics+0x95/0x310 [ 24.739237] kunit_try_run_case+0x1a5/0x480 [ 24.739486] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.739725] kthread+0x337/0x6f0 [ 24.739844] ret_from_fork+0x116/0x1d0 [ 24.739999] ret_from_fork_asm+0x1a/0x30 [ 24.740190] [ 24.740322] The buggy address belongs to the object at ffff888100aaa000 [ 24.740322] which belongs to the cache kmalloc-64 of size 64 [ 24.741014] The buggy address is located 0 bytes to the right of [ 24.741014] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 24.741448] [ 24.741528] The buggy address belongs to the physical page: [ 24.741785] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 24.742296] flags: 0x200000000000000(node=0|zone=2) [ 24.742623] page_type: f5(slab) [ 24.742780] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.743056] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.743442] page dumped because: kasan: bad access detected [ 24.743757] [ 24.743862] Memory state around the buggy address: [ 24.744015] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.744353] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.744706] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.744917] ^ [ 24.745359] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.745662] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.745873] ================================================================== [ 24.852246] ================================================================== [ 24.852551] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x7c7/0x5450 [ 24.853014] Write of size 4 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 24.853320] [ 24.853432] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.853482] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.853496] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.853520] Call Trace: [ 24.853541] <TASK> [ 24.853560] dump_stack_lvl+0x73/0xb0 [ 24.853588] print_report+0xd1/0x650 [ 24.853611] ? __virt_addr_valid+0x1db/0x2d0 [ 24.853636] ? kasan_atomics_helper+0x7c7/0x5450 [ 24.853658] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.853684] ? kasan_atomics_helper+0x7c7/0x5450 [ 24.853706] kasan_report+0x141/0x180 [ 24.853728] ? kasan_atomics_helper+0x7c7/0x5450 [ 24.853753] kasan_check_range+0x10c/0x1c0 [ 24.853778] __kasan_check_write+0x18/0x20 [ 24.853801] kasan_atomics_helper+0x7c7/0x5450 [ 24.853824] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.853850] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.853876] ? kasan_atomics+0x152/0x310 [ 24.853903] kasan_atomics+0x1dc/0x310 [ 24.853926] ? __pfx_kasan_atomics+0x10/0x10 [ 24.853949] ? trace_hardirqs_on+0x37/0xe0 [ 24.853972] ? __pfx_read_tsc+0x10/0x10 [ 24.853995] ? ktime_get_ts64+0x86/0x230 [ 24.854029] kunit_try_run_case+0x1a5/0x480 [ 24.854055] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.854080] ? queued_spin_lock_slowpath+0x116/0xb40 [ 24.854107] ? __kthread_parkme+0x82/0x180 [ 24.854128] ? preempt_count_sub+0x50/0x80 [ 24.854153] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.854177] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.854202] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.854236] kthread+0x337/0x6f0 [ 24.854257] ? trace_preempt_on+0x20/0xc0 [ 24.854279] ? __pfx_kthread+0x10/0x10 [ 24.854301] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.854326] ? calculate_sigpending+0x7b/0xa0 [ 24.854350] ? __pfx_kthread+0x10/0x10 [ 24.854372] ret_from_fork+0x116/0x1d0 [ 24.854392] ? __pfx_kthread+0x10/0x10 [ 24.854413] ret_from_fork_asm+0x1a/0x30 [ 24.854446] </TASK> [ 24.854459] [ 24.861210] Allocated by task 294: [ 24.861398] kasan_save_stack+0x45/0x70 [ 24.861593] kasan_save_track+0x18/0x40 [ 24.861782] kasan_save_alloc_info+0x3b/0x50 [ 24.861995] __kasan_kmalloc+0xb7/0xc0 [ 24.862183] __kmalloc_cache_noprof+0x189/0x420 [ 24.862385] kasan_atomics+0x95/0x310 [ 24.862552] kunit_try_run_case+0x1a5/0x480 [ 24.862719] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.862930] kthread+0x337/0x6f0 [ 24.863143] ret_from_fork+0x116/0x1d0 [ 24.863343] ret_from_fork_asm+0x1a/0x30 [ 24.863511] [ 24.863600] The buggy address belongs to the object at ffff888100aaa000 [ 24.863600] which belongs to the cache kmalloc-64 of size 64 [ 24.863961] The buggy address is located 0 bytes to the right of [ 24.863961] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 24.864834] [ 24.864909] The buggy address belongs to the physical page: [ 24.865154] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 24.865479] flags: 0x200000000000000(node=0|zone=2) [ 24.865710] page_type: f5(slab) [ 24.865860] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.866213] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.866481] page dumped because: kasan: bad access detected [ 24.866650] [ 24.866713] Memory state around the buggy address: [ 24.866863] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.867115] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.867705] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.868014] ^ [ 24.868240] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.868563] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.868804] ================================================================== [ 24.958377] ================================================================== [ 24.958733] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xb6a/0x5450 [ 24.959067] Write of size 4 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 24.959381] [ 24.959497] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.959548] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.959562] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.959586] Call Trace: [ 24.959610] <TASK> [ 24.959630] dump_stack_lvl+0x73/0xb0 [ 24.959661] print_report+0xd1/0x650 [ 24.959684] ? __virt_addr_valid+0x1db/0x2d0 [ 24.959708] ? kasan_atomics_helper+0xb6a/0x5450 [ 24.959730] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.959757] ? kasan_atomics_helper+0xb6a/0x5450 [ 24.959778] kasan_report+0x141/0x180 [ 24.959802] ? kasan_atomics_helper+0xb6a/0x5450 [ 24.959827] kasan_check_range+0x10c/0x1c0 [ 24.959850] __kasan_check_write+0x18/0x20 [ 24.959875] kasan_atomics_helper+0xb6a/0x5450 [ 24.959897] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.959923] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.959950] ? kasan_atomics+0x152/0x310 [ 24.959977] kasan_atomics+0x1dc/0x310 [ 24.960000] ? __pfx_kasan_atomics+0x10/0x10 [ 24.960023] ? trace_hardirqs_on+0x37/0xe0 [ 24.960047] ? __pfx_read_tsc+0x10/0x10 [ 24.960071] ? ktime_get_ts64+0x86/0x230 [ 24.960096] kunit_try_run_case+0x1a5/0x480 [ 24.960121] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.960147] ? queued_spin_lock_slowpath+0x116/0xb40 [ 24.960174] ? __kthread_parkme+0x82/0x180 [ 24.960196] ? preempt_count_sub+0x50/0x80 [ 24.960231] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.960257] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.960283] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.960308] kthread+0x337/0x6f0 [ 24.960330] ? trace_preempt_on+0x20/0xc0 [ 24.960354] ? __pfx_kthread+0x10/0x10 [ 24.960374] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.960399] ? calculate_sigpending+0x7b/0xa0 [ 24.960425] ? __pfx_kthread+0x10/0x10 [ 24.960447] ret_from_fork+0x116/0x1d0 [ 24.960467] ? __pfx_kthread+0x10/0x10 [ 24.960489] ret_from_fork_asm+0x1a/0x30 [ 24.960521] </TASK> [ 24.960532] [ 24.967854] Allocated by task 294: [ 24.968042] kasan_save_stack+0x45/0x70 [ 24.968246] kasan_save_track+0x18/0x40 [ 24.968382] kasan_save_alloc_info+0x3b/0x50 [ 24.968525] __kasan_kmalloc+0xb7/0xc0 [ 24.968650] __kmalloc_cache_noprof+0x189/0x420 [ 24.968798] kasan_atomics+0x95/0x310 [ 24.968924] kunit_try_run_case+0x1a5/0x480 [ 24.969064] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.969261] kthread+0x337/0x6f0 [ 24.969432] ret_from_fork+0x116/0x1d0 [ 24.969616] ret_from_fork_asm+0x1a/0x30 [ 24.969809] [ 24.969905] The buggy address belongs to the object at ffff888100aaa000 [ 24.969905] which belongs to the cache kmalloc-64 of size 64 [ 24.970596] The buggy address is located 0 bytes to the right of [ 24.970596] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 24.970959] [ 24.971037] The buggy address belongs to the physical page: [ 24.971552] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 24.971908] flags: 0x200000000000000(node=0|zone=2) [ 24.972146] page_type: f5(slab) [ 24.972319] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.972612] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.972850] page dumped because: kasan: bad access detected [ 24.973017] [ 24.973081] Memory state around the buggy address: [ 24.973242] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.973454] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.973972] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.974488] ^ [ 24.974713] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.975039] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.975377] ================================================================== [ 25.751388] ================================================================== [ 25.751717] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1f43/0x5450 [ 25.752296] Write of size 8 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.752824] [ 25.752932] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.752986] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.753000] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.753025] Call Trace: [ 25.753047] <TASK> [ 25.753069] dump_stack_lvl+0x73/0xb0 [ 25.753101] print_report+0xd1/0x650 [ 25.753125] ? __virt_addr_valid+0x1db/0x2d0 [ 25.753150] ? kasan_atomics_helper+0x1f43/0x5450 [ 25.753172] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.753200] ? kasan_atomics_helper+0x1f43/0x5450 [ 25.753238] kasan_report+0x141/0x180 [ 25.753262] ? kasan_atomics_helper+0x1f43/0x5450 [ 25.753288] kasan_check_range+0x10c/0x1c0 [ 25.753312] __kasan_check_write+0x18/0x20 [ 25.753336] kasan_atomics_helper+0x1f43/0x5450 [ 25.753360] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.753387] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.753413] ? kasan_atomics+0x152/0x310 [ 25.753442] kasan_atomics+0x1dc/0x310 [ 25.753464] ? __pfx_kasan_atomics+0x10/0x10 [ 25.753486] ? trace_hardirqs_on+0x37/0xe0 [ 25.753511] ? __pfx_read_tsc+0x10/0x10 [ 25.753534] ? ktime_get_ts64+0x86/0x230 [ 25.753560] kunit_try_run_case+0x1a5/0x480 [ 25.753586] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.753611] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.753639] ? __kthread_parkme+0x82/0x180 [ 25.753661] ? preempt_count_sub+0x50/0x80 [ 25.753685] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.753710] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.753734] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.753759] kthread+0x337/0x6f0 [ 25.753780] ? trace_preempt_on+0x20/0xc0 [ 25.753802] ? __pfx_kthread+0x10/0x10 [ 25.753824] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.753848] ? calculate_sigpending+0x7b/0xa0 [ 25.753873] ? __pfx_kthread+0x10/0x10 [ 25.753895] ret_from_fork+0x116/0x1d0 [ 25.753914] ? __pfx_kthread+0x10/0x10 [ 25.753935] ret_from_fork_asm+0x1a/0x30 [ 25.753968] </TASK> [ 25.753981] [ 25.760999] Allocated by task 294: [ 25.761131] kasan_save_stack+0x45/0x70 [ 25.761281] kasan_save_track+0x18/0x40 [ 25.761469] kasan_save_alloc_info+0x3b/0x50 [ 25.761672] __kasan_kmalloc+0xb7/0xc0 [ 25.761850] __kmalloc_cache_noprof+0x189/0x420 [ 25.762145] kasan_atomics+0x95/0x310 [ 25.762339] kunit_try_run_case+0x1a5/0x480 [ 25.762489] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.762659] kthread+0x337/0x6f0 [ 25.762774] ret_from_fork+0x116/0x1d0 [ 25.762950] ret_from_fork_asm+0x1a/0x30 [ 25.763303] [ 25.763407] The buggy address belongs to the object at ffff888100aaa000 [ 25.763407] which belongs to the cache kmalloc-64 of size 64 [ 25.763912] The buggy address is located 0 bytes to the right of [ 25.763912] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.764371] [ 25.764443] The buggy address belongs to the physical page: [ 25.764611] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.764894] flags: 0x200000000000000(node=0|zone=2) [ 25.765122] page_type: f5(slab) [ 25.765297] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.765639] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.765967] page dumped because: kasan: bad access detected [ 25.766210] [ 25.766285] Memory state around the buggy address: [ 25.766435] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.766645] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.766888] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.767462] ^ [ 25.767690] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.768005] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.768335] ================================================================== [ 25.787169] ================================================================== [ 25.787538] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x2006/0x5450 [ 25.788397] Write of size 8 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.788638] [ 25.788728] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.788789] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.788803] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.788828] Call Trace: [ 25.788850] <TASK> [ 25.788873] dump_stack_lvl+0x73/0xb0 [ 25.788905] print_report+0xd1/0x650 [ 25.788929] ? __virt_addr_valid+0x1db/0x2d0 [ 25.788955] ? kasan_atomics_helper+0x2006/0x5450 [ 25.788977] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.789003] ? kasan_atomics_helper+0x2006/0x5450 [ 25.789026] kasan_report+0x141/0x180 [ 25.789048] ? kasan_atomics_helper+0x2006/0x5450 [ 25.789075] kasan_check_range+0x10c/0x1c0 [ 25.789099] __kasan_check_write+0x18/0x20 [ 25.789123] kasan_atomics_helper+0x2006/0x5450 [ 25.789146] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.789172] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.789198] ? kasan_atomics+0x152/0x310 [ 25.789245] kasan_atomics+0x1dc/0x310 [ 25.789269] ? __pfx_kasan_atomics+0x10/0x10 [ 25.789292] ? trace_hardirqs_on+0x37/0xe0 [ 25.789316] ? __pfx_read_tsc+0x10/0x10 [ 25.789340] ? ktime_get_ts64+0x86/0x230 [ 25.789366] kunit_try_run_case+0x1a5/0x480 [ 25.789392] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.789417] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.789444] ? __kthread_parkme+0x82/0x180 [ 25.789465] ? preempt_count_sub+0x50/0x80 [ 25.789489] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.789514] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.789538] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.789563] kthread+0x337/0x6f0 [ 25.789584] ? trace_preempt_on+0x20/0xc0 [ 25.789607] ? __pfx_kthread+0x10/0x10 [ 25.789628] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.789652] ? calculate_sigpending+0x7b/0xa0 [ 25.789678] ? __pfx_kthread+0x10/0x10 [ 25.789699] ret_from_fork+0x116/0x1d0 [ 25.789719] ? __pfx_kthread+0x10/0x10 [ 25.789740] ret_from_fork_asm+0x1a/0x30 [ 25.789773] </TASK> [ 25.789785] [ 25.797185] Allocated by task 294: [ 25.797375] kasan_save_stack+0x45/0x70 [ 25.797555] kasan_save_track+0x18/0x40 [ 25.797713] kasan_save_alloc_info+0x3b/0x50 [ 25.797856] __kasan_kmalloc+0xb7/0xc0 [ 25.797981] __kmalloc_cache_noprof+0x189/0x420 [ 25.798130] kasan_atomics+0x95/0x310 [ 25.798288] kunit_try_run_case+0x1a5/0x480 [ 25.798489] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.799038] kthread+0x337/0x6f0 [ 25.799187] ret_from_fork+0x116/0x1d0 [ 25.799320] ret_from_fork_asm+0x1a/0x30 [ 25.799448] [ 25.799513] The buggy address belongs to the object at ffff888100aaa000 [ 25.799513] which belongs to the cache kmalloc-64 of size 64 [ 25.799872] The buggy address is located 0 bytes to the right of [ 25.799872] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.800811] [ 25.800904] The buggy address belongs to the physical page: [ 25.801123] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.801417] flags: 0x200000000000000(node=0|zone=2) [ 25.801632] page_type: f5(slab) [ 25.801781] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.802086] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.802395] page dumped because: kasan: bad access detected [ 25.802628] [ 25.802707] Memory state around the buggy address: [ 25.802892] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.803255] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.803531] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.803785] ^ [ 25.803982] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.804251] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.804447] ================================================================== [ 24.666977] ================================================================== [ 24.667323] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b6e/0x5450 [ 24.667692] Write of size 4 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 24.668146] [ 24.668352] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.668414] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.668429] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.668458] Call Trace: [ 24.668482] <TASK> [ 24.668504] dump_stack_lvl+0x73/0xb0 [ 24.668571] print_report+0xd1/0x650 [ 24.668596] ? __virt_addr_valid+0x1db/0x2d0 [ 24.668662] ? kasan_atomics_helper+0x4b6e/0x5450 [ 24.668684] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.668722] ? kasan_atomics_helper+0x4b6e/0x5450 [ 24.668746] kasan_report+0x141/0x180 [ 24.668769] ? kasan_atomics_helper+0x4b6e/0x5450 [ 24.668796] __asan_report_store4_noabort+0x1b/0x30 [ 24.668822] kasan_atomics_helper+0x4b6e/0x5450 [ 24.668845] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.668871] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.668897] ? kasan_atomics+0x152/0x310 [ 24.668924] kasan_atomics+0x1dc/0x310 [ 24.668947] ? __pfx_kasan_atomics+0x10/0x10 [ 24.668970] ? trace_hardirqs_on+0x37/0xe0 [ 24.668994] ? __pfx_read_tsc+0x10/0x10 [ 24.669026] ? ktime_get_ts64+0x86/0x230 [ 24.669052] kunit_try_run_case+0x1a5/0x480 [ 24.669078] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.669103] ? queued_spin_lock_slowpath+0x116/0xb40 [ 24.669130] ? __kthread_parkme+0x82/0x180 [ 24.669152] ? preempt_count_sub+0x50/0x80 [ 24.669177] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.669201] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.669237] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.669262] kthread+0x337/0x6f0 [ 24.669283] ? trace_preempt_on+0x20/0xc0 [ 24.669306] ? __pfx_kthread+0x10/0x10 [ 24.669327] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.669352] ? calculate_sigpending+0x7b/0xa0 [ 24.669377] ? __pfx_kthread+0x10/0x10 [ 24.669399] ret_from_fork+0x116/0x1d0 [ 24.669419] ? __pfx_kthread+0x10/0x10 [ 24.669440] ret_from_fork_asm+0x1a/0x30 [ 24.669473] </TASK> [ 24.669486] [ 24.678289] Allocated by task 294: [ 24.678528] kasan_save_stack+0x45/0x70 [ 24.678735] kasan_save_track+0x18/0x40 [ 24.678988] kasan_save_alloc_info+0x3b/0x50 [ 24.679190] __kasan_kmalloc+0xb7/0xc0 [ 24.679331] __kmalloc_cache_noprof+0x189/0x420 [ 24.679483] kasan_atomics+0x95/0x310 [ 24.679647] kunit_try_run_case+0x1a5/0x480 [ 24.679837] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.680157] kthread+0x337/0x6f0 [ 24.680460] ret_from_fork+0x116/0x1d0 [ 24.680799] ret_from_fork_asm+0x1a/0x30 [ 24.680949] [ 24.681149] The buggy address belongs to the object at ffff888100aaa000 [ 24.681149] which belongs to the cache kmalloc-64 of size 64 [ 24.681600] The buggy address is located 0 bytes to the right of [ 24.681600] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 24.682152] [ 24.682328] The buggy address belongs to the physical page: [ 24.682672] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 24.683004] flags: 0x200000000000000(node=0|zone=2) [ 24.683297] page_type: f5(slab) [ 24.683423] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.683693] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.684029] page dumped because: kasan: bad access detected [ 24.684559] [ 24.684706] Memory state around the buggy address: [ 24.684912] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.685249] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.685692] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.685945] ^ [ 24.686347] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.686728] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.687081] ================================================================== [ 25.140674] ================================================================== [ 25.141428] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1079/0x5450 [ 25.141816] Write of size 4 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.142191] [ 25.142363] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.142417] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.142431] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.142456] Call Trace: [ 25.142479] <TASK> [ 25.142502] dump_stack_lvl+0x73/0xb0 [ 25.142534] print_report+0xd1/0x650 [ 25.142558] ? __virt_addr_valid+0x1db/0x2d0 [ 25.142584] ? kasan_atomics_helper+0x1079/0x5450 [ 25.142619] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.142649] ? kasan_atomics_helper+0x1079/0x5450 [ 25.142672] kasan_report+0x141/0x180 [ 25.142707] ? kasan_atomics_helper+0x1079/0x5450 [ 25.142735] kasan_check_range+0x10c/0x1c0 [ 25.142759] __kasan_check_write+0x18/0x20 [ 25.142782] kasan_atomics_helper+0x1079/0x5450 [ 25.142805] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.142834] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.142861] ? kasan_atomics+0x152/0x310 [ 25.142888] kasan_atomics+0x1dc/0x310 [ 25.142912] ? __pfx_kasan_atomics+0x10/0x10 [ 25.142936] ? trace_hardirqs_on+0x37/0xe0 [ 25.142960] ? __pfx_read_tsc+0x10/0x10 [ 25.142985] ? ktime_get_ts64+0x86/0x230 [ 25.143013] kunit_try_run_case+0x1a5/0x480 [ 25.143060] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.143086] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.143114] ? __kthread_parkme+0x82/0x180 [ 25.143136] ? preempt_count_sub+0x50/0x80 [ 25.143161] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.143186] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.143211] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.143247] kthread+0x337/0x6f0 [ 25.143268] ? trace_preempt_on+0x20/0xc0 [ 25.143291] ? __pfx_kthread+0x10/0x10 [ 25.143313] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.143338] ? calculate_sigpending+0x7b/0xa0 [ 25.143363] ? __pfx_kthread+0x10/0x10 [ 25.143384] ret_from_fork+0x116/0x1d0 [ 25.143405] ? __pfx_kthread+0x10/0x10 [ 25.143426] ret_from_fork_asm+0x1a/0x30 [ 25.143458] </TASK> [ 25.143471] [ 25.152209] Allocated by task 294: [ 25.152597] kasan_save_stack+0x45/0x70 [ 25.152915] kasan_save_track+0x18/0x40 [ 25.153247] kasan_save_alloc_info+0x3b/0x50 [ 25.153438] __kasan_kmalloc+0xb7/0xc0 [ 25.153609] __kmalloc_cache_noprof+0x189/0x420 [ 25.153805] kasan_atomics+0x95/0x310 [ 25.153965] kunit_try_run_case+0x1a5/0x480 [ 25.154415] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.154856] kthread+0x337/0x6f0 [ 25.155390] ret_from_fork+0x116/0x1d0 [ 25.155600] ret_from_fork_asm+0x1a/0x30 [ 25.155779] [ 25.155863] The buggy address belongs to the object at ffff888100aaa000 [ 25.155863] which belongs to the cache kmalloc-64 of size 64 [ 25.156688] The buggy address is located 0 bytes to the right of [ 25.156688] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.157529] [ 25.157722] The buggy address belongs to the physical page: [ 25.158343] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.158986] flags: 0x200000000000000(node=0|zone=2) [ 25.159393] page_type: f5(slab) [ 25.159696] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.160559] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.160998] page dumped because: kasan: bad access detected [ 25.161448] [ 25.161691] Memory state around the buggy address: [ 25.162140] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.162648] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.163437] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.164175] ^ [ 25.164493] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.165109] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.165633] ================================================================== [ 25.257528] ================================================================== [ 25.258107] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12e6/0x5450 [ 25.258481] Write of size 4 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.258785] [ 25.258872] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.258926] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.258940] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.258963] Call Trace: [ 25.258984] <TASK> [ 25.259005] dump_stack_lvl+0x73/0xb0 [ 25.259051] print_report+0xd1/0x650 [ 25.259075] ? __virt_addr_valid+0x1db/0x2d0 [ 25.259099] ? kasan_atomics_helper+0x12e6/0x5450 [ 25.259121] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.259148] ? kasan_atomics_helper+0x12e6/0x5450 [ 25.259171] kasan_report+0x141/0x180 [ 25.259194] ? kasan_atomics_helper+0x12e6/0x5450 [ 25.259230] kasan_check_range+0x10c/0x1c0 [ 25.259254] __kasan_check_write+0x18/0x20 [ 25.259279] kasan_atomics_helper+0x12e6/0x5450 [ 25.259302] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.259328] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.259355] ? kasan_atomics+0x152/0x310 [ 25.259382] kasan_atomics+0x1dc/0x310 [ 25.259405] ? __pfx_kasan_atomics+0x10/0x10 [ 25.259428] ? trace_hardirqs_on+0x37/0xe0 [ 25.259452] ? __pfx_read_tsc+0x10/0x10 [ 25.259475] ? ktime_get_ts64+0x86/0x230 [ 25.259501] kunit_try_run_case+0x1a5/0x480 [ 25.259526] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.259551] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.259579] ? __kthread_parkme+0x82/0x180 [ 25.259600] ? preempt_count_sub+0x50/0x80 [ 25.259625] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.259650] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.259674] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.259699] kthread+0x337/0x6f0 [ 25.259720] ? trace_preempt_on+0x20/0xc0 [ 25.259743] ? __pfx_kthread+0x10/0x10 [ 25.259764] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.259789] ? calculate_sigpending+0x7b/0xa0 [ 25.259814] ? __pfx_kthread+0x10/0x10 [ 25.259837] ret_from_fork+0x116/0x1d0 [ 25.259857] ? __pfx_kthread+0x10/0x10 [ 25.259878] ret_from_fork_asm+0x1a/0x30 [ 25.259911] </TASK> [ 25.259923] [ 25.267709] Allocated by task 294: [ 25.267897] kasan_save_stack+0x45/0x70 [ 25.268135] kasan_save_track+0x18/0x40 [ 25.268326] kasan_save_alloc_info+0x3b/0x50 [ 25.268528] __kasan_kmalloc+0xb7/0xc0 [ 25.268715] __kmalloc_cache_noprof+0x189/0x420 [ 25.268918] kasan_atomics+0x95/0x310 [ 25.269137] kunit_try_run_case+0x1a5/0x480 [ 25.269347] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.269540] kthread+0x337/0x6f0 [ 25.269658] ret_from_fork+0x116/0x1d0 [ 25.269785] ret_from_fork_asm+0x1a/0x30 [ 25.269919] [ 25.269985] The buggy address belongs to the object at ffff888100aaa000 [ 25.269985] which belongs to the cache kmalloc-64 of size 64 [ 25.270559] The buggy address is located 0 bytes to the right of [ 25.270559] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.271322] [ 25.271425] The buggy address belongs to the physical page: [ 25.271666] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.272017] flags: 0x200000000000000(node=0|zone=2) [ 25.272212] page_type: f5(slab) [ 25.272343] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.272567] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.272909] page dumped because: kasan: bad access detected [ 25.273382] [ 25.273462] Memory state around the buggy address: [ 25.273655] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.273961] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.274317] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.274570] ^ [ 25.274807] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.275118] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.275334] ================================================================== [ 25.866967] ================================================================== [ 25.867347] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x218a/0x5450 [ 25.867672] Write of size 8 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.867948] [ 25.868032] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.868081] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.868094] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.868118] Call Trace: [ 25.868138] <TASK> [ 25.868158] dump_stack_lvl+0x73/0xb0 [ 25.868186] print_report+0xd1/0x650 [ 25.868209] ? __virt_addr_valid+0x1db/0x2d0 [ 25.868247] ? kasan_atomics_helper+0x218a/0x5450 [ 25.868269] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.868295] ? kasan_atomics_helper+0x218a/0x5450 [ 25.868317] kasan_report+0x141/0x180 [ 25.868341] ? kasan_atomics_helper+0x218a/0x5450 [ 25.868367] kasan_check_range+0x10c/0x1c0 [ 25.868391] __kasan_check_write+0x18/0x20 [ 25.868416] kasan_atomics_helper+0x218a/0x5450 [ 25.868439] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.868465] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.868491] ? kasan_atomics+0x152/0x310 [ 25.868518] kasan_atomics+0x1dc/0x310 [ 25.868541] ? __pfx_kasan_atomics+0x10/0x10 [ 25.868564] ? trace_hardirqs_on+0x37/0xe0 [ 25.868588] ? __pfx_read_tsc+0x10/0x10 [ 25.868612] ? ktime_get_ts64+0x86/0x230 [ 25.868638] kunit_try_run_case+0x1a5/0x480 [ 25.868664] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.868689] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.868717] ? __kthread_parkme+0x82/0x180 [ 25.868739] ? preempt_count_sub+0x50/0x80 [ 25.868764] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.868789] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.868813] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.868838] kthread+0x337/0x6f0 [ 25.868859] ? trace_preempt_on+0x20/0xc0 [ 25.868882] ? __pfx_kthread+0x10/0x10 [ 25.868904] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.868929] ? calculate_sigpending+0x7b/0xa0 [ 25.868954] ? __pfx_kthread+0x10/0x10 [ 25.868977] ret_from_fork+0x116/0x1d0 [ 25.868996] ? __pfx_kthread+0x10/0x10 [ 25.869017] ret_from_fork_asm+0x1a/0x30 [ 25.869059] </TASK> [ 25.869071] [ 25.876403] Allocated by task 294: [ 25.876544] kasan_save_stack+0x45/0x70 [ 25.876747] kasan_save_track+0x18/0x40 [ 25.876911] kasan_save_alloc_info+0x3b/0x50 [ 25.877129] __kasan_kmalloc+0xb7/0xc0 [ 25.877296] __kmalloc_cache_noprof+0x189/0x420 [ 25.877481] kasan_atomics+0x95/0x310 [ 25.877636] kunit_try_run_case+0x1a5/0x480 [ 25.877823] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.878046] kthread+0x337/0x6f0 [ 25.878174] ret_from_fork+0x116/0x1d0 [ 25.878313] ret_from_fork_asm+0x1a/0x30 [ 25.878450] [ 25.878515] The buggy address belongs to the object at ffff888100aaa000 [ 25.878515] which belongs to the cache kmalloc-64 of size 64 [ 25.878860] The buggy address is located 0 bytes to the right of [ 25.878860] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.879508] [ 25.879606] The buggy address belongs to the physical page: [ 25.879859] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.880204] flags: 0x200000000000000(node=0|zone=2) [ 25.880442] page_type: f5(slab) [ 25.880561] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.880786] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.881007] page dumped because: kasan: bad access detected [ 25.881175] [ 25.881249] Memory state around the buggy address: [ 25.881482] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.881799] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.882197] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.882522] ^ [ 25.882756] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.883131] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.883455] ================================================================== [ 25.884243] ================================================================== [ 25.884563] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fa5/0x5450 [ 25.884851] Read of size 8 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.885201] [ 25.885327] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.885378] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.885391] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.885418] Call Trace: [ 25.885440] <TASK> [ 25.885461] dump_stack_lvl+0x73/0xb0 [ 25.885490] print_report+0xd1/0x650 [ 25.885513] ? __virt_addr_valid+0x1db/0x2d0 [ 25.885538] ? kasan_atomics_helper+0x4fa5/0x5450 [ 25.885560] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.885587] ? kasan_atomics_helper+0x4fa5/0x5450 [ 25.885609] kasan_report+0x141/0x180 [ 25.885632] ? kasan_atomics_helper+0x4fa5/0x5450 [ 25.885658] __asan_report_load8_noabort+0x18/0x20 [ 25.885683] kasan_atomics_helper+0x4fa5/0x5450 [ 25.885706] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.885732] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.885758] ? kasan_atomics+0x152/0x310 [ 25.885785] kasan_atomics+0x1dc/0x310 [ 25.885809] ? __pfx_kasan_atomics+0x10/0x10 [ 25.885831] ? trace_hardirqs_on+0x37/0xe0 [ 25.885855] ? __pfx_read_tsc+0x10/0x10 [ 25.885878] ? ktime_get_ts64+0x86/0x230 [ 25.885904] kunit_try_run_case+0x1a5/0x480 [ 25.885930] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.885956] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.885984] ? __kthread_parkme+0x82/0x180 [ 25.886006] ? preempt_count_sub+0x50/0x80 [ 25.886030] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.886055] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.886080] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.886104] kthread+0x337/0x6f0 [ 25.886125] ? trace_preempt_on+0x20/0xc0 [ 25.886147] ? __pfx_kthread+0x10/0x10 [ 25.886169] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.886194] ? calculate_sigpending+0x7b/0xa0 [ 25.886230] ? __pfx_kthread+0x10/0x10 [ 25.886256] ret_from_fork+0x116/0x1d0 [ 25.886278] ? __pfx_kthread+0x10/0x10 [ 25.886298] ret_from_fork_asm+0x1a/0x30 [ 25.886331] </TASK> [ 25.886343] [ 25.893460] Allocated by task 294: [ 25.893591] kasan_save_stack+0x45/0x70 [ 25.893730] kasan_save_track+0x18/0x40 [ 25.893869] kasan_save_alloc_info+0x3b/0x50 [ 25.894120] __kasan_kmalloc+0xb7/0xc0 [ 25.894314] __kmalloc_cache_noprof+0x189/0x420 [ 25.894533] kasan_atomics+0x95/0x310 [ 25.894723] kunit_try_run_case+0x1a5/0x480 [ 25.894907] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.895260] kthread+0x337/0x6f0 [ 25.895396] ret_from_fork+0x116/0x1d0 [ 25.895524] ret_from_fork_asm+0x1a/0x30 [ 25.895657] [ 25.895723] The buggy address belongs to the object at ffff888100aaa000 [ 25.895723] which belongs to the cache kmalloc-64 of size 64 [ 25.896195] The buggy address is located 0 bytes to the right of [ 25.896195] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.896759] [ 25.896856] The buggy address belongs to the physical page: [ 25.897204] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.897509] flags: 0x200000000000000(node=0|zone=2) [ 25.897671] page_type: f5(slab) [ 25.897796] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.898026] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.898381] page dumped because: kasan: bad access detected [ 25.898637] [ 25.898725] Memory state around the buggy address: [ 25.898951] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.899439] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.899695] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.899984] ^ [ 25.900237] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.900504] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.900763] ================================================================== [ 25.239385] ================================================================== [ 25.239977] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49e8/0x5450 [ 25.240703] Read of size 4 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.241105] [ 25.241191] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.241250] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.241275] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.241300] Call Trace: [ 25.241321] <TASK> [ 25.241349] dump_stack_lvl+0x73/0xb0 [ 25.241380] print_report+0xd1/0x650 [ 25.241403] ? __virt_addr_valid+0x1db/0x2d0 [ 25.241427] ? kasan_atomics_helper+0x49e8/0x5450 [ 25.241448] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.241475] ? kasan_atomics_helper+0x49e8/0x5450 [ 25.241496] kasan_report+0x141/0x180 [ 25.241519] ? kasan_atomics_helper+0x49e8/0x5450 [ 25.241545] __asan_report_load4_noabort+0x18/0x20 [ 25.241570] kasan_atomics_helper+0x49e8/0x5450 [ 25.241593] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.241619] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.241644] ? kasan_atomics+0x152/0x310 [ 25.241671] kasan_atomics+0x1dc/0x310 [ 25.241696] ? __pfx_kasan_atomics+0x10/0x10 [ 25.241718] ? trace_hardirqs_on+0x37/0xe0 [ 25.241743] ? __pfx_read_tsc+0x10/0x10 [ 25.241765] ? ktime_get_ts64+0x86/0x230 [ 25.241790] kunit_try_run_case+0x1a5/0x480 [ 25.241816] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.241841] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.241868] ? __kthread_parkme+0x82/0x180 [ 25.241889] ? preempt_count_sub+0x50/0x80 [ 25.241915] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.241939] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.241964] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.241989] kthread+0x337/0x6f0 [ 25.242009] ? trace_preempt_on+0x20/0xc0 [ 25.242043] ? __pfx_kthread+0x10/0x10 [ 25.242074] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.242099] ? calculate_sigpending+0x7b/0xa0 [ 25.242124] ? __pfx_kthread+0x10/0x10 [ 25.242164] ret_from_fork+0x116/0x1d0 [ 25.242185] ? __pfx_kthread+0x10/0x10 [ 25.242206] ret_from_fork_asm+0x1a/0x30 [ 25.242255] </TASK> [ 25.242267] [ 25.249345] Allocated by task 294: [ 25.249513] kasan_save_stack+0x45/0x70 [ 25.249671] kasan_save_track+0x18/0x40 [ 25.249848] kasan_save_alloc_info+0x3b/0x50 [ 25.250046] __kasan_kmalloc+0xb7/0xc0 [ 25.250243] __kmalloc_cache_noprof+0x189/0x420 [ 25.250463] kasan_atomics+0x95/0x310 [ 25.250664] kunit_try_run_case+0x1a5/0x480 [ 25.250828] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.250999] kthread+0x337/0x6f0 [ 25.251179] ret_from_fork+0x116/0x1d0 [ 25.251373] ret_from_fork_asm+0x1a/0x30 [ 25.251595] [ 25.251685] The buggy address belongs to the object at ffff888100aaa000 [ 25.251685] which belongs to the cache kmalloc-64 of size 64 [ 25.252230] The buggy address is located 0 bytes to the right of [ 25.252230] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.252671] [ 25.252764] The buggy address belongs to the physical page: [ 25.253044] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.253370] flags: 0x200000000000000(node=0|zone=2) [ 25.253622] page_type: f5(slab) [ 25.253788] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.254198] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.254514] page dumped because: kasan: bad access detected [ 25.254763] [ 25.254862] Memory state around the buggy address: [ 25.255130] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.255435] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.255655] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.255865] ^ [ 25.256013] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.256327] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.256779] ================================================================== [ 24.746544] ================================================================== [ 24.747216] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b3a/0x5450 [ 24.747595] Write of size 4 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 24.747822] [ 24.747906] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.747954] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.747969] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.747992] Call Trace: [ 24.748012] <TASK> [ 24.748040] dump_stack_lvl+0x73/0xb0 [ 24.748070] print_report+0xd1/0x650 [ 24.748129] ? __virt_addr_valid+0x1db/0x2d0 [ 24.748154] ? kasan_atomics_helper+0x4b3a/0x5450 [ 24.748188] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.748215] ? kasan_atomics_helper+0x4b3a/0x5450 [ 24.748247] kasan_report+0x141/0x180 [ 24.748270] ? kasan_atomics_helper+0x4b3a/0x5450 [ 24.748296] __asan_report_store4_noabort+0x1b/0x30 [ 24.748321] kasan_atomics_helper+0x4b3a/0x5450 [ 24.748345] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.748372] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.748425] ? kasan_atomics+0x152/0x310 [ 24.748454] kasan_atomics+0x1dc/0x310 [ 24.748477] ? __pfx_kasan_atomics+0x10/0x10 [ 24.748511] ? trace_hardirqs_on+0x37/0xe0 [ 24.748535] ? __pfx_read_tsc+0x10/0x10 [ 24.748558] ? ktime_get_ts64+0x86/0x230 [ 24.748583] kunit_try_run_case+0x1a5/0x480 [ 24.748610] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.748635] ? queued_spin_lock_slowpath+0x116/0xb40 [ 24.748662] ? __kthread_parkme+0x82/0x180 [ 24.748684] ? preempt_count_sub+0x50/0x80 [ 24.748708] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.748733] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.748758] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.748783] kthread+0x337/0x6f0 [ 24.748804] ? trace_preempt_on+0x20/0xc0 [ 24.748857] ? __pfx_kthread+0x10/0x10 [ 24.748878] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.748925] ? calculate_sigpending+0x7b/0xa0 [ 24.748951] ? __pfx_kthread+0x10/0x10 [ 24.748973] ret_from_fork+0x116/0x1d0 [ 24.748994] ? __pfx_kthread+0x10/0x10 [ 24.749015] ret_from_fork_asm+0x1a/0x30 [ 24.749047] </TASK> [ 24.749059] [ 24.758631] Allocated by task 294: [ 24.758940] kasan_save_stack+0x45/0x70 [ 24.759188] kasan_save_track+0x18/0x40 [ 24.759355] kasan_save_alloc_info+0x3b/0x50 [ 24.759570] __kasan_kmalloc+0xb7/0xc0 [ 24.759734] __kmalloc_cache_noprof+0x189/0x420 [ 24.759950] kasan_atomics+0x95/0x310 [ 24.760537] kunit_try_run_case+0x1a5/0x480 [ 24.760754] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.761134] kthread+0x337/0x6f0 [ 24.761321] ret_from_fork+0x116/0x1d0 [ 24.761490] ret_from_fork_asm+0x1a/0x30 [ 24.761688] [ 24.761760] The buggy address belongs to the object at ffff888100aaa000 [ 24.761760] which belongs to the cache kmalloc-64 of size 64 [ 24.762657] The buggy address is located 0 bytes to the right of [ 24.762657] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 24.763491] [ 24.763587] The buggy address belongs to the physical page: [ 24.763910] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 24.764436] flags: 0x200000000000000(node=0|zone=2) [ 24.764682] page_type: f5(slab) [ 24.764843] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.765406] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.765742] page dumped because: kasan: bad access detected [ 24.765974] [ 24.766053] Memory state around the buggy address: [ 24.766279] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.766584] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.766890] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.767227] ^ [ 24.767438] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.767751] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.768055] ================================================================== [ 25.166202] ================================================================== [ 25.166498] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a1c/0x5450 [ 25.166817] Read of size 4 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.167171] [ 25.167306] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.167357] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.167381] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.167406] Call Trace: [ 25.167428] <TASK> [ 25.167468] dump_stack_lvl+0x73/0xb0 [ 25.167498] print_report+0xd1/0x650 [ 25.167523] ? __virt_addr_valid+0x1db/0x2d0 [ 25.167559] ? kasan_atomics_helper+0x4a1c/0x5450 [ 25.167581] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.167608] ? kasan_atomics_helper+0x4a1c/0x5450 [ 25.167629] kasan_report+0x141/0x180 [ 25.167653] ? kasan_atomics_helper+0x4a1c/0x5450 [ 25.167680] __asan_report_load4_noabort+0x18/0x20 [ 25.167714] kasan_atomics_helper+0x4a1c/0x5450 [ 25.167737] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.167765] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.167802] ? kasan_atomics+0x152/0x310 [ 25.167829] kasan_atomics+0x1dc/0x310 [ 25.167852] ? __pfx_kasan_atomics+0x10/0x10 [ 25.167875] ? trace_hardirqs_on+0x37/0xe0 [ 25.167899] ? __pfx_read_tsc+0x10/0x10 [ 25.167923] ? ktime_get_ts64+0x86/0x230 [ 25.167949] kunit_try_run_case+0x1a5/0x480 [ 25.167974] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.168008] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.168036] ? __kthread_parkme+0x82/0x180 [ 25.168058] ? preempt_count_sub+0x50/0x80 [ 25.168093] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.168128] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.168154] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.168178] kthread+0x337/0x6f0 [ 25.168199] ? trace_preempt_on+0x20/0xc0 [ 25.168232] ? __pfx_kthread+0x10/0x10 [ 25.168253] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.168279] ? calculate_sigpending+0x7b/0xa0 [ 25.168305] ? __pfx_kthread+0x10/0x10 [ 25.168327] ret_from_fork+0x116/0x1d0 [ 25.168348] ? __pfx_kthread+0x10/0x10 [ 25.168369] ret_from_fork_asm+0x1a/0x30 [ 25.168401] </TASK> [ 25.168415] [ 25.175750] Allocated by task 294: [ 25.175884] kasan_save_stack+0x45/0x70 [ 25.176143] kasan_save_track+0x18/0x40 [ 25.176383] kasan_save_alloc_info+0x3b/0x50 [ 25.176569] __kasan_kmalloc+0xb7/0xc0 [ 25.176738] __kmalloc_cache_noprof+0x189/0x420 [ 25.176924] kasan_atomics+0x95/0x310 [ 25.177124] kunit_try_run_case+0x1a5/0x480 [ 25.177373] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.177580] kthread+0x337/0x6f0 [ 25.177745] ret_from_fork+0x116/0x1d0 [ 25.177893] ret_from_fork_asm+0x1a/0x30 [ 25.178075] [ 25.178147] The buggy address belongs to the object at ffff888100aaa000 [ 25.178147] which belongs to the cache kmalloc-64 of size 64 [ 25.178741] The buggy address is located 0 bytes to the right of [ 25.178741] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.179284] [ 25.179403] The buggy address belongs to the physical page: [ 25.179643] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.179992] flags: 0x200000000000000(node=0|zone=2) [ 25.180211] page_type: f5(slab) [ 25.180406] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.180694] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.181003] page dumped because: kasan: bad access detected [ 25.181172] [ 25.181247] Memory state around the buggy address: [ 25.181397] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.181606] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.181874] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.182277] ^ [ 25.182522] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.182800] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.183007] ================================================================== [ 25.683242] ================================================================== [ 25.683593] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1d7a/0x5450 [ 25.684146] Write of size 8 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.684488] [ 25.684600] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.684652] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.684667] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.684692] Call Trace: [ 25.684714] <TASK> [ 25.684736] dump_stack_lvl+0x73/0xb0 [ 25.684766] print_report+0xd1/0x650 [ 25.684790] ? __virt_addr_valid+0x1db/0x2d0 [ 25.684814] ? kasan_atomics_helper+0x1d7a/0x5450 [ 25.684836] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.684863] ? kasan_atomics_helper+0x1d7a/0x5450 [ 25.684886] kasan_report+0x141/0x180 [ 25.684908] ? kasan_atomics_helper+0x1d7a/0x5450 [ 25.684935] kasan_check_range+0x10c/0x1c0 [ 25.684959] __kasan_check_write+0x18/0x20 [ 25.684983] kasan_atomics_helper+0x1d7a/0x5450 [ 25.685006] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.685032] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.685058] ? kasan_atomics+0x152/0x310 [ 25.685086] kasan_atomics+0x1dc/0x310 [ 25.685109] ? __pfx_kasan_atomics+0x10/0x10 [ 25.685135] ? trace_hardirqs_on+0x37/0xe0 [ 25.685159] ? __pfx_read_tsc+0x10/0x10 [ 25.685182] ? ktime_get_ts64+0x86/0x230 [ 25.685208] kunit_try_run_case+0x1a5/0x480 [ 25.685245] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.685270] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.685297] ? __kthread_parkme+0x82/0x180 [ 25.685319] ? preempt_count_sub+0x50/0x80 [ 25.685344] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.685369] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.685394] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.685418] kthread+0x337/0x6f0 [ 25.685440] ? trace_preempt_on+0x20/0xc0 [ 25.685462] ? __pfx_kthread+0x10/0x10 [ 25.685484] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.685509] ? calculate_sigpending+0x7b/0xa0 [ 25.685534] ? __pfx_kthread+0x10/0x10 [ 25.685556] ret_from_fork+0x116/0x1d0 [ 25.685577] ? __pfx_kthread+0x10/0x10 [ 25.685598] ret_from_fork_asm+0x1a/0x30 [ 25.685630] </TASK> [ 25.685642] [ 25.693050] Allocated by task 294: [ 25.693189] kasan_save_stack+0x45/0x70 [ 25.693337] kasan_save_track+0x18/0x40 [ 25.693464] kasan_save_alloc_info+0x3b/0x50 [ 25.693651] __kasan_kmalloc+0xb7/0xc0 [ 25.693831] __kmalloc_cache_noprof+0x189/0x420 [ 25.694044] kasan_atomics+0x95/0x310 [ 25.694240] kunit_try_run_case+0x1a5/0x480 [ 25.694440] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.694645] kthread+0x337/0x6f0 [ 25.694760] ret_from_fork+0x116/0x1d0 [ 25.694966] ret_from_fork_asm+0x1a/0x30 [ 25.695363] [ 25.695454] The buggy address belongs to the object at ffff888100aaa000 [ 25.695454] which belongs to the cache kmalloc-64 of size 64 [ 25.695912] The buggy address is located 0 bytes to the right of [ 25.695912] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.696342] [ 25.696412] The buggy address belongs to the physical page: [ 25.696580] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.696813] flags: 0x200000000000000(node=0|zone=2) [ 25.696972] page_type: f5(slab) [ 25.697088] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.697379] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.697714] page dumped because: kasan: bad access detected [ 25.698170] [ 25.698267] Memory state around the buggy address: [ 25.698485] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.698709] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.698918] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.699128] ^ [ 25.699285] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.699494] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.699699] ================================================================== [ 25.221283] ================================================================== [ 25.221864] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1217/0x5450 [ 25.222250] Write of size 4 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.222606] [ 25.222696] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.222749] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.222763] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.222789] Call Trace: [ 25.222811] <TASK> [ 25.222835] dump_stack_lvl+0x73/0xb0 [ 25.222865] print_report+0xd1/0x650 [ 25.222889] ? __virt_addr_valid+0x1db/0x2d0 [ 25.222915] ? kasan_atomics_helper+0x1217/0x5450 [ 25.222937] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.222964] ? kasan_atomics_helper+0x1217/0x5450 [ 25.222985] kasan_report+0x141/0x180 [ 25.223008] ? kasan_atomics_helper+0x1217/0x5450 [ 25.223042] kasan_check_range+0x10c/0x1c0 [ 25.223066] __kasan_check_write+0x18/0x20 [ 25.223090] kasan_atomics_helper+0x1217/0x5450 [ 25.223121] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.223148] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.223174] ? kasan_atomics+0x152/0x310 [ 25.223201] kasan_atomics+0x1dc/0x310 [ 25.223235] ? __pfx_kasan_atomics+0x10/0x10 [ 25.223258] ? trace_hardirqs_on+0x37/0xe0 [ 25.223282] ? __pfx_read_tsc+0x10/0x10 [ 25.223305] ? ktime_get_ts64+0x86/0x230 [ 25.223331] kunit_try_run_case+0x1a5/0x480 [ 25.223358] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.223383] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.223410] ? __kthread_parkme+0x82/0x180 [ 25.223432] ? preempt_count_sub+0x50/0x80 [ 25.223467] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.223493] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.223518] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.223563] kthread+0x337/0x6f0 [ 25.223584] ? trace_preempt_on+0x20/0xc0 [ 25.223607] ? __pfx_kthread+0x10/0x10 [ 25.223639] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.223664] ? calculate_sigpending+0x7b/0xa0 [ 25.223698] ? __pfx_kthread+0x10/0x10 [ 25.223719] ret_from_fork+0x116/0x1d0 [ 25.223740] ? __pfx_kthread+0x10/0x10 [ 25.223772] ret_from_fork_asm+0x1a/0x30 [ 25.223805] </TASK> [ 25.223817] [ 25.231844] Allocated by task 294: [ 25.232042] kasan_save_stack+0x45/0x70 [ 25.232239] kasan_save_track+0x18/0x40 [ 25.232428] kasan_save_alloc_info+0x3b/0x50 [ 25.232634] __kasan_kmalloc+0xb7/0xc0 [ 25.232798] __kmalloc_cache_noprof+0x189/0x420 [ 25.233003] kasan_atomics+0x95/0x310 [ 25.233189] kunit_try_run_case+0x1a5/0x480 [ 25.233379] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.233550] kthread+0x337/0x6f0 [ 25.233664] ret_from_fork+0x116/0x1d0 [ 25.233790] ret_from_fork_asm+0x1a/0x30 [ 25.233923] [ 25.233989] The buggy address belongs to the object at ffff888100aaa000 [ 25.233989] which belongs to the cache kmalloc-64 of size 64 [ 25.234345] The buggy address is located 0 bytes to the right of [ 25.234345] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.234758] [ 25.234875] The buggy address belongs to the physical page: [ 25.235282] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.235635] flags: 0x200000000000000(node=0|zone=2) [ 25.235867] page_type: f5(slab) [ 25.236027] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.236372] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.236701] page dumped because: kasan: bad access detected [ 25.236947] [ 25.237046] Memory state around the buggy address: [ 25.237279] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.237596] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.237908] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.238233] ^ [ 25.238424] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.238636] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.238842] ================================================================== [ 25.203520] ================================================================== [ 25.203926] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a02/0x5450 [ 25.204385] Read of size 4 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.204698] [ 25.204806] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.204854] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.204878] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.204901] Call Trace: [ 25.204919] <TASK> [ 25.204949] dump_stack_lvl+0x73/0xb0 [ 25.204978] print_report+0xd1/0x650 [ 25.205000] ? __virt_addr_valid+0x1db/0x2d0 [ 25.205039] ? kasan_atomics_helper+0x4a02/0x5450 [ 25.205062] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.205089] ? kasan_atomics_helper+0x4a02/0x5450 [ 25.205121] kasan_report+0x141/0x180 [ 25.205144] ? kasan_atomics_helper+0x4a02/0x5450 [ 25.205182] __asan_report_load4_noabort+0x18/0x20 [ 25.205208] kasan_atomics_helper+0x4a02/0x5450 [ 25.205241] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.205268] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.205305] ? kasan_atomics+0x152/0x310 [ 25.205332] kasan_atomics+0x1dc/0x310 [ 25.205356] ? __pfx_kasan_atomics+0x10/0x10 [ 25.205390] ? trace_hardirqs_on+0x37/0xe0 [ 25.205415] ? __pfx_read_tsc+0x10/0x10 [ 25.205439] ? ktime_get_ts64+0x86/0x230 [ 25.205473] kunit_try_run_case+0x1a5/0x480 [ 25.205500] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.205525] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.205563] ? __kthread_parkme+0x82/0x180 [ 25.205585] ? preempt_count_sub+0x50/0x80 [ 25.205610] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.205634] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.205668] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.205693] kthread+0x337/0x6f0 [ 25.205715] ? trace_preempt_on+0x20/0xc0 [ 25.205749] ? __pfx_kthread+0x10/0x10 [ 25.205771] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.205796] ? calculate_sigpending+0x7b/0xa0 [ 25.205821] ? __pfx_kthread+0x10/0x10 [ 25.205843] ret_from_fork+0x116/0x1d0 [ 25.205863] ? __pfx_kthread+0x10/0x10 [ 25.205885] ret_from_fork_asm+0x1a/0x30 [ 25.205917] </TASK> [ 25.205929] [ 25.213103] Allocated by task 294: [ 25.213264] kasan_save_stack+0x45/0x70 [ 25.213484] kasan_save_track+0x18/0x40 [ 25.213614] kasan_save_alloc_info+0x3b/0x50 [ 25.213756] __kasan_kmalloc+0xb7/0xc0 [ 25.213881] __kmalloc_cache_noprof+0x189/0x420 [ 25.214040] kasan_atomics+0x95/0x310 [ 25.214233] kunit_try_run_case+0x1a5/0x480 [ 25.214439] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.214689] kthread+0x337/0x6f0 [ 25.215019] ret_from_fork+0x116/0x1d0 [ 25.215217] ret_from_fork_asm+0x1a/0x30 [ 25.215457] [ 25.215563] The buggy address belongs to the object at ffff888100aaa000 [ 25.215563] which belongs to the cache kmalloc-64 of size 64 [ 25.216186] The buggy address is located 0 bytes to the right of [ 25.216186] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.216560] [ 25.216628] The buggy address belongs to the physical page: [ 25.216798] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.217142] flags: 0x200000000000000(node=0|zone=2) [ 25.217386] page_type: f5(slab) [ 25.217598] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.217932] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.218331] page dumped because: kasan: bad access detected [ 25.218508] [ 25.218572] Memory state around the buggy address: [ 25.218722] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.218933] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.219149] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.219366] ^ [ 25.219538] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.219993] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.220454] ================================================================== [ 25.805006] ================================================================== [ 25.805335] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f98/0x5450 [ 25.805679] Read of size 8 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.805998] [ 25.806101] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.806148] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.806161] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.806184] Call Trace: [ 25.806201] <TASK> [ 25.806230] dump_stack_lvl+0x73/0xb0 [ 25.806257] print_report+0xd1/0x650 [ 25.806279] ? __virt_addr_valid+0x1db/0x2d0 [ 25.806303] ? kasan_atomics_helper+0x4f98/0x5450 [ 25.806324] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.806351] ? kasan_atomics_helper+0x4f98/0x5450 [ 25.806373] kasan_report+0x141/0x180 [ 25.806395] ? kasan_atomics_helper+0x4f98/0x5450 [ 25.806421] __asan_report_load8_noabort+0x18/0x20 [ 25.806447] kasan_atomics_helper+0x4f98/0x5450 [ 25.806470] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.806497] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.806522] ? kasan_atomics+0x152/0x310 [ 25.806548] kasan_atomics+0x1dc/0x310 [ 25.806572] ? __pfx_kasan_atomics+0x10/0x10 [ 25.806594] ? trace_hardirqs_on+0x37/0xe0 [ 25.806617] ? __pfx_read_tsc+0x10/0x10 [ 25.806640] ? ktime_get_ts64+0x86/0x230 [ 25.806664] kunit_try_run_case+0x1a5/0x480 [ 25.806690] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.806715] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.806743] ? __kthread_parkme+0x82/0x180 [ 25.806764] ? preempt_count_sub+0x50/0x80 [ 25.806788] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.806812] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.806835] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.806859] kthread+0x337/0x6f0 [ 25.806879] ? trace_preempt_on+0x20/0xc0 [ 25.806902] ? __pfx_kthread+0x10/0x10 [ 25.806923] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.806947] ? calculate_sigpending+0x7b/0xa0 [ 25.806971] ? __pfx_kthread+0x10/0x10 [ 25.806993] ret_from_fork+0x116/0x1d0 [ 25.807013] ? __pfx_kthread+0x10/0x10 [ 25.807043] ret_from_fork_asm+0x1a/0x30 [ 25.807073] </TASK> [ 25.807085] [ 25.818697] Allocated by task 294: [ 25.818870] kasan_save_stack+0x45/0x70 [ 25.819440] kasan_save_track+0x18/0x40 [ 25.819708] kasan_save_alloc_info+0x3b/0x50 [ 25.819999] __kasan_kmalloc+0xb7/0xc0 [ 25.820396] __kmalloc_cache_noprof+0x189/0x420 [ 25.820663] kasan_atomics+0x95/0x310 [ 25.820944] kunit_try_run_case+0x1a5/0x480 [ 25.821379] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.821725] kthread+0x337/0x6f0 [ 25.821995] ret_from_fork+0x116/0x1d0 [ 25.822160] ret_from_fork_asm+0x1a/0x30 [ 25.822352] [ 25.822437] The buggy address belongs to the object at ffff888100aaa000 [ 25.822437] which belongs to the cache kmalloc-64 of size 64 [ 25.822900] The buggy address is located 0 bytes to the right of [ 25.822900] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.823849] [ 25.823952] The buggy address belongs to the physical page: [ 25.824417] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.824978] flags: 0x200000000000000(node=0|zone=2) [ 25.825341] page_type: f5(slab) [ 25.825500] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.825787] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.826281] page dumped because: kasan: bad access detected [ 25.826744] [ 25.826846] Memory state around the buggy address: [ 25.827249] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.827667] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.827964] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.828608] ^ [ 25.828945] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.829539] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.829954] ================================================================== [ 25.639913] ================================================================== [ 25.640312] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f30/0x5450 [ 25.640557] Read of size 8 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.641155] [ 25.641365] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.641423] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.641438] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.641463] Call Trace: [ 25.641487] <TASK> [ 25.641509] dump_stack_lvl+0x73/0xb0 [ 25.641541] print_report+0xd1/0x650 [ 25.641564] ? __virt_addr_valid+0x1db/0x2d0 [ 25.641589] ? kasan_atomics_helper+0x4f30/0x5450 [ 25.641611] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.641638] ? kasan_atomics_helper+0x4f30/0x5450 [ 25.641660] kasan_report+0x141/0x180 [ 25.641682] ? kasan_atomics_helper+0x4f30/0x5450 [ 25.641708] __asan_report_load8_noabort+0x18/0x20 [ 25.641734] kasan_atomics_helper+0x4f30/0x5450 [ 25.641756] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.641782] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.641808] ? kasan_atomics+0x152/0x310 [ 25.641836] kasan_atomics+0x1dc/0x310 [ 25.641860] ? __pfx_kasan_atomics+0x10/0x10 [ 25.641882] ? trace_hardirqs_on+0x37/0xe0 [ 25.641906] ? __pfx_read_tsc+0x10/0x10 [ 25.641929] ? ktime_get_ts64+0x86/0x230 [ 25.641954] kunit_try_run_case+0x1a5/0x480 [ 25.641980] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.642006] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.642033] ? __kthread_parkme+0x82/0x180 [ 25.642054] ? preempt_count_sub+0x50/0x80 [ 25.642079] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.642103] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.642127] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.642152] kthread+0x337/0x6f0 [ 25.642173] ? trace_preempt_on+0x20/0xc0 [ 25.642195] ? __pfx_kthread+0x10/0x10 [ 25.642215] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.642251] ? calculate_sigpending+0x7b/0xa0 [ 25.642276] ? __pfx_kthread+0x10/0x10 [ 25.642297] ret_from_fork+0x116/0x1d0 [ 25.642317] ? __pfx_kthread+0x10/0x10 [ 25.642340] ret_from_fork_asm+0x1a/0x30 [ 25.642373] </TASK> [ 25.642386] [ 25.653403] Allocated by task 294: [ 25.653731] kasan_save_stack+0x45/0x70 [ 25.654091] kasan_save_track+0x18/0x40 [ 25.654434] kasan_save_alloc_info+0x3b/0x50 [ 25.654581] __kasan_kmalloc+0xb7/0xc0 [ 25.654705] __kmalloc_cache_noprof+0x189/0x420 [ 25.654854] kasan_atomics+0x95/0x310 [ 25.654978] kunit_try_run_case+0x1a5/0x480 [ 25.655375] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.655832] kthread+0x337/0x6f0 [ 25.656136] ret_from_fork+0x116/0x1d0 [ 25.656475] ret_from_fork_asm+0x1a/0x30 [ 25.656819] [ 25.656967] The buggy address belongs to the object at ffff888100aaa000 [ 25.656967] which belongs to the cache kmalloc-64 of size 64 [ 25.658184] The buggy address is located 0 bytes to the right of [ 25.658184] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.659317] [ 25.659478] The buggy address belongs to the physical page: [ 25.659710] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.659946] flags: 0x200000000000000(node=0|zone=2) [ 25.660306] page_type: f5(slab) [ 25.660599] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.661301] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.662012] page dumped because: kasan: bad access detected [ 25.662497] [ 25.662653] Memory state around the buggy address: [ 25.663078] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.663379] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.663590] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.663795] ^ [ 25.663943] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.664194] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.664561] ================================================================== [ 25.028944] ================================================================== [ 25.029318] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xde0/0x5450 [ 25.029617] Write of size 4 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.029937] [ 25.030068] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.030122] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.030136] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.030161] Call Trace: [ 25.030184] <TASK> [ 25.030205] dump_stack_lvl+0x73/0xb0 [ 25.030245] print_report+0xd1/0x650 [ 25.030269] ? __virt_addr_valid+0x1db/0x2d0 [ 25.030295] ? kasan_atomics_helper+0xde0/0x5450 [ 25.030316] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.030344] ? kasan_atomics_helper+0xde0/0x5450 [ 25.030366] kasan_report+0x141/0x180 [ 25.030389] ? kasan_atomics_helper+0xde0/0x5450 [ 25.030415] kasan_check_range+0x10c/0x1c0 [ 25.030440] __kasan_check_write+0x18/0x20 [ 25.030464] kasan_atomics_helper+0xde0/0x5450 [ 25.030487] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.030514] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.030540] ? kasan_atomics+0x152/0x310 [ 25.030568] kasan_atomics+0x1dc/0x310 [ 25.030591] ? __pfx_kasan_atomics+0x10/0x10 [ 25.030614] ? trace_hardirqs_on+0x37/0xe0 [ 25.030638] ? __pfx_read_tsc+0x10/0x10 [ 25.030662] ? ktime_get_ts64+0x86/0x230 [ 25.030687] kunit_try_run_case+0x1a5/0x480 [ 25.030714] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.030739] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.030768] ? __kthread_parkme+0x82/0x180 [ 25.030790] ? preempt_count_sub+0x50/0x80 [ 25.030813] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.030838] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.030863] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.030889] kthread+0x337/0x6f0 [ 25.030909] ? trace_preempt_on+0x20/0xc0 [ 25.030932] ? __pfx_kthread+0x10/0x10 [ 25.030953] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.030978] ? calculate_sigpending+0x7b/0xa0 [ 25.031030] ? __pfx_kthread+0x10/0x10 [ 25.031054] ret_from_fork+0x116/0x1d0 [ 25.031074] ? __pfx_kthread+0x10/0x10 [ 25.031095] ret_from_fork_asm+0x1a/0x30 [ 25.031127] </TASK> [ 25.031140] [ 25.037709] Allocated by task 294: [ 25.037833] kasan_save_stack+0x45/0x70 [ 25.037969] kasan_save_track+0x18/0x40 [ 25.038135] kasan_save_alloc_info+0x3b/0x50 [ 25.038354] __kasan_kmalloc+0xb7/0xc0 [ 25.038539] __kmalloc_cache_noprof+0x189/0x420 [ 25.038751] kasan_atomics+0x95/0x310 [ 25.038931] kunit_try_run_case+0x1a5/0x480 [ 25.039168] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.039431] kthread+0x337/0x6f0 [ 25.039603] ret_from_fork+0x116/0x1d0 [ 25.039786] ret_from_fork_asm+0x1a/0x30 [ 25.039983] [ 25.040101] The buggy address belongs to the object at ffff888100aaa000 [ 25.040101] which belongs to the cache kmalloc-64 of size 64 [ 25.040637] The buggy address is located 0 bytes to the right of [ 25.040637] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.041203] [ 25.041305] The buggy address belongs to the physical page: [ 25.041472] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.041828] flags: 0x200000000000000(node=0|zone=2) [ 25.042056] page_type: f5(slab) [ 25.042236] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.042524] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.042811] page dumped because: kasan: bad access detected [ 25.043059] [ 25.043131] Memory state around the buggy address: [ 25.043321] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.043604] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.043879] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.044112] ^ [ 25.044269] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.044475] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.044674] ================================================================== [ 24.976361] ================================================================== [ 24.976729] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xc70/0x5450 [ 24.977167] Write of size 4 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 24.977469] [ 24.977565] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.977617] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.977632] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.977656] Call Trace: [ 24.977679] <TASK> [ 24.977701] dump_stack_lvl+0x73/0xb0 [ 24.977729] print_report+0xd1/0x650 [ 24.977754] ? __virt_addr_valid+0x1db/0x2d0 [ 24.977779] ? kasan_atomics_helper+0xc70/0x5450 [ 24.977801] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.977828] ? kasan_atomics_helper+0xc70/0x5450 [ 24.977850] kasan_report+0x141/0x180 [ 24.977874] ? kasan_atomics_helper+0xc70/0x5450 [ 24.977900] kasan_check_range+0x10c/0x1c0 [ 24.977924] __kasan_check_write+0x18/0x20 [ 24.977948] kasan_atomics_helper+0xc70/0x5450 [ 24.977971] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.977997] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.978023] ? kasan_atomics+0x152/0x310 [ 24.978050] kasan_atomics+0x1dc/0x310 [ 24.978074] ? __pfx_kasan_atomics+0x10/0x10 [ 24.978096] ? trace_hardirqs_on+0x37/0xe0 [ 24.978121] ? __pfx_read_tsc+0x10/0x10 [ 24.978143] ? ktime_get_ts64+0x86/0x230 [ 24.978170] kunit_try_run_case+0x1a5/0x480 [ 24.978196] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.978232] ? queued_spin_lock_slowpath+0x116/0xb40 [ 24.978259] ? __kthread_parkme+0x82/0x180 [ 24.978281] ? preempt_count_sub+0x50/0x80 [ 24.978306] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.978330] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.978355] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.978380] kthread+0x337/0x6f0 [ 24.978402] ? trace_preempt_on+0x20/0xc0 [ 24.978425] ? __pfx_kthread+0x10/0x10 [ 24.978446] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.978470] ? calculate_sigpending+0x7b/0xa0 [ 24.978496] ? __pfx_kthread+0x10/0x10 [ 24.978518] ret_from_fork+0x116/0x1d0 [ 24.978538] ? __pfx_kthread+0x10/0x10 [ 24.978560] ret_from_fork_asm+0x1a/0x30 [ 24.978592] </TASK> [ 24.978606] [ 24.985666] Allocated by task 294: [ 24.985848] kasan_save_stack+0x45/0x70 [ 24.986039] kasan_save_track+0x18/0x40 [ 24.986234] kasan_save_alloc_info+0x3b/0x50 [ 24.986438] __kasan_kmalloc+0xb7/0xc0 [ 24.986619] __kmalloc_cache_noprof+0x189/0x420 [ 24.986834] kasan_atomics+0x95/0x310 [ 24.987017] kunit_try_run_case+0x1a5/0x480 [ 24.987227] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.987400] kthread+0x337/0x6f0 [ 24.987515] ret_from_fork+0x116/0x1d0 [ 24.987642] ret_from_fork_asm+0x1a/0x30 [ 24.987776] [ 24.987842] The buggy address belongs to the object at ffff888100aaa000 [ 24.987842] which belongs to the cache kmalloc-64 of size 64 [ 24.988303] The buggy address is located 0 bytes to the right of [ 24.988303] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 24.988931] [ 24.989021] The buggy address belongs to the physical page: [ 24.989288] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 24.989645] flags: 0x200000000000000(node=0|zone=2) [ 24.989882] page_type: f5(slab) [ 24.990051] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.990359] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.990582] page dumped because: kasan: bad access detected [ 24.990746] [ 24.990809] Memory state around the buggy address: [ 24.990961] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.991177] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.991502] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.992187] ^ [ 24.992363] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.992575] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.992783] ================================================================== [ 25.331191] ================================================================== [ 25.331599] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1467/0x5450 [ 25.331888] Write of size 8 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.332346] [ 25.332435] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.332488] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.332502] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.332527] Call Trace: [ 25.332549] <TASK> [ 25.332571] dump_stack_lvl+0x73/0xb0 [ 25.332600] print_report+0xd1/0x650 [ 25.332624] ? __virt_addr_valid+0x1db/0x2d0 [ 25.332649] ? kasan_atomics_helper+0x1467/0x5450 [ 25.332671] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.332710] ? kasan_atomics_helper+0x1467/0x5450 [ 25.332744] kasan_report+0x141/0x180 [ 25.332768] ? kasan_atomics_helper+0x1467/0x5450 [ 25.332794] kasan_check_range+0x10c/0x1c0 [ 25.332830] __kasan_check_write+0x18/0x20 [ 25.332854] kasan_atomics_helper+0x1467/0x5450 [ 25.332876] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.332903] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.332930] ? kasan_atomics+0x152/0x310 [ 25.332957] kasan_atomics+0x1dc/0x310 [ 25.332981] ? __pfx_kasan_atomics+0x10/0x10 [ 25.333004] ? trace_hardirqs_on+0x37/0xe0 [ 25.333028] ? __pfx_read_tsc+0x10/0x10 [ 25.333052] ? ktime_get_ts64+0x86/0x230 [ 25.333079] kunit_try_run_case+0x1a5/0x480 [ 25.333106] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.333131] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.333159] ? __kthread_parkme+0x82/0x180 [ 25.333182] ? preempt_count_sub+0x50/0x80 [ 25.333206] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.333241] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.333266] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.333291] kthread+0x337/0x6f0 [ 25.333312] ? trace_preempt_on+0x20/0xc0 [ 25.333335] ? __pfx_kthread+0x10/0x10 [ 25.333356] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.333382] ? calculate_sigpending+0x7b/0xa0 [ 25.333407] ? __pfx_kthread+0x10/0x10 [ 25.333430] ret_from_fork+0x116/0x1d0 [ 25.333449] ? __pfx_kthread+0x10/0x10 [ 25.333471] ret_from_fork_asm+0x1a/0x30 [ 25.333504] </TASK> [ 25.333517] [ 25.341469] Allocated by task 294: [ 25.341677] kasan_save_stack+0x45/0x70 [ 25.341915] kasan_save_track+0x18/0x40 [ 25.342142] kasan_save_alloc_info+0x3b/0x50 [ 25.342315] __kasan_kmalloc+0xb7/0xc0 [ 25.342458] __kmalloc_cache_noprof+0x189/0x420 [ 25.342693] kasan_atomics+0x95/0x310 [ 25.342876] kunit_try_run_case+0x1a5/0x480 [ 25.343030] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.343293] kthread+0x337/0x6f0 [ 25.343431] ret_from_fork+0x116/0x1d0 [ 25.343636] ret_from_fork_asm+0x1a/0x30 [ 25.343773] [ 25.343838] The buggy address belongs to the object at ffff888100aaa000 [ 25.343838] which belongs to the cache kmalloc-64 of size 64 [ 25.344577] The buggy address is located 0 bytes to the right of [ 25.344577] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.345177] [ 25.345289] The buggy address belongs to the physical page: [ 25.345527] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.345867] flags: 0x200000000000000(node=0|zone=2) [ 25.346081] page_type: f5(slab) [ 25.346263] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.346581] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.346883] page dumped because: kasan: bad access detected [ 25.347135] [ 25.347234] Memory state around the buggy address: [ 25.347443] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.347755] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.348097] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.348375] ^ [ 25.348527] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.348738] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.348998] ================================================================== [ 25.930943] ================================================================== [ 25.931438] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5115/0x5450 [ 25.932110] Read of size 8 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.932715] [ 25.932887] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.932939] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.932953] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.932978] Call Trace: [ 25.933000] <TASK> [ 25.933023] dump_stack_lvl+0x73/0xb0 [ 25.933053] print_report+0xd1/0x650 [ 25.933077] ? __virt_addr_valid+0x1db/0x2d0 [ 25.933104] ? kasan_atomics_helper+0x5115/0x5450 [ 25.933126] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.933152] ? kasan_atomics_helper+0x5115/0x5450 [ 25.933174] kasan_report+0x141/0x180 [ 25.933197] ? kasan_atomics_helper+0x5115/0x5450 [ 25.933235] __asan_report_load8_noabort+0x18/0x20 [ 25.933260] kasan_atomics_helper+0x5115/0x5450 [ 25.933283] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.933308] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.933335] ? kasan_atomics+0x152/0x310 [ 25.933363] kasan_atomics+0x1dc/0x310 [ 25.933386] ? __pfx_kasan_atomics+0x10/0x10 [ 25.933408] ? trace_hardirqs_on+0x37/0xe0 [ 25.933432] ? __pfx_read_tsc+0x10/0x10 [ 25.933456] ? ktime_get_ts64+0x86/0x230 [ 25.933482] kunit_try_run_case+0x1a5/0x480 [ 25.933508] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.933534] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.933561] ? __kthread_parkme+0x82/0x180 [ 25.933583] ? preempt_count_sub+0x50/0x80 [ 25.933607] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.933632] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.933656] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.933681] kthread+0x337/0x6f0 [ 25.933702] ? trace_preempt_on+0x20/0xc0 [ 25.933725] ? __pfx_kthread+0x10/0x10 [ 25.933746] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.933771] ? calculate_sigpending+0x7b/0xa0 [ 25.933796] ? __pfx_kthread+0x10/0x10 [ 25.933818] ret_from_fork+0x116/0x1d0 [ 25.933837] ? __pfx_kthread+0x10/0x10 [ 25.933858] ret_from_fork_asm+0x1a/0x30 [ 25.933890] </TASK> [ 25.933902] [ 25.944675] Allocated by task 294: [ 25.944808] kasan_save_stack+0x45/0x70 [ 25.944947] kasan_save_track+0x18/0x40 [ 25.945207] kasan_save_alloc_info+0x3b/0x50 [ 25.945593] __kasan_kmalloc+0xb7/0xc0 [ 25.945928] __kmalloc_cache_noprof+0x189/0x420 [ 25.946435] kasan_atomics+0x95/0x310 [ 25.946832] kunit_try_run_case+0x1a5/0x480 [ 25.947249] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.947712] kthread+0x337/0x6f0 [ 25.947889] ret_from_fork+0x116/0x1d0 [ 25.948018] ret_from_fork_asm+0x1a/0x30 [ 25.948372] [ 25.948525] The buggy address belongs to the object at ffff888100aaa000 [ 25.948525] which belongs to the cache kmalloc-64 of size 64 [ 25.949564] The buggy address is located 0 bytes to the right of [ 25.949564] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.949974] [ 25.950069] The buggy address belongs to the physical page: [ 25.950552] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.951259] flags: 0x200000000000000(node=0|zone=2) [ 25.951693] page_type: f5(slab) [ 25.951992] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.952679] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.952939] page dumped because: kasan: bad access detected [ 25.953332] [ 25.953486] Memory state around the buggy address: [ 25.953910] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.954513] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.954935] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.955188] ^ [ 25.955353] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.955569] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.955778] ================================================================== [ 24.923443] ================================================================== [ 24.923812] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa2b/0x5450 [ 24.924297] Write of size 4 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 24.924629] [ 24.924738] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.924791] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.924804] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.924830] Call Trace: [ 24.924852] <TASK> [ 24.924874] dump_stack_lvl+0x73/0xb0 [ 24.924903] print_report+0xd1/0x650 [ 24.924927] ? __virt_addr_valid+0x1db/0x2d0 [ 24.924953] ? kasan_atomics_helper+0xa2b/0x5450 [ 24.924974] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.925001] ? kasan_atomics_helper+0xa2b/0x5450 [ 24.925034] kasan_report+0x141/0x180 [ 24.925057] ? kasan_atomics_helper+0xa2b/0x5450 [ 24.925083] kasan_check_range+0x10c/0x1c0 [ 24.925108] __kasan_check_write+0x18/0x20 [ 24.925132] kasan_atomics_helper+0xa2b/0x5450 [ 24.925155] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.925182] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.925208] ? kasan_atomics+0x152/0x310 [ 24.925247] kasan_atomics+0x1dc/0x310 [ 24.925271] ? __pfx_kasan_atomics+0x10/0x10 [ 24.925297] ? trace_hardirqs_on+0x37/0xe0 [ 24.925322] ? __pfx_read_tsc+0x10/0x10 [ 24.925347] ? ktime_get_ts64+0x86/0x230 [ 24.925372] kunit_try_run_case+0x1a5/0x480 [ 24.925400] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.925426] ? queued_spin_lock_slowpath+0x116/0xb40 [ 24.925453] ? __kthread_parkme+0x82/0x180 [ 24.925475] ? preempt_count_sub+0x50/0x80 [ 24.925501] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.925527] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.925552] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.925577] kthread+0x337/0x6f0 [ 24.925598] ? trace_preempt_on+0x20/0xc0 [ 24.925621] ? __pfx_kthread+0x10/0x10 [ 24.925643] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.925668] ? calculate_sigpending+0x7b/0xa0 [ 24.925693] ? __pfx_kthread+0x10/0x10 [ 24.925715] ret_from_fork+0x116/0x1d0 [ 24.925736] ? __pfx_kthread+0x10/0x10 [ 24.925757] ret_from_fork_asm+0x1a/0x30 [ 24.925790] </TASK> [ 24.925803] [ 24.933016] Allocated by task 294: [ 24.933208] kasan_save_stack+0x45/0x70 [ 24.933422] kasan_save_track+0x18/0x40 [ 24.933614] kasan_save_alloc_info+0x3b/0x50 [ 24.933821] __kasan_kmalloc+0xb7/0xc0 [ 24.933987] __kmalloc_cache_noprof+0x189/0x420 [ 24.934189] kasan_atomics+0x95/0x310 [ 24.934337] kunit_try_run_case+0x1a5/0x480 [ 24.934480] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.934652] kthread+0x337/0x6f0 [ 24.934771] ret_from_fork+0x116/0x1d0 [ 24.934903] ret_from_fork_asm+0x1a/0x30 [ 24.935040] [ 24.935107] The buggy address belongs to the object at ffff888100aaa000 [ 24.935107] which belongs to the cache kmalloc-64 of size 64 [ 24.935467] The buggy address is located 0 bytes to the right of [ 24.935467] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 24.935833] [ 24.935901] The buggy address belongs to the physical page: [ 24.936070] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 24.936431] flags: 0x200000000000000(node=0|zone=2) [ 24.936666] page_type: f5(slab) [ 24.936833] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.937382] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.937722] page dumped because: kasan: bad access detected [ 24.937976] [ 24.938114] Memory state around the buggy address: [ 24.938349] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.938671] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.938882] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.939294] ^ [ 24.939524] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.939813] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.940086] ================================================================== [ 25.426297] ================================================================== [ 25.426534] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16e7/0x5450 [ 25.426990] Write of size 8 at addr ffff888100aaa030 by task kunit_try_catch/294 [ 25.427342] [ 25.427452] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 25.427502] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.427516] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.427539] Call Trace: [ 25.427558] <TASK> [ 25.427579] dump_stack_lvl+0x73/0xb0 [ 25.427607] print_report+0xd1/0x650 [ 25.427630] ? __virt_addr_valid+0x1db/0x2d0 [ 25.427655] ? kasan_atomics_helper+0x16e7/0x5450 [ 25.427677] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.427705] ? kasan_atomics_helper+0x16e7/0x5450 [ 25.427727] kasan_report+0x141/0x180 [ 25.427750] ? kasan_atomics_helper+0x16e7/0x5450 [ 25.427776] kasan_check_range+0x10c/0x1c0 [ 25.427800] __kasan_check_write+0x18/0x20 [ 25.427825] kasan_atomics_helper+0x16e7/0x5450 [ 25.427849] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.427877] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.427902] ? kasan_atomics+0x152/0x310 [ 25.427930] kasan_atomics+0x1dc/0x310 [ 25.427953] ? __pfx_kasan_atomics+0x10/0x10 [ 25.427976] ? trace_hardirqs_on+0x37/0xe0 [ 25.428000] ? __pfx_read_tsc+0x10/0x10 [ 25.428023] ? ktime_get_ts64+0x86/0x230 [ 25.428049] kunit_try_run_case+0x1a5/0x480 [ 25.428074] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.428100] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.428127] ? __kthread_parkme+0x82/0x180 [ 25.428159] ? preempt_count_sub+0x50/0x80 [ 25.428184] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.428209] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.428244] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.428269] kthread+0x337/0x6f0 [ 25.428290] ? trace_preempt_on+0x20/0xc0 [ 25.428313] ? __pfx_kthread+0x10/0x10 [ 25.428334] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.428359] ? calculate_sigpending+0x7b/0xa0 [ 25.428384] ? __pfx_kthread+0x10/0x10 [ 25.428407] ret_from_fork+0x116/0x1d0 [ 25.428428] ? __pfx_kthread+0x10/0x10 [ 25.428450] ret_from_fork_asm+0x1a/0x30 [ 25.428482] </TASK> [ 25.428495] [ 25.436022] Allocated by task 294: [ 25.436207] kasan_save_stack+0x45/0x70 [ 25.436419] kasan_save_track+0x18/0x40 [ 25.436608] kasan_save_alloc_info+0x3b/0x50 [ 25.436823] __kasan_kmalloc+0xb7/0xc0 [ 25.437008] __kmalloc_cache_noprof+0x189/0x420 [ 25.437283] kasan_atomics+0x95/0x310 [ 25.437450] kunit_try_run_case+0x1a5/0x480 [ 25.437626] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.437847] kthread+0x337/0x6f0 [ 25.437980] ret_from_fork+0x116/0x1d0 [ 25.438252] ret_from_fork_asm+0x1a/0x30 [ 25.438433] [ 25.438526] The buggy address belongs to the object at ffff888100aaa000 [ 25.438526] which belongs to the cache kmalloc-64 of size 64 [ 25.438989] The buggy address is located 0 bytes to the right of [ 25.438989] allocated 48-byte region [ffff888100aaa000, ffff888100aaa030) [ 25.439551] [ 25.439623] The buggy address belongs to the physical page: [ 25.439792] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa [ 25.440029] flags: 0x200000000000000(node=0|zone=2) [ 25.440199] page_type: f5(slab) [ 25.440375] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.440713] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.441049] page dumped because: kasan: bad access detected [ 25.441351] [ 25.441417] Memory state around the buggy address: [ 25.441566] ffff888100aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.441775] ffff888100aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.442235] >ffff888100aaa000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.442555] ^ [ 25.442774] ffff888100aaa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.443160] ffff888100aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.443444] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 24.441761] ================================================================== [ 24.442348] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 24.442940] Write of size 8 at addr ffff88810278b728 by task kunit_try_catch/290 [ 24.443511] [ 24.443959] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.444012] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.444025] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.444050] Call Trace: [ 24.444069] <TASK> [ 24.444089] dump_stack_lvl+0x73/0xb0 [ 24.444118] print_report+0xd1/0x650 [ 24.444139] ? __virt_addr_valid+0x1db/0x2d0 [ 24.444163] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 24.444189] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.444214] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 24.444252] kasan_report+0x141/0x180 [ 24.444274] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 24.444304] kasan_check_range+0x10c/0x1c0 [ 24.444327] __kasan_check_write+0x18/0x20 [ 24.444350] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 24.444376] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.444404] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.444429] ? trace_hardirqs_on+0x37/0xe0 [ 24.444452] ? kasan_bitops_generic+0x92/0x1c0 [ 24.444479] kasan_bitops_generic+0x121/0x1c0 [ 24.444501] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.444525] ? __pfx_read_tsc+0x10/0x10 [ 24.444546] ? ktime_get_ts64+0x86/0x230 [ 24.444571] kunit_try_run_case+0x1a5/0x480 [ 24.444595] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.444616] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.444641] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.444665] ? __kthread_parkme+0x82/0x180 [ 24.444686] ? preempt_count_sub+0x50/0x80 [ 24.444708] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.444731] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.444754] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.444776] kthread+0x337/0x6f0 [ 24.444906] ? trace_preempt_on+0x20/0xc0 [ 24.444931] ? __pfx_kthread+0x10/0x10 [ 24.444952] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.444974] ? calculate_sigpending+0x7b/0xa0 [ 24.444998] ? __pfx_kthread+0x10/0x10 [ 24.445063] ret_from_fork+0x116/0x1d0 [ 24.445085] ? __pfx_kthread+0x10/0x10 [ 24.445104] ret_from_fork_asm+0x1a/0x30 [ 24.445135] </TASK> [ 24.445146] [ 24.457710] Allocated by task 290: [ 24.457934] kasan_save_stack+0x45/0x70 [ 24.458090] kasan_save_track+0x18/0x40 [ 24.458360] kasan_save_alloc_info+0x3b/0x50 [ 24.458611] __kasan_kmalloc+0xb7/0xc0 [ 24.458803] __kmalloc_cache_noprof+0x189/0x420 [ 24.458954] kasan_bitops_generic+0x92/0x1c0 [ 24.459242] kunit_try_run_case+0x1a5/0x480 [ 24.459469] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.459687] kthread+0x337/0x6f0 [ 24.459852] ret_from_fork+0x116/0x1d0 [ 24.460055] ret_from_fork_asm+0x1a/0x30 [ 24.460268] [ 24.460374] The buggy address belongs to the object at ffff88810278b720 [ 24.460374] which belongs to the cache kmalloc-16 of size 16 [ 24.460742] The buggy address is located 8 bytes inside of [ 24.460742] allocated 9-byte region [ffff88810278b720, ffff88810278b729) [ 24.461277] [ 24.461346] The buggy address belongs to the physical page: [ 24.461513] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10278b [ 24.461759] flags: 0x200000000000000(node=0|zone=2) [ 24.462101] page_type: f5(slab) [ 24.462310] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.462687] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.463451] page dumped because: kasan: bad access detected [ 24.463625] [ 24.463686] Memory state around the buggy address: [ 24.464320] ffff88810278b600: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.464666] ffff88810278b680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.465076] >ffff88810278b700: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.465808] ^ [ 24.465967] ffff88810278b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.466669] ffff88810278b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.467587] ================================================================== [ 24.468765] ================================================================== [ 24.469382] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 24.469776] Write of size 8 at addr ffff88810278b728 by task kunit_try_catch/290 [ 24.470642] [ 24.470764] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.470815] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.470828] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.470853] Call Trace: [ 24.470875] <TASK> [ 24.470896] dump_stack_lvl+0x73/0xb0 [ 24.470926] print_report+0xd1/0x650 [ 24.470950] ? __virt_addr_valid+0x1db/0x2d0 [ 24.470975] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 24.471001] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.471035] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 24.471062] kasan_report+0x141/0x180 [ 24.471083] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 24.471114] kasan_check_range+0x10c/0x1c0 [ 24.471137] __kasan_check_write+0x18/0x20 [ 24.471159] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 24.471186] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.471214] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.471247] ? trace_hardirqs_on+0x37/0xe0 [ 24.471269] ? kasan_bitops_generic+0x92/0x1c0 [ 24.471295] kasan_bitops_generic+0x121/0x1c0 [ 24.471318] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.471342] ? __pfx_read_tsc+0x10/0x10 [ 24.471364] ? ktime_get_ts64+0x86/0x230 [ 24.471389] kunit_try_run_case+0x1a5/0x480 [ 24.471413] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.471560] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.471585] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.471610] ? __kthread_parkme+0x82/0x180 [ 24.471632] ? preempt_count_sub+0x50/0x80 [ 24.471655] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.471677] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.471701] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.471725] kthread+0x337/0x6f0 [ 24.471744] ? trace_preempt_on+0x20/0xc0 [ 24.471765] ? __pfx_kthread+0x10/0x10 [ 24.471796] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.471819] ? calculate_sigpending+0x7b/0xa0 [ 24.471843] ? __pfx_kthread+0x10/0x10 [ 24.471865] ret_from_fork+0x116/0x1d0 [ 24.471887] ? __pfx_kthread+0x10/0x10 [ 24.471908] ret_from_fork_asm+0x1a/0x30 [ 24.471942] </TASK> [ 24.471953] [ 24.483423] Allocated by task 290: [ 24.483688] kasan_save_stack+0x45/0x70 [ 24.484039] kasan_save_track+0x18/0x40 [ 24.484249] kasan_save_alloc_info+0x3b/0x50 [ 24.484677] __kasan_kmalloc+0xb7/0xc0 [ 24.484826] __kmalloc_cache_noprof+0x189/0x420 [ 24.485288] kasan_bitops_generic+0x92/0x1c0 [ 24.485552] kunit_try_run_case+0x1a5/0x480 [ 24.485738] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.485988] kthread+0x337/0x6f0 [ 24.486447] ret_from_fork+0x116/0x1d0 [ 24.486708] ret_from_fork_asm+0x1a/0x30 [ 24.486911] [ 24.487012] The buggy address belongs to the object at ffff88810278b720 [ 24.487012] which belongs to the cache kmalloc-16 of size 16 [ 24.487620] The buggy address is located 8 bytes inside of [ 24.487620] allocated 9-byte region [ffff88810278b720, ffff88810278b729) [ 24.488341] [ 24.488574] The buggy address belongs to the physical page: [ 24.488939] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10278b [ 24.489447] flags: 0x200000000000000(node=0|zone=2) [ 24.489807] page_type: f5(slab) [ 24.490055] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.490312] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.490756] page dumped because: kasan: bad access detected [ 24.491215] [ 24.491392] Memory state around the buggy address: [ 24.491574] ffff88810278b600: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.492416] ffff88810278b680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.492836] >ffff88810278b700: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.493133] ^ [ 24.493516] ffff88810278b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.493988] ffff88810278b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.494393] ================================================================== [ 24.494978] ================================================================== [ 24.495247] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 24.495787] Write of size 8 at addr ffff88810278b728 by task kunit_try_catch/290 [ 24.497036] [ 24.497350] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.497408] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.497422] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.497448] Call Trace: [ 24.497469] <TASK> [ 24.497491] dump_stack_lvl+0x73/0xb0 [ 24.497524] print_report+0xd1/0x650 [ 24.497548] ? __virt_addr_valid+0x1db/0x2d0 [ 24.497573] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 24.497599] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.497625] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 24.497652] kasan_report+0x141/0x180 [ 24.497672] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 24.497703] kasan_check_range+0x10c/0x1c0 [ 24.497725] __kasan_check_write+0x18/0x20 [ 24.497748] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 24.497783] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.497812] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.497836] ? trace_hardirqs_on+0x37/0xe0 [ 24.497858] ? kasan_bitops_generic+0x92/0x1c0 [ 24.497885] kasan_bitops_generic+0x121/0x1c0 [ 24.497907] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.497931] ? __pfx_read_tsc+0x10/0x10 [ 24.497953] ? ktime_get_ts64+0x86/0x230 [ 24.497978] kunit_try_run_case+0x1a5/0x480 [ 24.498003] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.498025] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.498051] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.498075] ? __kthread_parkme+0x82/0x180 [ 24.498096] ? preempt_count_sub+0x50/0x80 [ 24.498118] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.498140] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.498164] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.498187] kthread+0x337/0x6f0 [ 24.498207] ? trace_preempt_on+0x20/0xc0 [ 24.498238] ? __pfx_kthread+0x10/0x10 [ 24.498259] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.498281] ? calculate_sigpending+0x7b/0xa0 [ 24.498305] ? __pfx_kthread+0x10/0x10 [ 24.498325] ret_from_fork+0x116/0x1d0 [ 24.498344] ? __pfx_kthread+0x10/0x10 [ 24.498363] ret_from_fork_asm+0x1a/0x30 [ 24.498395] </TASK> [ 24.498407] [ 24.513352] Allocated by task 290: [ 24.513530] kasan_save_stack+0x45/0x70 [ 24.513855] kasan_save_track+0x18/0x40 [ 24.514324] kasan_save_alloc_info+0x3b/0x50 [ 24.514695] __kasan_kmalloc+0xb7/0xc0 [ 24.514874] __kmalloc_cache_noprof+0x189/0x420 [ 24.515439] kasan_bitops_generic+0x92/0x1c0 [ 24.515894] kunit_try_run_case+0x1a5/0x480 [ 24.516293] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.516820] kthread+0x337/0x6f0 [ 24.517105] ret_from_fork+0x116/0x1d0 [ 24.517487] ret_from_fork_asm+0x1a/0x30 [ 24.517898] [ 24.517977] The buggy address belongs to the object at ffff88810278b720 [ 24.517977] which belongs to the cache kmalloc-16 of size 16 [ 24.518622] The buggy address is located 8 bytes inside of [ 24.518622] allocated 9-byte region [ffff88810278b720, ffff88810278b729) [ 24.519605] [ 24.519781] The buggy address belongs to the physical page: [ 24.520406] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10278b [ 24.521139] flags: 0x200000000000000(node=0|zone=2) [ 24.521333] page_type: f5(slab) [ 24.521454] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.521674] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.521901] page dumped because: kasan: bad access detected [ 24.522067] [ 24.522129] Memory state around the buggy address: [ 24.522293] ffff88810278b600: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.522504] ffff88810278b680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.522811] >ffff88810278b700: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.523125] ^ [ 24.523424] ffff88810278b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.523768] ffff88810278b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.523978] ================================================================== [ 24.417968] ================================================================== [ 24.418304] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 24.418970] Write of size 8 at addr ffff88810278b728 by task kunit_try_catch/290 [ 24.419335] [ 24.419476] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.419565] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.419578] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.419615] Call Trace: [ 24.419660] <TASK> [ 24.419683] dump_stack_lvl+0x73/0xb0 [ 24.419713] print_report+0xd1/0x650 [ 24.419735] ? __virt_addr_valid+0x1db/0x2d0 [ 24.419760] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 24.419786] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.419813] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 24.419839] kasan_report+0x141/0x180 [ 24.419861] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 24.419892] kasan_check_range+0x10c/0x1c0 [ 24.419914] __kasan_check_write+0x18/0x20 [ 24.419936] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 24.419963] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.419991] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.420014] ? trace_hardirqs_on+0x37/0xe0 [ 24.420038] ? kasan_bitops_generic+0x92/0x1c0 [ 24.420063] kasan_bitops_generic+0x121/0x1c0 [ 24.420086] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.420110] ? __pfx_read_tsc+0x10/0x10 [ 24.420511] ? ktime_get_ts64+0x86/0x230 [ 24.420540] kunit_try_run_case+0x1a5/0x480 [ 24.420567] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.420590] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.420616] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.420640] ? __kthread_parkme+0x82/0x180 [ 24.420661] ? preempt_count_sub+0x50/0x80 [ 24.420684] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.420708] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.420730] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.420754] kthread+0x337/0x6f0 [ 24.420773] ? trace_preempt_on+0x20/0xc0 [ 24.420859] ? __pfx_kthread+0x10/0x10 [ 24.420881] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.420904] ? calculate_sigpending+0x7b/0xa0 [ 24.420929] ? __pfx_kthread+0x10/0x10 [ 24.420976] ret_from_fork+0x116/0x1d0 [ 24.420996] ? __pfx_kthread+0x10/0x10 [ 24.421016] ret_from_fork_asm+0x1a/0x30 [ 24.421048] </TASK> [ 24.421059] [ 24.430334] Allocated by task 290: [ 24.430465] kasan_save_stack+0x45/0x70 [ 24.430666] kasan_save_track+0x18/0x40 [ 24.430982] kasan_save_alloc_info+0x3b/0x50 [ 24.431271] __kasan_kmalloc+0xb7/0xc0 [ 24.431459] __kmalloc_cache_noprof+0x189/0x420 [ 24.431657] kasan_bitops_generic+0x92/0x1c0 [ 24.432083] kunit_try_run_case+0x1a5/0x480 [ 24.432279] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.432596] kthread+0x337/0x6f0 [ 24.432787] ret_from_fork+0x116/0x1d0 [ 24.433034] ret_from_fork_asm+0x1a/0x30 [ 24.433198] [ 24.433305] The buggy address belongs to the object at ffff88810278b720 [ 24.433305] which belongs to the cache kmalloc-16 of size 16 [ 24.433913] The buggy address is located 8 bytes inside of [ 24.433913] allocated 9-byte region [ffff88810278b720, ffff88810278b729) [ 24.434564] [ 24.434668] The buggy address belongs to the physical page: [ 24.434923] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10278b [ 24.435384] flags: 0x200000000000000(node=0|zone=2) [ 24.435617] page_type: f5(slab) [ 24.435766] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.436092] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.436323] page dumped because: kasan: bad access detected [ 24.436547] [ 24.436639] Memory state around the buggy address: [ 24.436862] ffff88810278b600: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.437363] ffff88810278b680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.437681] >ffff88810278b700: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.438508] ^ [ 24.438668] ffff88810278b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.439665] ffff88810278b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.440262] ================================================================== [ 24.373705] ================================================================== [ 24.374340] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 24.374775] Write of size 8 at addr ffff88810278b728 by task kunit_try_catch/290 [ 24.375149] [ 24.375358] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.375410] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.375423] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.375447] Call Trace: [ 24.375468] <TASK> [ 24.375490] dump_stack_lvl+0x73/0xb0 [ 24.375519] print_report+0xd1/0x650 [ 24.375542] ? __virt_addr_valid+0x1db/0x2d0 [ 24.375565] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 24.375592] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.375618] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 24.375724] kasan_report+0x141/0x180 [ 24.375751] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 24.375820] kasan_check_range+0x10c/0x1c0 [ 24.375846] __kasan_check_write+0x18/0x20 [ 24.375869] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 24.375896] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.375922] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.375947] ? trace_hardirqs_on+0x37/0xe0 [ 24.375969] ? kasan_bitops_generic+0x92/0x1c0 [ 24.375994] kasan_bitops_generic+0x121/0x1c0 [ 24.376034] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.376058] ? __pfx_read_tsc+0x10/0x10 [ 24.376081] ? ktime_get_ts64+0x86/0x230 [ 24.376105] kunit_try_run_case+0x1a5/0x480 [ 24.376130] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.376151] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.376178] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.376202] ? __kthread_parkme+0x82/0x180 [ 24.376282] ? preempt_count_sub+0x50/0x80 [ 24.376310] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.376334] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.376357] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.376381] kthread+0x337/0x6f0 [ 24.376401] ? trace_preempt_on+0x20/0xc0 [ 24.376422] ? __pfx_kthread+0x10/0x10 [ 24.376442] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.376465] ? calculate_sigpending+0x7b/0xa0 [ 24.376489] ? __pfx_kthread+0x10/0x10 [ 24.376510] ret_from_fork+0x116/0x1d0 [ 24.376529] ? __pfx_kthread+0x10/0x10 [ 24.376549] ret_from_fork_asm+0x1a/0x30 [ 24.376580] </TASK> [ 24.376591] [ 24.386591] Allocated by task 290: [ 24.386785] kasan_save_stack+0x45/0x70 [ 24.386995] kasan_save_track+0x18/0x40 [ 24.387263] kasan_save_alloc_info+0x3b/0x50 [ 24.387470] __kasan_kmalloc+0xb7/0xc0 [ 24.387823] __kmalloc_cache_noprof+0x189/0x420 [ 24.388148] kasan_bitops_generic+0x92/0x1c0 [ 24.388357] kunit_try_run_case+0x1a5/0x480 [ 24.388501] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.388666] kthread+0x337/0x6f0 [ 24.388869] ret_from_fork+0x116/0x1d0 [ 24.389114] ret_from_fork_asm+0x1a/0x30 [ 24.389321] [ 24.389411] The buggy address belongs to the object at ffff88810278b720 [ 24.389411] which belongs to the cache kmalloc-16 of size 16 [ 24.390331] The buggy address is located 8 bytes inside of [ 24.390331] allocated 9-byte region [ffff88810278b720, ffff88810278b729) [ 24.390849] [ 24.390945] The buggy address belongs to the physical page: [ 24.391233] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10278b [ 24.391695] flags: 0x200000000000000(node=0|zone=2) [ 24.391991] page_type: f5(slab) [ 24.392184] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.392560] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.392896] page dumped because: kasan: bad access detected [ 24.393147] [ 24.393368] Memory state around the buggy address: [ 24.393600] ffff88810278b600: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.393933] ffff88810278b680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.394248] >ffff88810278b700: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.394463] ^ [ 24.394676] ffff88810278b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.395481] ffff88810278b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.395852] ================================================================== [ 24.564540] ================================================================== [ 24.565069] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 24.565434] Read of size 8 at addr ffff88810278b728 by task kunit_try_catch/290 [ 24.565710] [ 24.565865] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.565916] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.565929] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.565953] Call Trace: [ 24.565974] <TASK> [ 24.565996] dump_stack_lvl+0x73/0xb0 [ 24.566040] print_report+0xd1/0x650 [ 24.566062] ? __virt_addr_valid+0x1db/0x2d0 [ 24.566086] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 24.566114] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.566139] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 24.566166] kasan_report+0x141/0x180 [ 24.566187] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 24.566217] __asan_report_load8_noabort+0x18/0x20 [ 24.566250] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 24.566279] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.566306] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.566329] ? trace_hardirqs_on+0x37/0xe0 [ 24.566352] ? kasan_bitops_generic+0x92/0x1c0 [ 24.566378] kasan_bitops_generic+0x121/0x1c0 [ 24.566401] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.566425] ? __pfx_read_tsc+0x10/0x10 [ 24.566446] ? ktime_get_ts64+0x86/0x230 [ 24.566470] kunit_try_run_case+0x1a5/0x480 [ 24.566494] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.566517] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.566542] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.566566] ? __kthread_parkme+0x82/0x180 [ 24.566586] ? preempt_count_sub+0x50/0x80 [ 24.566609] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.566632] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.566655] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.566706] kthread+0x337/0x6f0 [ 24.566727] ? trace_preempt_on+0x20/0xc0 [ 24.566748] ? __pfx_kthread+0x10/0x10 [ 24.566768] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.566825] ? calculate_sigpending+0x7b/0xa0 [ 24.566849] ? __pfx_kthread+0x10/0x10 [ 24.566870] ret_from_fork+0x116/0x1d0 [ 24.566890] ? __pfx_kthread+0x10/0x10 [ 24.566925] ret_from_fork_asm+0x1a/0x30 [ 24.566970] </TASK> [ 24.566995] [ 24.575506] Allocated by task 290: [ 24.575684] kasan_save_stack+0x45/0x70 [ 24.575994] kasan_save_track+0x18/0x40 [ 24.576240] kasan_save_alloc_info+0x3b/0x50 [ 24.576489] __kasan_kmalloc+0xb7/0xc0 [ 24.576649] __kmalloc_cache_noprof+0x189/0x420 [ 24.576884] kasan_bitops_generic+0x92/0x1c0 [ 24.577100] kunit_try_run_case+0x1a5/0x480 [ 24.577319] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.577536] kthread+0x337/0x6f0 [ 24.577674] ret_from_fork+0x116/0x1d0 [ 24.577885] ret_from_fork_asm+0x1a/0x30 [ 24.578117] [ 24.578227] The buggy address belongs to the object at ffff88810278b720 [ 24.578227] which belongs to the cache kmalloc-16 of size 16 [ 24.578689] The buggy address is located 8 bytes inside of [ 24.578689] allocated 9-byte region [ffff88810278b720, ffff88810278b729) [ 24.579300] [ 24.579395] The buggy address belongs to the physical page: [ 24.579617] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10278b [ 24.579983] flags: 0x200000000000000(node=0|zone=2) [ 24.580233] page_type: f5(slab) [ 24.580466] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.580841] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.581188] page dumped because: kasan: bad access detected [ 24.581514] [ 24.581600] Memory state around the buggy address: [ 24.581854] ffff88810278b600: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.582278] ffff88810278b680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.582574] >ffff88810278b700: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.582887] ^ [ 24.583185] ffff88810278b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.583461] ffff88810278b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.583741] ================================================================== [ 24.396397] ================================================================== [ 24.396740] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 24.397252] Write of size 8 at addr ffff88810278b728 by task kunit_try_catch/290 [ 24.397573] [ 24.397682] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.397731] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.397743] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.397766] Call Trace: [ 24.397843] <TASK> [ 24.397864] dump_stack_lvl+0x73/0xb0 [ 24.397893] print_report+0xd1/0x650 [ 24.397933] ? __virt_addr_valid+0x1db/0x2d0 [ 24.397957] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 24.397983] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.398008] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 24.398034] kasan_report+0x141/0x180 [ 24.398055] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 24.398085] kasan_check_range+0x10c/0x1c0 [ 24.398124] __kasan_check_write+0x18/0x20 [ 24.398159] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 24.398186] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.398213] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.398246] ? trace_hardirqs_on+0x37/0xe0 [ 24.398267] ? kasan_bitops_generic+0x92/0x1c0 [ 24.398293] kasan_bitops_generic+0x121/0x1c0 [ 24.398316] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.398339] ? __pfx_read_tsc+0x10/0x10 [ 24.398361] ? ktime_get_ts64+0x86/0x230 [ 24.398385] kunit_try_run_case+0x1a5/0x480 [ 24.398409] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.398431] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.398456] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.398480] ? __kthread_parkme+0x82/0x180 [ 24.398500] ? preempt_count_sub+0x50/0x80 [ 24.398541] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.398565] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.398588] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.398611] kthread+0x337/0x6f0 [ 24.398629] ? trace_preempt_on+0x20/0xc0 [ 24.398650] ? __pfx_kthread+0x10/0x10 [ 24.398670] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.398709] ? calculate_sigpending+0x7b/0xa0 [ 24.398733] ? __pfx_kthread+0x10/0x10 [ 24.398753] ret_from_fork+0x116/0x1d0 [ 24.398773] ? __pfx_kthread+0x10/0x10 [ 24.398826] ret_from_fork_asm+0x1a/0x30 [ 24.398859] </TASK> [ 24.398869] [ 24.408474] Allocated by task 290: [ 24.408650] kasan_save_stack+0x45/0x70 [ 24.408844] kasan_save_track+0x18/0x40 [ 24.409080] kasan_save_alloc_info+0x3b/0x50 [ 24.409504] __kasan_kmalloc+0xb7/0xc0 [ 24.409689] __kmalloc_cache_noprof+0x189/0x420 [ 24.409951] kasan_bitops_generic+0x92/0x1c0 [ 24.410093] kunit_try_run_case+0x1a5/0x480 [ 24.410332] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.410674] kthread+0x337/0x6f0 [ 24.410857] ret_from_fork+0x116/0x1d0 [ 24.411079] ret_from_fork_asm+0x1a/0x30 [ 24.411303] [ 24.411395] The buggy address belongs to the object at ffff88810278b720 [ 24.411395] which belongs to the cache kmalloc-16 of size 16 [ 24.412145] The buggy address is located 8 bytes inside of [ 24.412145] allocated 9-byte region [ffff88810278b720, ffff88810278b729) [ 24.412728] [ 24.412813] The buggy address belongs to the physical page: [ 24.413066] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10278b [ 24.413432] flags: 0x200000000000000(node=0|zone=2) [ 24.413663] page_type: f5(slab) [ 24.413826] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.414157] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.414636] page dumped because: kasan: bad access detected [ 24.414832] [ 24.414895] Memory state around the buggy address: [ 24.415104] ffff88810278b600: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.415564] ffff88810278b680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.415982] >ffff88810278b700: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.416303] ^ [ 24.416536] ffff88810278b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.416855] ffff88810278b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.417424] ================================================================== [ 24.524511] ================================================================== [ 24.524882] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 24.525480] Write of size 8 at addr ffff88810278b728 by task kunit_try_catch/290 [ 24.525867] [ 24.525954] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.526024] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.526056] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.526080] Call Trace: [ 24.526102] <TASK> [ 24.526122] dump_stack_lvl+0x73/0xb0 [ 24.526164] print_report+0xd1/0x650 [ 24.526200] ? __virt_addr_valid+0x1db/0x2d0 [ 24.526235] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 24.526262] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.526308] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 24.526335] kasan_report+0x141/0x180 [ 24.526356] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 24.526387] kasan_check_range+0x10c/0x1c0 [ 24.526410] __kasan_check_write+0x18/0x20 [ 24.526433] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 24.526459] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.526503] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.526527] ? trace_hardirqs_on+0x37/0xe0 [ 24.526549] ? kasan_bitops_generic+0x92/0x1c0 [ 24.526576] kasan_bitops_generic+0x121/0x1c0 [ 24.526598] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.526621] ? __pfx_read_tsc+0x10/0x10 [ 24.526642] ? ktime_get_ts64+0x86/0x230 [ 24.526667] kunit_try_run_case+0x1a5/0x480 [ 24.526709] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.526732] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.526758] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.526805] ? __kthread_parkme+0x82/0x180 [ 24.526826] ? preempt_count_sub+0x50/0x80 [ 24.526849] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.526873] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.526896] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.526920] kthread+0x337/0x6f0 [ 24.526938] ? trace_preempt_on+0x20/0xc0 [ 24.526977] ? __pfx_kthread+0x10/0x10 [ 24.526997] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.527067] ? calculate_sigpending+0x7b/0xa0 [ 24.527091] ? __pfx_kthread+0x10/0x10 [ 24.527111] ret_from_fork+0x116/0x1d0 [ 24.527131] ? __pfx_kthread+0x10/0x10 [ 24.527150] ret_from_fork_asm+0x1a/0x30 [ 24.527181] </TASK> [ 24.527192] [ 24.536129] Allocated by task 290: [ 24.536337] kasan_save_stack+0x45/0x70 [ 24.536536] kasan_save_track+0x18/0x40 [ 24.536717] kasan_save_alloc_info+0x3b/0x50 [ 24.536914] __kasan_kmalloc+0xb7/0xc0 [ 24.537035] __kmalloc_cache_noprof+0x189/0x420 [ 24.537177] kasan_bitops_generic+0x92/0x1c0 [ 24.537445] kunit_try_run_case+0x1a5/0x480 [ 24.537759] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.538000] kthread+0x337/0x6f0 [ 24.538226] ret_from_fork+0x116/0x1d0 [ 24.538419] ret_from_fork_asm+0x1a/0x30 [ 24.538551] [ 24.538613] The buggy address belongs to the object at ffff88810278b720 [ 24.538613] which belongs to the cache kmalloc-16 of size 16 [ 24.538953] The buggy address is located 8 bytes inside of [ 24.538953] allocated 9-byte region [ffff88810278b720, ffff88810278b729) [ 24.539399] [ 24.539492] The buggy address belongs to the physical page: [ 24.539890] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10278b [ 24.540298] flags: 0x200000000000000(node=0|zone=2) [ 24.540530] page_type: f5(slab) [ 24.540692] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.541097] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.541487] page dumped because: kasan: bad access detected [ 24.541667] [ 24.541745] Memory state around the buggy address: [ 24.542025] ffff88810278b600: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.542366] ffff88810278b680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.542571] >ffff88810278b700: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.543033] ^ [ 24.543272] ffff88810278b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.543595] ffff88810278b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.543924] ================================================================== [ 24.544670] ================================================================== [ 24.545314] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 24.545640] Read of size 8 at addr ffff88810278b728 by task kunit_try_catch/290 [ 24.545956] [ 24.546093] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.546184] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.546197] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.546247] Call Trace: [ 24.546267] <TASK> [ 24.546289] dump_stack_lvl+0x73/0xb0 [ 24.546333] print_report+0xd1/0x650 [ 24.546370] ? __virt_addr_valid+0x1db/0x2d0 [ 24.546421] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 24.546448] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.546473] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 24.546500] kasan_report+0x141/0x180 [ 24.546521] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 24.546551] kasan_check_range+0x10c/0x1c0 [ 24.546574] __kasan_check_read+0x15/0x20 [ 24.546596] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 24.546623] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 24.546649] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.546672] ? trace_hardirqs_on+0x37/0xe0 [ 24.546694] ? kasan_bitops_generic+0x92/0x1c0 [ 24.546720] kasan_bitops_generic+0x121/0x1c0 [ 24.546745] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.546768] ? __pfx_read_tsc+0x10/0x10 [ 24.546790] ? ktime_get_ts64+0x86/0x230 [ 24.546814] kunit_try_run_case+0x1a5/0x480 [ 24.546839] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.546861] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.546886] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.546910] ? __kthread_parkme+0x82/0x180 [ 24.546931] ? preempt_count_sub+0x50/0x80 [ 24.546957] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.546982] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.547024] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.547054] kthread+0x337/0x6f0 [ 24.547074] ? trace_preempt_on+0x20/0xc0 [ 24.547096] ? __pfx_kthread+0x10/0x10 [ 24.547116] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.547139] ? calculate_sigpending+0x7b/0xa0 [ 24.547163] ? __pfx_kthread+0x10/0x10 [ 24.547183] ret_from_fork+0x116/0x1d0 [ 24.547203] ? __pfx_kthread+0x10/0x10 [ 24.547231] ret_from_fork_asm+0x1a/0x30 [ 24.547263] </TASK> [ 24.547274] [ 24.555485] Allocated by task 290: [ 24.555701] kasan_save_stack+0x45/0x70 [ 24.555933] kasan_save_track+0x18/0x40 [ 24.556190] kasan_save_alloc_info+0x3b/0x50 [ 24.556410] __kasan_kmalloc+0xb7/0xc0 [ 24.556609] __kmalloc_cache_noprof+0x189/0x420 [ 24.556896] kasan_bitops_generic+0x92/0x1c0 [ 24.557177] kunit_try_run_case+0x1a5/0x480 [ 24.557404] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.557630] kthread+0x337/0x6f0 [ 24.557742] ret_from_fork+0x116/0x1d0 [ 24.557864] ret_from_fork_asm+0x1a/0x30 [ 24.558119] [ 24.558265] The buggy address belongs to the object at ffff88810278b720 [ 24.558265] which belongs to the cache kmalloc-16 of size 16 [ 24.558826] The buggy address is located 8 bytes inside of [ 24.558826] allocated 9-byte region [ffff88810278b720, ffff88810278b729) [ 24.559451] [ 24.559525] The buggy address belongs to the physical page: [ 24.559767] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10278b [ 24.560003] flags: 0x200000000000000(node=0|zone=2) [ 24.560243] page_type: f5(slab) [ 24.560407] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.560743] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.561077] page dumped because: kasan: bad access detected [ 24.561341] [ 24.561432] Memory state around the buggy address: [ 24.561597] ffff88810278b600: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.561809] ffff88810278b680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.562164] >ffff88810278b700: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.562524] ^ [ 24.562760] ffff88810278b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.563142] ffff88810278b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.563675] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 24.354080] ================================================================== [ 24.354743] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 24.355070] Write of size 8 at addr ffff88810278b728 by task kunit_try_catch/290 [ 24.355304] [ 24.355484] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.355531] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.355543] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.355564] Call Trace: [ 24.355585] <TASK> [ 24.355602] dump_stack_lvl+0x73/0xb0 [ 24.355630] print_report+0xd1/0x650 [ 24.355651] ? __virt_addr_valid+0x1db/0x2d0 [ 24.355675] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 24.355700] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.355725] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 24.355750] kasan_report+0x141/0x180 [ 24.355771] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 24.355799] kasan_check_range+0x10c/0x1c0 [ 24.355823] __kasan_check_write+0x18/0x20 [ 24.355847] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 24.355872] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 24.355898] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.355921] ? trace_hardirqs_on+0x37/0xe0 [ 24.355943] ? kasan_bitops_generic+0x92/0x1c0 [ 24.355969] kasan_bitops_generic+0x116/0x1c0 [ 24.355992] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.356016] ? __pfx_read_tsc+0x10/0x10 [ 24.356093] ? ktime_get_ts64+0x86/0x230 [ 24.356118] kunit_try_run_case+0x1a5/0x480 [ 24.356143] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.356165] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.356190] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.356215] ? __kthread_parkme+0x82/0x180 [ 24.356245] ? preempt_count_sub+0x50/0x80 [ 24.356269] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.356292] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.356316] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.356339] kthread+0x337/0x6f0 [ 24.356358] ? trace_preempt_on+0x20/0xc0 [ 24.356380] ? __pfx_kthread+0x10/0x10 [ 24.356400] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.356423] ? calculate_sigpending+0x7b/0xa0 [ 24.356446] ? __pfx_kthread+0x10/0x10 [ 24.356467] ret_from_fork+0x116/0x1d0 [ 24.356485] ? __pfx_kthread+0x10/0x10 [ 24.356506] ret_from_fork_asm+0x1a/0x30 [ 24.356536] </TASK> [ 24.356548] [ 24.365001] Allocated by task 290: [ 24.365185] kasan_save_stack+0x45/0x70 [ 24.365398] kasan_save_track+0x18/0x40 [ 24.365583] kasan_save_alloc_info+0x3b/0x50 [ 24.365956] __kasan_kmalloc+0xb7/0xc0 [ 24.366327] __kmalloc_cache_noprof+0x189/0x420 [ 24.366546] kasan_bitops_generic+0x92/0x1c0 [ 24.366736] kunit_try_run_case+0x1a5/0x480 [ 24.367072] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.367289] kthread+0x337/0x6f0 [ 24.367404] ret_from_fork+0x116/0x1d0 [ 24.367529] ret_from_fork_asm+0x1a/0x30 [ 24.367660] [ 24.367724] The buggy address belongs to the object at ffff88810278b720 [ 24.367724] which belongs to the cache kmalloc-16 of size 16 [ 24.368239] The buggy address is located 8 bytes inside of [ 24.368239] allocated 9-byte region [ffff88810278b720, ffff88810278b729) [ 24.368764] [ 24.368858] The buggy address belongs to the physical page: [ 24.369173] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10278b [ 24.369500] flags: 0x200000000000000(node=0|zone=2) [ 24.369707] page_type: f5(slab) [ 24.369843] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.370065] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.370595] page dumped because: kasan: bad access detected [ 24.370914] [ 24.370986] Memory state around the buggy address: [ 24.371143] ffff88810278b600: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.371469] ffff88810278b680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.371680] >ffff88810278b700: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.372245] ^ [ 24.372671] ffff88810278b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.372974] ffff88810278b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.373179] ================================================================== [ 24.158339] ================================================================== [ 24.158796] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 24.159077] Write of size 8 at addr ffff88810278b728 by task kunit_try_catch/290 [ 24.159310] [ 24.159399] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.159452] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.159465] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.159490] Call Trace: [ 24.159504] <TASK> [ 24.159524] dump_stack_lvl+0x73/0xb0 [ 24.159554] print_report+0xd1/0x650 [ 24.159578] ? __virt_addr_valid+0x1db/0x2d0 [ 24.159602] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 24.159626] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.159652] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 24.159676] kasan_report+0x141/0x180 [ 24.159697] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 24.159725] kasan_check_range+0x10c/0x1c0 [ 24.159748] __kasan_check_write+0x18/0x20 [ 24.159770] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 24.159795] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 24.159820] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.159844] ? trace_hardirqs_on+0x37/0xe0 [ 24.159866] ? kasan_bitops_generic+0x92/0x1c0 [ 24.159891] kasan_bitops_generic+0x116/0x1c0 [ 24.159914] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.159937] ? __pfx_read_tsc+0x10/0x10 [ 24.159960] ? ktime_get_ts64+0x86/0x230 [ 24.159983] kunit_try_run_case+0x1a5/0x480 [ 24.160007] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.160029] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.160054] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.160079] ? __kthread_parkme+0x82/0x180 [ 24.160099] ? preempt_count_sub+0x50/0x80 [ 24.160122] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.160145] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.160169] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.160192] kthread+0x337/0x6f0 [ 24.160211] ? trace_preempt_on+0x20/0xc0 [ 24.160659] ? __pfx_kthread+0x10/0x10 [ 24.160698] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.160725] ? calculate_sigpending+0x7b/0xa0 [ 24.160749] ? __pfx_kthread+0x10/0x10 [ 24.160771] ret_from_fork+0x116/0x1d0 [ 24.160790] ? __pfx_kthread+0x10/0x10 [ 24.160820] ret_from_fork_asm+0x1a/0x30 [ 24.160851] </TASK> [ 24.160863] [ 24.179906] Allocated by task 290: [ 24.180421] kasan_save_stack+0x45/0x70 [ 24.180680] kasan_save_track+0x18/0x40 [ 24.180861] kasan_save_alloc_info+0x3b/0x50 [ 24.181284] __kasan_kmalloc+0xb7/0xc0 [ 24.181548] __kmalloc_cache_noprof+0x189/0x420 [ 24.181876] kasan_bitops_generic+0x92/0x1c0 [ 24.182211] kunit_try_run_case+0x1a5/0x480 [ 24.182569] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.182987] kthread+0x337/0x6f0 [ 24.183238] ret_from_fork+0x116/0x1d0 [ 24.183531] ret_from_fork_asm+0x1a/0x30 [ 24.183727] [ 24.183965] The buggy address belongs to the object at ffff88810278b720 [ 24.183965] which belongs to the cache kmalloc-16 of size 16 [ 24.184627] The buggy address is located 8 bytes inside of [ 24.184627] allocated 9-byte region [ffff88810278b720, ffff88810278b729) [ 24.185437] [ 24.185664] The buggy address belongs to the physical page: [ 24.186215] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10278b [ 24.186684] flags: 0x200000000000000(node=0|zone=2) [ 24.187211] page_type: f5(slab) [ 24.187530] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.187889] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.188511] page dumped because: kasan: bad access detected [ 24.188889] [ 24.189104] Memory state around the buggy address: [ 24.189462] ffff88810278b600: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.190055] ffff88810278b680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.190508] >ffff88810278b700: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.191044] ^ [ 24.191323] ffff88810278b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.191738] ffff88810278b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.192264] ================================================================== [ 24.309961] ================================================================== [ 24.310478] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 24.311010] Write of size 8 at addr ffff88810278b728 by task kunit_try_catch/290 [ 24.311281] [ 24.311392] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.311442] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.311454] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.311553] Call Trace: [ 24.311577] <TASK> [ 24.311597] dump_stack_lvl+0x73/0xb0 [ 24.311625] print_report+0xd1/0x650 [ 24.311647] ? __virt_addr_valid+0x1db/0x2d0 [ 24.311670] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 24.311696] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.311898] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 24.311926] kasan_report+0x141/0x180 [ 24.311947] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 24.311976] kasan_check_range+0x10c/0x1c0 [ 24.311999] __kasan_check_write+0x18/0x20 [ 24.312021] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 24.312047] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 24.312073] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.312096] ? trace_hardirqs_on+0x37/0xe0 [ 24.312118] ? kasan_bitops_generic+0x92/0x1c0 [ 24.312144] kasan_bitops_generic+0x116/0x1c0 [ 24.312167] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.312190] ? __pfx_read_tsc+0x10/0x10 [ 24.312212] ? ktime_get_ts64+0x86/0x230 [ 24.312250] kunit_try_run_case+0x1a5/0x480 [ 24.312274] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.312297] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.312322] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.312347] ? __kthread_parkme+0x82/0x180 [ 24.312367] ? preempt_count_sub+0x50/0x80 [ 24.312390] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.312414] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.312437] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.312459] kthread+0x337/0x6f0 [ 24.312479] ? trace_preempt_on+0x20/0xc0 [ 24.312501] ? __pfx_kthread+0x10/0x10 [ 24.312521] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.312544] ? calculate_sigpending+0x7b/0xa0 [ 24.312567] ? __pfx_kthread+0x10/0x10 [ 24.312588] ret_from_fork+0x116/0x1d0 [ 24.312607] ? __pfx_kthread+0x10/0x10 [ 24.312627] ret_from_fork_asm+0x1a/0x30 [ 24.312658] </TASK> [ 24.312669] [ 24.323930] Allocated by task 290: [ 24.324295] kasan_save_stack+0x45/0x70 [ 24.324578] kasan_save_track+0x18/0x40 [ 24.324768] kasan_save_alloc_info+0x3b/0x50 [ 24.324950] __kasan_kmalloc+0xb7/0xc0 [ 24.325102] __kmalloc_cache_noprof+0x189/0x420 [ 24.325312] kasan_bitops_generic+0x92/0x1c0 [ 24.325525] kunit_try_run_case+0x1a5/0x480 [ 24.325724] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.325941] kthread+0x337/0x6f0 [ 24.326097] ret_from_fork+0x116/0x1d0 [ 24.326708] ret_from_fork_asm+0x1a/0x30 [ 24.326892] [ 24.327002] The buggy address belongs to the object at ffff88810278b720 [ 24.327002] which belongs to the cache kmalloc-16 of size 16 [ 24.327590] The buggy address is located 8 bytes inside of [ 24.327590] allocated 9-byte region [ffff88810278b720, ffff88810278b729) [ 24.328204] [ 24.328312] The buggy address belongs to the physical page: [ 24.328573] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10278b [ 24.328822] flags: 0x200000000000000(node=0|zone=2) [ 24.329106] page_type: f5(slab) [ 24.329732] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.330018] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.330503] page dumped because: kasan: bad access detected [ 24.330802] [ 24.330886] Memory state around the buggy address: [ 24.331264] ffff88810278b600: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.331695] ffff88810278b680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.332119] >ffff88810278b700: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.332434] ^ [ 24.332641] ffff88810278b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.333430] ffff88810278b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.333702] ================================================================== [ 24.222682] ================================================================== [ 24.223518] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 24.224816] Write of size 8 at addr ffff88810278b728 by task kunit_try_catch/290 [ 24.225575] [ 24.225825] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.225881] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.225895] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.225918] Call Trace: [ 24.225952] <TASK> [ 24.225972] dump_stack_lvl+0x73/0xb0 [ 24.226004] print_report+0xd1/0x650 [ 24.226042] ? __virt_addr_valid+0x1db/0x2d0 [ 24.226066] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 24.226090] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.226116] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 24.226140] kasan_report+0x141/0x180 [ 24.226161] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 24.226190] kasan_check_range+0x10c/0x1c0 [ 24.226212] __kasan_check_write+0x18/0x20 [ 24.226245] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 24.226269] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 24.226295] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.226318] ? trace_hardirqs_on+0x37/0xe0 [ 24.226340] ? kasan_bitops_generic+0x92/0x1c0 [ 24.226366] kasan_bitops_generic+0x116/0x1c0 [ 24.226389] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.226412] ? __pfx_read_tsc+0x10/0x10 [ 24.226434] ? ktime_get_ts64+0x86/0x230 [ 24.226460] kunit_try_run_case+0x1a5/0x480 [ 24.226486] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.226507] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.226533] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.226557] ? __kthread_parkme+0x82/0x180 [ 24.226577] ? preempt_count_sub+0x50/0x80 [ 24.226600] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.226623] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.226646] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.226669] kthread+0x337/0x6f0 [ 24.226689] ? trace_preempt_on+0x20/0xc0 [ 24.226710] ? __pfx_kthread+0x10/0x10 [ 24.226730] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.226752] ? calculate_sigpending+0x7b/0xa0 [ 24.226776] ? __pfx_kthread+0x10/0x10 [ 24.226796] ret_from_fork+0x116/0x1d0 [ 24.226814] ? __pfx_kthread+0x10/0x10 [ 24.226834] ret_from_fork_asm+0x1a/0x30 [ 24.226868] </TASK> [ 24.226880] [ 24.242642] Allocated by task 290: [ 24.242995] kasan_save_stack+0x45/0x70 [ 24.243569] kasan_save_track+0x18/0x40 [ 24.243916] kasan_save_alloc_info+0x3b/0x50 [ 24.244085] __kasan_kmalloc+0xb7/0xc0 [ 24.244452] __kmalloc_cache_noprof+0x189/0x420 [ 24.244918] kasan_bitops_generic+0x92/0x1c0 [ 24.245378] kunit_try_run_case+0x1a5/0x480 [ 24.245522] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.245688] kthread+0x337/0x6f0 [ 24.245801] ret_from_fork+0x116/0x1d0 [ 24.245926] ret_from_fork_asm+0x1a/0x30 [ 24.246185] [ 24.246392] The buggy address belongs to the object at ffff88810278b720 [ 24.246392] which belongs to the cache kmalloc-16 of size 16 [ 24.247561] The buggy address is located 8 bytes inside of [ 24.247561] allocated 9-byte region [ffff88810278b720, ffff88810278b729) [ 24.249026] [ 24.249307] The buggy address belongs to the physical page: [ 24.249851] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10278b [ 24.250307] flags: 0x200000000000000(node=0|zone=2) [ 24.250478] page_type: f5(slab) [ 24.250595] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.250921] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.251649] page dumped because: kasan: bad access detected [ 24.252215] [ 24.252421] Memory state around the buggy address: [ 24.252890] ffff88810278b600: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.253654] ffff88810278b680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.254347] >ffff88810278b700: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.255149] ^ [ 24.255323] ffff88810278b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.255539] ffff88810278b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.255747] ================================================================== [ 24.334590] ================================================================== [ 24.334847] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 24.335533] Write of size 8 at addr ffff88810278b728 by task kunit_try_catch/290 [ 24.335924] [ 24.336034] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.336087] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.336099] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.336123] Call Trace: [ 24.336143] <TASK> [ 24.336165] dump_stack_lvl+0x73/0xb0 [ 24.336195] print_report+0xd1/0x650 [ 24.336217] ? __virt_addr_valid+0x1db/0x2d0 [ 24.336251] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 24.336276] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.336302] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 24.336326] kasan_report+0x141/0x180 [ 24.336348] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 24.336376] kasan_check_range+0x10c/0x1c0 [ 24.336399] __kasan_check_write+0x18/0x20 [ 24.336422] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 24.336446] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 24.336472] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.336496] ? trace_hardirqs_on+0x37/0xe0 [ 24.336518] ? kasan_bitops_generic+0x92/0x1c0 [ 24.336544] kasan_bitops_generic+0x116/0x1c0 [ 24.336567] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.336591] ? __pfx_read_tsc+0x10/0x10 [ 24.336613] ? ktime_get_ts64+0x86/0x230 [ 24.336637] kunit_try_run_case+0x1a5/0x480 [ 24.336662] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.336684] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.336709] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.336734] ? __kthread_parkme+0x82/0x180 [ 24.336754] ? preempt_count_sub+0x50/0x80 [ 24.336778] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.336852] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.336877] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.336900] kthread+0x337/0x6f0 [ 24.336920] ? trace_preempt_on+0x20/0xc0 [ 24.336943] ? __pfx_kthread+0x10/0x10 [ 24.336963] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.336988] ? calculate_sigpending+0x7b/0xa0 [ 24.337011] ? __pfx_kthread+0x10/0x10 [ 24.337032] ret_from_fork+0x116/0x1d0 [ 24.337051] ? __pfx_kthread+0x10/0x10 [ 24.337071] ret_from_fork_asm+0x1a/0x30 [ 24.337101] </TASK> [ 24.337111] [ 24.345387] Allocated by task 290: [ 24.345629] kasan_save_stack+0x45/0x70 [ 24.345836] kasan_save_track+0x18/0x40 [ 24.346025] kasan_save_alloc_info+0x3b/0x50 [ 24.346287] __kasan_kmalloc+0xb7/0xc0 [ 24.346536] __kmalloc_cache_noprof+0x189/0x420 [ 24.346703] kasan_bitops_generic+0x92/0x1c0 [ 24.346844] kunit_try_run_case+0x1a5/0x480 [ 24.347030] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.347304] kthread+0x337/0x6f0 [ 24.347480] ret_from_fork+0x116/0x1d0 [ 24.347672] ret_from_fork_asm+0x1a/0x30 [ 24.348129] [ 24.348209] The buggy address belongs to the object at ffff88810278b720 [ 24.348209] which belongs to the cache kmalloc-16 of size 16 [ 24.348673] The buggy address is located 8 bytes inside of [ 24.348673] allocated 9-byte region [ffff88810278b720, ffff88810278b729) [ 24.349372] [ 24.349489] The buggy address belongs to the physical page: [ 24.349702] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10278b [ 24.349960] flags: 0x200000000000000(node=0|zone=2) [ 24.350118] page_type: f5(slab) [ 24.350241] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.350516] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.350909] page dumped because: kasan: bad access detected [ 24.351367] [ 24.351456] Memory state around the buggy address: [ 24.351605] ffff88810278b600: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.351913] ffff88810278b680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.352532] >ffff88810278b700: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.352924] ^ [ 24.353126] ffff88810278b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.353418] ffff88810278b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.353657] ================================================================== [ 24.256195] ================================================================== [ 24.256504] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 24.256951] Write of size 8 at addr ffff88810278b728 by task kunit_try_catch/290 [ 24.257325] [ 24.257413] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.257462] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.257474] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.257496] Call Trace: [ 24.257517] <TASK> [ 24.257537] dump_stack_lvl+0x73/0xb0 [ 24.257564] print_report+0xd1/0x650 [ 24.257586] ? __virt_addr_valid+0x1db/0x2d0 [ 24.257611] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 24.257636] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.257661] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 24.257685] kasan_report+0x141/0x180 [ 24.257706] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 24.257734] kasan_check_range+0x10c/0x1c0 [ 24.257756] __kasan_check_write+0x18/0x20 [ 24.257779] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 24.257803] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 24.257828] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.257852] ? trace_hardirqs_on+0x37/0xe0 [ 24.257873] ? kasan_bitops_generic+0x92/0x1c0 [ 24.257899] kasan_bitops_generic+0x116/0x1c0 [ 24.257921] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.257944] ? __pfx_read_tsc+0x10/0x10 [ 24.257965] ? ktime_get_ts64+0x86/0x230 [ 24.257990] kunit_try_run_case+0x1a5/0x480 [ 24.258014] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.258100] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.258126] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.258151] ? __kthread_parkme+0x82/0x180 [ 24.258171] ? preempt_count_sub+0x50/0x80 [ 24.258193] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.258217] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.258252] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.258276] kthread+0x337/0x6f0 [ 24.258294] ? trace_preempt_on+0x20/0xc0 [ 24.258316] ? __pfx_kthread+0x10/0x10 [ 24.258336] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.258360] ? calculate_sigpending+0x7b/0xa0 [ 24.258383] ? __pfx_kthread+0x10/0x10 [ 24.258404] ret_from_fork+0x116/0x1d0 [ 24.258423] ? __pfx_kthread+0x10/0x10 [ 24.258442] ret_from_fork_asm+0x1a/0x30 [ 24.258473] </TASK> [ 24.258483] [ 24.270589] Allocated by task 290: [ 24.270977] kasan_save_stack+0x45/0x70 [ 24.271206] kasan_save_track+0x18/0x40 [ 24.271377] kasan_save_alloc_info+0x3b/0x50 [ 24.271585] __kasan_kmalloc+0xb7/0xc0 [ 24.271733] __kmalloc_cache_noprof+0x189/0x420 [ 24.272259] kasan_bitops_generic+0x92/0x1c0 [ 24.272490] kunit_try_run_case+0x1a5/0x480 [ 24.272953] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.273543] kthread+0x337/0x6f0 [ 24.273681] ret_from_fork+0x116/0x1d0 [ 24.274070] ret_from_fork_asm+0x1a/0x30 [ 24.274506] [ 24.274722] The buggy address belongs to the object at ffff88810278b720 [ 24.274722] which belongs to the cache kmalloc-16 of size 16 [ 24.276129] The buggy address is located 8 bytes inside of [ 24.276129] allocated 9-byte region [ffff88810278b720, ffff88810278b729) [ 24.276500] [ 24.276572] The buggy address belongs to the physical page: [ 24.276743] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10278b [ 24.277799] flags: 0x200000000000000(node=0|zone=2) [ 24.278368] page_type: f5(slab) [ 24.278805] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.279773] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.280529] page dumped because: kasan: bad access detected [ 24.280961] [ 24.281236] Memory state around the buggy address: [ 24.281608] ffff88810278b600: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.281870] ffff88810278b680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.282525] >ffff88810278b700: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.283178] ^ [ 24.283481] ffff88810278b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.283692] ffff88810278b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.284406] ================================================================== [ 24.193282] ================================================================== [ 24.194003] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 24.194609] Write of size 8 at addr ffff88810278b728 by task kunit_try_catch/290 [ 24.194979] [ 24.195356] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.195450] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.195464] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.195488] Call Trace: [ 24.195502] <TASK> [ 24.195523] dump_stack_lvl+0x73/0xb0 [ 24.195552] print_report+0xd1/0x650 [ 24.195574] ? __virt_addr_valid+0x1db/0x2d0 [ 24.195598] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 24.195622] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.195648] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 24.195672] kasan_report+0x141/0x180 [ 24.195694] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 24.195723] kasan_check_range+0x10c/0x1c0 [ 24.195745] __kasan_check_write+0x18/0x20 [ 24.195767] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 24.195792] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 24.195818] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.195842] ? trace_hardirqs_on+0x37/0xe0 [ 24.195865] ? kasan_bitops_generic+0x92/0x1c0 [ 24.195891] kasan_bitops_generic+0x116/0x1c0 [ 24.195914] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.195937] ? __pfx_read_tsc+0x10/0x10 [ 24.195959] ? ktime_get_ts64+0x86/0x230 [ 24.195983] kunit_try_run_case+0x1a5/0x480 [ 24.196007] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.196029] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.196055] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.196080] ? __kthread_parkme+0x82/0x180 [ 24.196100] ? preempt_count_sub+0x50/0x80 [ 24.196124] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.196147] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.196170] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.196194] kthread+0x337/0x6f0 [ 24.196213] ? trace_preempt_on+0x20/0xc0 [ 24.196247] ? __pfx_kthread+0x10/0x10 [ 24.196267] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.196289] ? calculate_sigpending+0x7b/0xa0 [ 24.196313] ? __pfx_kthread+0x10/0x10 [ 24.196334] ret_from_fork+0x116/0x1d0 [ 24.196352] ? __pfx_kthread+0x10/0x10 [ 24.196372] ret_from_fork_asm+0x1a/0x30 [ 24.196402] </TASK> [ 24.196415] [ 24.207682] Allocated by task 290: [ 24.208291] kasan_save_stack+0x45/0x70 [ 24.208609] kasan_save_track+0x18/0x40 [ 24.209322] kasan_save_alloc_info+0x3b/0x50 [ 24.209772] __kasan_kmalloc+0xb7/0xc0 [ 24.210198] __kmalloc_cache_noprof+0x189/0x420 [ 24.210419] kasan_bitops_generic+0x92/0x1c0 [ 24.210606] kunit_try_run_case+0x1a5/0x480 [ 24.211090] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.211593] kthread+0x337/0x6f0 [ 24.212208] ret_from_fork+0x116/0x1d0 [ 24.212641] ret_from_fork_asm+0x1a/0x30 [ 24.213103] [ 24.213201] The buggy address belongs to the object at ffff88810278b720 [ 24.213201] which belongs to the cache kmalloc-16 of size 16 [ 24.213690] The buggy address is located 8 bytes inside of [ 24.213690] allocated 9-byte region [ffff88810278b720, ffff88810278b729) [ 24.215229] [ 24.215350] The buggy address belongs to the physical page: [ 24.215525] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10278b [ 24.215763] flags: 0x200000000000000(node=0|zone=2) [ 24.215933] page_type: f5(slab) [ 24.216053] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.216289] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.216510] page dumped because: kasan: bad access detected [ 24.216673] [ 24.216738] Memory state around the buggy address: [ 24.216890] ffff88810278b600: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.217098] ffff88810278b680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.217675] >ffff88810278b700: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.219115] ^ [ 24.219805] ffff88810278b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.220534] ffff88810278b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.221549] ================================================================== [ 24.285394] ================================================================== [ 24.286082] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 24.287005] Write of size 8 at addr ffff88810278b728 by task kunit_try_catch/290 [ 24.287487] [ 24.287574] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.287623] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.287635] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.287658] Call Trace: [ 24.287678] <TASK> [ 24.287698] dump_stack_lvl+0x73/0xb0 [ 24.287726] print_report+0xd1/0x650 [ 24.287748] ? __virt_addr_valid+0x1db/0x2d0 [ 24.287772] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 24.287796] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.287824] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 24.287851] kasan_report+0x141/0x180 [ 24.287872] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 24.287901] kasan_check_range+0x10c/0x1c0 [ 24.287923] __kasan_check_write+0x18/0x20 [ 24.287945] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 24.287970] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 24.287995] ? __kmalloc_cache_noprof+0x189/0x420 [ 24.288019] ? trace_hardirqs_on+0x37/0xe0 [ 24.288042] ? kasan_bitops_generic+0x92/0x1c0 [ 24.288068] kasan_bitops_generic+0x116/0x1c0 [ 24.288091] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 24.288115] ? __pfx_read_tsc+0x10/0x10 [ 24.288136] ? ktime_get_ts64+0x86/0x230 [ 24.288161] kunit_try_run_case+0x1a5/0x480 [ 24.288185] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.288207] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.288244] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.288269] ? __kthread_parkme+0x82/0x180 [ 24.288289] ? preempt_count_sub+0x50/0x80 [ 24.288312] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.288335] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.288358] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.288382] kthread+0x337/0x6f0 [ 24.288403] ? trace_preempt_on+0x20/0xc0 [ 24.288424] ? __pfx_kthread+0x10/0x10 [ 24.288443] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.288466] ? calculate_sigpending+0x7b/0xa0 [ 24.288490] ? __pfx_kthread+0x10/0x10 [ 24.288511] ret_from_fork+0x116/0x1d0 [ 24.288529] ? __pfx_kthread+0x10/0x10 [ 24.288549] ret_from_fork_asm+0x1a/0x30 [ 24.288579] </TASK> [ 24.288590] [ 24.299056] Allocated by task 290: [ 24.299368] kasan_save_stack+0x45/0x70 [ 24.299562] kasan_save_track+0x18/0x40 [ 24.299732] kasan_save_alloc_info+0x3b/0x50 [ 24.300173] __kasan_kmalloc+0xb7/0xc0 [ 24.300361] __kmalloc_cache_noprof+0x189/0x420 [ 24.300556] kasan_bitops_generic+0x92/0x1c0 [ 24.300741] kunit_try_run_case+0x1a5/0x480 [ 24.301379] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.301590] kthread+0x337/0x6f0 [ 24.301759] ret_from_fork+0x116/0x1d0 [ 24.301979] ret_from_fork_asm+0x1a/0x30 [ 24.302400] [ 24.302486] The buggy address belongs to the object at ffff88810278b720 [ 24.302486] which belongs to the cache kmalloc-16 of size 16 [ 24.303065] The buggy address is located 8 bytes inside of [ 24.303065] allocated 9-byte region [ffff88810278b720, ffff88810278b729) [ 24.303775] [ 24.303908] The buggy address belongs to the physical page: [ 24.304191] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10278b [ 24.304725] flags: 0x200000000000000(node=0|zone=2) [ 24.305020] page_type: f5(slab) [ 24.305153] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.305479] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.305787] page dumped because: kasan: bad access detected [ 24.306598] [ 24.306681] Memory state around the buggy address: [ 24.306910] ffff88810278b600: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.307500] ffff88810278b680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.307934] >ffff88810278b700: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.308325] ^ [ 24.308508] ffff88810278b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.308805] ffff88810278b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.309294] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 24.121887] ================================================================== [ 24.122157] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80 [ 24.122469] Read of size 1 at addr ffff888102d5c7d0 by task kunit_try_catch/288 [ 24.122764] [ 24.123057] CPU: 1 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.123112] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.123125] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.123147] Call Trace: [ 24.123168] <TASK> [ 24.123189] dump_stack_lvl+0x73/0xb0 [ 24.123216] print_report+0xd1/0x650 [ 24.123252] ? __virt_addr_valid+0x1db/0x2d0 [ 24.123275] ? strnlen+0x73/0x80 [ 24.123294] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.123320] ? strnlen+0x73/0x80 [ 24.123340] kasan_report+0x141/0x180 [ 24.123361] ? strnlen+0x73/0x80 [ 24.123385] __asan_report_load1_noabort+0x18/0x20 [ 24.123408] strnlen+0x73/0x80 [ 24.123428] kasan_strings+0x615/0xe80 [ 24.123448] ? trace_hardirqs_on+0x37/0xe0 [ 24.123472] ? __pfx_kasan_strings+0x10/0x10 [ 24.123491] ? finish_task_switch.isra.0+0x153/0x700 [ 24.123513] ? __switch_to+0x47/0xf50 [ 24.123538] ? __schedule+0x10cc/0x2b60 [ 24.123562] ? __pfx_read_tsc+0x10/0x10 [ 24.123583] ? ktime_get_ts64+0x86/0x230 [ 24.123608] kunit_try_run_case+0x1a5/0x480 [ 24.123633] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.123655] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.123680] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.123704] ? __kthread_parkme+0x82/0x180 [ 24.123724] ? preempt_count_sub+0x50/0x80 [ 24.123745] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.123769] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.123792] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.123944] kthread+0x337/0x6f0 [ 24.123969] ? trace_preempt_on+0x20/0xc0 [ 24.123991] ? __pfx_kthread+0x10/0x10 [ 24.124012] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.124035] ? calculate_sigpending+0x7b/0xa0 [ 24.124060] ? __pfx_kthread+0x10/0x10 [ 24.124080] ret_from_fork+0x116/0x1d0 [ 24.124099] ? __pfx_kthread+0x10/0x10 [ 24.124119] ret_from_fork_asm+0x1a/0x30 [ 24.124150] </TASK> [ 24.124161] [ 24.133982] Allocated by task 288: [ 24.134119] kasan_save_stack+0x45/0x70 [ 24.134283] kasan_save_track+0x18/0x40 [ 24.134433] kasan_save_alloc_info+0x3b/0x50 [ 24.134643] __kasan_kmalloc+0xb7/0xc0 [ 24.135228] __kmalloc_cache_noprof+0x189/0x420 [ 24.135499] kasan_strings+0xc0/0xe80 [ 24.135701] kunit_try_run_case+0x1a5/0x480 [ 24.136252] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.136903] kthread+0x337/0x6f0 [ 24.137183] ret_from_fork+0x116/0x1d0 [ 24.137326] ret_from_fork_asm+0x1a/0x30 [ 24.137460] [ 24.137526] Freed by task 288: [ 24.137636] kasan_save_stack+0x45/0x70 [ 24.137767] kasan_save_track+0x18/0x40 [ 24.138344] kasan_save_free_info+0x3f/0x60 [ 24.138759] __kasan_slab_free+0x56/0x70 [ 24.139437] kfree+0x222/0x3f0 [ 24.139763] kasan_strings+0x2aa/0xe80 [ 24.140252] kunit_try_run_case+0x1a5/0x480 [ 24.140653] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.141283] kthread+0x337/0x6f0 [ 24.141618] ret_from_fork+0x116/0x1d0 [ 24.141987] ret_from_fork_asm+0x1a/0x30 [ 24.142306] [ 24.142465] The buggy address belongs to the object at ffff888102d5c7c0 [ 24.142465] which belongs to the cache kmalloc-32 of size 32 [ 24.143615] The buggy address is located 16 bytes inside of [ 24.143615] freed 32-byte region [ffff888102d5c7c0, ffff888102d5c7e0) [ 24.144426] [ 24.144599] The buggy address belongs to the physical page: [ 24.145048] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d5c [ 24.145670] flags: 0x200000000000000(node=0|zone=2) [ 24.146012] page_type: f5(slab) [ 24.146369] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 24.147197] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 24.147443] page dumped because: kasan: bad access detected [ 24.147608] [ 24.147671] Memory state around the buggy address: [ 24.147925] ffff888102d5c680: fa fb fb fb fc fc fc fc 00 00 00 04 fc fc fc fc [ 24.148639] ffff888102d5c700: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 24.149369] >ffff888102d5c780: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 24.150033] ^ [ 24.150555] ffff888102d5c800: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 24.151466] ffff888102d5c880: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 24.152235] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strlen
[ 24.097202] ================================================================== [ 24.097613] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 24.097921] Read of size 1 at addr ffff888102d5c7d0 by task kunit_try_catch/288 [ 24.098285] [ 24.098375] CPU: 1 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.098424] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.098435] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.098457] Call Trace: [ 24.098470] <TASK> [ 24.098487] dump_stack_lvl+0x73/0xb0 [ 24.098524] print_report+0xd1/0x650 [ 24.098573] ? __virt_addr_valid+0x1db/0x2d0 [ 24.098598] ? strlen+0x8f/0xb0 [ 24.098618] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.098643] ? strlen+0x8f/0xb0 [ 24.098663] kasan_report+0x141/0x180 [ 24.098684] ? strlen+0x8f/0xb0 [ 24.098707] __asan_report_load1_noabort+0x18/0x20 [ 24.098732] strlen+0x8f/0xb0 [ 24.098752] kasan_strings+0x57b/0xe80 [ 24.098772] ? trace_hardirqs_on+0x37/0xe0 [ 24.098795] ? __pfx_kasan_strings+0x10/0x10 [ 24.098851] ? finish_task_switch.isra.0+0x153/0x700 [ 24.098874] ? __switch_to+0x47/0xf50 [ 24.098899] ? __schedule+0x10cc/0x2b60 [ 24.098924] ? __pfx_read_tsc+0x10/0x10 [ 24.098997] ? ktime_get_ts64+0x86/0x230 [ 24.099021] kunit_try_run_case+0x1a5/0x480 [ 24.099054] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.099076] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.099100] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.099125] ? __kthread_parkme+0x82/0x180 [ 24.099146] ? preempt_count_sub+0x50/0x80 [ 24.099168] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.099191] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.099214] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.099249] kthread+0x337/0x6f0 [ 24.099267] ? trace_preempt_on+0x20/0xc0 [ 24.099289] ? __pfx_kthread+0x10/0x10 [ 24.099332] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.099355] ? calculate_sigpending+0x7b/0xa0 [ 24.099378] ? __pfx_kthread+0x10/0x10 [ 24.099399] ret_from_fork+0x116/0x1d0 [ 24.099418] ? __pfx_kthread+0x10/0x10 [ 24.099438] ret_from_fork_asm+0x1a/0x30 [ 24.099468] </TASK> [ 24.099497] [ 24.108109] Allocated by task 288: [ 24.108351] kasan_save_stack+0x45/0x70 [ 24.108546] kasan_save_track+0x18/0x40 [ 24.108684] kasan_save_alloc_info+0x3b/0x50 [ 24.108976] __kasan_kmalloc+0xb7/0xc0 [ 24.109269] __kmalloc_cache_noprof+0x189/0x420 [ 24.109507] kasan_strings+0xc0/0xe80 [ 24.109697] kunit_try_run_case+0x1a5/0x480 [ 24.109839] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.110008] kthread+0x337/0x6f0 [ 24.110122] ret_from_fork+0x116/0x1d0 [ 24.110317] ret_from_fork_asm+0x1a/0x30 [ 24.110508] [ 24.110680] Freed by task 288: [ 24.110902] kasan_save_stack+0x45/0x70 [ 24.111124] kasan_save_track+0x18/0x40 [ 24.111262] kasan_save_free_info+0x3f/0x60 [ 24.111402] __kasan_slab_free+0x56/0x70 [ 24.111532] kfree+0x222/0x3f0 [ 24.111687] kasan_strings+0x2aa/0xe80 [ 24.111866] kunit_try_run_case+0x1a5/0x480 [ 24.112123] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.112379] kthread+0x337/0x6f0 [ 24.112541] ret_from_fork+0x116/0x1d0 [ 24.112722] ret_from_fork_asm+0x1a/0x30 [ 24.112912] [ 24.112995] The buggy address belongs to the object at ffff888102d5c7c0 [ 24.112995] which belongs to the cache kmalloc-32 of size 32 [ 24.113665] The buggy address is located 16 bytes inside of [ 24.113665] freed 32-byte region [ffff888102d5c7c0, ffff888102d5c7e0) [ 24.114468] [ 24.114566] The buggy address belongs to the physical page: [ 24.114737] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d5c [ 24.114975] flags: 0x200000000000000(node=0|zone=2) [ 24.115141] page_type: f5(slab) [ 24.115268] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 24.116094] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 24.117009] page dumped because: kasan: bad access detected [ 24.117281] [ 24.117374] Memory state around the buggy address: [ 24.118248] ffff888102d5c680: fa fb fb fb fc fc fc fc 00 00 00 04 fc fc fc fc [ 24.118545] ffff888102d5c700: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 24.118832] >ffff888102d5c780: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 24.119427] ^ [ 24.120171] ffff888102d5c800: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 24.120999] ffff888102d5c880: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 24.121316] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 24.070250] ================================================================== [ 24.070579] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80 [ 24.071281] Read of size 1 at addr ffff888102d5c7d0 by task kunit_try_catch/288 [ 24.071658] [ 24.072402] CPU: 1 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.072460] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.072474] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.072497] Call Trace: [ 24.072512] <TASK> [ 24.072532] dump_stack_lvl+0x73/0xb0 [ 24.072565] print_report+0xd1/0x650 [ 24.072589] ? __virt_addr_valid+0x1db/0x2d0 [ 24.072613] ? kasan_strings+0xcbc/0xe80 [ 24.072634] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.072660] ? kasan_strings+0xcbc/0xe80 [ 24.072680] kasan_report+0x141/0x180 [ 24.072701] ? kasan_strings+0xcbc/0xe80 [ 24.072726] __asan_report_load1_noabort+0x18/0x20 [ 24.072750] kasan_strings+0xcbc/0xe80 [ 24.072769] ? trace_hardirqs_on+0x37/0xe0 [ 24.072792] ? __pfx_kasan_strings+0x10/0x10 [ 24.072812] ? finish_task_switch.isra.0+0x153/0x700 [ 24.072834] ? __switch_to+0x47/0xf50 [ 24.072859] ? __schedule+0x10cc/0x2b60 [ 24.072884] ? __pfx_read_tsc+0x10/0x10 [ 24.072906] ? ktime_get_ts64+0x86/0x230 [ 24.072930] kunit_try_run_case+0x1a5/0x480 [ 24.072956] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.072978] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.073003] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.073030] ? __kthread_parkme+0x82/0x180 [ 24.073051] ? preempt_count_sub+0x50/0x80 [ 24.073089] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.073127] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.073151] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.073174] kthread+0x337/0x6f0 [ 24.073193] ? trace_preempt_on+0x20/0xc0 [ 24.073216] ? __pfx_kthread+0x10/0x10 [ 24.073245] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.073269] ? calculate_sigpending+0x7b/0xa0 [ 24.073293] ? __pfx_kthread+0x10/0x10 [ 24.073314] ret_from_fork+0x116/0x1d0 [ 24.073333] ? __pfx_kthread+0x10/0x10 [ 24.073353] ret_from_fork_asm+0x1a/0x30 [ 24.073384] </TASK> [ 24.073396] [ 24.084522] Allocated by task 288: [ 24.084889] kasan_save_stack+0x45/0x70 [ 24.085180] kasan_save_track+0x18/0x40 [ 24.085450] kasan_save_alloc_info+0x3b/0x50 [ 24.085614] __kasan_kmalloc+0xb7/0xc0 [ 24.086070] __kmalloc_cache_noprof+0x189/0x420 [ 24.086448] kasan_strings+0xc0/0xe80 [ 24.086623] kunit_try_run_case+0x1a5/0x480 [ 24.087073] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.087338] kthread+0x337/0x6f0 [ 24.087505] ret_from_fork+0x116/0x1d0 [ 24.087649] ret_from_fork_asm+0x1a/0x30 [ 24.087858] [ 24.087931] Freed by task 288: [ 24.088269] kasan_save_stack+0x45/0x70 [ 24.088420] kasan_save_track+0x18/0x40 [ 24.088549] kasan_save_free_info+0x3f/0x60 [ 24.088749] __kasan_slab_free+0x56/0x70 [ 24.089066] kfree+0x222/0x3f0 [ 24.089253] kasan_strings+0x2aa/0xe80 [ 24.089379] kunit_try_run_case+0x1a5/0x480 [ 24.089661] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.089831] kthread+0x337/0x6f0 [ 24.090036] ret_from_fork+0x116/0x1d0 [ 24.090230] ret_from_fork_asm+0x1a/0x30 [ 24.090427] [ 24.090517] The buggy address belongs to the object at ffff888102d5c7c0 [ 24.090517] which belongs to the cache kmalloc-32 of size 32 [ 24.091014] The buggy address is located 16 bytes inside of [ 24.091014] freed 32-byte region [ffff888102d5c7c0, ffff888102d5c7e0) [ 24.091708] [ 24.091870] The buggy address belongs to the physical page: [ 24.092200] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d5c [ 24.092526] flags: 0x200000000000000(node=0|zone=2) [ 24.092742] page_type: f5(slab) [ 24.092996] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 24.093254] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 24.093476] page dumped because: kasan: bad access detected [ 24.093745] [ 24.093833] Memory state around the buggy address: [ 24.094282] ffff888102d5c680: fa fb fb fb fc fc fc fc 00 00 00 04 fc fc fc fc [ 24.094604] ffff888102d5c700: fa fb fb fb fc fc fc fc 00 00 07 fc fc fc fc fc [ 24.094925] >ffff888102d5c780: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 24.095350] ^ [ 24.095535] ffff888102d5c800: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 24.096088] ffff888102d5c880: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 24.096445] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 24.042875] ================================================================== [ 24.044008] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0 [ 24.044371] Read of size 1 at addr ffff888102d5c7d0 by task kunit_try_catch/288 [ 24.044671] [ 24.044790] CPU: 1 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.044843] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.044855] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.044880] Call Trace: [ 24.044895] <TASK> [ 24.044914] dump_stack_lvl+0x73/0xb0 [ 24.044943] print_report+0xd1/0x650 [ 24.044966] ? __virt_addr_valid+0x1db/0x2d0 [ 24.044990] ? strcmp+0xb0/0xc0 [ 24.045008] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.045035] ? strcmp+0xb0/0xc0 [ 24.045053] kasan_report+0x141/0x180 [ 24.045075] ? strcmp+0xb0/0xc0 [ 24.045098] __asan_report_load1_noabort+0x18/0x20 [ 24.045121] strcmp+0xb0/0xc0 [ 24.045141] kasan_strings+0x431/0xe80 [ 24.045162] ? trace_hardirqs_on+0x37/0xe0 [ 24.045186] ? __pfx_kasan_strings+0x10/0x10 [ 24.045205] ? finish_task_switch.isra.0+0x153/0x700 [ 24.045237] ? __switch_to+0x47/0xf50 [ 24.045263] ? __schedule+0x10cc/0x2b60 [ 24.045287] ? __pfx_read_tsc+0x10/0x10 [ 24.045309] ? ktime_get_ts64+0x86/0x230 [ 24.045333] kunit_try_run_case+0x1a5/0x480 [ 24.045358] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.045380] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.045405] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.045429] ? __kthread_parkme+0x82/0x180 [ 24.045449] ? preempt_count_sub+0x50/0x80 [ 24.045471] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.045494] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.045517] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.045541] kthread+0x337/0x6f0 [ 24.045560] ? trace_preempt_on+0x20/0xc0 [ 24.045582] ? __pfx_kthread+0x10/0x10 [ 24.045602] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.045625] ? calculate_sigpending+0x7b/0xa0 [ 24.045648] ? __pfx_kthread+0x10/0x10 [ 24.045669] ret_from_fork+0x116/0x1d0 [ 24.045688] ? __pfx_kthread+0x10/0x10 [ 24.045708] ret_from_fork_asm+0x1a/0x30 [ 24.045739] </TASK> [ 24.045751] [ 24.055927] Allocated by task 288: [ 24.056113] kasan_save_stack+0x45/0x70 [ 24.056342] kasan_save_track+0x18/0x40 [ 24.056518] kasan_save_alloc_info+0x3b/0x50 [ 24.056706] __kasan_kmalloc+0xb7/0xc0 [ 24.056888] __kmalloc_cache_noprof+0x189/0x420 [ 24.057582] kasan_strings+0xc0/0xe80 [ 24.057753] kunit_try_run_case+0x1a5/0x480 [ 24.058004] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.058432] kthread+0x337/0x6f0 [ 24.058600] ret_from_fork+0x116/0x1d0 [ 24.058778] ret_from_fork_asm+0x1a/0x30 [ 24.059000] [ 24.059075] Freed by task 288: [ 24.059338] kasan_save_stack+0x45/0x70 [ 24.059510] kasan_save_track+0x18/0x40 [ 24.059675] kasan_save_free_info+0x3f/0x60 [ 24.059933] __kasan_slab_free+0x56/0x70 [ 24.060165] kfree+0x222/0x3f0 [ 24.060297] kasan_strings+0x2aa/0xe80 [ 24.061209] kunit_try_run_case+0x1a5/0x480 [ 24.061396] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.061655] kthread+0x337/0x6f0 [ 24.061807] ret_from_fork+0x116/0x1d0 [ 24.062057] ret_from_fork_asm+0x1a/0x30 [ 24.062193] [ 24.062298] The buggy address belongs to the object at ffff888102d5c7c0 [ 24.062298] which belongs to the cache kmalloc-32 of size 32 [ 24.062898] The buggy address is located 16 bytes inside of [ 24.062898] freed 32-byte region [ffff888102d5c7c0, ffff888102d5c7e0) [ 24.063571] [ 24.064052] The buggy address belongs to the physical page: [ 24.064414] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d5c [ 24.064935] flags: 0x200000000000000(node=0|zone=2) [ 24.065267] page_type: f5(slab) [ 24.065576] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 24.065893] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 24.066304] page dumped because: kasan: bad access detected [ 24.066555] [ 24.066632] Memory state around the buggy address: [ 24.066852] ffff888102d5c680: fa fb fb fb fc fc fc fc 00 00 00 04 fc fc fc fc [ 24.067168] ffff888102d5c700: 00 00 07 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 24.067434] >ffff888102d5c780: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 24.067707] ^ [ 24.067980] ffff888102d5c800: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 24.068395] ffff888102d5c880: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 24.068716] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 24.014736] ================================================================== [ 24.015440] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 24.015738] Read of size 1 at addr ffff8881024e4cd8 by task kunit_try_catch/286 [ 24.016039] [ 24.016313] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.016368] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.016380] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.016404] Call Trace: [ 24.016417] <TASK> [ 24.016438] dump_stack_lvl+0x73/0xb0 [ 24.016467] print_report+0xd1/0x650 [ 24.016492] ? __virt_addr_valid+0x1db/0x2d0 [ 24.016516] ? memcmp+0x1b4/0x1d0 [ 24.016536] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.016562] ? memcmp+0x1b4/0x1d0 [ 24.016582] kasan_report+0x141/0x180 [ 24.016603] ? memcmp+0x1b4/0x1d0 [ 24.016627] __asan_report_load1_noabort+0x18/0x20 [ 24.016650] memcmp+0x1b4/0x1d0 [ 24.016671] kasan_memcmp+0x18f/0x390 [ 24.016691] ? trace_hardirqs_on+0x37/0xe0 [ 24.016714] ? __pfx_kasan_memcmp+0x10/0x10 [ 24.016733] ? finish_task_switch.isra.0+0x153/0x700 [ 24.016755] ? __switch_to+0x47/0xf50 [ 24.016784] ? __pfx_read_tsc+0x10/0x10 [ 24.016806] ? ktime_get_ts64+0x86/0x230 [ 24.016830] kunit_try_run_case+0x1a5/0x480 [ 24.016854] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.016876] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.016901] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.016925] ? __kthread_parkme+0x82/0x180 [ 24.016946] ? preempt_count_sub+0x50/0x80 [ 24.016968] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.016991] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.017013] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.017057] kthread+0x337/0x6f0 [ 24.017077] ? trace_preempt_on+0x20/0xc0 [ 24.017099] ? __pfx_kthread+0x10/0x10 [ 24.017120] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.017148] ? calculate_sigpending+0x7b/0xa0 [ 24.017172] ? __pfx_kthread+0x10/0x10 [ 24.017193] ret_from_fork+0x116/0x1d0 [ 24.017212] ? __pfx_kthread+0x10/0x10 [ 24.017242] ret_from_fork_asm+0x1a/0x30 [ 24.017273] </TASK> [ 24.017285] [ 24.026458] Allocated by task 286: [ 24.026641] kasan_save_stack+0x45/0x70 [ 24.026920] kasan_save_track+0x18/0x40 [ 24.027180] kasan_save_alloc_info+0x3b/0x50 [ 24.027477] __kasan_kmalloc+0xb7/0xc0 [ 24.027636] __kmalloc_cache_noprof+0x189/0x420 [ 24.027847] kasan_memcmp+0xb7/0x390 [ 24.027995] kunit_try_run_case+0x1a5/0x480 [ 24.028438] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.028750] kthread+0x337/0x6f0 [ 24.028888] ret_from_fork+0x116/0x1d0 [ 24.029076] ret_from_fork_asm+0x1a/0x30 [ 24.029481] [ 24.029561] The buggy address belongs to the object at ffff8881024e4cc0 [ 24.029561] which belongs to the cache kmalloc-32 of size 32 [ 24.030179] The buggy address is located 0 bytes to the right of [ 24.030179] allocated 24-byte region [ffff8881024e4cc0, ffff8881024e4cd8) [ 24.030782] [ 24.030862] The buggy address belongs to the physical page: [ 24.031118] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024e4 [ 24.031690] flags: 0x200000000000000(node=0|zone=2) [ 24.031985] page_type: f5(slab) [ 24.032130] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 24.032579] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 24.032964] page dumped because: kasan: bad access detected [ 24.033210] [ 24.033414] Memory state around the buggy address: [ 24.033670] ffff8881024e4b80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 24.034138] ffff8881024e4c00: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 24.034526] >ffff8881024e4c80: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 24.034866] ^ [ 24.035129] ffff8881024e4d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.035556] ffff8881024e4d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.035857] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 23.985399] ================================================================== [ 23.985874] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 23.986116] Read of size 1 at addr ffff888103b6fc4a by task kunit_try_catch/282 [ 23.986683] [ 23.986981] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 23.987059] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.987073] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.987098] Call Trace: [ 23.987111] <TASK> [ 23.987129] dump_stack_lvl+0x73/0xb0 [ 23.987161] print_report+0xd1/0x650 [ 23.987183] ? __virt_addr_valid+0x1db/0x2d0 [ 23.987207] ? kasan_alloca_oob_right+0x329/0x390 [ 23.987240] ? kasan_addr_to_slab+0x11/0xa0 [ 23.987260] ? kasan_alloca_oob_right+0x329/0x390 [ 23.987281] kasan_report+0x141/0x180 [ 23.987394] ? kasan_alloca_oob_right+0x329/0x390 [ 23.987423] __asan_report_load1_noabort+0x18/0x20 [ 23.987581] kasan_alloca_oob_right+0x329/0x390 [ 23.987605] ? __pfx_sched_clock_cpu+0x10/0x10 [ 23.987626] ? finish_task_switch.isra.0+0x153/0x700 [ 23.987649] ? down_write_killable+0x7e/0x180 [ 23.987672] ? trace_hardirqs_on+0x37/0xe0 [ 23.987696] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 23.987720] ? __schedule+0x10cc/0x2b60 [ 23.987745] ? __pfx_read_tsc+0x10/0x10 [ 23.987767] ? ktime_get_ts64+0x86/0x230 [ 23.987815] kunit_try_run_case+0x1a5/0x480 [ 23.987839] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.987862] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.987887] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.987910] ? __kthread_parkme+0x82/0x180 [ 23.987930] ? preempt_count_sub+0x50/0x80 [ 23.987952] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.987976] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.987997] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.988036] kthread+0x337/0x6f0 [ 23.988057] ? trace_preempt_on+0x20/0xc0 [ 23.988078] ? __pfx_kthread+0x10/0x10 [ 23.988098] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.988120] ? calculate_sigpending+0x7b/0xa0 [ 23.988144] ? __pfx_kthread+0x10/0x10 [ 23.988164] ret_from_fork+0x116/0x1d0 [ 23.988183] ? __pfx_kthread+0x10/0x10 [ 23.988203] ret_from_fork_asm+0x1a/0x30 [ 23.988243] </TASK> [ 23.988255] [ 24.000107] The buggy address belongs to stack of task kunit_try_catch/282 [ 24.000486] [ 24.000568] The buggy address belongs to the physical page: [ 24.000850] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103b6f [ 24.001180] flags: 0x200000000000000(node=0|zone=2) [ 24.001437] raw: 0200000000000000 ffffea00040edbc8 ffffea00040edbc8 0000000000000000 [ 24.001703] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 24.002142] page dumped because: kasan: bad access detected [ 24.002404] [ 24.002476] Memory state around the buggy address: [ 24.002691] ffff888103b6fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.003038] ffff888103b6fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.003370] >ffff888103b6fc00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 24.003607] ^ [ 24.003916] ffff888103b6fc80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 24.004207] ffff888103b6fd00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 24.004513] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 23.964415] ================================================================== [ 23.964870] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x320/0x380 [ 23.965296] Read of size 1 at addr ffff888103b77c3f by task kunit_try_catch/280 [ 23.965594] [ 23.965697] CPU: 0 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 23.965749] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.965761] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.965787] Call Trace: [ 23.965803] <TASK> [ 23.965825] dump_stack_lvl+0x73/0xb0 [ 23.965856] print_report+0xd1/0x650 [ 23.965879] ? __virt_addr_valid+0x1db/0x2d0 [ 23.965905] ? kasan_alloca_oob_left+0x320/0x380 [ 23.965926] ? kasan_addr_to_slab+0x11/0xa0 [ 23.965945] ? kasan_alloca_oob_left+0x320/0x380 [ 23.965966] kasan_report+0x141/0x180 [ 23.965988] ? kasan_alloca_oob_left+0x320/0x380 [ 23.966013] __asan_report_load1_noabort+0x18/0x20 [ 23.966170] kasan_alloca_oob_left+0x320/0x380 [ 23.966191] ? __kasan_check_write+0x18/0x20 [ 23.966215] ? __pfx_sched_clock_cpu+0x10/0x10 [ 23.966253] ? finish_task_switch.isra.0+0x153/0x700 [ 23.966277] ? down_write_killable+0x7e/0x180 [ 23.966301] ? trace_hardirqs_on+0x37/0xe0 [ 23.966327] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 23.966350] ? __schedule+0x10cc/0x2b60 [ 23.966375] ? __pfx_read_tsc+0x10/0x10 [ 23.966397] ? ktime_get_ts64+0x86/0x230 [ 23.966423] kunit_try_run_case+0x1a5/0x480 [ 23.966450] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.966472] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.966496] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.966520] ? __kthread_parkme+0x82/0x180 [ 23.966541] ? preempt_count_sub+0x50/0x80 [ 23.966564] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.966586] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.966609] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.966632] kthread+0x337/0x6f0 [ 23.966651] ? trace_preempt_on+0x20/0xc0 [ 23.966673] ? __pfx_kthread+0x10/0x10 [ 23.966692] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.966714] ? calculate_sigpending+0x7b/0xa0 [ 23.966739] ? __pfx_kthread+0x10/0x10 [ 23.966759] ret_from_fork+0x116/0x1d0 [ 23.966778] ? __pfx_kthread+0x10/0x10 [ 23.966851] ret_from_fork_asm+0x1a/0x30 [ 23.966885] </TASK> [ 23.966897] [ 23.975778] The buggy address belongs to stack of task kunit_try_catch/280 [ 23.976204] [ 23.976345] The buggy address belongs to the physical page: [ 23.976604] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103b77 [ 23.977164] flags: 0x200000000000000(node=0|zone=2) [ 23.977416] raw: 0200000000000000 ffffea00040eddc8 ffffea00040eddc8 0000000000000000 [ 23.977646] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 23.978159] page dumped because: kasan: bad access detected [ 23.978538] [ 23.978629] Memory state around the buggy address: [ 23.978898] ffff888103b77b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.979116] ffff888103b77b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.979336] >ffff888103b77c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 23.979883] ^ [ 23.980146] ffff888103b77c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 23.980521] ffff888103b77d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 23.980925] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 23.935635] ================================================================== [ 23.937177] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2b5/0x300 [ 23.937450] Read of size 1 at addr ffff888103b4fd02 by task kunit_try_catch/278 [ 23.937671] [ 23.937759] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 23.937811] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.937824] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.937849] Call Trace: [ 23.937866] <TASK> [ 23.937886] dump_stack_lvl+0x73/0xb0 [ 23.937916] print_report+0xd1/0x650 [ 23.937938] ? __virt_addr_valid+0x1db/0x2d0 [ 23.937962] ? kasan_stack_oob+0x2b5/0x300 [ 23.937985] ? kasan_addr_to_slab+0x11/0xa0 [ 23.938004] ? kasan_stack_oob+0x2b5/0x300 [ 23.938027] kasan_report+0x141/0x180 [ 23.938048] ? kasan_stack_oob+0x2b5/0x300 [ 23.938075] __asan_report_load1_noabort+0x18/0x20 [ 23.938098] kasan_stack_oob+0x2b5/0x300 [ 23.938122] ? __pfx_kasan_stack_oob+0x10/0x10 [ 23.938144] ? finish_task_switch.isra.0+0x153/0x700 [ 23.938178] ? __switch_to+0x47/0xf50 [ 23.938275] ? __schedule+0x10cc/0x2b60 [ 23.938312] ? __pfx_read_tsc+0x10/0x10 [ 23.938334] ? ktime_get_ts64+0x86/0x230 [ 23.938360] kunit_try_run_case+0x1a5/0x480 [ 23.938386] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.938408] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.938432] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.938457] ? __kthread_parkme+0x82/0x180 [ 23.938477] ? preempt_count_sub+0x50/0x80 [ 23.938499] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.938522] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.938545] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.938568] kthread+0x337/0x6f0 [ 23.938587] ? trace_preempt_on+0x20/0xc0 [ 23.938612] ? __pfx_kthread+0x10/0x10 [ 23.938632] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.938655] ? calculate_sigpending+0x7b/0xa0 [ 23.938678] ? __pfx_kthread+0x10/0x10 [ 23.938699] ret_from_fork+0x116/0x1d0 [ 23.938718] ? __pfx_kthread+0x10/0x10 [ 23.938737] ret_from_fork_asm+0x1a/0x30 [ 23.938767] </TASK> [ 23.938780] [ 23.952300] The buggy address belongs to stack of task kunit_try_catch/278 [ 23.952613] and is located at offset 138 in frame: [ 23.952772] kasan_stack_oob+0x0/0x300 [ 23.953049] [ 23.953569] This frame has 4 objects: [ 23.953884] [48, 49) '__assertion' [ 23.953912] [64, 72) 'array' [ 23.954128] [96, 112) '__assertion' [ 23.954512] [128, 138) 'stack_array' [ 23.954674] [ 23.955252] The buggy address belongs to the physical page: [ 23.955740] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103b4f [ 23.956390] flags: 0x200000000000000(node=0|zone=2) [ 23.956577] raw: 0200000000000000 ffffea00040ed3c8 ffffea00040ed3c8 0000000000000000 [ 23.956886] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 23.957692] page dumped because: kasan: bad access detected [ 23.958298] [ 23.958454] Memory state around the buggy address: [ 23.958876] ffff888103b4fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 23.959547] ffff888103b4fc80: f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 [ 23.960083] >ffff888103b4fd00: 02 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 23.960397] ^ [ 23.960512] ffff888103b4fd80: f1 f1 f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 [ 23.960721] ffff888103b4fe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.961029] ==================================================================
Failure - kunit - drm_modes_analog_tv_drm_test_modes_analog_tv_pal_576i_inlined
<8>[ 290.517483] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_modes_analog_tv_drm_test_modes_analog_tv_pal_576i_inlined RESULT=fail>
Failure - kunit - drm_modes_analog_tv_drm_test_modes_analog_tv_pal_576i
<8>[ 290.399542] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_modes_analog_tv_drm_test_modes_analog_tv_pal_576i RESULT=fail>
Failure - kunit - drm_modes_analog_tv_drm_test_modes_analog_tv_ntsc_480i_inlined
<8>[ 290.283654] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_modes_analog_tv_drm_test_modes_analog_tv_ntsc_480i_inlined RESULT=fail>
Failure - kunit - drm_modes_analog_tv_drm_test_modes_analog_tv_ntsc_480i
<8>[ 290.173088] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_modes_analog_tv_drm_test_modes_analog_tv_ntsc_480i RESULT=fail>
Failure - kunit - drm_modes_analog_tv_drm_test_modes_analog_tv_mono_576i
<8>[ 290.060141] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_modes_analog_tv_drm_test_modes_analog_tv_mono_576i RESULT=fail>
Failure - log-parser-boot - kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 23.909532] ================================================================== [ 23.910169] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x286/0x2d0 [ 23.910735] Read of size 1 at addr ffffffffb8ca9ecd by task kunit_try_catch/274 [ 23.911329] [ 23.911460] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 23.911529] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.911744] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.911797] Call Trace: [ 23.911812] <TASK> [ 23.911833] dump_stack_lvl+0x73/0xb0 [ 23.911866] print_report+0xd1/0x650 [ 23.911900] ? __virt_addr_valid+0x1db/0x2d0 [ 23.911925] ? kasan_global_oob_right+0x286/0x2d0 [ 23.911956] ? kasan_addr_to_slab+0x11/0xa0 [ 23.911975] ? kasan_global_oob_right+0x286/0x2d0 [ 23.912000] kasan_report+0x141/0x180 [ 23.912091] ? kasan_global_oob_right+0x286/0x2d0 [ 23.912123] __asan_report_load1_noabort+0x18/0x20 [ 23.912147] kasan_global_oob_right+0x286/0x2d0 [ 23.912172] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 23.912198] ? __schedule+0x10cc/0x2b60 [ 23.912236] ? __pfx_read_tsc+0x10/0x10 [ 23.912259] ? ktime_get_ts64+0x86/0x230 [ 23.912283] kunit_try_run_case+0x1a5/0x480 [ 23.912308] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.912332] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.912357] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.912382] ? __kthread_parkme+0x82/0x180 [ 23.912403] ? preempt_count_sub+0x50/0x80 [ 23.912428] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.912454] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.912478] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.912501] kthread+0x337/0x6f0 [ 23.912520] ? trace_preempt_on+0x20/0xc0 [ 23.912545] ? __pfx_kthread+0x10/0x10 [ 23.912565] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.912589] ? calculate_sigpending+0x7b/0xa0 [ 23.912613] ? __pfx_kthread+0x10/0x10 [ 23.912635] ret_from_fork+0x116/0x1d0 [ 23.912653] ? __pfx_kthread+0x10/0x10 [ 23.912674] ret_from_fork_asm+0x1a/0x30 [ 23.912706] </TASK> [ 23.912718] [ 23.924098] The buggy address belongs to the variable: [ 23.924465] global_array+0xd/0x40 [ 23.924875] [ 23.924993] The buggy address belongs to the physical page: [ 23.925308] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x218a9 [ 23.925636] flags: 0x100000000002000(reserved|node=0|zone=1) [ 23.926026] raw: 0100000000002000 ffffea0000862a48 ffffea0000862a48 0000000000000000 [ 23.926533] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 23.926860] page dumped because: kasan: bad access detected [ 23.927355] [ 23.927432] Memory state around the buggy address: [ 23.927746] ffffffffb8ca9d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.928251] ffffffffb8ca9e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.928684] >ffffffffb8ca9e80: 00 00 00 00 00 00 00 00 00 02 f9 f9 f9 f9 f9 f9 [ 23.928940] ^ [ 23.929292] ffffffffb8ca9f00: 00 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 [ 23.929581] ffffffffb8ca9f80: 02 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 [ 23.930012] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 23.885702] ================================================================== [ 23.886326] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 23.886698] Free of addr ffff888102bd8001 by task kunit_try_catch/272 [ 23.887198] [ 23.887318] CPU: 0 UID: 0 PID: 272 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 23.887370] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.887384] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.887407] Call Trace: [ 23.887421] <TASK> [ 23.887439] dump_stack_lvl+0x73/0xb0 [ 23.887469] print_report+0xd1/0x650 [ 23.887492] ? __virt_addr_valid+0x1db/0x2d0 [ 23.887516] ? kasan_addr_to_slab+0x11/0xa0 [ 23.887536] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 23.887561] kasan_report_invalid_free+0x10a/0x130 [ 23.887584] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 23.887613] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 23.887636] __kasan_mempool_poison_object+0x102/0x1d0 [ 23.887659] mempool_free+0x2ec/0x380 [ 23.887685] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 23.887709] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 23.887736] ? __pfx_sched_clock_cpu+0x10/0x10 [ 23.887758] ? finish_task_switch.isra.0+0x153/0x700 [ 23.887808] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 23.887834] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 23.887861] ? __pfx_mempool_kmalloc+0x10/0x10 [ 23.887884] ? __pfx_mempool_kfree+0x10/0x10 [ 23.887907] ? __pfx_read_tsc+0x10/0x10 [ 23.887930] ? ktime_get_ts64+0x86/0x230 [ 23.887954] kunit_try_run_case+0x1a5/0x480 [ 23.887980] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.888016] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.888043] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.888068] ? __kthread_parkme+0x82/0x180 [ 23.888089] ? preempt_count_sub+0x50/0x80 [ 23.888111] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.888135] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.888159] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.888183] kthread+0x337/0x6f0 [ 23.888202] ? trace_preempt_on+0x20/0xc0 [ 23.888234] ? __pfx_kthread+0x10/0x10 [ 23.888255] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.888278] ? calculate_sigpending+0x7b/0xa0 [ 23.888303] ? __pfx_kthread+0x10/0x10 [ 23.888323] ret_from_fork+0x116/0x1d0 [ 23.888342] ? __pfx_kthread+0x10/0x10 [ 23.888363] ret_from_fork_asm+0x1a/0x30 [ 23.888394] </TASK> [ 23.888406] [ 23.897766] The buggy address belongs to the physical page: [ 23.898619] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bd8 [ 23.899057] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.899347] flags: 0x200000000000040(head|node=0|zone=2) [ 23.899615] page_type: f8(unknown) [ 23.899798] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.900129] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.900833] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.901184] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.901515] head: 0200000000000002 ffffea00040af601 00000000ffffffff 00000000ffffffff [ 23.901837] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.902085] page dumped because: kasan: bad access detected [ 23.902340] [ 23.902409] Memory state around the buggy address: [ 23.902699] ffff888102bd7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.903039] ffff888102bd7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.903383] >ffff888102bd8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.903699] ^ [ 23.903828] ffff888102bd8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.904102] ffff888102bd8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.904452] ================================================================== [ 23.851765] ================================================================== [ 23.852721] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 23.853415] Free of addr ffff8881024e1701 by task kunit_try_catch/270 [ 23.854312] [ 23.854498] CPU: 0 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 23.854554] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.854567] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.854591] Call Trace: [ 23.854607] <TASK> [ 23.854629] dump_stack_lvl+0x73/0xb0 [ 23.854661] print_report+0xd1/0x650 [ 23.854686] ? __virt_addr_valid+0x1db/0x2d0 [ 23.854711] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.854736] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 23.854762] kasan_report_invalid_free+0x10a/0x130 [ 23.854794] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 23.854820] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 23.854844] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 23.854866] check_slab_allocation+0x11f/0x130 [ 23.854887] __kasan_mempool_poison_object+0x91/0x1d0 [ 23.854911] mempool_free+0x2ec/0x380 [ 23.854938] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 23.854961] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 23.854988] ? __pfx_sched_clock_cpu+0x10/0x10 [ 23.855009] ? finish_task_switch.isra.0+0x153/0x700 [ 23.855042] mempool_kmalloc_invalid_free+0xed/0x140 [ 23.855064] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 23.855089] ? __pfx_mempool_kmalloc+0x10/0x10 [ 23.855111] ? __pfx_mempool_kfree+0x10/0x10 [ 23.855135] ? __pfx_read_tsc+0x10/0x10 [ 23.855157] ? ktime_get_ts64+0x86/0x230 [ 23.855181] kunit_try_run_case+0x1a5/0x480 [ 23.855206] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.855239] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.855265] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.855289] ? __kthread_parkme+0x82/0x180 [ 23.855309] ? preempt_count_sub+0x50/0x80 [ 23.855331] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.855354] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.855377] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.855401] kthread+0x337/0x6f0 [ 23.855419] ? trace_preempt_on+0x20/0xc0 [ 23.855443] ? __pfx_kthread+0x10/0x10 [ 23.855463] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.855487] ? calculate_sigpending+0x7b/0xa0 [ 23.855511] ? __pfx_kthread+0x10/0x10 [ 23.855532] ret_from_fork+0x116/0x1d0 [ 23.855551] ? __pfx_kthread+0x10/0x10 [ 23.855571] ret_from_fork_asm+0x1a/0x30 [ 23.855602] </TASK> [ 23.855614] [ 23.873309] Allocated by task 270: [ 23.873502] kasan_save_stack+0x45/0x70 [ 23.873682] kasan_save_track+0x18/0x40 [ 23.873853] kasan_save_alloc_info+0x3b/0x50 [ 23.873993] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 23.874157] remove_element+0x11e/0x190 [ 23.874382] mempool_alloc_preallocated+0x4d/0x90 [ 23.874720] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 23.874968] mempool_kmalloc_invalid_free+0xed/0x140 [ 23.875157] kunit_try_run_case+0x1a5/0x480 [ 23.875314] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.875817] kthread+0x337/0x6f0 [ 23.875988] ret_from_fork+0x116/0x1d0 [ 23.876192] ret_from_fork_asm+0x1a/0x30 [ 23.876363] [ 23.876448] The buggy address belongs to the object at ffff8881024e1700 [ 23.876448] which belongs to the cache kmalloc-128 of size 128 [ 23.876996] The buggy address is located 1 bytes inside of [ 23.876996] 128-byte region [ffff8881024e1700, ffff8881024e1780) [ 23.877438] [ 23.877532] The buggy address belongs to the physical page: [ 23.877787] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024e1 [ 23.878080] flags: 0x200000000000000(node=0|zone=2) [ 23.878253] page_type: f5(slab) [ 23.878548] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.878957] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.879356] page dumped because: kasan: bad access detected [ 23.879524] [ 23.879586] Memory state around the buggy address: [ 23.879736] ffff8881024e1600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.880275] ffff8881024e1680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.880594] >ffff8881024e1700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.880909] ^ [ 23.881106] ffff8881024e1780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.881492] ffff8881024e1800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.882258] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 23.822073] ================================================================== [ 23.823207] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 23.824169] Free of addr ffff888102ca4000 by task kunit_try_catch/268 [ 23.824399] [ 23.824491] CPU: 1 UID: 0 PID: 268 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 23.824546] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.824559] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.824583] Call Trace: [ 23.824599] <TASK> [ 23.824621] dump_stack_lvl+0x73/0xb0 [ 23.824655] print_report+0xd1/0x650 [ 23.824679] ? __virt_addr_valid+0x1db/0x2d0 [ 23.824706] ? kasan_addr_to_slab+0x11/0xa0 [ 23.824725] ? mempool_double_free_helper+0x184/0x370 [ 23.824748] kasan_report_invalid_free+0x10a/0x130 [ 23.824772] ? mempool_double_free_helper+0x184/0x370 [ 23.824796] ? mempool_double_free_helper+0x184/0x370 [ 23.824818] __kasan_mempool_poison_pages+0x115/0x130 [ 23.824842] mempool_free+0x290/0x380 [ 23.824870] mempool_double_free_helper+0x184/0x370 [ 23.824893] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 23.824917] ? __kasan_check_write+0x18/0x20 [ 23.824939] ? __pfx_sched_clock_cpu+0x10/0x10 [ 23.824961] ? irqentry_exit+0x2a/0x60 [ 23.824982] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 23.825022] mempool_page_alloc_double_free+0xe8/0x140 [ 23.825048] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 23.825076] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 23.825110] ? __pfx_mempool_free_pages+0x10/0x10 [ 23.825135] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 23.825162] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 23.825188] kunit_try_run_case+0x1a5/0x480 [ 23.825216] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.825271] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.825307] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.825331] ? __kthread_parkme+0x82/0x180 [ 23.825353] ? preempt_count_sub+0x50/0x80 [ 23.825388] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.825411] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.825435] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.825458] kthread+0x337/0x6f0 [ 23.825478] ? trace_preempt_on+0x20/0xc0 [ 23.825502] ? __pfx_kthread+0x10/0x10 [ 23.825531] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.825554] ? calculate_sigpending+0x7b/0xa0 [ 23.825578] ? __pfx_kthread+0x10/0x10 [ 23.825612] ret_from_fork+0x116/0x1d0 [ 23.825633] ? __pfx_kthread+0x10/0x10 [ 23.825654] ret_from_fork_asm+0x1a/0x30 [ 23.825687] </TASK> [ 23.825699] [ 23.842431] The buggy address belongs to the physical page: [ 23.842639] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ca4 [ 23.843234] flags: 0x200000000000000(node=0|zone=2) [ 23.843709] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 23.844485] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 23.845292] page dumped because: kasan: bad access detected [ 23.845742] [ 23.845948] Memory state around the buggy address: [ 23.846521] ffff888102ca3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.847038] ffff888102ca3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.847266] >ffff888102ca4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.847477] ^ [ 23.847589] ffff888102ca4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.847823] ffff888102ca4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.848261] ================================================================== [ 23.798949] ================================================================== [ 23.799451] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 23.799772] Free of addr ffff888102bd8000 by task kunit_try_catch/266 [ 23.800038] [ 23.800185] CPU: 0 UID: 0 PID: 266 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 23.800250] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.800263] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.800287] Call Trace: [ 23.800303] <TASK> [ 23.800326] dump_stack_lvl+0x73/0xb0 [ 23.800360] print_report+0xd1/0x650 [ 23.800383] ? __virt_addr_valid+0x1db/0x2d0 [ 23.800414] ? kasan_addr_to_slab+0x11/0xa0 [ 23.800435] ? mempool_double_free_helper+0x184/0x370 [ 23.800459] kasan_report_invalid_free+0x10a/0x130 [ 23.800515] ? mempool_double_free_helper+0x184/0x370 [ 23.800541] ? mempool_double_free_helper+0x184/0x370 [ 23.800563] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 23.800586] mempool_free+0x2ec/0x380 [ 23.800614] mempool_double_free_helper+0x184/0x370 [ 23.800638] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 23.800662] ? __kasan_check_write+0x18/0x20 [ 23.800686] ? __pfx_sched_clock_cpu+0x10/0x10 [ 23.800709] ? finish_task_switch.isra.0+0x153/0x700 [ 23.800737] mempool_kmalloc_large_double_free+0xed/0x140 [ 23.800762] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 23.800791] ? __pfx_mempool_kmalloc+0x10/0x10 [ 23.800815] ? __pfx_mempool_kfree+0x10/0x10 [ 23.800839] ? __pfx_read_tsc+0x10/0x10 [ 23.800863] ? ktime_get_ts64+0x86/0x230 [ 23.800887] kunit_try_run_case+0x1a5/0x480 [ 23.800916] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.800961] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.800988] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.801013] ? __kthread_parkme+0x82/0x180 [ 23.801035] ? preempt_count_sub+0x50/0x80 [ 23.801058] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.801083] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.801106] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.801142] kthread+0x337/0x6f0 [ 23.801162] ? trace_preempt_on+0x20/0xc0 [ 23.801188] ? __pfx_kthread+0x10/0x10 [ 23.801208] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.801241] ? calculate_sigpending+0x7b/0xa0 [ 23.801266] ? __pfx_kthread+0x10/0x10 [ 23.801287] ret_from_fork+0x116/0x1d0 [ 23.801306] ? __pfx_kthread+0x10/0x10 [ 23.801326] ret_from_fork_asm+0x1a/0x30 [ 23.801359] </TASK> [ 23.801371] [ 23.811248] The buggy address belongs to the physical page: [ 23.811530] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bd8 [ 23.811991] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.812310] flags: 0x200000000000040(head|node=0|zone=2) [ 23.812491] page_type: f8(unknown) [ 23.812614] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.812992] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.813685] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.814229] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.814481] head: 0200000000000002 ffffea00040af601 00000000ffffffff 00000000ffffffff [ 23.814927] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.815670] page dumped because: kasan: bad access detected [ 23.816034] [ 23.816169] Memory state around the buggy address: [ 23.816358] ffff888102bd7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.816714] ffff888102bd7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.817124] >ffff888102bd8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.817518] ^ [ 23.817693] ffff888102bd8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.817987] ffff888102bd8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.818374] ================================================================== [ 23.770282] ================================================================== [ 23.770743] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 23.771112] Free of addr ffff888102d56a00 by task kunit_try_catch/264 [ 23.771410] [ 23.771505] CPU: 1 UID: 0 PID: 264 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 23.771557] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.771571] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.771594] Call Trace: [ 23.771608] <TASK> [ 23.771628] dump_stack_lvl+0x73/0xb0 [ 23.771658] print_report+0xd1/0x650 [ 23.771681] ? __virt_addr_valid+0x1db/0x2d0 [ 23.771706] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.771731] ? mempool_double_free_helper+0x184/0x370 [ 23.771754] kasan_report_invalid_free+0x10a/0x130 [ 23.771777] ? mempool_double_free_helper+0x184/0x370 [ 23.771801] ? mempool_double_free_helper+0x184/0x370 [ 23.771823] ? mempool_double_free_helper+0x184/0x370 [ 23.771844] check_slab_allocation+0x101/0x130 [ 23.771865] __kasan_mempool_poison_object+0x91/0x1d0 [ 23.771889] mempool_free+0x2ec/0x380 [ 23.771916] mempool_double_free_helper+0x184/0x370 [ 23.771986] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 23.772027] ? __kasan_check_write+0x18/0x20 [ 23.772050] ? __pfx_sched_clock_cpu+0x10/0x10 [ 23.772072] ? finish_task_switch.isra.0+0x153/0x700 [ 23.772098] mempool_kmalloc_double_free+0xed/0x140 [ 23.772120] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 23.772145] ? __pfx_mempool_kmalloc+0x10/0x10 [ 23.772167] ? __pfx_mempool_kfree+0x10/0x10 [ 23.772190] ? __pfx_read_tsc+0x10/0x10 [ 23.772212] ? ktime_get_ts64+0x86/0x230 [ 23.772246] kunit_try_run_case+0x1a5/0x480 [ 23.772272] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.772295] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.772322] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.772347] ? __kthread_parkme+0x82/0x180 [ 23.772368] ? preempt_count_sub+0x50/0x80 [ 23.772390] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.772414] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.772438] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.772462] kthread+0x337/0x6f0 [ 23.772481] ? trace_preempt_on+0x20/0xc0 [ 23.772504] ? __pfx_kthread+0x10/0x10 [ 23.772524] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.772547] ? calculate_sigpending+0x7b/0xa0 [ 23.772571] ? __pfx_kthread+0x10/0x10 [ 23.772592] ret_from_fork+0x116/0x1d0 [ 23.772611] ? __pfx_kthread+0x10/0x10 [ 23.772631] ret_from_fork_asm+0x1a/0x30 [ 23.772662] </TASK> [ 23.772674] [ 23.781920] Allocated by task 264: [ 23.782124] kasan_save_stack+0x45/0x70 [ 23.782302] kasan_save_track+0x18/0x40 [ 23.782491] kasan_save_alloc_info+0x3b/0x50 [ 23.782666] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 23.782878] remove_element+0x11e/0x190 [ 23.783080] mempool_alloc_preallocated+0x4d/0x90 [ 23.783360] mempool_double_free_helper+0x8a/0x370 [ 23.783547] mempool_kmalloc_double_free+0xed/0x140 [ 23.783833] kunit_try_run_case+0x1a5/0x480 [ 23.784000] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.784258] kthread+0x337/0x6f0 [ 23.784418] ret_from_fork+0x116/0x1d0 [ 23.784601] ret_from_fork_asm+0x1a/0x30 [ 23.784949] [ 23.785091] Freed by task 264: [ 23.785240] kasan_save_stack+0x45/0x70 [ 23.785433] kasan_save_track+0x18/0x40 [ 23.785593] kasan_save_free_info+0x3f/0x60 [ 23.785875] __kasan_mempool_poison_object+0x131/0x1d0 [ 23.786113] mempool_free+0x2ec/0x380 [ 23.786281] mempool_double_free_helper+0x109/0x370 [ 23.786474] mempool_kmalloc_double_free+0xed/0x140 [ 23.786699] kunit_try_run_case+0x1a5/0x480 [ 23.786971] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.787226] kthread+0x337/0x6f0 [ 23.787343] ret_from_fork+0x116/0x1d0 [ 23.787469] ret_from_fork_asm+0x1a/0x30 [ 23.787600] [ 23.787665] The buggy address belongs to the object at ffff888102d56a00 [ 23.787665] which belongs to the cache kmalloc-128 of size 128 [ 23.788252] The buggy address is located 0 bytes inside of [ 23.788252] 128-byte region [ffff888102d56a00, ffff888102d56a80) [ 23.788756] [ 23.788852] The buggy address belongs to the physical page: [ 23.789108] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d56 [ 23.789688] flags: 0x200000000000000(node=0|zone=2) [ 23.789988] page_type: f5(slab) [ 23.790179] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.790539] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.790977] page dumped because: kasan: bad access detected [ 23.791272] [ 23.791365] Memory state around the buggy address: [ 23.791594] ffff888102d56900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.791986] ffff888102d56980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.792310] >ffff888102d56a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.792540] ^ [ 23.792701] ffff888102d56a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.793283] ffff888102d56b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.793503] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 23.671550] ================================================================== [ 23.672087] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 23.672594] Read of size 1 at addr ffff888102bd4000 by task kunit_try_catch/258 [ 23.673078] [ 23.673186] CPU: 0 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 23.673250] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.673264] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.673289] Call Trace: [ 23.673303] <TASK> [ 23.673323] dump_stack_lvl+0x73/0xb0 [ 23.673355] print_report+0xd1/0x650 [ 23.673376] ? __virt_addr_valid+0x1db/0x2d0 [ 23.673400] ? mempool_uaf_helper+0x392/0x400 [ 23.673422] ? kasan_addr_to_slab+0x11/0xa0 [ 23.673441] ? mempool_uaf_helper+0x392/0x400 [ 23.673463] kasan_report+0x141/0x180 [ 23.673484] ? mempool_uaf_helper+0x392/0x400 [ 23.673510] __asan_report_load1_noabort+0x18/0x20 [ 23.673535] mempool_uaf_helper+0x392/0x400 [ 23.673557] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 23.673580] ? __kasan_check_write+0x18/0x20 [ 23.673603] ? __pfx_sched_clock_cpu+0x10/0x10 [ 23.673624] ? irqentry_exit+0x2a/0x60 [ 23.673645] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 23.673669] mempool_kmalloc_large_uaf+0xef/0x140 [ 23.673693] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 23.673717] ? __pfx_mempool_kmalloc+0x10/0x10 [ 23.673740] ? __pfx_mempool_kfree+0x10/0x10 [ 23.673765] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 23.673790] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 23.673814] kunit_try_run_case+0x1a5/0x480 [ 23.673839] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.673861] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.673886] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.673923] ? __kthread_parkme+0x82/0x180 [ 23.673944] ? preempt_count_sub+0x50/0x80 [ 23.673967] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.673992] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.674015] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.674079] kthread+0x337/0x6f0 [ 23.674099] ? trace_preempt_on+0x20/0xc0 [ 23.674123] ? __pfx_kthread+0x10/0x10 [ 23.674143] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.674167] ? calculate_sigpending+0x7b/0xa0 [ 23.674191] ? __pfx_kthread+0x10/0x10 [ 23.674212] ret_from_fork+0x116/0x1d0 [ 23.674243] ? __pfx_kthread+0x10/0x10 [ 23.674264] ret_from_fork_asm+0x1a/0x30 [ 23.674295] </TASK> [ 23.674308] [ 23.684325] The buggy address belongs to the physical page: [ 23.684584] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bd4 [ 23.684964] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.686070] flags: 0x200000000000040(head|node=0|zone=2) [ 23.686906] page_type: f8(unknown) [ 23.687112] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.687355] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.687582] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.687807] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.688032] head: 0200000000000002 ffffea00040af501 00000000ffffffff 00000000ffffffff [ 23.688620] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.689707] page dumped because: kasan: bad access detected [ 23.690554] [ 23.690858] Memory state around the buggy address: [ 23.691602] ffff888102bd3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.692512] ffff888102bd3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.693422] >ffff888102bd4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.694383] ^ [ 23.694855] ffff888102bd4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.695575] ffff888102bd4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.695946] ================================================================== [ 23.739502] ================================================================== [ 23.740260] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 23.741022] Read of size 1 at addr ffff888102ca4000 by task kunit_try_catch/262 [ 23.741353] [ 23.741449] CPU: 1 UID: 0 PID: 262 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 23.741504] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.741517] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.741541] Call Trace: [ 23.741557] <TASK> [ 23.741578] dump_stack_lvl+0x73/0xb0 [ 23.741611] print_report+0xd1/0x650 [ 23.741635] ? __virt_addr_valid+0x1db/0x2d0 [ 23.741661] ? mempool_uaf_helper+0x392/0x400 [ 23.741683] ? kasan_addr_to_slab+0x11/0xa0 [ 23.741703] ? mempool_uaf_helper+0x392/0x400 [ 23.741725] kasan_report+0x141/0x180 [ 23.741746] ? mempool_uaf_helper+0x392/0x400 [ 23.741771] __asan_report_load1_noabort+0x18/0x20 [ 23.741848] mempool_uaf_helper+0x392/0x400 [ 23.741873] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 23.741896] ? __kasan_check_write+0x18/0x20 [ 23.741932] ? __pfx_sched_clock_cpu+0x10/0x10 [ 23.741957] ? finish_task_switch.isra.0+0x153/0x700 [ 23.741984] mempool_page_alloc_uaf+0xed/0x140 [ 23.742007] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 23.742032] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 23.742116] ? __pfx_mempool_free_pages+0x10/0x10 [ 23.742152] ? __pfx_read_tsc+0x10/0x10 [ 23.742176] ? ktime_get_ts64+0x86/0x230 [ 23.742200] kunit_try_run_case+0x1a5/0x480 [ 23.742236] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.742259] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.742285] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.742310] ? __kthread_parkme+0x82/0x180 [ 23.742340] ? preempt_count_sub+0x50/0x80 [ 23.742362] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.742386] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.742411] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.742434] kthread+0x337/0x6f0 [ 23.742454] ? trace_preempt_on+0x20/0xc0 [ 23.742478] ? __pfx_kthread+0x10/0x10 [ 23.742498] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.742521] ? calculate_sigpending+0x7b/0xa0 [ 23.742545] ? __pfx_kthread+0x10/0x10 [ 23.742566] ret_from_fork+0x116/0x1d0 [ 23.742585] ? __pfx_kthread+0x10/0x10 [ 23.742605] ret_from_fork_asm+0x1a/0x30 [ 23.742637] </TASK> [ 23.742649] [ 23.758949] The buggy address belongs to the physical page: [ 23.759336] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ca4 [ 23.759585] flags: 0x200000000000000(node=0|zone=2) [ 23.759762] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 23.760628] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 23.761414] page dumped because: kasan: bad access detected [ 23.762084] [ 23.762343] Memory state around the buggy address: [ 23.762857] ffff888102ca3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.763216] ffff888102ca3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.763832] >ffff888102ca4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.764318] ^ [ 23.764435] ffff888102ca4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.764644] ffff888102ca4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.764850] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 23.701590] ================================================================== [ 23.702939] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 23.703862] Read of size 1 at addr ffff8881024e6240 by task kunit_try_catch/260 [ 23.704258] [ 23.704357] CPU: 0 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 23.704412] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.704426] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.704450] Call Trace: [ 23.704466] <TASK> [ 23.704488] dump_stack_lvl+0x73/0xb0 [ 23.704524] print_report+0xd1/0x650 [ 23.704547] ? __virt_addr_valid+0x1db/0x2d0 [ 23.704574] ? mempool_uaf_helper+0x392/0x400 [ 23.704596] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.704621] ? mempool_uaf_helper+0x392/0x400 [ 23.704641] kasan_report+0x141/0x180 [ 23.704665] ? mempool_uaf_helper+0x392/0x400 [ 23.704690] __asan_report_load1_noabort+0x18/0x20 [ 23.704712] mempool_uaf_helper+0x392/0x400 [ 23.704734] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 23.704754] ? update_load_avg+0x1be/0x21b0 [ 23.704782] ? finish_task_switch.isra.0+0x153/0x700 [ 23.704809] mempool_slab_uaf+0xea/0x140 [ 23.704831] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 23.704855] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 23.704880] ? __pfx_mempool_free_slab+0x10/0x10 [ 23.704905] ? __pfx_read_tsc+0x10/0x10 [ 23.704928] ? ktime_get_ts64+0x86/0x230 [ 23.704952] kunit_try_run_case+0x1a5/0x480 [ 23.704979] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.705001] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.705028] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.705052] ? __kthread_parkme+0x82/0x180 [ 23.705073] ? preempt_count_sub+0x50/0x80 [ 23.705095] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.705119] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.705143] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.705168] kthread+0x337/0x6f0 [ 23.705189] ? trace_preempt_on+0x20/0xc0 [ 23.705214] ? __pfx_kthread+0x10/0x10 [ 23.705245] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.705268] ? calculate_sigpending+0x7b/0xa0 [ 23.705293] ? __pfx_kthread+0x10/0x10 [ 23.705314] ret_from_fork+0x116/0x1d0 [ 23.705333] ? __pfx_kthread+0x10/0x10 [ 23.705352] ret_from_fork_asm+0x1a/0x30 [ 23.705385] </TASK> [ 23.705398] [ 23.717482] Allocated by task 260: [ 23.717770] kasan_save_stack+0x45/0x70 [ 23.718064] kasan_save_track+0x18/0x40 [ 23.718234] kasan_save_alloc_info+0x3b/0x50 [ 23.718387] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 23.718599] remove_element+0x11e/0x190 [ 23.718757] mempool_alloc_preallocated+0x4d/0x90 [ 23.718981] mempool_uaf_helper+0x96/0x400 [ 23.719263] mempool_slab_uaf+0xea/0x140 [ 23.719425] kunit_try_run_case+0x1a5/0x480 [ 23.719628] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.719849] kthread+0x337/0x6f0 [ 23.719995] ret_from_fork+0x116/0x1d0 [ 23.720185] ret_from_fork_asm+0x1a/0x30 [ 23.720399] [ 23.720465] Freed by task 260: [ 23.720734] kasan_save_stack+0x45/0x70 [ 23.721239] kasan_save_track+0x18/0x40 [ 23.721383] kasan_save_free_info+0x3f/0x60 [ 23.721682] __kasan_mempool_poison_object+0x131/0x1d0 [ 23.722033] mempool_free+0x2ec/0x380 [ 23.722239] mempool_uaf_helper+0x11a/0x400 [ 23.722382] mempool_slab_uaf+0xea/0x140 [ 23.722809] kunit_try_run_case+0x1a5/0x480 [ 23.722997] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.723227] kthread+0x337/0x6f0 [ 23.723343] ret_from_fork+0x116/0x1d0 [ 23.723520] ret_from_fork_asm+0x1a/0x30 [ 23.723725] [ 23.723852] The buggy address belongs to the object at ffff8881024e6240 [ 23.723852] which belongs to the cache test_cache of size 123 [ 23.724334] The buggy address is located 0 bytes inside of [ 23.724334] freed 123-byte region [ffff8881024e6240, ffff8881024e62bb) [ 23.724949] [ 23.725051] The buggy address belongs to the physical page: [ 23.725274] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024e6 [ 23.725599] flags: 0x200000000000000(node=0|zone=2) [ 23.725790] page_type: f5(slab) [ 23.725992] raw: 0200000000000000 ffff8881011068c0 dead000000000122 0000000000000000 [ 23.726334] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 23.726634] page dumped because: kasan: bad access detected [ 23.727040] [ 23.727150] Memory state around the buggy address: [ 23.727344] ffff8881024e6100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.727660] ffff8881024e6180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.728009] >ffff8881024e6200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 23.728254] ^ [ 23.728494] ffff8881024e6280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.728781] ffff8881024e6300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.729563] ================================================================== [ 23.637240] ================================================================== [ 23.637750] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 23.638591] Read of size 1 at addr ffff8881024e1300 by task kunit_try_catch/256 [ 23.638841] [ 23.638932] CPU: 0 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 23.638987] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.639002] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.639039] Call Trace: [ 23.639056] <TASK> [ 23.639080] dump_stack_lvl+0x73/0xb0 [ 23.639114] print_report+0xd1/0x650 [ 23.639137] ? __virt_addr_valid+0x1db/0x2d0 [ 23.639164] ? mempool_uaf_helper+0x392/0x400 [ 23.639185] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.639210] ? mempool_uaf_helper+0x392/0x400 [ 23.639241] kasan_report+0x141/0x180 [ 23.639264] ? mempool_uaf_helper+0x392/0x400 [ 23.639289] __asan_report_load1_noabort+0x18/0x20 [ 23.639312] mempool_uaf_helper+0x392/0x400 [ 23.639334] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 23.639354] ? update_load_avg+0x1be/0x21b0 [ 23.639412] ? dequeue_entities+0x27e/0x1740 [ 23.639437] ? finish_task_switch.isra.0+0x153/0x700 [ 23.639464] mempool_kmalloc_uaf+0xef/0x140 [ 23.639485] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 23.639509] ? __pfx_mempool_kmalloc+0x10/0x10 [ 23.639534] ? __pfx_mempool_kfree+0x10/0x10 [ 23.639560] ? __pfx_read_tsc+0x10/0x10 [ 23.639583] ? ktime_get_ts64+0x86/0x230 [ 23.639608] kunit_try_run_case+0x1a5/0x480 [ 23.639635] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.639657] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.639684] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.639710] ? __kthread_parkme+0x82/0x180 [ 23.639762] ? preempt_count_sub+0x50/0x80 [ 23.639793] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.639817] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.639841] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.639865] kthread+0x337/0x6f0 [ 23.639884] ? trace_preempt_on+0x20/0xc0 [ 23.639909] ? __pfx_kthread+0x10/0x10 [ 23.639929] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.639952] ? calculate_sigpending+0x7b/0xa0 [ 23.639976] ? __pfx_kthread+0x10/0x10 [ 23.639996] ret_from_fork+0x116/0x1d0 [ 23.640016] ? __pfx_kthread+0x10/0x10 [ 23.640036] ret_from_fork_asm+0x1a/0x30 [ 23.640069] </TASK> [ 23.640081] [ 23.651993] Allocated by task 256: [ 23.652215] kasan_save_stack+0x45/0x70 [ 23.652732] kasan_save_track+0x18/0x40 [ 23.653030] kasan_save_alloc_info+0x3b/0x50 [ 23.653405] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 23.653632] remove_element+0x11e/0x190 [ 23.654033] mempool_alloc_preallocated+0x4d/0x90 [ 23.654443] mempool_uaf_helper+0x96/0x400 [ 23.654657] mempool_kmalloc_uaf+0xef/0x140 [ 23.655082] kunit_try_run_case+0x1a5/0x480 [ 23.655392] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.655697] kthread+0x337/0x6f0 [ 23.655976] ret_from_fork+0x116/0x1d0 [ 23.656179] ret_from_fork_asm+0x1a/0x30 [ 23.656583] [ 23.656683] Freed by task 256: [ 23.657098] kasan_save_stack+0x45/0x70 [ 23.657321] kasan_save_track+0x18/0x40 [ 23.657627] kasan_save_free_info+0x3f/0x60 [ 23.657964] __kasan_mempool_poison_object+0x131/0x1d0 [ 23.658288] mempool_free+0x2ec/0x380 [ 23.658600] mempool_uaf_helper+0x11a/0x400 [ 23.658900] mempool_kmalloc_uaf+0xef/0x140 [ 23.659286] kunit_try_run_case+0x1a5/0x480 [ 23.659525] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.659941] kthread+0x337/0x6f0 [ 23.660156] ret_from_fork+0x116/0x1d0 [ 23.660321] ret_from_fork_asm+0x1a/0x30 [ 23.660515] [ 23.660607] The buggy address belongs to the object at ffff8881024e1300 [ 23.660607] which belongs to the cache kmalloc-128 of size 128 [ 23.661398] The buggy address is located 0 bytes inside of [ 23.661398] freed 128-byte region [ffff8881024e1300, ffff8881024e1380) [ 23.662150] [ 23.662348] The buggy address belongs to the physical page: [ 23.662552] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024e1 [ 23.663111] flags: 0x200000000000000(node=0|zone=2) [ 23.663355] page_type: f5(slab) [ 23.663511] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.663831] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.664534] page dumped because: kasan: bad access detected [ 23.664759] [ 23.664825] Memory state around the buggy address: [ 23.665367] ffff8881024e1200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.665765] ffff8881024e1280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.666266] >ffff8881024e1300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.666580] ^ [ 23.666720] ffff8881024e1380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.667010] ffff8881024e1400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.667602] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 23.576116] ================================================================== [ 23.577081] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 23.577931] Read of size 1 at addr ffff888102ca2001 by task kunit_try_catch/252 [ 23.578466] [ 23.578618] CPU: 1 UID: 0 PID: 252 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 23.578676] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.578689] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.578716] Call Trace: [ 23.578752] <TASK> [ 23.578775] dump_stack_lvl+0x73/0xb0 [ 23.578825] print_report+0xd1/0x650 [ 23.578864] ? __virt_addr_valid+0x1db/0x2d0 [ 23.578889] ? mempool_oob_right_helper+0x318/0x380 [ 23.578912] ? kasan_addr_to_slab+0x11/0xa0 [ 23.578947] ? mempool_oob_right_helper+0x318/0x380 [ 23.578969] kasan_report+0x141/0x180 [ 23.579004] ? mempool_oob_right_helper+0x318/0x380 [ 23.579037] __asan_report_load1_noabort+0x18/0x20 [ 23.579061] mempool_oob_right_helper+0x318/0x380 [ 23.579085] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 23.579108] ? __kasan_check_write+0x18/0x20 [ 23.579131] ? __pfx_sched_clock_cpu+0x10/0x10 [ 23.579156] ? finish_task_switch.isra.0+0x153/0x700 [ 23.579182] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 23.579205] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 23.579241] ? __pfx_mempool_kmalloc+0x10/0x10 [ 23.579265] ? __pfx_mempool_kfree+0x10/0x10 [ 23.579288] ? __pfx_read_tsc+0x10/0x10 [ 23.579311] ? ktime_get_ts64+0x86/0x230 [ 23.579336] kunit_try_run_case+0x1a5/0x480 [ 23.579364] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.579386] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.579412] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.579437] ? __kthread_parkme+0x82/0x180 [ 23.579458] ? preempt_count_sub+0x50/0x80 [ 23.579479] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.579503] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.579526] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.579550] kthread+0x337/0x6f0 [ 23.579569] ? trace_preempt_on+0x20/0xc0 [ 23.579593] ? __pfx_kthread+0x10/0x10 [ 23.579614] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.579637] ? calculate_sigpending+0x7b/0xa0 [ 23.579662] ? __pfx_kthread+0x10/0x10 [ 23.579684] ret_from_fork+0x116/0x1d0 [ 23.579703] ? __pfx_kthread+0x10/0x10 [ 23.579722] ret_from_fork_asm+0x1a/0x30 [ 23.579755] </TASK> [ 23.579767] [ 23.588862] The buggy address belongs to the physical page: [ 23.589228] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ca0 [ 23.589659] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.590179] flags: 0x200000000000040(head|node=0|zone=2) [ 23.590414] page_type: f8(unknown) [ 23.590632] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.591120] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.591489] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.591964] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.592354] head: 0200000000000002 ffffea00040b2801 00000000ffffffff 00000000ffffffff [ 23.592716] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.593148] page dumped because: kasan: bad access detected [ 23.593404] [ 23.593497] Memory state around the buggy address: [ 23.593735] ffff888102ca1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.594170] ffff888102ca1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.594500] >ffff888102ca2000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.594880] ^ [ 23.595056] ffff888102ca2080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.595305] ffff888102ca2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.595594] ================================================================== [ 23.549461] ================================================================== [ 23.549904] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 23.550675] Read of size 1 at addr ffff8881024c9f73 by task kunit_try_catch/250 [ 23.551177] [ 23.551291] CPU: 0 UID: 0 PID: 250 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 23.551346] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.551358] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.551383] Call Trace: [ 23.551397] <TASK> [ 23.551419] dump_stack_lvl+0x73/0xb0 [ 23.551450] print_report+0xd1/0x650 [ 23.551473] ? __virt_addr_valid+0x1db/0x2d0 [ 23.551499] ? mempool_oob_right_helper+0x318/0x380 [ 23.551522] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.551547] ? mempool_oob_right_helper+0x318/0x380 [ 23.551570] kasan_report+0x141/0x180 [ 23.551591] ? mempool_oob_right_helper+0x318/0x380 [ 23.551618] __asan_report_load1_noabort+0x18/0x20 [ 23.551641] mempool_oob_right_helper+0x318/0x380 [ 23.551664] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 23.551689] ? __pfx_sched_clock_cpu+0x10/0x10 [ 23.551711] ? finish_task_switch.isra.0+0x153/0x700 [ 23.551738] mempool_kmalloc_oob_right+0xf2/0x150 [ 23.551761] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 23.551786] ? __pfx_mempool_kmalloc+0x10/0x10 [ 23.551812] ? __pfx_mempool_kfree+0x10/0x10 [ 23.551835] ? __pfx_read_tsc+0x10/0x10 [ 23.551857] ? ktime_get_ts64+0x86/0x230 [ 23.551882] kunit_try_run_case+0x1a5/0x480 [ 23.551910] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.551931] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.551958] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.551981] ? __kthread_parkme+0x82/0x180 [ 23.552002] ? preempt_count_sub+0x50/0x80 [ 23.552024] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.552048] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.552072] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.552094] kthread+0x337/0x6f0 [ 23.552114] ? trace_preempt_on+0x20/0xc0 [ 23.552138] ? __pfx_kthread+0x10/0x10 [ 23.552158] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.552181] ? calculate_sigpending+0x7b/0xa0 [ 23.552205] ? __pfx_kthread+0x10/0x10 [ 23.552236] ret_from_fork+0x116/0x1d0 [ 23.552255] ? __pfx_kthread+0x10/0x10 [ 23.552274] ret_from_fork_asm+0x1a/0x30 [ 23.552307] </TASK> [ 23.552318] [ 23.561669] Allocated by task 250: [ 23.561850] kasan_save_stack+0x45/0x70 [ 23.562031] kasan_save_track+0x18/0x40 [ 23.562625] kasan_save_alloc_info+0x3b/0x50 [ 23.562831] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 23.563048] remove_element+0x11e/0x190 [ 23.563375] mempool_alloc_preallocated+0x4d/0x90 [ 23.563587] mempool_oob_right_helper+0x8a/0x380 [ 23.563914] mempool_kmalloc_oob_right+0xf2/0x150 [ 23.564245] kunit_try_run_case+0x1a5/0x480 [ 23.564463] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.564809] kthread+0x337/0x6f0 [ 23.565043] ret_from_fork+0x116/0x1d0 [ 23.565192] ret_from_fork_asm+0x1a/0x30 [ 23.565477] [ 23.565577] The buggy address belongs to the object at ffff8881024c9f00 [ 23.565577] which belongs to the cache kmalloc-128 of size 128 [ 23.566248] The buggy address is located 0 bytes to the right of [ 23.566248] allocated 115-byte region [ffff8881024c9f00, ffff8881024c9f73) [ 23.566744] [ 23.566827] The buggy address belongs to the physical page: [ 23.567068] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024c9 [ 23.567709] flags: 0x200000000000000(node=0|zone=2) [ 23.567936] page_type: f5(slab) [ 23.568170] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.568574] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 23.568940] page dumped because: kasan: bad access detected [ 23.569233] [ 23.569445] Memory state around the buggy address: [ 23.569617] ffff8881024c9e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.570045] ffff8881024c9e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.570350] >ffff8881024c9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.570643] ^ [ 23.570908] ffff8881024c9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.571404] ffff8881024ca000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.571766] ================================================================== [ 23.600543] ================================================================== [ 23.601345] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 23.601726] Read of size 1 at addr ffff8881024e42bb by task kunit_try_catch/254 [ 23.602031] [ 23.602121] CPU: 0 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 23.602176] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.602189] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.602214] Call Trace: [ 23.602239] <TASK> [ 23.602259] dump_stack_lvl+0x73/0xb0 [ 23.602290] print_report+0xd1/0x650 [ 23.602360] ? __virt_addr_valid+0x1db/0x2d0 [ 23.602388] ? mempool_oob_right_helper+0x318/0x380 [ 23.602411] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.602437] ? mempool_oob_right_helper+0x318/0x380 [ 23.602460] kasan_report+0x141/0x180 [ 23.602482] ? mempool_oob_right_helper+0x318/0x380 [ 23.602508] __asan_report_load1_noabort+0x18/0x20 [ 23.602533] mempool_oob_right_helper+0x318/0x380 [ 23.602556] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 23.602580] ? __pfx_sched_clock_cpu+0x10/0x10 [ 23.602602] ? irqentry_exit+0x2a/0x60 [ 23.602622] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 23.602645] mempool_slab_oob_right+0xed/0x140 [ 23.602667] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 23.602693] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 23.602718] ? __pfx_mempool_free_slab+0x10/0x10 [ 23.602741] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 23.602766] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 23.602790] kunit_try_run_case+0x1a5/0x480 [ 23.602815] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.602837] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.602862] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.602886] ? __kthread_parkme+0x82/0x180 [ 23.602907] ? preempt_count_sub+0x50/0x80 [ 23.602930] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.602954] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.602978] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.603001] kthread+0x337/0x6f0 [ 23.603046] ? trace_preempt_on+0x20/0xc0 [ 23.603070] ? __pfx_kthread+0x10/0x10 [ 23.603090] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.603131] ? calculate_sigpending+0x7b/0xa0 [ 23.603155] ? __pfx_kthread+0x10/0x10 [ 23.603177] ret_from_fork+0x116/0x1d0 [ 23.603197] ? __pfx_kthread+0x10/0x10 [ 23.603217] ret_from_fork_asm+0x1a/0x30 [ 23.603259] </TASK> [ 23.603271] [ 23.614771] Allocated by task 254: [ 23.615230] kasan_save_stack+0x45/0x70 [ 23.615536] kasan_save_track+0x18/0x40 [ 23.616062] kasan_save_alloc_info+0x3b/0x50 [ 23.616443] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 23.616881] remove_element+0x11e/0x190 [ 23.617197] mempool_alloc_preallocated+0x4d/0x90 [ 23.617530] mempool_oob_right_helper+0x8a/0x380 [ 23.617869] mempool_slab_oob_right+0xed/0x140 [ 23.618210] kunit_try_run_case+0x1a5/0x480 [ 23.618520] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.619014] kthread+0x337/0x6f0 [ 23.619303] ret_from_fork+0x116/0x1d0 [ 23.619600] ret_from_fork_asm+0x1a/0x30 [ 23.619985] [ 23.620066] The buggy address belongs to the object at ffff8881024e4240 [ 23.620066] which belongs to the cache test_cache of size 123 [ 23.620904] The buggy address is located 0 bytes to the right of [ 23.620904] allocated 123-byte region [ffff8881024e4240, ffff8881024e42bb) [ 23.621908] [ 23.622050] The buggy address belongs to the physical page: [ 23.622472] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024e4 [ 23.622936] flags: 0x200000000000000(node=0|zone=2) [ 23.623271] page_type: f5(slab) [ 23.623728] raw: 0200000000000000 ffff888101106780 dead000000000122 0000000000000000 [ 23.624285] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 23.624739] page dumped because: kasan: bad access detected [ 23.625160] [ 23.625277] Memory state around the buggy address: [ 23.625596] ffff8881024e4180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.626118] ffff8881024e4200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 23.626770] >ffff8881024e4280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 23.627330] ^ [ 23.627664] ffff8881024e4300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.628145] ffff8881024e4380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.628551] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 22.972442] ================================================================== [ 22.973044] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x1bf/0x380 [ 22.974461] Read of size 1 at addr ffff888101106500 by task kunit_try_catch/244 [ 22.974717] [ 22.975161] CPU: 0 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 22.975237] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.975250] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.975277] Call Trace: [ 22.975296] <TASK> [ 22.975319] dump_stack_lvl+0x73/0xb0 [ 22.975360] print_report+0xd1/0x650 [ 22.975383] ? __virt_addr_valid+0x1db/0x2d0 [ 22.975410] ? kmem_cache_double_destroy+0x1bf/0x380 [ 22.975434] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.975460] ? kmem_cache_double_destroy+0x1bf/0x380 [ 22.975484] kasan_report+0x141/0x180 [ 22.975505] ? kmem_cache_double_destroy+0x1bf/0x380 [ 22.975532] ? kmem_cache_double_destroy+0x1bf/0x380 [ 22.975555] __kasan_check_byte+0x3d/0x50 [ 22.975578] kmem_cache_destroy+0x25/0x1d0 [ 22.975606] kmem_cache_double_destroy+0x1bf/0x380 [ 22.975921] ? __pfx_kmem_cache_double_destroy+0x10/0x10 [ 22.975946] ? finish_task_switch.isra.0+0x153/0x700 [ 22.975971] ? __switch_to+0x47/0xf50 [ 22.976002] ? __pfx_read_tsc+0x10/0x10 [ 22.976024] ? ktime_get_ts64+0x86/0x230 [ 22.976051] kunit_try_run_case+0x1a5/0x480 [ 22.976078] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.976101] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.976129] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.976154] ? __kthread_parkme+0x82/0x180 [ 22.976175] ? preempt_count_sub+0x50/0x80 [ 22.976197] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.976233] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.976258] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.976282] kthread+0x337/0x6f0 [ 22.976302] ? trace_preempt_on+0x20/0xc0 [ 22.976326] ? __pfx_kthread+0x10/0x10 [ 22.976347] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.976369] ? calculate_sigpending+0x7b/0xa0 [ 22.976394] ? __pfx_kthread+0x10/0x10 [ 22.976415] ret_from_fork+0x116/0x1d0 [ 22.976434] ? __pfx_kthread+0x10/0x10 [ 22.976454] ret_from_fork_asm+0x1a/0x30 [ 22.976488] </TASK> [ 22.976500] [ 22.988714] Allocated by task 244: [ 22.988984] kasan_save_stack+0x45/0x70 [ 22.989551] kasan_save_track+0x18/0x40 [ 22.989689] kasan_save_alloc_info+0x3b/0x50 [ 22.989907] __kasan_slab_alloc+0x91/0xa0 [ 22.990172] kmem_cache_alloc_noprof+0x123/0x3f0 [ 22.990424] __kmem_cache_create_args+0x169/0x240 [ 22.990625] kmem_cache_double_destroy+0xd5/0x380 [ 22.991070] kunit_try_run_case+0x1a5/0x480 [ 22.991327] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.991615] kthread+0x337/0x6f0 [ 22.991917] ret_from_fork+0x116/0x1d0 [ 22.992149] ret_from_fork_asm+0x1a/0x30 [ 22.992424] [ 22.992517] Freed by task 244: [ 22.992937] kasan_save_stack+0x45/0x70 [ 22.993172] kasan_save_track+0x18/0x40 [ 22.993383] kasan_save_free_info+0x3f/0x60 [ 22.993557] __kasan_slab_free+0x56/0x70 [ 22.993717] kmem_cache_free+0x249/0x420 [ 22.993871] slab_kmem_cache_release+0x2e/0x40 [ 22.994403] kmem_cache_release+0x16/0x20 [ 22.994578] kobject_put+0x181/0x450 [ 22.994935] sysfs_slab_release+0x16/0x20 [ 22.995476] kmem_cache_destroy+0xf0/0x1d0 [ 22.995675] kmem_cache_double_destroy+0x14e/0x380 [ 22.996178] kunit_try_run_case+0x1a5/0x480 [ 22.996391] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.996563] kthread+0x337/0x6f0 [ 22.996832] ret_from_fork+0x116/0x1d0 [ 22.997183] ret_from_fork_asm+0x1a/0x30 [ 22.997372] [ 22.997468] The buggy address belongs to the object at ffff888101106500 [ 22.997468] which belongs to the cache kmem_cache of size 208 [ 22.998040] The buggy address is located 0 bytes inside of [ 22.998040] freed 208-byte region [ffff888101106500, ffff8881011065d0) [ 22.998702] [ 22.998794] The buggy address belongs to the physical page: [ 22.999307] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101106 [ 22.999631] flags: 0x200000000000000(node=0|zone=2) [ 22.999992] page_type: f5(slab) [ 23.000486] raw: 0200000000000000 ffff888100041000 dead000000000122 0000000000000000 [ 23.000837] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 23.001285] page dumped because: kasan: bad access detected [ 23.001502] [ 23.001588] Memory state around the buggy address: [ 23.001787] ffff888101106400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.002514] ffff888101106480: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.002786] >ffff888101106500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.003480] ^ [ 23.003657] ffff888101106580: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 23.004214] ffff888101106600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.004459] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 22.910198] ================================================================== [ 22.911421] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x3e3/0x510 [ 22.911779] Read of size 1 at addr ffff888102d58000 by task kunit_try_catch/242 [ 22.912288] [ 22.912396] CPU: 1 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 22.912452] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.912465] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.912489] Call Trace: [ 22.912852] <TASK> [ 22.912882] dump_stack_lvl+0x73/0xb0 [ 22.912918] print_report+0xd1/0x650 [ 22.912942] ? __virt_addr_valid+0x1db/0x2d0 [ 22.913191] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 22.913216] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.913257] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 22.913279] kasan_report+0x141/0x180 [ 22.913301] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 22.913326] __asan_report_load1_noabort+0x18/0x20 [ 22.913349] kmem_cache_rcu_uaf+0x3e3/0x510 [ 22.913371] ? __pfx_kmem_cache_rcu_uaf+0x10/0x10 [ 22.913392] ? finish_task_switch.isra.0+0x153/0x700 [ 22.913415] ? __switch_to+0x47/0xf50 [ 22.913444] ? __pfx_read_tsc+0x10/0x10 [ 22.913466] ? ktime_get_ts64+0x86/0x230 [ 22.913492] kunit_try_run_case+0x1a5/0x480 [ 22.913518] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.913539] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.913566] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.913590] ? __kthread_parkme+0x82/0x180 [ 22.913610] ? preempt_count_sub+0x50/0x80 [ 22.913636] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.913659] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.913681] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.913705] kthread+0x337/0x6f0 [ 22.913723] ? trace_preempt_on+0x20/0xc0 [ 22.913748] ? __pfx_kthread+0x10/0x10 [ 22.913773] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.913973] ? calculate_sigpending+0x7b/0xa0 [ 22.914001] ? __pfx_kthread+0x10/0x10 [ 22.914023] ret_from_fork+0x116/0x1d0 [ 22.914042] ? __pfx_kthread+0x10/0x10 [ 22.914062] ret_from_fork_asm+0x1a/0x30 [ 22.914093] </TASK> [ 22.914106] [ 22.924774] Allocated by task 242: [ 22.925296] kasan_save_stack+0x45/0x70 [ 22.925638] kasan_save_track+0x18/0x40 [ 22.925879] kasan_save_alloc_info+0x3b/0x50 [ 22.926211] __kasan_slab_alloc+0x91/0xa0 [ 22.926411] kmem_cache_alloc_noprof+0x123/0x3f0 [ 22.926622] kmem_cache_rcu_uaf+0x155/0x510 [ 22.926814] kunit_try_run_case+0x1a5/0x480 [ 22.927002] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.927327] kthread+0x337/0x6f0 [ 22.927454] ret_from_fork+0x116/0x1d0 [ 22.927624] ret_from_fork_asm+0x1a/0x30 [ 22.927812] [ 22.928065] Freed by task 0: [ 22.928260] kasan_save_stack+0x45/0x70 [ 22.928469] kasan_save_track+0x18/0x40 [ 22.928622] kasan_save_free_info+0x3f/0x60 [ 22.928781] __kasan_slab_free+0x56/0x70 [ 22.929260] slab_free_after_rcu_debug+0xe4/0x310 [ 22.929508] rcu_core+0x66f/0x1c40 [ 22.929695] rcu_core_si+0x12/0x20 [ 22.929958] handle_softirqs+0x209/0x730 [ 22.930172] __irq_exit_rcu+0xc9/0x110 [ 22.930332] irq_exit_rcu+0x12/0x20 [ 22.930451] sysvec_apic_timer_interrupt+0x81/0x90 [ 22.930670] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 22.930904] [ 22.930972] Last potentially related work creation: [ 22.931198] kasan_save_stack+0x45/0x70 [ 22.931396] kasan_record_aux_stack+0xb2/0xc0 [ 22.931742] kmem_cache_free+0x131/0x420 [ 22.931904] kmem_cache_rcu_uaf+0x194/0x510 [ 22.932185] kunit_try_run_case+0x1a5/0x480 [ 22.932336] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.932681] kthread+0x337/0x6f0 [ 22.933141] ret_from_fork+0x116/0x1d0 [ 22.933468] ret_from_fork_asm+0x1a/0x30 [ 22.933652] [ 22.933746] The buggy address belongs to the object at ffff888102d58000 [ 22.933746] which belongs to the cache test_cache of size 200 [ 22.934298] The buggy address is located 0 bytes inside of [ 22.934298] freed 200-byte region [ffff888102d58000, ffff888102d580c8) [ 22.935039] [ 22.935133] The buggy address belongs to the physical page: [ 22.935476] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d58 [ 22.935752] flags: 0x200000000000000(node=0|zone=2) [ 22.935992] page_type: f5(slab) [ 22.936206] raw: 0200000000000000 ffff8881015d98c0 dead000000000122 0000000000000000 [ 22.936561] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 22.936901] page dumped because: kasan: bad access detected [ 22.937066] [ 22.937176] Memory state around the buggy address: [ 22.937415] ffff888102d57f00: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 22.938163] ffff888102d57f80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 22.938488] >ffff888102d58000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.938764] ^ [ 22.938948] ffff888102d58080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 22.939336] ffff888102d58100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.939914] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 22.844280] ================================================================== [ 22.844734] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 22.845853] Free of addr ffff8881024dc001 by task kunit_try_catch/240 [ 22.846295] [ 22.846529] CPU: 0 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 22.846610] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.846623] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.846669] Call Trace: [ 22.846683] <TASK> [ 22.846705] dump_stack_lvl+0x73/0xb0 [ 22.846753] print_report+0xd1/0x650 [ 22.846776] ? __virt_addr_valid+0x1db/0x2d0 [ 22.846921] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.846951] ? kmem_cache_invalid_free+0x1d8/0x460 [ 22.846975] kasan_report_invalid_free+0x10a/0x130 [ 22.847000] ? kmem_cache_invalid_free+0x1d8/0x460 [ 22.847025] ? kmem_cache_invalid_free+0x1d8/0x460 [ 22.847054] check_slab_allocation+0x11f/0x130 [ 22.847076] __kasan_slab_pre_free+0x28/0x40 [ 22.847096] kmem_cache_free+0xed/0x420 [ 22.847120] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 22.847143] ? kmem_cache_invalid_free+0x1d8/0x460 [ 22.847168] kmem_cache_invalid_free+0x1d8/0x460 [ 22.847192] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 22.847214] ? finish_task_switch.isra.0+0x153/0x700 [ 22.847247] ? __switch_to+0x47/0xf50 [ 22.847276] ? __pfx_read_tsc+0x10/0x10 [ 22.847298] ? ktime_get_ts64+0x86/0x230 [ 22.847323] kunit_try_run_case+0x1a5/0x480 [ 22.847350] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.847372] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.847398] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.847423] ? __kthread_parkme+0x82/0x180 [ 22.847443] ? preempt_count_sub+0x50/0x80 [ 22.847465] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.847488] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.847511] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.847534] kthread+0x337/0x6f0 [ 22.847553] ? trace_preempt_on+0x20/0xc0 [ 22.847577] ? __pfx_kthread+0x10/0x10 [ 22.847596] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.847619] ? calculate_sigpending+0x7b/0xa0 [ 22.847643] ? __pfx_kthread+0x10/0x10 [ 22.847664] ret_from_fork+0x116/0x1d0 [ 22.847683] ? __pfx_kthread+0x10/0x10 [ 22.847702] ret_from_fork_asm+0x1a/0x30 [ 22.847734] </TASK> [ 22.847746] [ 22.859720] Allocated by task 240: [ 22.859981] kasan_save_stack+0x45/0x70 [ 22.860182] kasan_save_track+0x18/0x40 [ 22.860322] kasan_save_alloc_info+0x3b/0x50 [ 22.860468] __kasan_slab_alloc+0x91/0xa0 [ 22.860663] kmem_cache_alloc_noprof+0x123/0x3f0 [ 22.861173] kmem_cache_invalid_free+0x157/0x460 [ 22.861544] kunit_try_run_case+0x1a5/0x480 [ 22.861863] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.862144] kthread+0x337/0x6f0 [ 22.862345] ret_from_fork+0x116/0x1d0 [ 22.862476] ret_from_fork_asm+0x1a/0x30 [ 22.862611] [ 22.862678] The buggy address belongs to the object at ffff8881024dc000 [ 22.862678] which belongs to the cache test_cache of size 200 [ 22.863658] The buggy address is located 1 bytes inside of [ 22.863658] 200-byte region [ffff8881024dc000, ffff8881024dc0c8) [ 22.864921] [ 22.865056] The buggy address belongs to the physical page: [ 22.865682] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024dc [ 22.866194] flags: 0x200000000000000(node=0|zone=2) [ 22.866417] page_type: f5(slab) [ 22.866576] raw: 0200000000000000 ffff8881011063c0 dead000000000122 0000000000000000 [ 22.867686] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 22.868302] page dumped because: kasan: bad access detected [ 22.868754] [ 22.869021] Memory state around the buggy address: [ 22.869448] ffff8881024dbf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.869750] ffff8881024dbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.870467] >ffff8881024dc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.870761] ^ [ 22.871315] ffff8881024dc080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 22.872032] ffff8881024dc100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.872383] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 22.810761] ================================================================== [ 22.811339] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 22.811693] Free of addr ffff888103ad4000 by task kunit_try_catch/238 [ 22.811963] [ 22.812052] CPU: 1 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 22.812106] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.812118] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.812142] Call Trace: [ 22.812156] <TASK> [ 22.812177] dump_stack_lvl+0x73/0xb0 [ 22.812209] print_report+0xd1/0x650 [ 22.812241] ? __virt_addr_valid+0x1db/0x2d0 [ 22.812269] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.812294] ? kmem_cache_double_free+0x1e5/0x480 [ 22.812318] kasan_report_invalid_free+0x10a/0x130 [ 22.812341] ? kmem_cache_double_free+0x1e5/0x480 [ 22.812367] ? kmem_cache_double_free+0x1e5/0x480 [ 22.812390] check_slab_allocation+0x101/0x130 [ 22.812411] __kasan_slab_pre_free+0x28/0x40 [ 22.812430] kmem_cache_free+0xed/0x420 [ 22.812453] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 22.812476] ? kmem_cache_double_free+0x1e5/0x480 [ 22.812501] kmem_cache_double_free+0x1e5/0x480 [ 22.812524] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 22.812546] ? finish_task_switch.isra.0+0x153/0x700 [ 22.812568] ? __switch_to+0x47/0xf50 [ 22.812597] ? __pfx_read_tsc+0x10/0x10 [ 22.812618] ? ktime_get_ts64+0x86/0x230 [ 22.812644] kunit_try_run_case+0x1a5/0x480 [ 22.812670] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.812692] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.812717] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.812741] ? __kthread_parkme+0x82/0x180 [ 22.812762] ? preempt_count_sub+0x50/0x80 [ 22.812785] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.812808] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.812831] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.812853] kthread+0x337/0x6f0 [ 22.812872] ? trace_preempt_on+0x20/0xc0 [ 22.812896] ? __pfx_kthread+0x10/0x10 [ 22.812915] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.812938] ? calculate_sigpending+0x7b/0xa0 [ 22.812961] ? __pfx_kthread+0x10/0x10 [ 22.812981] ret_from_fork+0x116/0x1d0 [ 22.813000] ? __pfx_kthread+0x10/0x10 [ 22.813019] ret_from_fork_asm+0x1a/0x30 [ 22.813050] </TASK> [ 22.813062] [ 22.822443] Allocated by task 238: [ 22.822693] kasan_save_stack+0x45/0x70 [ 22.822863] kasan_save_track+0x18/0x40 [ 22.823071] kasan_save_alloc_info+0x3b/0x50 [ 22.823295] __kasan_slab_alloc+0x91/0xa0 [ 22.823491] kmem_cache_alloc_noprof+0x123/0x3f0 [ 22.823711] kmem_cache_double_free+0x14f/0x480 [ 22.823914] kunit_try_run_case+0x1a5/0x480 [ 22.824093] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.824512] kthread+0x337/0x6f0 [ 22.824757] ret_from_fork+0x116/0x1d0 [ 22.824919] ret_from_fork_asm+0x1a/0x30 [ 22.825333] [ 22.825408] Freed by task 238: [ 22.825515] kasan_save_stack+0x45/0x70 [ 22.825647] kasan_save_track+0x18/0x40 [ 22.825773] kasan_save_free_info+0x3f/0x60 [ 22.825910] __kasan_slab_free+0x56/0x70 [ 22.826039] kmem_cache_free+0x249/0x420 [ 22.826243] kmem_cache_double_free+0x16a/0x480 [ 22.826667] kunit_try_run_case+0x1a5/0x480 [ 22.826898] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.827160] kthread+0x337/0x6f0 [ 22.827463] ret_from_fork+0x116/0x1d0 [ 22.827725] ret_from_fork_asm+0x1a/0x30 [ 22.828092] [ 22.828183] The buggy address belongs to the object at ffff888103ad4000 [ 22.828183] which belongs to the cache test_cache of size 200 [ 22.828730] The buggy address is located 0 bytes inside of [ 22.828730] 200-byte region [ffff888103ad4000, ffff888103ad40c8) [ 22.829495] [ 22.829600] The buggy address belongs to the physical page: [ 22.829999] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ad4 [ 22.830414] flags: 0x200000000000000(node=0|zone=2) [ 22.830643] page_type: f5(slab) [ 22.830763] raw: 0200000000000000 ffff8881015d9780 dead000000000122 0000000000000000 [ 22.830986] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 22.831543] page dumped because: kasan: bad access detected [ 22.832058] [ 22.832152] Memory state around the buggy address: [ 22.832339] ffff888103ad3f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.832617] ffff888103ad3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.832931] >ffff888103ad4000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.833373] ^ [ 22.833547] ffff888103ad4080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 22.833970] ffff888103ad4100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.834449] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 22.761758] ================================================================== [ 22.763119] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 22.764117] Read of size 1 at addr ffff8881024dc0c8 by task kunit_try_catch/236 [ 22.764743] [ 22.765076] CPU: 0 UID: 0 PID: 236 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 22.765142] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.765156] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.765180] Call Trace: [ 22.765199] <TASK> [ 22.765231] dump_stack_lvl+0x73/0xb0 [ 22.765269] print_report+0xd1/0x650 [ 22.765292] ? __virt_addr_valid+0x1db/0x2d0 [ 22.765318] ? kmem_cache_oob+0x402/0x530 [ 22.765340] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.765364] ? kmem_cache_oob+0x402/0x530 [ 22.765386] kasan_report+0x141/0x180 [ 22.765407] ? kmem_cache_oob+0x402/0x530 [ 22.765432] __asan_report_load1_noabort+0x18/0x20 [ 22.765456] kmem_cache_oob+0x402/0x530 [ 22.765476] ? trace_hardirqs_on+0x37/0xe0 [ 22.765499] ? __pfx_kmem_cache_oob+0x10/0x10 [ 22.765520] ? finish_task_switch.isra.0+0x153/0x700 [ 22.765542] ? __switch_to+0x47/0xf50 [ 22.765572] ? __pfx_read_tsc+0x10/0x10 [ 22.765593] ? ktime_get_ts64+0x86/0x230 [ 22.765618] kunit_try_run_case+0x1a5/0x480 [ 22.765645] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.765666] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.765692] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.765716] ? __kthread_parkme+0x82/0x180 [ 22.765736] ? preempt_count_sub+0x50/0x80 [ 22.765758] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.765885] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.765931] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.765954] kthread+0x337/0x6f0 [ 22.765987] ? trace_preempt_on+0x20/0xc0 [ 22.766010] ? __pfx_kthread+0x10/0x10 [ 22.766068] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.766093] ? calculate_sigpending+0x7b/0xa0 [ 22.766118] ? __pfx_kthread+0x10/0x10 [ 22.766138] ret_from_fork+0x116/0x1d0 [ 22.766157] ? __pfx_kthread+0x10/0x10 [ 22.766177] ret_from_fork_asm+0x1a/0x30 [ 22.766209] </TASK> [ 22.766231] [ 22.782595] Allocated by task 236: [ 22.782764] kasan_save_stack+0x45/0x70 [ 22.782937] kasan_save_track+0x18/0x40 [ 22.783188] kasan_save_alloc_info+0x3b/0x50 [ 22.783411] __kasan_slab_alloc+0x91/0xa0 [ 22.783579] kmem_cache_alloc_noprof+0x123/0x3f0 [ 22.783858] kmem_cache_oob+0x157/0x530 [ 22.784095] kunit_try_run_case+0x1a5/0x480 [ 22.784261] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.784443] kthread+0x337/0x6f0 [ 22.784606] ret_from_fork+0x116/0x1d0 [ 22.784786] ret_from_fork_asm+0x1a/0x30 [ 22.785077] [ 22.785153] The buggy address belongs to the object at ffff8881024dc000 [ 22.785153] which belongs to the cache test_cache of size 200 [ 22.785750] The buggy address is located 0 bytes to the right of [ 22.785750] allocated 200-byte region [ffff8881024dc000, ffff8881024dc0c8) [ 22.786379] [ 22.786458] The buggy address belongs to the physical page: [ 22.786729] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024dc [ 22.787486] flags: 0x200000000000000(node=0|zone=2) [ 22.787745] page_type: f5(slab) [ 22.787969] raw: 0200000000000000 ffff888101106280 dead000000000122 0000000000000000 [ 22.788296] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 22.788521] page dumped because: kasan: bad access detected [ 22.788769] [ 22.788916] Memory state around the buggy address: [ 22.789320] ffff8881024dbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.789627] ffff8881024dc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.789943] >ffff8881024dc080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 22.790319] ^ [ 22.790569] ffff8881024dc100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.790944] ffff8881024dc180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.791316] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 22.718938] ================================================================== [ 22.719448] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x4d6/0x560 [ 22.719682] Read of size 8 at addr ffff888103ad0380 by task kunit_try_catch/229 [ 22.719915] [ 22.720004] CPU: 1 UID: 0 PID: 229 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 22.720055] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.720161] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.720230] Call Trace: [ 22.720618] <TASK> [ 22.720647] dump_stack_lvl+0x73/0xb0 [ 22.720683] print_report+0xd1/0x650 [ 22.720705] ? __virt_addr_valid+0x1db/0x2d0 [ 22.720731] ? workqueue_uaf+0x4d6/0x560 [ 22.720751] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.720776] ? workqueue_uaf+0x4d6/0x560 [ 22.720848] kasan_report+0x141/0x180 [ 22.720869] ? workqueue_uaf+0x4d6/0x560 [ 22.720893] __asan_report_load8_noabort+0x18/0x20 [ 22.720930] workqueue_uaf+0x4d6/0x560 [ 22.720950] ? __pfx_workqueue_uaf+0x10/0x10 [ 22.720972] ? __pfx_workqueue_uaf+0x10/0x10 [ 22.720996] kunit_try_run_case+0x1a5/0x480 [ 22.721022] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.721044] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.721069] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.721094] ? __kthread_parkme+0x82/0x180 [ 22.721115] ? preempt_count_sub+0x50/0x80 [ 22.721138] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.721161] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.721183] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.721206] kthread+0x337/0x6f0 [ 22.721237] ? trace_preempt_on+0x20/0xc0 [ 22.721261] ? __pfx_kthread+0x10/0x10 [ 22.721281] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.721304] ? calculate_sigpending+0x7b/0xa0 [ 22.721328] ? __pfx_kthread+0x10/0x10 [ 22.721348] ret_from_fork+0x116/0x1d0 [ 22.721367] ? __pfx_kthread+0x10/0x10 [ 22.721387] ret_from_fork_asm+0x1a/0x30 [ 22.721419] </TASK> [ 22.721431] [ 22.734598] Allocated by task 229: [ 22.734750] kasan_save_stack+0x45/0x70 [ 22.734901] kasan_save_track+0x18/0x40 [ 22.735077] kasan_save_alloc_info+0x3b/0x50 [ 22.735681] __kasan_kmalloc+0xb7/0xc0 [ 22.736240] __kmalloc_cache_noprof+0x189/0x420 [ 22.736706] workqueue_uaf+0x152/0x560 [ 22.737231] kunit_try_run_case+0x1a5/0x480 [ 22.737754] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.738502] kthread+0x337/0x6f0 [ 22.738903] ret_from_fork+0x116/0x1d0 [ 22.739236] ret_from_fork_asm+0x1a/0x30 [ 22.739371] [ 22.739434] Freed by task 44: [ 22.739535] kasan_save_stack+0x45/0x70 [ 22.739658] kasan_save_track+0x18/0x40 [ 22.739780] kasan_save_free_info+0x3f/0x60 [ 22.740211] __kasan_slab_free+0x56/0x70 [ 22.740605] kfree+0x222/0x3f0 [ 22.740990] workqueue_uaf_work+0x12/0x20 [ 22.741431] process_one_work+0x5ee/0xf60 [ 22.741804] worker_thread+0x758/0x1220 [ 22.742368] kthread+0x337/0x6f0 [ 22.742686] ret_from_fork+0x116/0x1d0 [ 22.743133] ret_from_fork_asm+0x1a/0x30 [ 22.743389] [ 22.743457] Last potentially related work creation: [ 22.743600] kasan_save_stack+0x45/0x70 [ 22.743724] kasan_record_aux_stack+0xb2/0xc0 [ 22.743937] __queue_work+0x61a/0xe70 [ 22.744065] queue_work_on+0xb6/0xc0 [ 22.744383] workqueue_uaf+0x26d/0x560 [ 22.744566] kunit_try_run_case+0x1a5/0x480 [ 22.744699] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.745062] kthread+0x337/0x6f0 [ 22.745333] ret_from_fork+0x116/0x1d0 [ 22.745509] ret_from_fork_asm+0x1a/0x30 [ 22.745703] [ 22.745804] The buggy address belongs to the object at ffff888103ad0380 [ 22.745804] which belongs to the cache kmalloc-32 of size 32 [ 22.746352] The buggy address is located 0 bytes inside of [ 22.746352] freed 32-byte region [ffff888103ad0380, ffff888103ad03a0) [ 22.746795] [ 22.746891] The buggy address belongs to the physical page: [ 22.747244] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ad0 [ 22.747481] flags: 0x200000000000000(node=0|zone=2) [ 22.747712] page_type: f5(slab) [ 22.748190] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 22.748547] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 22.748874] page dumped because: kasan: bad access detected [ 22.749274] [ 22.749385] Memory state around the buggy address: [ 22.749593] ffff888103ad0280: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 22.749979] ffff888103ad0300: 00 00 05 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 22.750329] >ffff888103ad0380: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 22.750614] ^ [ 22.750773] ffff888103ad0400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.751256] ffff888103ad0480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.751529] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 22.675086] ================================================================== [ 22.675624] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x50/0x60 [ 22.675885] Read of size 4 at addr ffff8881024d9480 by task swapper/0/0 [ 22.676106] [ 22.676317] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 22.676376] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.676388] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.676413] Call Trace: [ 22.676445] <IRQ> [ 22.676469] dump_stack_lvl+0x73/0xb0 [ 22.676505] print_report+0xd1/0x650 [ 22.676527] ? __virt_addr_valid+0x1db/0x2d0 [ 22.676553] ? rcu_uaf_reclaim+0x50/0x60 [ 22.676573] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.676597] ? rcu_uaf_reclaim+0x50/0x60 [ 22.676617] kasan_report+0x141/0x180 [ 22.676638] ? rcu_uaf_reclaim+0x50/0x60 [ 22.676661] __asan_report_load4_noabort+0x18/0x20 [ 22.676684] rcu_uaf_reclaim+0x50/0x60 [ 22.676703] rcu_core+0x66f/0x1c40 [ 22.676733] ? __pfx_rcu_core+0x10/0x10 [ 22.676754] ? ktime_get+0x6b/0x150 [ 22.676780] rcu_core_si+0x12/0x20 [ 22.676799] handle_softirqs+0x209/0x730 [ 22.676821] ? hrtimer_interrupt+0x2fe/0x780 [ 22.676847] ? __pfx_handle_softirqs+0x10/0x10 [ 22.676871] __irq_exit_rcu+0xc9/0x110 [ 22.676891] irq_exit_rcu+0x12/0x20 [ 22.676910] sysvec_apic_timer_interrupt+0x81/0x90 [ 22.676934] </IRQ> [ 22.676958] <TASK> [ 22.676969] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 22.677174] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 22.677407] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 03 00 1a 00 fb f4 <c3> cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 22.677492] RSP: 0000:ffffffffb7807dd8 EFLAGS: 00010202 [ 22.677582] RAX: ffff8881a242e000 RBX: ffffffffb781cac0 RCX: ffffffffb66eb105 [ 22.677628] RDX: ffffed102b606193 RSI: 0000000000000004 RDI: 00000000000c26b4 [ 22.677672] RBP: ffffffffb7807de0 R08: 0000000000000001 R09: ffffed102b606192 [ 22.677714] R10: ffff88815b030c93 R11: 0000000000091000 R12: 0000000000000000 [ 22.677757] R13: fffffbfff6f03958 R14: ffffffffb83eacd0 R15: 0000000000000000 [ 22.678076] ? ct_kernel_exit.constprop.0+0xa5/0xd0 [ 22.678141] ? default_idle+0xd/0x20 [ 22.678163] arch_cpu_idle+0xd/0x20 [ 22.678183] default_idle_call+0x48/0x80 [ 22.678203] do_idle+0x379/0x4f0 [ 22.678245] ? __pfx_do_idle+0x10/0x10 [ 22.678272] cpu_startup_entry+0x5c/0x70 [ 22.678296] rest_init+0x11a/0x140 [ 22.678315] ? acpi_subsystem_init+0x5d/0x150 [ 22.678340] start_kernel+0x352/0x400 [ 22.678364] x86_64_start_reservations+0x1c/0x30 [ 22.678387] x86_64_start_kernel+0x10d/0x120 [ 22.678410] common_startup_64+0x13e/0x148 [ 22.678443] </TASK> [ 22.678454] [ 22.695180] Allocated by task 227: [ 22.695402] kasan_save_stack+0x45/0x70 [ 22.695569] kasan_save_track+0x18/0x40 [ 22.695755] kasan_save_alloc_info+0x3b/0x50 [ 22.695961] __kasan_kmalloc+0xb7/0xc0 [ 22.696422] __kmalloc_cache_noprof+0x189/0x420 [ 22.696586] rcu_uaf+0xb0/0x330 [ 22.696752] kunit_try_run_case+0x1a5/0x480 [ 22.697020] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.697459] kthread+0x337/0x6f0 [ 22.697627] ret_from_fork+0x116/0x1d0 [ 22.697786] ret_from_fork_asm+0x1a/0x30 [ 22.698335] [ 22.698424] Freed by task 0: [ 22.698539] kasan_save_stack+0x45/0x70 [ 22.698739] kasan_save_track+0x18/0x40 [ 22.699209] kasan_save_free_info+0x3f/0x60 [ 22.699416] __kasan_slab_free+0x56/0x70 [ 22.699586] kfree+0x222/0x3f0 [ 22.699722] rcu_uaf_reclaim+0x1f/0x60 [ 22.699886] rcu_core+0x66f/0x1c40 [ 22.700472] rcu_core_si+0x12/0x20 [ 22.700654] handle_softirqs+0x209/0x730 [ 22.700807] __irq_exit_rcu+0xc9/0x110 [ 22.701185] irq_exit_rcu+0x12/0x20 [ 22.701335] sysvec_apic_timer_interrupt+0x81/0x90 [ 22.701571] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 22.702177] [ 22.702327] Last potentially related work creation: [ 22.702517] kasan_save_stack+0x45/0x70 [ 22.702961] kasan_record_aux_stack+0xb2/0xc0 [ 22.703382] __call_rcu_common.constprop.0+0x7b/0x9e0 [ 22.703566] call_rcu+0x12/0x20 [ 22.703948] rcu_uaf+0x168/0x330 [ 22.704124] kunit_try_run_case+0x1a5/0x480 [ 22.704596] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.705086] kthread+0x337/0x6f0 [ 22.705271] ret_from_fork+0x116/0x1d0 [ 22.705531] ret_from_fork_asm+0x1a/0x30 [ 22.705773] [ 22.706052] The buggy address belongs to the object at ffff8881024d9480 [ 22.706052] which belongs to the cache kmalloc-32 of size 32 [ 22.706533] The buggy address is located 0 bytes inside of [ 22.706533] freed 32-byte region [ffff8881024d9480, ffff8881024d94a0) [ 22.707332] [ 22.707441] The buggy address belongs to the physical page: [ 22.707808] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024d9 [ 22.708314] flags: 0x200000000000000(node=0|zone=2) [ 22.708644] page_type: f5(slab) [ 22.708824] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 22.709180] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 22.710091] page dumped because: kasan: bad access detected [ 22.710364] [ 22.710456] Memory state around the buggy address: [ 22.710674] ffff8881024d9380: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 22.711346] ffff8881024d9400: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 22.711727] >ffff8881024d9480: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 22.712264] ^ [ 22.712457] ffff8881024d9500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.712994] ffff8881024d9580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.713289] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 22.624510] ================================================================== [ 22.624925] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5fe/0x6c0 [ 22.625345] Read of size 1 at addr ffff888102d56700 by task kunit_try_catch/225 [ 22.625634] [ 22.625746] CPU: 1 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 22.625794] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.625805] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.625827] Call Trace: [ 22.625841] <TASK> [ 22.625861] dump_stack_lvl+0x73/0xb0 [ 22.625888] print_report+0xd1/0x650 [ 22.625911] ? __virt_addr_valid+0x1db/0x2d0 [ 22.625935] ? ksize_uaf+0x5fe/0x6c0 [ 22.625955] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.625982] ? ksize_uaf+0x5fe/0x6c0 [ 22.626002] kasan_report+0x141/0x180 [ 22.626023] ? ksize_uaf+0x5fe/0x6c0 [ 22.626046] __asan_report_load1_noabort+0x18/0x20 [ 22.626069] ksize_uaf+0x5fe/0x6c0 [ 22.626089] ? __pfx_ksize_uaf+0x10/0x10 [ 22.626109] ? __schedule+0x10cc/0x2b60 [ 22.626133] ? __pfx_read_tsc+0x10/0x10 [ 22.626155] ? ktime_get_ts64+0x86/0x230 [ 22.626179] kunit_try_run_case+0x1a5/0x480 [ 22.626205] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.626252] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.626275] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.626300] ? __kthread_parkme+0x82/0x180 [ 22.626320] ? preempt_count_sub+0x50/0x80 [ 22.626345] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.626371] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.626395] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.626418] kthread+0x337/0x6f0 [ 22.626437] ? trace_preempt_on+0x20/0xc0 [ 22.626460] ? __pfx_kthread+0x10/0x10 [ 22.626480] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.626503] ? calculate_sigpending+0x7b/0xa0 [ 22.626526] ? __pfx_kthread+0x10/0x10 [ 22.626547] ret_from_fork+0x116/0x1d0 [ 22.626565] ? __pfx_kthread+0x10/0x10 [ 22.626585] ret_from_fork_asm+0x1a/0x30 [ 22.626615] </TASK> [ 22.626626] [ 22.633268] Allocated by task 225: [ 22.633453] kasan_save_stack+0x45/0x70 [ 22.633620] kasan_save_track+0x18/0x40 [ 22.633840] kasan_save_alloc_info+0x3b/0x50 [ 22.634016] __kasan_kmalloc+0xb7/0xc0 [ 22.634186] __kmalloc_cache_noprof+0x189/0x420 [ 22.634380] ksize_uaf+0xaa/0x6c0 [ 22.634530] kunit_try_run_case+0x1a5/0x480 [ 22.634670] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.634837] kthread+0x337/0x6f0 [ 22.634964] ret_from_fork+0x116/0x1d0 [ 22.635284] ret_from_fork_asm+0x1a/0x30 [ 22.635477] [ 22.635569] Freed by task 225: [ 22.635720] kasan_save_stack+0x45/0x70 [ 22.635983] kasan_save_track+0x18/0x40 [ 22.636528] kasan_save_free_info+0x3f/0x60 [ 22.636751] __kasan_slab_free+0x56/0x70 [ 22.636987] kfree+0x222/0x3f0 [ 22.637143] ksize_uaf+0x12c/0x6c0 [ 22.637305] kunit_try_run_case+0x1a5/0x480 [ 22.637446] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.637613] kthread+0x337/0x6f0 [ 22.637725] ret_from_fork+0x116/0x1d0 [ 22.637849] ret_from_fork_asm+0x1a/0x30 [ 22.638025] [ 22.638115] The buggy address belongs to the object at ffff888102d56700 [ 22.638115] which belongs to the cache kmalloc-128 of size 128 [ 22.638862] The buggy address is located 0 bytes inside of [ 22.638862] freed 128-byte region [ffff888102d56700, ffff888102d56780) [ 22.639438] [ 22.639516] The buggy address belongs to the physical page: [ 22.639685] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d56 [ 22.639920] flags: 0x200000000000000(node=0|zone=2) [ 22.640142] page_type: f5(slab) [ 22.640421] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.640764] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.641092] page dumped because: kasan: bad access detected [ 22.641396] [ 22.641473] Memory state around the buggy address: [ 22.641711] ffff888102d56600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.642028] ffff888102d56680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.642371] >ffff888102d56700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.642683] ^ [ 22.642828] ffff888102d56780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.643041] ffff888102d56800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.643291] ================================================================== [ 22.591692] ================================================================== [ 22.592829] BUG: KASAN: slab-use-after-free in ksize_uaf+0x19d/0x6c0 [ 22.593344] Read of size 1 at addr ffff888102d56700 by task kunit_try_catch/225 [ 22.594046] [ 22.594179] CPU: 1 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 22.594243] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.594256] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.594279] Call Trace: [ 22.594294] <TASK> [ 22.594315] dump_stack_lvl+0x73/0xb0 [ 22.594374] print_report+0xd1/0x650 [ 22.594398] ? __virt_addr_valid+0x1db/0x2d0 [ 22.594435] ? ksize_uaf+0x19d/0x6c0 [ 22.594464] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.594521] ? ksize_uaf+0x19d/0x6c0 [ 22.594542] kasan_report+0x141/0x180 [ 22.594563] ? ksize_uaf+0x19d/0x6c0 [ 22.594585] ? ksize_uaf+0x19d/0x6c0 [ 22.594604] __kasan_check_byte+0x3d/0x50 [ 22.594626] ksize+0x20/0x60 [ 22.594650] ksize_uaf+0x19d/0x6c0 [ 22.594669] ? __pfx_ksize_uaf+0x10/0x10 [ 22.594690] ? __schedule+0x10cc/0x2b60 [ 22.594714] ? __pfx_read_tsc+0x10/0x10 [ 22.594736] ? ktime_get_ts64+0x86/0x230 [ 22.594760] kunit_try_run_case+0x1a5/0x480 [ 22.594791] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.594813] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.594837] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.594861] ? __kthread_parkme+0x82/0x180 [ 22.594881] ? preempt_count_sub+0x50/0x80 [ 22.594903] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.594926] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.594949] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.594972] kthread+0x337/0x6f0 [ 22.594992] ? trace_preempt_on+0x20/0xc0 [ 22.595014] ? __pfx_kthread+0x10/0x10 [ 22.595045] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.595067] ? calculate_sigpending+0x7b/0xa0 [ 22.595090] ? __pfx_kthread+0x10/0x10 [ 22.595111] ret_from_fork+0x116/0x1d0 [ 22.595129] ? __pfx_kthread+0x10/0x10 [ 22.595149] ret_from_fork_asm+0x1a/0x30 [ 22.595180] </TASK> [ 22.595192] [ 22.607995] Allocated by task 225: [ 22.608354] kasan_save_stack+0x45/0x70 [ 22.608746] kasan_save_track+0x18/0x40 [ 22.609184] kasan_save_alloc_info+0x3b/0x50 [ 22.609585] __kasan_kmalloc+0xb7/0xc0 [ 22.609939] __kmalloc_cache_noprof+0x189/0x420 [ 22.610258] ksize_uaf+0xaa/0x6c0 [ 22.610582] kunit_try_run_case+0x1a5/0x480 [ 22.610937] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.611122] kthread+0x337/0x6f0 [ 22.611245] ret_from_fork+0x116/0x1d0 [ 22.611369] ret_from_fork_asm+0x1a/0x30 [ 22.611498] [ 22.611561] Freed by task 225: [ 22.611664] kasan_save_stack+0x45/0x70 [ 22.611788] kasan_save_track+0x18/0x40 [ 22.611912] kasan_save_free_info+0x3f/0x60 [ 22.612046] __kasan_slab_free+0x56/0x70 [ 22.612172] kfree+0x222/0x3f0 [ 22.612424] ksize_uaf+0x12c/0x6c0 [ 22.613279] kunit_try_run_case+0x1a5/0x480 [ 22.613722] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.614290] kthread+0x337/0x6f0 [ 22.614606] ret_from_fork+0x116/0x1d0 [ 22.615040] ret_from_fork_asm+0x1a/0x30 [ 22.615420] [ 22.615584] The buggy address belongs to the object at ffff888102d56700 [ 22.615584] which belongs to the cache kmalloc-128 of size 128 [ 22.616713] The buggy address is located 0 bytes inside of [ 22.616713] freed 128-byte region [ffff888102d56700, ffff888102d56780) [ 22.618109] [ 22.618293] The buggy address belongs to the physical page: [ 22.618760] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d56 [ 22.619438] flags: 0x200000000000000(node=0|zone=2) [ 22.619605] page_type: f5(slab) [ 22.619723] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.620409] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.621165] page dumped because: kasan: bad access detected [ 22.621745] [ 22.622117] Memory state around the buggy address: [ 22.622310] ffff888102d56600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.622522] ffff888102d56680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.622730] >ffff888102d56700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.623009] ^ [ 22.623242] ffff888102d56780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.623491] ffff888102d56800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.623788] ================================================================== [ 22.644027] ================================================================== [ 22.644661] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5e4/0x6c0 [ 22.645147] Read of size 1 at addr ffff888102d56778 by task kunit_try_catch/225 [ 22.645436] [ 22.645522] CPU: 1 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 22.645569] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.645581] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.645603] Call Trace: [ 22.645622] <TASK> [ 22.645640] dump_stack_lvl+0x73/0xb0 [ 22.645667] print_report+0xd1/0x650 [ 22.645689] ? __virt_addr_valid+0x1db/0x2d0 [ 22.645712] ? ksize_uaf+0x5e4/0x6c0 [ 22.645731] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.645756] ? ksize_uaf+0x5e4/0x6c0 [ 22.645776] kasan_report+0x141/0x180 [ 22.645797] ? ksize_uaf+0x5e4/0x6c0 [ 22.645821] __asan_report_load1_noabort+0x18/0x20 [ 22.645843] ksize_uaf+0x5e4/0x6c0 [ 22.645862] ? __pfx_ksize_uaf+0x10/0x10 [ 22.645882] ? __schedule+0x10cc/0x2b60 [ 22.645907] ? __pfx_read_tsc+0x10/0x10 [ 22.645928] ? ktime_get_ts64+0x86/0x230 [ 22.645951] kunit_try_run_case+0x1a5/0x480 [ 22.645975] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.645997] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.646020] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.646044] ? __kthread_parkme+0x82/0x180 [ 22.646064] ? preempt_count_sub+0x50/0x80 [ 22.646086] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.646109] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.646131] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.646154] kthread+0x337/0x6f0 [ 22.646172] ? trace_preempt_on+0x20/0xc0 [ 22.646195] ? __pfx_kthread+0x10/0x10 [ 22.646214] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.646293] ? calculate_sigpending+0x7b/0xa0 [ 22.646317] ? __pfx_kthread+0x10/0x10 [ 22.646338] ret_from_fork+0x116/0x1d0 [ 22.646356] ? __pfx_kthread+0x10/0x10 [ 22.646375] ret_from_fork_asm+0x1a/0x30 [ 22.646405] </TASK> [ 22.646416] [ 22.653438] Allocated by task 225: [ 22.653628] kasan_save_stack+0x45/0x70 [ 22.653820] kasan_save_track+0x18/0x40 [ 22.654003] kasan_save_alloc_info+0x3b/0x50 [ 22.654209] __kasan_kmalloc+0xb7/0xc0 [ 22.654403] __kmalloc_cache_noprof+0x189/0x420 [ 22.654614] ksize_uaf+0xaa/0x6c0 [ 22.654743] kunit_try_run_case+0x1a5/0x480 [ 22.654885] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.655157] kthread+0x337/0x6f0 [ 22.655333] ret_from_fork+0x116/0x1d0 [ 22.655516] ret_from_fork_asm+0x1a/0x30 [ 22.655709] [ 22.655798] Freed by task 225: [ 22.655952] kasan_save_stack+0x45/0x70 [ 22.656265] kasan_save_track+0x18/0x40 [ 22.656408] kasan_save_free_info+0x3f/0x60 [ 22.656547] __kasan_slab_free+0x56/0x70 [ 22.656689] kfree+0x222/0x3f0 [ 22.656843] ksize_uaf+0x12c/0x6c0 [ 22.657010] kunit_try_run_case+0x1a5/0x480 [ 22.657240] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.657472] kthread+0x337/0x6f0 [ 22.657588] ret_from_fork+0x116/0x1d0 [ 22.657769] ret_from_fork_asm+0x1a/0x30 [ 22.657956] [ 22.658029] The buggy address belongs to the object at ffff888102d56700 [ 22.658029] which belongs to the cache kmalloc-128 of size 128 [ 22.658490] The buggy address is located 120 bytes inside of [ 22.658490] freed 128-byte region [ffff888102d56700, ffff888102d56780) [ 22.658972] [ 22.659100] The buggy address belongs to the physical page: [ 22.659438] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d56 [ 22.659731] flags: 0x200000000000000(node=0|zone=2) [ 22.660002] page_type: f5(slab) [ 22.660146] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.660477] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.660846] page dumped because: kasan: bad access detected [ 22.661035] [ 22.661123] Memory state around the buggy address: [ 22.661355] ffff888102d56600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.661565] ffff888102d56680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.661775] >ffff888102d56700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.661980] ^ [ 22.662183] ffff888102d56780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.662624] ffff888102d56800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.663359] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 22.565119] ================================================================== [ 22.565664] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 22.565948] Read of size 1 at addr ffff8881024c9c7f by task kunit_try_catch/223 [ 22.566361] [ 22.566447] CPU: 0 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 22.566492] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.566504] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.566525] Call Trace: [ 22.566543] <TASK> [ 22.566559] dump_stack_lvl+0x73/0xb0 [ 22.566585] print_report+0xd1/0x650 [ 22.566606] ? __virt_addr_valid+0x1db/0x2d0 [ 22.566628] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 22.566649] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.566673] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 22.566695] kasan_report+0x141/0x180 [ 22.566715] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 22.566741] __asan_report_load1_noabort+0x18/0x20 [ 22.566763] ksize_unpoisons_memory+0x7b6/0x9b0 [ 22.566785] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 22.566807] ? finish_task_switch.isra.0+0x153/0x700 [ 22.566829] ? __switch_to+0x47/0xf50 [ 22.566853] ? __schedule+0x10cc/0x2b60 [ 22.566877] ? __pfx_read_tsc+0x10/0x10 [ 22.566899] ? ktime_get_ts64+0x86/0x230 [ 22.566922] kunit_try_run_case+0x1a5/0x480 [ 22.566945] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.566967] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.566990] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.567014] ? __kthread_parkme+0x82/0x180 [ 22.567108] ? preempt_count_sub+0x50/0x80 [ 22.567131] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.567154] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.567178] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.567201] kthread+0x337/0x6f0 [ 22.567232] ? trace_preempt_on+0x20/0xc0 [ 22.567254] ? __pfx_kthread+0x10/0x10 [ 22.567273] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.567295] ? calculate_sigpending+0x7b/0xa0 [ 22.567318] ? __pfx_kthread+0x10/0x10 [ 22.567338] ret_from_fork+0x116/0x1d0 [ 22.567357] ? __pfx_kthread+0x10/0x10 [ 22.567376] ret_from_fork_asm+0x1a/0x30 [ 22.567406] </TASK> [ 22.567417] [ 22.575293] Allocated by task 223: [ 22.575445] kasan_save_stack+0x45/0x70 [ 22.575645] kasan_save_track+0x18/0x40 [ 22.575793] kasan_save_alloc_info+0x3b/0x50 [ 22.575988] __kasan_kmalloc+0xb7/0xc0 [ 22.576214] __kmalloc_cache_noprof+0x189/0x420 [ 22.576423] ksize_unpoisons_memory+0xc7/0x9b0 [ 22.576590] kunit_try_run_case+0x1a5/0x480 [ 22.576730] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.576895] kthread+0x337/0x6f0 [ 22.577009] ret_from_fork+0x116/0x1d0 [ 22.577189] ret_from_fork_asm+0x1a/0x30 [ 22.577394] [ 22.577484] The buggy address belongs to the object at ffff8881024c9c00 [ 22.577484] which belongs to the cache kmalloc-128 of size 128 [ 22.578038] The buggy address is located 12 bytes to the right of [ 22.578038] allocated 115-byte region [ffff8881024c9c00, ffff8881024c9c73) [ 22.578705] [ 22.578807] The buggy address belongs to the physical page: [ 22.579096] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024c9 [ 22.579510] flags: 0x200000000000000(node=0|zone=2) [ 22.579667] page_type: f5(slab) [ 22.579783] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.580002] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.580889] page dumped because: kasan: bad access detected [ 22.581548] [ 22.581715] Memory state around the buggy address: [ 22.582579] ffff8881024c9b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.583519] ffff8881024c9b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.584455] >ffff8881024c9c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.585278] ^ [ 22.585502] ffff8881024c9c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.585712] ffff8881024c9d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.587149] ================================================================== [ 22.546201] ================================================================== [ 22.546502] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 22.546794] Read of size 1 at addr ffff8881024c9c78 by task kunit_try_catch/223 [ 22.547347] [ 22.547470] CPU: 0 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 22.547520] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.547532] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.547555] Call Trace: [ 22.547569] <TASK> [ 22.547588] dump_stack_lvl+0x73/0xb0 [ 22.547617] print_report+0xd1/0x650 [ 22.547639] ? __virt_addr_valid+0x1db/0x2d0 [ 22.547663] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 22.547684] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.547710] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 22.547734] kasan_report+0x141/0x180 [ 22.547756] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 22.547782] __asan_report_load1_noabort+0x18/0x20 [ 22.547818] ksize_unpoisons_memory+0x7e9/0x9b0 [ 22.547840] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 22.547862] ? finish_task_switch.isra.0+0x153/0x700 [ 22.547883] ? __switch_to+0x47/0xf50 [ 22.547908] ? __schedule+0x10cc/0x2b60 [ 22.547932] ? __pfx_read_tsc+0x10/0x10 [ 22.547954] ? ktime_get_ts64+0x86/0x230 [ 22.547978] kunit_try_run_case+0x1a5/0x480 [ 22.548003] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.548024] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.548047] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.548071] ? __kthread_parkme+0x82/0x180 [ 22.548090] ? preempt_count_sub+0x50/0x80 [ 22.548112] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.548134] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.548156] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.548179] kthread+0x337/0x6f0 [ 22.548200] ? trace_preempt_on+0x20/0xc0 [ 22.548235] ? __pfx_kthread+0x10/0x10 [ 22.548256] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.548279] ? calculate_sigpending+0x7b/0xa0 [ 22.548304] ? __pfx_kthread+0x10/0x10 [ 22.548325] ret_from_fork+0x116/0x1d0 [ 22.548344] ? __pfx_kthread+0x10/0x10 [ 22.548364] ret_from_fork_asm+0x1a/0x30 [ 22.548395] </TASK> [ 22.548406] [ 22.556185] Allocated by task 223: [ 22.556379] kasan_save_stack+0x45/0x70 [ 22.556763] kasan_save_track+0x18/0x40 [ 22.556898] kasan_save_alloc_info+0x3b/0x50 [ 22.557152] __kasan_kmalloc+0xb7/0xc0 [ 22.557291] __kmalloc_cache_noprof+0x189/0x420 [ 22.557440] ksize_unpoisons_memory+0xc7/0x9b0 [ 22.557829] kunit_try_run_case+0x1a5/0x480 [ 22.558008] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.558179] kthread+0x337/0x6f0 [ 22.558302] ret_from_fork+0x116/0x1d0 [ 22.558430] ret_from_fork_asm+0x1a/0x30 [ 22.558650] [ 22.558915] The buggy address belongs to the object at ffff8881024c9c00 [ 22.558915] which belongs to the cache kmalloc-128 of size 128 [ 22.559704] The buggy address is located 5 bytes to the right of [ 22.559704] allocated 115-byte region [ffff8881024c9c00, ffff8881024c9c73) [ 22.560213] [ 22.560299] The buggy address belongs to the physical page: [ 22.560470] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024c9 [ 22.560801] flags: 0x200000000000000(node=0|zone=2) [ 22.561099] page_type: f5(slab) [ 22.561276] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.561622] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.561958] page dumped because: kasan: bad access detected [ 22.562336] [ 22.562405] Memory state around the buggy address: [ 22.562620] ffff8881024c9b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.562830] ffff8881024c9b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.563377] >ffff8881024c9c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.563678] ^ [ 22.563959] ffff8881024c9c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.564166] ffff8881024c9d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.564413] ================================================================== [ 22.514197] ================================================================== [ 22.514724] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 22.515903] Read of size 1 at addr ffff8881024c9c73 by task kunit_try_catch/223 [ 22.516741] [ 22.516945] CPU: 0 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 22.516999] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.517011] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.517035] Call Trace: [ 22.517050] <TASK> [ 22.517071] dump_stack_lvl+0x73/0xb0 [ 22.517105] print_report+0xd1/0x650 [ 22.517127] ? __virt_addr_valid+0x1db/0x2d0 [ 22.517152] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 22.517173] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.517198] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 22.517417] kasan_report+0x141/0x180 [ 22.517471] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 22.517499] __asan_report_load1_noabort+0x18/0x20 [ 22.517522] ksize_unpoisons_memory+0x81c/0x9b0 [ 22.517544] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 22.517572] ? finish_task_switch.isra.0+0x153/0x700 [ 22.517596] ? __switch_to+0x47/0xf50 [ 22.517623] ? __schedule+0x10cc/0x2b60 [ 22.517648] ? __pfx_read_tsc+0x10/0x10 [ 22.517669] ? ktime_get_ts64+0x86/0x230 [ 22.517694] kunit_try_run_case+0x1a5/0x480 [ 22.517720] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.517741] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.517765] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.517789] ? __kthread_parkme+0x82/0x180 [ 22.517809] ? preempt_count_sub+0x50/0x80 [ 22.517830] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.517853] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.517875] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.517898] kthread+0x337/0x6f0 [ 22.517917] ? trace_preempt_on+0x20/0xc0 [ 22.517942] ? __pfx_kthread+0x10/0x10 [ 22.517961] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.517984] ? calculate_sigpending+0x7b/0xa0 [ 22.518007] ? __pfx_kthread+0x10/0x10 [ 22.518028] ret_from_fork+0x116/0x1d0 [ 22.518045] ? __pfx_kthread+0x10/0x10 [ 22.518064] ret_from_fork_asm+0x1a/0x30 [ 22.518095] </TASK> [ 22.518107] [ 22.531561] Allocated by task 223: [ 22.531695] kasan_save_stack+0x45/0x70 [ 22.531838] kasan_save_track+0x18/0x40 [ 22.531967] kasan_save_alloc_info+0x3b/0x50 [ 22.532272] __kasan_kmalloc+0xb7/0xc0 [ 22.532524] __kmalloc_cache_noprof+0x189/0x420 [ 22.532944] ksize_unpoisons_memory+0xc7/0x9b0 [ 22.533392] kunit_try_run_case+0x1a5/0x480 [ 22.533543] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.533714] kthread+0x337/0x6f0 [ 22.533857] ret_from_fork+0x116/0x1d0 [ 22.534414] ret_from_fork_asm+0x1a/0x30 [ 22.535083] [ 22.535301] The buggy address belongs to the object at ffff8881024c9c00 [ 22.535301] which belongs to the cache kmalloc-128 of size 128 [ 22.536541] The buggy address is located 0 bytes to the right of [ 22.536541] allocated 115-byte region [ffff8881024c9c00, ffff8881024c9c73) [ 22.537466] [ 22.537663] The buggy address belongs to the physical page: [ 22.538268] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024c9 [ 22.538559] flags: 0x200000000000000(node=0|zone=2) [ 22.539078] page_type: f5(slab) [ 22.539615] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.540235] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.540716] page dumped because: kasan: bad access detected [ 22.541034] [ 22.541310] Memory state around the buggy address: [ 22.541887] ffff8881024c9b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.542449] ffff8881024c9b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.542716] >ffff8881024c9c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.543398] ^ [ 22.544048] ffff8881024c9c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.544817] ffff8881024c9d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.545533] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-kfree_sensitive
[ 22.480969] ================================================================== [ 22.481277] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 22.481688] Free of addr ffff88810278b700 by task kunit_try_catch/221 [ 22.482379] [ 22.482473] CPU: 1 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 22.482544] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.482558] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.482594] Call Trace: [ 22.482615] <TASK> [ 22.482635] dump_stack_lvl+0x73/0xb0 [ 22.482664] print_report+0xd1/0x650 [ 22.482686] ? __virt_addr_valid+0x1db/0x2d0 [ 22.482710] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.482735] ? kfree_sensitive+0x2e/0x90 [ 22.482758] kasan_report_invalid_free+0x10a/0x130 [ 22.482781] ? kfree_sensitive+0x2e/0x90 [ 22.482805] ? kfree_sensitive+0x2e/0x90 [ 22.482828] check_slab_allocation+0x101/0x130 [ 22.482879] __kasan_slab_pre_free+0x28/0x40 [ 22.482899] kfree+0xf0/0x3f0 [ 22.482921] ? kfree_sensitive+0x2e/0x90 [ 22.482957] kfree_sensitive+0x2e/0x90 [ 22.482979] kmalloc_double_kzfree+0x19c/0x350 [ 22.483003] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 22.483032] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 22.483080] ? __pfx_read_tsc+0x10/0x10 [ 22.483101] ? ktime_get_ts64+0x86/0x230 [ 22.483125] kunit_try_run_case+0x1a5/0x480 [ 22.483156] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.483178] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 22.483201] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.483234] ? __kthread_parkme+0x82/0x180 [ 22.483413] ? preempt_count_sub+0x50/0x80 [ 22.483436] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.483459] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.483482] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.483504] kthread+0x337/0x6f0 [ 22.483524] ? trace_preempt_on+0x20/0xc0 [ 22.483546] ? __pfx_kthread+0x10/0x10 [ 22.483565] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.483588] ? calculate_sigpending+0x7b/0xa0 [ 22.483618] ? __pfx_kthread+0x10/0x10 [ 22.483639] ret_from_fork+0x116/0x1d0 [ 22.483657] ? __pfx_kthread+0x10/0x10 [ 22.483676] ret_from_fork_asm+0x1a/0x30 [ 22.483707] </TASK> [ 22.483718] [ 22.495697] Allocated by task 221: [ 22.496113] kasan_save_stack+0x45/0x70 [ 22.496427] kasan_save_track+0x18/0x40 [ 22.496706] kasan_save_alloc_info+0x3b/0x50 [ 22.497174] __kasan_kmalloc+0xb7/0xc0 [ 22.497626] __kmalloc_cache_noprof+0x189/0x420 [ 22.497820] kmalloc_double_kzfree+0xa9/0x350 [ 22.498396] kunit_try_run_case+0x1a5/0x480 [ 22.498708] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.499144] kthread+0x337/0x6f0 [ 22.499384] ret_from_fork+0x116/0x1d0 [ 22.499566] ret_from_fork_asm+0x1a/0x30 [ 22.499929] [ 22.500141] Freed by task 221: [ 22.500284] kasan_save_stack+0x45/0x70 [ 22.500484] kasan_save_track+0x18/0x40 [ 22.500900] kasan_save_free_info+0x3f/0x60 [ 22.501246] __kasan_slab_free+0x56/0x70 [ 22.501433] kfree+0x222/0x3f0 [ 22.501591] kfree_sensitive+0x67/0x90 [ 22.501760] kmalloc_double_kzfree+0x12b/0x350 [ 22.502341] kunit_try_run_case+0x1a5/0x480 [ 22.502587] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.502853] kthread+0x337/0x6f0 [ 22.502973] ret_from_fork+0x116/0x1d0 [ 22.503244] ret_from_fork_asm+0x1a/0x30 [ 22.503432] [ 22.503511] The buggy address belongs to the object at ffff88810278b700 [ 22.503511] which belongs to the cache kmalloc-16 of size 16 [ 22.503975] The buggy address is located 0 bytes inside of [ 22.503975] 16-byte region [ffff88810278b700, ffff88810278b710) [ 22.504469] [ 22.504779] The buggy address belongs to the physical page: [ 22.505402] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10278b [ 22.505765] flags: 0x200000000000000(node=0|zone=2) [ 22.506250] page_type: f5(slab) [ 22.506556] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 22.507156] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 22.507449] page dumped because: kasan: bad access detected [ 22.507879] [ 22.508106] Memory state around the buggy address: [ 22.508289] ffff88810278b600: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 22.508664] ffff88810278b680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 22.509165] >ffff88810278b700: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.509596] ^ [ 22.509715] ffff88810278b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.510290] ffff88810278b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.510684] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 22.452512] ================================================================== [ 22.453473] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350 [ 22.453814] Read of size 1 at addr ffff88810278b700 by task kunit_try_catch/221 [ 22.454410] [ 22.454539] CPU: 1 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 22.454593] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.454606] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.454630] Call Trace: [ 22.454646] <TASK> [ 22.454666] dump_stack_lvl+0x73/0xb0 [ 22.454700] print_report+0xd1/0x650 [ 22.454723] ? __virt_addr_valid+0x1db/0x2d0 [ 22.454747] ? kmalloc_double_kzfree+0x19c/0x350 [ 22.454769] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.454843] ? kmalloc_double_kzfree+0x19c/0x350 [ 22.454867] kasan_report+0x141/0x180 [ 22.454888] ? kmalloc_double_kzfree+0x19c/0x350 [ 22.454912] ? kmalloc_double_kzfree+0x19c/0x350 [ 22.454933] __kasan_check_byte+0x3d/0x50 [ 22.454954] kfree_sensitive+0x22/0x90 [ 22.454981] kmalloc_double_kzfree+0x19c/0x350 [ 22.455003] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 22.455033] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 22.455060] ? __pfx_read_tsc+0x10/0x10 [ 22.455082] ? ktime_get_ts64+0x86/0x230 [ 22.455106] kunit_try_run_case+0x1a5/0x480 [ 22.455131] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.455153] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 22.455176] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.455200] ? __kthread_parkme+0x82/0x180 [ 22.455230] ? preempt_count_sub+0x50/0x80 [ 22.455253] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.455276] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.455299] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.455322] kthread+0x337/0x6f0 [ 22.455341] ? trace_preempt_on+0x20/0xc0 [ 22.455363] ? __pfx_kthread+0x10/0x10 [ 22.455406] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.455429] ? calculate_sigpending+0x7b/0xa0 [ 22.455452] ? __pfx_kthread+0x10/0x10 [ 22.455473] ret_from_fork+0x116/0x1d0 [ 22.455491] ? __pfx_kthread+0x10/0x10 [ 22.455510] ret_from_fork_asm+0x1a/0x30 [ 22.455541] </TASK> [ 22.455553] [ 22.465646] Allocated by task 221: [ 22.466105] kasan_save_stack+0x45/0x70 [ 22.466327] kasan_save_track+0x18/0x40 [ 22.466506] kasan_save_alloc_info+0x3b/0x50 [ 22.466711] __kasan_kmalloc+0xb7/0xc0 [ 22.466886] __kmalloc_cache_noprof+0x189/0x420 [ 22.467431] kmalloc_double_kzfree+0xa9/0x350 [ 22.467623] kunit_try_run_case+0x1a5/0x480 [ 22.467962] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.468265] kthread+0x337/0x6f0 [ 22.468657] ret_from_fork+0x116/0x1d0 [ 22.468848] ret_from_fork_asm+0x1a/0x30 [ 22.469201] [ 22.469297] Freed by task 221: [ 22.469580] kasan_save_stack+0x45/0x70 [ 22.469887] kasan_save_track+0x18/0x40 [ 22.470033] kasan_save_free_info+0x3f/0x60 [ 22.470398] __kasan_slab_free+0x56/0x70 [ 22.470552] kfree+0x222/0x3f0 [ 22.470714] kfree_sensitive+0x67/0x90 [ 22.471090] kmalloc_double_kzfree+0x12b/0x350 [ 22.471325] kunit_try_run_case+0x1a5/0x480 [ 22.471505] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.471739] kthread+0x337/0x6f0 [ 22.471922] ret_from_fork+0x116/0x1d0 [ 22.472409] ret_from_fork_asm+0x1a/0x30 [ 22.472591] [ 22.472686] The buggy address belongs to the object at ffff88810278b700 [ 22.472686] which belongs to the cache kmalloc-16 of size 16 [ 22.473488] The buggy address is located 0 bytes inside of [ 22.473488] freed 16-byte region [ffff88810278b700, ffff88810278b710) [ 22.474128] [ 22.474329] The buggy address belongs to the physical page: [ 22.474700] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10278b [ 22.475171] flags: 0x200000000000000(node=0|zone=2) [ 22.475403] page_type: f5(slab) [ 22.475558] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 22.476162] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 22.476440] page dumped because: kasan: bad access detected [ 22.476772] [ 22.476911] Memory state around the buggy address: [ 22.477426] ffff88810278b600: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 22.477726] ffff88810278b680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 22.478146] >ffff88810278b700: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.478437] ^ [ 22.478573] ffff88810278b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.479241] ffff88810278b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.479531] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 22.421333] ================================================================== [ 22.421814] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x4a8/0x520 [ 22.422039] Read of size 1 at addr ffff8881024d1ba8 by task kunit_try_catch/217 [ 22.422267] [ 22.422360] CPU: 0 UID: 0 PID: 217 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 22.422412] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.422425] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.422449] Call Trace: [ 22.422463] <TASK> [ 22.422486] dump_stack_lvl+0x73/0xb0 [ 22.422518] print_report+0xd1/0x650 [ 22.422539] ? __virt_addr_valid+0x1db/0x2d0 [ 22.422564] ? kmalloc_uaf2+0x4a8/0x520 [ 22.422582] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.422607] ? kmalloc_uaf2+0x4a8/0x520 [ 22.422626] kasan_report+0x141/0x180 [ 22.422647] ? kmalloc_uaf2+0x4a8/0x520 [ 22.422670] __asan_report_load1_noabort+0x18/0x20 [ 22.422693] kmalloc_uaf2+0x4a8/0x520 [ 22.422712] ? __pfx_kmalloc_uaf2+0x10/0x10 [ 22.422730] ? finish_task_switch.isra.0+0x153/0x700 [ 22.422752] ? __switch_to+0x47/0xf50 [ 22.422778] ? __schedule+0x10cc/0x2b60 [ 22.422803] ? __pfx_read_tsc+0x10/0x10 [ 22.422825] ? ktime_get_ts64+0x86/0x230 [ 22.422850] kunit_try_run_case+0x1a5/0x480 [ 22.422876] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.422897] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.422921] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.422945] ? __kthread_parkme+0x82/0x180 [ 22.422965] ? preempt_count_sub+0x50/0x80 [ 22.422987] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.423010] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.423039] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.423061] kthread+0x337/0x6f0 [ 22.423080] ? trace_preempt_on+0x20/0xc0 [ 22.423104] ? __pfx_kthread+0x10/0x10 [ 22.423123] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.423145] ? calculate_sigpending+0x7b/0xa0 [ 22.423169] ? __pfx_kthread+0x10/0x10 [ 22.423189] ret_from_fork+0x116/0x1d0 [ 22.423208] ? __pfx_kthread+0x10/0x10 [ 22.423585] ret_from_fork_asm+0x1a/0x30 [ 22.423647] </TASK> [ 22.423926] [ 22.434891] Allocated by task 217: [ 22.435049] kasan_save_stack+0x45/0x70 [ 22.435318] kasan_save_track+0x18/0x40 [ 22.435503] kasan_save_alloc_info+0x3b/0x50 [ 22.435708] __kasan_kmalloc+0xb7/0xc0 [ 22.435968] __kmalloc_cache_noprof+0x189/0x420 [ 22.436229] kmalloc_uaf2+0xc6/0x520 [ 22.436394] kunit_try_run_case+0x1a5/0x480 [ 22.436535] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.436847] kthread+0x337/0x6f0 [ 22.437056] ret_from_fork+0x116/0x1d0 [ 22.437254] ret_from_fork_asm+0x1a/0x30 [ 22.437401] [ 22.437467] Freed by task 217: [ 22.437571] kasan_save_stack+0x45/0x70 [ 22.437706] kasan_save_track+0x18/0x40 [ 22.437982] kasan_save_free_info+0x3f/0x60 [ 22.438212] __kasan_slab_free+0x56/0x70 [ 22.438411] kfree+0x222/0x3f0 [ 22.438570] kmalloc_uaf2+0x14c/0x520 [ 22.438739] kunit_try_run_case+0x1a5/0x480 [ 22.439050] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.439313] kthread+0x337/0x6f0 [ 22.439504] ret_from_fork+0x116/0x1d0 [ 22.439700] ret_from_fork_asm+0x1a/0x30 [ 22.439976] [ 22.440090] The buggy address belongs to the object at ffff8881024d1b80 [ 22.440090] which belongs to the cache kmalloc-64 of size 64 [ 22.440605] The buggy address is located 40 bytes inside of [ 22.440605] freed 64-byte region [ffff8881024d1b80, ffff8881024d1bc0) [ 22.441067] [ 22.441139] The buggy address belongs to the physical page: [ 22.441321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024d1 [ 22.441649] flags: 0x200000000000000(node=0|zone=2) [ 22.442022] page_type: f5(slab) [ 22.442198] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 22.442566] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.442905] page dumped because: kasan: bad access detected [ 22.443140] [ 22.443264] Memory state around the buggy address: [ 22.443489] ffff8881024d1a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.443899] ffff8881024d1b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.444287] >ffff8881024d1b80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.444552] ^ [ 22.444694] ffff8881024d1c00: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 22.445099] ffff8881024d1c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.445449] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 22.390084] ================================================================== [ 22.390513] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x1a3/0x360 [ 22.391082] Write of size 33 at addr ffff888103ae5280 by task kunit_try_catch/215 [ 22.391814] [ 22.391987] CPU: 1 UID: 0 PID: 215 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 22.392040] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.392177] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.392202] Call Trace: [ 22.392216] <TASK> [ 22.392248] dump_stack_lvl+0x73/0xb0 [ 22.392280] print_report+0xd1/0x650 [ 22.392302] ? __virt_addr_valid+0x1db/0x2d0 [ 22.392326] ? kmalloc_uaf_memset+0x1a3/0x360 [ 22.392346] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.392370] ? kmalloc_uaf_memset+0x1a3/0x360 [ 22.392390] kasan_report+0x141/0x180 [ 22.392411] ? kmalloc_uaf_memset+0x1a3/0x360 [ 22.392435] kasan_check_range+0x10c/0x1c0 [ 22.392457] __asan_memset+0x27/0x50 [ 22.392480] kmalloc_uaf_memset+0x1a3/0x360 [ 22.392500] ? __pfx_kmalloc_uaf_memset+0x10/0x10 [ 22.392522] ? __pfx_kmalloc_uaf_memset+0x10/0x10 [ 22.392546] kunit_try_run_case+0x1a5/0x480 [ 22.392570] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.392592] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.392618] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.392643] ? __kthread_parkme+0x82/0x180 [ 22.392663] ? preempt_count_sub+0x50/0x80 [ 22.392686] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.392709] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.392732] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.392755] kthread+0x337/0x6f0 [ 22.392774] ? trace_preempt_on+0x20/0xc0 [ 22.392809] ? __pfx_kthread+0x10/0x10 [ 22.392829] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.392853] ? calculate_sigpending+0x7b/0xa0 [ 22.392875] ? __pfx_kthread+0x10/0x10 [ 22.392897] ret_from_fork+0x116/0x1d0 [ 22.392917] ? __pfx_kthread+0x10/0x10 [ 22.392938] ret_from_fork_asm+0x1a/0x30 [ 22.392969] </TASK> [ 22.392980] [ 22.402434] Allocated by task 215: [ 22.402644] kasan_save_stack+0x45/0x70 [ 22.402959] kasan_save_track+0x18/0x40 [ 22.403359] kasan_save_alloc_info+0x3b/0x50 [ 22.403571] __kasan_kmalloc+0xb7/0xc0 [ 22.403904] __kmalloc_cache_noprof+0x189/0x420 [ 22.404254] kmalloc_uaf_memset+0xa9/0x360 [ 22.404437] kunit_try_run_case+0x1a5/0x480 [ 22.404740] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.405058] kthread+0x337/0x6f0 [ 22.405284] ret_from_fork+0x116/0x1d0 [ 22.405439] ret_from_fork_asm+0x1a/0x30 [ 22.405619] [ 22.405709] Freed by task 215: [ 22.405841] kasan_save_stack+0x45/0x70 [ 22.406436] kasan_save_track+0x18/0x40 [ 22.406612] kasan_save_free_info+0x3f/0x60 [ 22.407110] __kasan_slab_free+0x56/0x70 [ 22.407312] kfree+0x222/0x3f0 [ 22.407428] kmalloc_uaf_memset+0x12b/0x360 [ 22.407633] kunit_try_run_case+0x1a5/0x480 [ 22.408431] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.408663] kthread+0x337/0x6f0 [ 22.408837] ret_from_fork+0x116/0x1d0 [ 22.409303] ret_from_fork_asm+0x1a/0x30 [ 22.409482] [ 22.409580] The buggy address belongs to the object at ffff888103ae5280 [ 22.409580] which belongs to the cache kmalloc-64 of size 64 [ 22.410069] The buggy address is located 0 bytes inside of [ 22.410069] freed 64-byte region [ffff888103ae5280, ffff888103ae52c0) [ 22.410545] [ 22.410632] The buggy address belongs to the physical page: [ 22.410862] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ae5 [ 22.411691] flags: 0x200000000000000(node=0|zone=2) [ 22.411885] page_type: f5(slab) [ 22.412413] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 22.412843] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.413301] page dumped because: kasan: bad access detected [ 22.413597] [ 22.413750] Memory state around the buggy address: [ 22.414333] ffff888103ae5180: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 22.414613] ffff888103ae5200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.415327] >ffff888103ae5280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.415633] ^ [ 22.415956] ffff888103ae5300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.416312] ffff888103ae5380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.416681] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 22.361277] ================================================================== [ 22.361751] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x320/0x380 [ 22.362298] Read of size 1 at addr ffff88810278b6e8 by task kunit_try_catch/213 [ 22.362629] [ 22.362749] CPU: 1 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 22.362803] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.362816] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.362840] Call Trace: [ 22.362864] <TASK> [ 22.362886] dump_stack_lvl+0x73/0xb0 [ 22.362923] print_report+0xd1/0x650 [ 22.362963] ? __virt_addr_valid+0x1db/0x2d0 [ 22.362991] ? kmalloc_uaf+0x320/0x380 [ 22.363010] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.363054] ? kmalloc_uaf+0x320/0x380 [ 22.363084] kasan_report+0x141/0x180 [ 22.363105] ? kmalloc_uaf+0x320/0x380 [ 22.363127] __asan_report_load1_noabort+0x18/0x20 [ 22.363161] kmalloc_uaf+0x320/0x380 [ 22.363181] ? __pfx_kmalloc_uaf+0x10/0x10 [ 22.363200] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 22.363232] ? trace_hardirqs_on+0x37/0xe0 [ 22.363257] ? __pfx_read_tsc+0x10/0x10 [ 22.363280] ? ktime_get_ts64+0x86/0x230 [ 22.363305] kunit_try_run_case+0x1a5/0x480 [ 22.363332] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.363355] ? queued_spin_lock_slowpath+0x116/0xb40 [ 22.363381] ? __kthread_parkme+0x82/0x180 [ 22.363402] ? preempt_count_sub+0x50/0x80 [ 22.363435] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.363458] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.363481] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.363515] kthread+0x337/0x6f0 [ 22.363534] ? trace_preempt_on+0x20/0xc0 [ 22.363564] ? __pfx_kthread+0x10/0x10 [ 22.363583] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.363606] ? calculate_sigpending+0x7b/0xa0 [ 22.363640] ? __pfx_kthread+0x10/0x10 [ 22.363661] ret_from_fork+0x116/0x1d0 [ 22.363679] ? __pfx_kthread+0x10/0x10 [ 22.363698] ret_from_fork_asm+0x1a/0x30 [ 22.363730] </TASK> [ 22.363743] [ 22.372964] Allocated by task 213: [ 22.373428] kasan_save_stack+0x45/0x70 [ 22.373779] kasan_save_track+0x18/0x40 [ 22.373962] kasan_save_alloc_info+0x3b/0x50 [ 22.374270] __kasan_kmalloc+0xb7/0xc0 [ 22.374528] __kmalloc_cache_noprof+0x189/0x420 [ 22.374843] kmalloc_uaf+0xaa/0x380 [ 22.374987] kunit_try_run_case+0x1a5/0x480 [ 22.375405] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.375743] kthread+0x337/0x6f0 [ 22.375875] ret_from_fork+0x116/0x1d0 [ 22.376300] ret_from_fork_asm+0x1a/0x30 [ 22.376571] [ 22.376658] Freed by task 213: [ 22.376779] kasan_save_stack+0x45/0x70 [ 22.377153] kasan_save_track+0x18/0x40 [ 22.377337] kasan_save_free_info+0x3f/0x60 [ 22.377659] __kasan_slab_free+0x56/0x70 [ 22.377857] kfree+0x222/0x3f0 [ 22.378004] kmalloc_uaf+0x12c/0x380 [ 22.378359] kunit_try_run_case+0x1a5/0x480 [ 22.378567] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.378938] kthread+0x337/0x6f0 [ 22.379197] ret_from_fork+0x116/0x1d0 [ 22.379457] ret_from_fork_asm+0x1a/0x30 [ 22.379737] [ 22.379830] The buggy address belongs to the object at ffff88810278b6e0 [ 22.379830] which belongs to the cache kmalloc-16 of size 16 [ 22.380562] The buggy address is located 8 bytes inside of [ 22.380562] freed 16-byte region [ffff88810278b6e0, ffff88810278b6f0) [ 22.381134] [ 22.381382] The buggy address belongs to the physical page: [ 22.381611] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10278b [ 22.382046] flags: 0x200000000000000(node=0|zone=2) [ 22.382347] page_type: f5(slab) [ 22.382477] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 22.382932] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 22.383325] page dumped because: kasan: bad access detected [ 22.383630] [ 22.383722] Memory state around the buggy address: [ 22.383925] ffff88810278b580: 00 06 fc fc 00 06 fc fc 00 06 fc fc fa fb fc fc [ 22.384413] ffff88810278b600: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 22.384787] >ffff88810278b680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 22.385038] ^ [ 22.385493] ffff88810278b700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.385800] ffff88810278b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.386213] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 22.333372] ================================================================== [ 22.333851] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 22.334295] Read of size 64 at addr ffff8881024d1a84 by task kunit_try_catch/211 [ 22.334724] [ 22.334846] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 22.334900] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.335208] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.335245] Call Trace: [ 22.335262] <TASK> [ 22.335349] dump_stack_lvl+0x73/0xb0 [ 22.335402] print_report+0xd1/0x650 [ 22.335425] ? __virt_addr_valid+0x1db/0x2d0 [ 22.335450] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 22.335476] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.335501] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 22.335524] kasan_report+0x141/0x180 [ 22.335546] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 22.335573] kasan_check_range+0x10c/0x1c0 [ 22.335605] __asan_memmove+0x27/0x70 [ 22.335629] kmalloc_memmove_invalid_size+0x16f/0x330 [ 22.335662] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 22.335687] ? __schedule+0x10cc/0x2b60 [ 22.335711] ? __pfx_read_tsc+0x10/0x10 [ 22.335733] ? ktime_get_ts64+0x86/0x230 [ 22.335758] kunit_try_run_case+0x1a5/0x480 [ 22.335784] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.335879] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.335922] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.335947] ? __kthread_parkme+0x82/0x180 [ 22.335968] ? preempt_count_sub+0x50/0x80 [ 22.335992] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.336015] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.336049] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.336073] kthread+0x337/0x6f0 [ 22.336092] ? trace_preempt_on+0x20/0xc0 [ 22.336116] ? __pfx_kthread+0x10/0x10 [ 22.336136] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.336158] ? calculate_sigpending+0x7b/0xa0 [ 22.336182] ? __pfx_kthread+0x10/0x10 [ 22.336203] ret_from_fork+0x116/0x1d0 [ 22.336231] ? __pfx_kthread+0x10/0x10 [ 22.336251] ret_from_fork_asm+0x1a/0x30 [ 22.336282] </TASK> [ 22.336295] [ 22.344661] Allocated by task 211: [ 22.345122] kasan_save_stack+0x45/0x70 [ 22.345463] kasan_save_track+0x18/0x40 [ 22.345592] kasan_save_alloc_info+0x3b/0x50 [ 22.345732] __kasan_kmalloc+0xb7/0xc0 [ 22.345855] __kmalloc_cache_noprof+0x189/0x420 [ 22.346272] kmalloc_memmove_invalid_size+0xac/0x330 [ 22.346506] kunit_try_run_case+0x1a5/0x480 [ 22.347004] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.347381] kthread+0x337/0x6f0 [ 22.347551] ret_from_fork+0x116/0x1d0 [ 22.347735] ret_from_fork_asm+0x1a/0x30 [ 22.348011] [ 22.348115] The buggy address belongs to the object at ffff8881024d1a80 [ 22.348115] which belongs to the cache kmalloc-64 of size 64 [ 22.348502] The buggy address is located 4 bytes inside of [ 22.348502] allocated 64-byte region [ffff8881024d1a80, ffff8881024d1ac0) [ 22.349284] [ 22.349362] The buggy address belongs to the physical page: [ 22.349546] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024d1 [ 22.350460] flags: 0x200000000000000(node=0|zone=2) [ 22.350649] page_type: f5(slab) [ 22.350767] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 22.351329] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.351661] page dumped because: kasan: bad access detected [ 22.351826] [ 22.351889] Memory state around the buggy address: [ 22.352040] ffff8881024d1980: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 22.352528] ffff8881024d1a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.352887] >ffff8881024d1a80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 22.353136] ^ [ 22.353481] ffff8881024d1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.353825] ffff8881024d1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.354251] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 22.301935] ================================================================== [ 22.302438] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 22.302693] Read of size 18446744073709551614 at addr ffff8881024d1904 by task kunit_try_catch/209 [ 22.304138] [ 22.304357] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 22.304412] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.304425] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.304449] Call Trace: [ 22.304464] <TASK> [ 22.304483] dump_stack_lvl+0x73/0xb0 [ 22.304518] print_report+0xd1/0x650 [ 22.304541] ? __virt_addr_valid+0x1db/0x2d0 [ 22.304565] ? kmalloc_memmove_negative_size+0x171/0x330 [ 22.304589] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.304615] ? kmalloc_memmove_negative_size+0x171/0x330 [ 22.304663] kasan_report+0x141/0x180 [ 22.304685] ? kmalloc_memmove_negative_size+0x171/0x330 [ 22.304712] kasan_check_range+0x10c/0x1c0 [ 22.304734] __asan_memmove+0x27/0x70 [ 22.304756] kmalloc_memmove_negative_size+0x171/0x330 [ 22.304780] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 22.304939] ? __schedule+0x10cc/0x2b60 [ 22.304968] ? __pfx_read_tsc+0x10/0x10 [ 22.305005] ? ktime_get_ts64+0x86/0x230 [ 22.305030] kunit_try_run_case+0x1a5/0x480 [ 22.305094] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.305117] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.305140] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.305164] ? __kthread_parkme+0x82/0x180 [ 22.305185] ? preempt_count_sub+0x50/0x80 [ 22.305208] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.305240] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.305263] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.305286] kthread+0x337/0x6f0 [ 22.305304] ? trace_preempt_on+0x20/0xc0 [ 22.305328] ? __pfx_kthread+0x10/0x10 [ 22.305347] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.305370] ? calculate_sigpending+0x7b/0xa0 [ 22.305393] ? __pfx_kthread+0x10/0x10 [ 22.305413] ret_from_fork+0x116/0x1d0 [ 22.305431] ? __pfx_kthread+0x10/0x10 [ 22.305451] ret_from_fork_asm+0x1a/0x30 [ 22.305482] </TASK> [ 22.305494] [ 22.317449] Allocated by task 209: [ 22.317725] kasan_save_stack+0x45/0x70 [ 22.318091] kasan_save_track+0x18/0x40 [ 22.318238] kasan_save_alloc_info+0x3b/0x50 [ 22.318417] __kasan_kmalloc+0xb7/0xc0 [ 22.318655] __kmalloc_cache_noprof+0x189/0x420 [ 22.319123] kmalloc_memmove_negative_size+0xac/0x330 [ 22.319504] kunit_try_run_case+0x1a5/0x480 [ 22.319755] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.319927] kthread+0x337/0x6f0 [ 22.320208] ret_from_fork+0x116/0x1d0 [ 22.320605] ret_from_fork_asm+0x1a/0x30 [ 22.320833] [ 22.320953] The buggy address belongs to the object at ffff8881024d1900 [ 22.320953] which belongs to the cache kmalloc-64 of size 64 [ 22.321464] The buggy address is located 4 bytes inside of [ 22.321464] 64-byte region [ffff8881024d1900, ffff8881024d1940) [ 22.322021] [ 22.322112] The buggy address belongs to the physical page: [ 22.322485] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024d1 [ 22.322820] flags: 0x200000000000000(node=0|zone=2) [ 22.323252] page_type: f5(slab) [ 22.323481] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 22.323810] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.324276] page dumped because: kasan: bad access detected [ 22.324518] [ 22.324629] Memory state around the buggy address: [ 22.324898] ffff8881024d1800: 00 00 00 00 05 fc fc fc fc fc fc fc fc fc fc fc [ 22.325413] ffff8881024d1880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.325758] >ffff8881024d1900: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 22.326198] ^ [ 22.326439] ffff8881024d1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.326684] ffff8881024d1a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.327266] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 22.262429] ================================================================== [ 22.262849] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 22.263136] Write of size 8 at addr ffff888102d56671 by task kunit_try_catch/205 [ 22.263442] [ 22.263530] CPU: 1 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 22.263578] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.263591] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.263612] Call Trace: [ 22.263625] <TASK> [ 22.263642] dump_stack_lvl+0x73/0xb0 [ 22.263670] print_report+0xd1/0x650 [ 22.263692] ? __virt_addr_valid+0x1db/0x2d0 [ 22.263715] ? kmalloc_oob_memset_8+0x166/0x330 [ 22.263735] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.263760] ? kmalloc_oob_memset_8+0x166/0x330 [ 22.263780] kasan_report+0x141/0x180 [ 22.263800] ? kmalloc_oob_memset_8+0x166/0x330 [ 22.263825] kasan_check_range+0x10c/0x1c0 [ 22.263846] __asan_memset+0x27/0x50 [ 22.263868] kmalloc_oob_memset_8+0x166/0x330 [ 22.263889] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 22.263911] ? __schedule+0x10cc/0x2b60 [ 22.263935] ? __pfx_read_tsc+0x10/0x10 [ 22.263956] ? ktime_get_ts64+0x86/0x230 [ 22.263979] kunit_try_run_case+0x1a5/0x480 [ 22.264003] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.264024] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.264048] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.264072] ? __kthread_parkme+0x82/0x180 [ 22.264091] ? preempt_count_sub+0x50/0x80 [ 22.264114] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.264136] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.264159] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.264181] kthread+0x337/0x6f0 [ 22.264200] ? trace_preempt_on+0x20/0xc0 [ 22.264262] ? __pfx_kthread+0x10/0x10 [ 22.264284] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.264307] ? calculate_sigpending+0x7b/0xa0 [ 22.264330] ? __pfx_kthread+0x10/0x10 [ 22.264351] ret_from_fork+0x116/0x1d0 [ 22.264370] ? __pfx_kthread+0x10/0x10 [ 22.264389] ret_from_fork_asm+0x1a/0x30 [ 22.264446] </TASK> [ 22.264458] [ 22.272076] Allocated by task 205: [ 22.272252] kasan_save_stack+0x45/0x70 [ 22.272404] kasan_save_track+0x18/0x40 [ 22.272533] kasan_save_alloc_info+0x3b/0x50 [ 22.272695] __kasan_kmalloc+0xb7/0xc0 [ 22.272969] __kmalloc_cache_noprof+0x189/0x420 [ 22.273217] kmalloc_oob_memset_8+0xac/0x330 [ 22.273430] kunit_try_run_case+0x1a5/0x480 [ 22.273632] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.273915] kthread+0x337/0x6f0 [ 22.274045] ret_from_fork+0x116/0x1d0 [ 22.274266] ret_from_fork_asm+0x1a/0x30 [ 22.274459] [ 22.274550] The buggy address belongs to the object at ffff888102d56600 [ 22.274550] which belongs to the cache kmalloc-128 of size 128 [ 22.275191] The buggy address is located 113 bytes inside of [ 22.275191] allocated 120-byte region [ffff888102d56600, ffff888102d56678) [ 22.275614] [ 22.275708] The buggy address belongs to the physical page: [ 22.276180] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d56 [ 22.276491] flags: 0x200000000000000(node=0|zone=2) [ 22.276653] page_type: f5(slab) [ 22.276844] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.277217] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.277557] page dumped because: kasan: bad access detected [ 22.277913] [ 22.278008] Memory state around the buggy address: [ 22.278230] ffff888102d56500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.278515] ffff888102d56580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.278748] >ffff888102d56600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.279039] ^ [ 22.279389] ffff888102d56680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.279709] ffff888102d56700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.280030] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 22.240485] ================================================================== [ 22.240933] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 22.241282] Write of size 4 at addr ffff8881024c9b75 by task kunit_try_catch/203 [ 22.241581] [ 22.241669] CPU: 0 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 22.241722] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.241734] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.241757] Call Trace: [ 22.241771] <TASK> [ 22.241790] dump_stack_lvl+0x73/0xb0 [ 22.241819] print_report+0xd1/0x650 [ 22.241842] ? __virt_addr_valid+0x1db/0x2d0 [ 22.241866] ? kmalloc_oob_memset_4+0x166/0x330 [ 22.241887] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.241911] ? kmalloc_oob_memset_4+0x166/0x330 [ 22.241932] kasan_report+0x141/0x180 [ 22.241952] ? kmalloc_oob_memset_4+0x166/0x330 [ 22.241977] kasan_check_range+0x10c/0x1c0 [ 22.241999] __asan_memset+0x27/0x50 [ 22.242021] kmalloc_oob_memset_4+0x166/0x330 [ 22.242042] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 22.242063] ? __schedule+0x10cc/0x2b60 [ 22.242087] ? __pfx_read_tsc+0x10/0x10 [ 22.242110] ? ktime_get_ts64+0x86/0x230 [ 22.242134] kunit_try_run_case+0x1a5/0x480 [ 22.242159] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.242180] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.242204] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.242266] ? __kthread_parkme+0x82/0x180 [ 22.242288] ? preempt_count_sub+0x50/0x80 [ 22.242311] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.242334] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.242357] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.242380] kthread+0x337/0x6f0 [ 22.242410] ? trace_preempt_on+0x20/0xc0 [ 22.242434] ? __pfx_kthread+0x10/0x10 [ 22.242485] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.242508] ? calculate_sigpending+0x7b/0xa0 [ 22.242532] ? __pfx_kthread+0x10/0x10 [ 22.242553] ret_from_fork+0x116/0x1d0 [ 22.242572] ? __pfx_kthread+0x10/0x10 [ 22.242591] ret_from_fork_asm+0x1a/0x30 [ 22.242622] </TASK> [ 22.242634] [ 22.249716] Allocated by task 203: [ 22.249920] kasan_save_stack+0x45/0x70 [ 22.250092] kasan_save_track+0x18/0x40 [ 22.250288] kasan_save_alloc_info+0x3b/0x50 [ 22.250506] __kasan_kmalloc+0xb7/0xc0 [ 22.250690] __kmalloc_cache_noprof+0x189/0x420 [ 22.250982] kmalloc_oob_memset_4+0xac/0x330 [ 22.251201] kunit_try_run_case+0x1a5/0x480 [ 22.251352] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.251563] kthread+0x337/0x6f0 [ 22.251725] ret_from_fork+0x116/0x1d0 [ 22.251973] ret_from_fork_asm+0x1a/0x30 [ 22.252194] [ 22.252297] The buggy address belongs to the object at ffff8881024c9b00 [ 22.252297] which belongs to the cache kmalloc-128 of size 128 [ 22.252833] The buggy address is located 117 bytes inside of [ 22.252833] allocated 120-byte region [ffff8881024c9b00, ffff8881024c9b78) [ 22.253318] [ 22.253415] The buggy address belongs to the physical page: [ 22.253626] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024c9 [ 22.254128] flags: 0x200000000000000(node=0|zone=2) [ 22.254393] page_type: f5(slab) [ 22.254559] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.254885] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.255263] page dumped because: kasan: bad access detected [ 22.255506] [ 22.255594] Memory state around the buggy address: [ 22.255760] ffff8881024c9a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.256045] ffff8881024c9a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.256293] >ffff8881024c9b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.256604] ^ [ 22.256911] ffff8881024c9b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.257228] ffff8881024c9c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.257489] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 22.216347] ================================================================== [ 22.216978] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 22.217333] Write of size 2 at addr ffff888102d56577 by task kunit_try_catch/201 [ 22.217642] [ 22.217735] CPU: 1 UID: 0 PID: 201 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 22.217784] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.217797] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.217818] Call Trace: [ 22.217944] <TASK> [ 22.217963] dump_stack_lvl+0x73/0xb0 [ 22.217995] print_report+0xd1/0x650 [ 22.218016] ? __virt_addr_valid+0x1db/0x2d0 [ 22.218042] ? kmalloc_oob_memset_2+0x166/0x330 [ 22.218062] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.218087] ? kmalloc_oob_memset_2+0x166/0x330 [ 22.218108] kasan_report+0x141/0x180 [ 22.218129] ? kmalloc_oob_memset_2+0x166/0x330 [ 22.218154] kasan_check_range+0x10c/0x1c0 [ 22.218176] __asan_memset+0x27/0x50 [ 22.218198] kmalloc_oob_memset_2+0x166/0x330 [ 22.218234] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 22.218256] ? __schedule+0x10cc/0x2b60 [ 22.218281] ? __pfx_read_tsc+0x10/0x10 [ 22.218303] ? ktime_get_ts64+0x86/0x230 [ 22.218329] kunit_try_run_case+0x1a5/0x480 [ 22.218355] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.218377] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.218401] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.218425] ? __kthread_parkme+0x82/0x180 [ 22.218446] ? preempt_count_sub+0x50/0x80 [ 22.218469] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.218492] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.218515] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.218538] kthread+0x337/0x6f0 [ 22.218556] ? trace_preempt_on+0x20/0xc0 [ 22.218580] ? __pfx_kthread+0x10/0x10 [ 22.218600] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.218622] ? calculate_sigpending+0x7b/0xa0 [ 22.218646] ? __pfx_kthread+0x10/0x10 [ 22.218667] ret_from_fork+0x116/0x1d0 [ 22.218685] ? __pfx_kthread+0x10/0x10 [ 22.218705] ret_from_fork_asm+0x1a/0x30 [ 22.218736] </TASK> [ 22.218748] [ 22.227752] Allocated by task 201: [ 22.227970] kasan_save_stack+0x45/0x70 [ 22.228154] kasan_save_track+0x18/0x40 [ 22.228419] kasan_save_alloc_info+0x3b/0x50 [ 22.228603] __kasan_kmalloc+0xb7/0xc0 [ 22.228729] __kmalloc_cache_noprof+0x189/0x420 [ 22.228891] kmalloc_oob_memset_2+0xac/0x330 [ 22.229092] kunit_try_run_case+0x1a5/0x480 [ 22.229311] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.229558] kthread+0x337/0x6f0 [ 22.229719] ret_from_fork+0x116/0x1d0 [ 22.229880] ret_from_fork_asm+0x1a/0x30 [ 22.230050] [ 22.230115] The buggy address belongs to the object at ffff888102d56500 [ 22.230115] which belongs to the cache kmalloc-128 of size 128 [ 22.231114] The buggy address is located 119 bytes inside of [ 22.231114] allocated 120-byte region [ffff888102d56500, ffff888102d56578) [ 22.231577] [ 22.231653] The buggy address belongs to the physical page: [ 22.231987] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d56 [ 22.232377] flags: 0x200000000000000(node=0|zone=2) [ 22.232581] page_type: f5(slab) [ 22.232701] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.233137] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.233482] page dumped because: kasan: bad access detected [ 22.233707] [ 22.234126] Memory state around the buggy address: [ 22.234371] ffff888102d56400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.234589] ffff888102d56480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.234970] >ffff888102d56500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.235348] ^ [ 22.235673] ffff888102d56580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.236081] ffff888102d56600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.236369] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 22.194720] ================================================================== [ 22.195294] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 22.195887] Write of size 128 at addr ffff8881024c9a00 by task kunit_try_catch/199 [ 22.196279] [ 22.196393] CPU: 0 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 22.196444] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.196457] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.196696] Call Trace: [ 22.196711] <TASK> [ 22.196730] dump_stack_lvl+0x73/0xb0 [ 22.196761] print_report+0xd1/0x650 [ 22.196783] ? __virt_addr_valid+0x1db/0x2d0 [ 22.196807] ? kmalloc_oob_in_memset+0x15f/0x320 [ 22.196828] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.196853] ? kmalloc_oob_in_memset+0x15f/0x320 [ 22.196874] kasan_report+0x141/0x180 [ 22.196895] ? kmalloc_oob_in_memset+0x15f/0x320 [ 22.196920] kasan_check_range+0x10c/0x1c0 [ 22.196942] __asan_memset+0x27/0x50 [ 22.196964] kmalloc_oob_in_memset+0x15f/0x320 [ 22.196985] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 22.197007] ? __schedule+0x10cc/0x2b60 [ 22.197031] ? __pfx_read_tsc+0x10/0x10 [ 22.197054] ? ktime_get_ts64+0x86/0x230 [ 22.197079] kunit_try_run_case+0x1a5/0x480 [ 22.197105] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.197127] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.197161] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.197186] ? __kthread_parkme+0x82/0x180 [ 22.197208] ? preempt_count_sub+0x50/0x80 [ 22.197245] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.197269] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.197292] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.197315] kthread+0x337/0x6f0 [ 22.197334] ? trace_preempt_on+0x20/0xc0 [ 22.197357] ? __pfx_kthread+0x10/0x10 [ 22.197376] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.197399] ? calculate_sigpending+0x7b/0xa0 [ 22.197423] ? __pfx_kthread+0x10/0x10 [ 22.197444] ret_from_fork+0x116/0x1d0 [ 22.197463] ? __pfx_kthread+0x10/0x10 [ 22.197483] ret_from_fork_asm+0x1a/0x30 [ 22.197514] </TASK> [ 22.197525] [ 22.204229] Allocated by task 199: [ 22.204402] kasan_save_stack+0x45/0x70 [ 22.204571] kasan_save_track+0x18/0x40 [ 22.204738] kasan_save_alloc_info+0x3b/0x50 [ 22.204899] __kasan_kmalloc+0xb7/0xc0 [ 22.205092] __kmalloc_cache_noprof+0x189/0x420 [ 22.205301] kmalloc_oob_in_memset+0xac/0x320 [ 22.205506] kunit_try_run_case+0x1a5/0x480 [ 22.205681] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.205915] kthread+0x337/0x6f0 [ 22.206043] ret_from_fork+0x116/0x1d0 [ 22.206169] ret_from_fork_asm+0x1a/0x30 [ 22.206362] [ 22.206452] The buggy address belongs to the object at ffff8881024c9a00 [ 22.206452] which belongs to the cache kmalloc-128 of size 128 [ 22.206978] The buggy address is located 0 bytes inside of [ 22.206978] allocated 120-byte region [ffff8881024c9a00, ffff8881024c9a78) [ 22.207544] [ 22.207622] The buggy address belongs to the physical page: [ 22.207837] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024c9 [ 22.208174] flags: 0x200000000000000(node=0|zone=2) [ 22.208396] page_type: f5(slab) [ 22.208512] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.208839] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.209142] page dumped because: kasan: bad access detected [ 22.209413] [ 22.209502] Memory state around the buggy address: [ 22.209691] ffff8881024c9900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.209899] ffff8881024c9980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.210449] >ffff8881024c9a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.210713] ^ [ 22.210916] ffff8881024c9a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.211130] ffff8881024c9b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.211346] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 22.165647] ================================================================== [ 22.166481] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x47b/0x4c0 [ 22.166805] Read of size 16 at addr ffff888101126ca0 by task kunit_try_catch/197 [ 22.167138] [ 22.167318] CPU: 0 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 22.167372] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.167384] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.167406] Call Trace: [ 22.167424] <TASK> [ 22.167445] dump_stack_lvl+0x73/0xb0 [ 22.167476] print_report+0xd1/0x650 [ 22.167498] ? __virt_addr_valid+0x1db/0x2d0 [ 22.167522] ? kmalloc_uaf_16+0x47b/0x4c0 [ 22.167541] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.167566] ? kmalloc_uaf_16+0x47b/0x4c0 [ 22.167586] kasan_report+0x141/0x180 [ 22.167607] ? kmalloc_uaf_16+0x47b/0x4c0 [ 22.167631] __asan_report_load16_noabort+0x18/0x20 [ 22.167654] kmalloc_uaf_16+0x47b/0x4c0 [ 22.167674] ? __pfx_kmalloc_uaf_16+0x10/0x10 [ 22.167695] ? __schedule+0x10cc/0x2b60 [ 22.167719] ? __pfx_read_tsc+0x10/0x10 [ 22.167741] ? ktime_get_ts64+0x86/0x230 [ 22.167767] kunit_try_run_case+0x1a5/0x480 [ 22.167792] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.167813] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.167837] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.167861] ? __kthread_parkme+0x82/0x180 [ 22.167882] ? preempt_count_sub+0x50/0x80 [ 22.167905] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.167928] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.167951] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.167974] kthread+0x337/0x6f0 [ 22.167993] ? trace_preempt_on+0x20/0xc0 [ 22.168015] ? __pfx_kthread+0x10/0x10 [ 22.168035] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.168058] ? calculate_sigpending+0x7b/0xa0 [ 22.168081] ? __pfx_kthread+0x10/0x10 [ 22.168101] ret_from_fork+0x116/0x1d0 [ 22.168120] ? __pfx_kthread+0x10/0x10 [ 22.168139] ret_from_fork_asm+0x1a/0x30 [ 22.168170] </TASK> [ 22.168182] [ 22.175994] Allocated by task 197: [ 22.176184] kasan_save_stack+0x45/0x70 [ 22.176409] kasan_save_track+0x18/0x40 [ 22.176676] kasan_save_alloc_info+0x3b/0x50 [ 22.177050] __kasan_kmalloc+0xb7/0xc0 [ 22.177248] __kmalloc_cache_noprof+0x189/0x420 [ 22.177464] kmalloc_uaf_16+0x15b/0x4c0 [ 22.177637] kunit_try_run_case+0x1a5/0x480 [ 22.177808] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.177974] kthread+0x337/0x6f0 [ 22.178089] ret_from_fork+0x116/0x1d0 [ 22.178570] ret_from_fork_asm+0x1a/0x30 [ 22.178745] [ 22.179068] Freed by task 197: [ 22.179244] kasan_save_stack+0x45/0x70 [ 22.179411] kasan_save_track+0x18/0x40 [ 22.179570] kasan_save_free_info+0x3f/0x60 [ 22.179772] __kasan_slab_free+0x56/0x70 [ 22.179983] kfree+0x222/0x3f0 [ 22.180202] kmalloc_uaf_16+0x1d6/0x4c0 [ 22.180488] kunit_try_run_case+0x1a5/0x480 [ 22.180656] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.180950] kthread+0x337/0x6f0 [ 22.181116] ret_from_fork+0x116/0x1d0 [ 22.181289] ret_from_fork_asm+0x1a/0x30 [ 22.181466] [ 22.181532] The buggy address belongs to the object at ffff888101126ca0 [ 22.181532] which belongs to the cache kmalloc-16 of size 16 [ 22.182400] The buggy address is located 0 bytes inside of [ 22.182400] freed 16-byte region [ffff888101126ca0, ffff888101126cb0) [ 22.182801] [ 22.182872] The buggy address belongs to the physical page: [ 22.183047] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101126 [ 22.183378] flags: 0x200000000000000(node=0|zone=2) [ 22.183610] page_type: f5(slab) [ 22.183776] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 22.184352] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 22.184581] page dumped because: kasan: bad access detected [ 22.184748] [ 22.184870] Memory state around the buggy address: [ 22.185166] ffff888101126b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 22.185503] ffff888101126c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 22.185818] >ffff888101126c80: 00 00 fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 22.186202] ^ [ 22.186391] ffff888101126d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.186683] ffff888101126d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.186938] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 22.140059] ================================================================== [ 22.140537] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 22.140857] Write of size 16 at addr ffff888101126c40 by task kunit_try_catch/195 [ 22.141329] [ 22.141433] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 22.141485] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.141498] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.141521] Call Trace: [ 22.141536] <TASK> [ 22.141555] dump_stack_lvl+0x73/0xb0 [ 22.141588] print_report+0xd1/0x650 [ 22.141611] ? __virt_addr_valid+0x1db/0x2d0 [ 22.141634] ? kmalloc_oob_16+0x452/0x4a0 [ 22.141654] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.141679] ? kmalloc_oob_16+0x452/0x4a0 [ 22.141699] kasan_report+0x141/0x180 [ 22.141720] ? kmalloc_oob_16+0x452/0x4a0 [ 22.141743] __asan_report_store16_noabort+0x1b/0x30 [ 22.141767] kmalloc_oob_16+0x452/0x4a0 [ 22.141835] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 22.141863] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 22.141887] kunit_try_run_case+0x1a5/0x480 [ 22.141913] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.141935] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.141961] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.141985] ? __kthread_parkme+0x82/0x180 [ 22.142006] ? preempt_count_sub+0x50/0x80 [ 22.142029] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.142052] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.142075] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.142098] kthread+0x337/0x6f0 [ 22.142118] ? trace_preempt_on+0x20/0xc0 [ 22.142141] ? __pfx_kthread+0x10/0x10 [ 22.142161] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.142183] ? calculate_sigpending+0x7b/0xa0 [ 22.142206] ? __pfx_kthread+0x10/0x10 [ 22.142240] ret_from_fork+0x116/0x1d0 [ 22.142260] ? __pfx_kthread+0x10/0x10 [ 22.142280] ret_from_fork_asm+0x1a/0x30 [ 22.142311] </TASK> [ 22.142323] [ 22.149408] Allocated by task 195: [ 22.149595] kasan_save_stack+0x45/0x70 [ 22.149844] kasan_save_track+0x18/0x40 [ 22.150028] kasan_save_alloc_info+0x3b/0x50 [ 22.150188] __kasan_kmalloc+0xb7/0xc0 [ 22.150390] __kmalloc_cache_noprof+0x189/0x420 [ 22.150548] kmalloc_oob_16+0xa8/0x4a0 [ 22.150673] kunit_try_run_case+0x1a5/0x480 [ 22.150818] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.151145] kthread+0x337/0x6f0 [ 22.151319] ret_from_fork+0x116/0x1d0 [ 22.151504] ret_from_fork_asm+0x1a/0x30 [ 22.151699] [ 22.151792] The buggy address belongs to the object at ffff888101126c40 [ 22.151792] which belongs to the cache kmalloc-16 of size 16 [ 22.152567] The buggy address is located 0 bytes inside of [ 22.152567] allocated 13-byte region [ffff888101126c40, ffff888101126c4d) [ 22.153251] [ 22.153340] The buggy address belongs to the physical page: [ 22.153527] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101126 [ 22.153904] flags: 0x200000000000000(node=0|zone=2) [ 22.154186] page_type: f5(slab) [ 22.154334] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 22.154652] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 22.154988] page dumped because: kasan: bad access detected [ 22.155250] [ 22.155342] Memory state around the buggy address: [ 22.155544] ffff888101126b00: 00 00 fc fc 00 04 fc fc 00 04 fc fc 00 00 fc fc [ 22.155756] ffff888101126b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 22.156067] >ffff888101126c00: fa fb fc fc fa fb fc fc 00 05 fc fc 00 00 fc fc [ 22.156398] ^ [ 22.156565] ffff888101126c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.157036] ffff888101126d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.157346] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 22.079732] ================================================================== [ 22.080180] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x1b8/0x5e0 [ 22.080747] Read of size 1 at addr ffff888103aaaa00 by task kunit_try_catch/193 [ 22.081133] [ 22.081273] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 22.081326] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.081338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.081361] Call Trace: [ 22.081376] <TASK> [ 22.081396] dump_stack_lvl+0x73/0xb0 [ 22.081427] print_report+0xd1/0x650 [ 22.081451] ? __virt_addr_valid+0x1db/0x2d0 [ 22.081476] ? krealloc_uaf+0x1b8/0x5e0 [ 22.081508] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.081534] ? krealloc_uaf+0x1b8/0x5e0 [ 22.081554] kasan_report+0x141/0x180 [ 22.081586] ? krealloc_uaf+0x1b8/0x5e0 [ 22.081609] ? krealloc_uaf+0x1b8/0x5e0 [ 22.081629] __kasan_check_byte+0x3d/0x50 [ 22.081812] krealloc_noprof+0x3f/0x340 [ 22.081839] krealloc_uaf+0x1b8/0x5e0 [ 22.081860] ? __pfx_krealloc_uaf+0x10/0x10 [ 22.081879] ? finish_task_switch.isra.0+0x153/0x700 [ 22.081902] ? __switch_to+0x47/0xf50 [ 22.081929] ? __schedule+0x10cc/0x2b60 [ 22.081953] ? __pfx_read_tsc+0x10/0x10 [ 22.081976] ? ktime_get_ts64+0x86/0x230 [ 22.082002] kunit_try_run_case+0x1a5/0x480 [ 22.082028] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.082050] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.082074] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.082108] ? __kthread_parkme+0x82/0x180 [ 22.082129] ? preempt_count_sub+0x50/0x80 [ 22.082151] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.082185] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.082208] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.082240] kthread+0x337/0x6f0 [ 22.082260] ? trace_preempt_on+0x20/0xc0 [ 22.082284] ? __pfx_kthread+0x10/0x10 [ 22.082303] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.082326] ? calculate_sigpending+0x7b/0xa0 [ 22.082350] ? __pfx_kthread+0x10/0x10 [ 22.082370] ret_from_fork+0x116/0x1d0 [ 22.082389] ? __pfx_kthread+0x10/0x10 [ 22.082418] ret_from_fork_asm+0x1a/0x30 [ 22.082451] </TASK> [ 22.082463] [ 22.092380] Allocated by task 193: [ 22.092555] kasan_save_stack+0x45/0x70 [ 22.092746] kasan_save_track+0x18/0x40 [ 22.092962] kasan_save_alloc_info+0x3b/0x50 [ 22.093783] __kasan_kmalloc+0xb7/0xc0 [ 22.093947] __kmalloc_cache_noprof+0x189/0x420 [ 22.094181] krealloc_uaf+0xbb/0x5e0 [ 22.094428] kunit_try_run_case+0x1a5/0x480 [ 22.094635] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.094893] kthread+0x337/0x6f0 [ 22.095014] ret_from_fork+0x116/0x1d0 [ 22.095433] ret_from_fork_asm+0x1a/0x30 [ 22.095639] [ 22.095754] Freed by task 193: [ 22.095967] kasan_save_stack+0x45/0x70 [ 22.096104] kasan_save_track+0x18/0x40 [ 22.096297] kasan_save_free_info+0x3f/0x60 [ 22.096527] __kasan_slab_free+0x56/0x70 [ 22.096719] kfree+0x222/0x3f0 [ 22.096895] krealloc_uaf+0x13d/0x5e0 [ 22.097158] kunit_try_run_case+0x1a5/0x480 [ 22.097372] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.097615] kthread+0x337/0x6f0 [ 22.097750] ret_from_fork+0x116/0x1d0 [ 22.097932] ret_from_fork_asm+0x1a/0x30 [ 22.098355] [ 22.098587] The buggy address belongs to the object at ffff888103aaaa00 [ 22.098587] which belongs to the cache kmalloc-256 of size 256 [ 22.100058] The buggy address is located 0 bytes inside of [ 22.100058] freed 256-byte region [ffff888103aaaa00, ffff888103aaab00) [ 22.100695] [ 22.100781] The buggy address belongs to the physical page: [ 22.101316] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103aaa [ 22.101727] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.102432] flags: 0x200000000000040(head|node=0|zone=2) [ 22.102777] page_type: f5(slab) [ 22.103126] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.103534] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.103908] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.104425] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.104889] head: 0200000000000001 ffffea00040eaa81 00000000ffffffff 00000000ffffffff [ 22.105404] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 22.105695] page dumped because: kasan: bad access detected [ 22.106145] [ 22.106252] Memory state around the buggy address: [ 22.106470] ffff888103aaa900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.106888] ffff888103aaa980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.107499] >ffff888103aaaa00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.107891] ^ [ 22.108016] ffff888103aaaa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.108414] ffff888103aaab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.109085] ================================================================== [ 22.109771] ================================================================== [ 22.110062] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x53c/0x5e0 [ 22.110402] Read of size 1 at addr ffff888103aaaa00 by task kunit_try_catch/193 [ 22.110684] [ 22.110792] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 22.110842] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.110854] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.110876] Call Trace: [ 22.110897] <TASK> [ 22.110917] dump_stack_lvl+0x73/0xb0 [ 22.110943] print_report+0xd1/0x650 [ 22.110964] ? __virt_addr_valid+0x1db/0x2d0 [ 22.110988] ? krealloc_uaf+0x53c/0x5e0 [ 22.111007] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.111098] ? krealloc_uaf+0x53c/0x5e0 [ 22.111119] kasan_report+0x141/0x180 [ 22.111140] ? krealloc_uaf+0x53c/0x5e0 [ 22.111165] __asan_report_load1_noabort+0x18/0x20 [ 22.111189] krealloc_uaf+0x53c/0x5e0 [ 22.111210] ? __pfx_krealloc_uaf+0x10/0x10 [ 22.111241] ? finish_task_switch.isra.0+0x153/0x700 [ 22.111265] ? __switch_to+0x47/0xf50 [ 22.111292] ? __schedule+0x10cc/0x2b60 [ 22.111319] ? __pfx_read_tsc+0x10/0x10 [ 22.111341] ? ktime_get_ts64+0x86/0x230 [ 22.111365] kunit_try_run_case+0x1a5/0x480 [ 22.111389] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.111412] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.111437] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.111461] ? __kthread_parkme+0x82/0x180 [ 22.111481] ? preempt_count_sub+0x50/0x80 [ 22.111502] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.111526] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.111549] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.111572] kthread+0x337/0x6f0 [ 22.111591] ? trace_preempt_on+0x20/0xc0 [ 22.111614] ? __pfx_kthread+0x10/0x10 [ 22.111634] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.111656] ? calculate_sigpending+0x7b/0xa0 [ 22.111680] ? __pfx_kthread+0x10/0x10 [ 22.111700] ret_from_fork+0x116/0x1d0 [ 22.111720] ? __pfx_kthread+0x10/0x10 [ 22.111739] ret_from_fork_asm+0x1a/0x30 [ 22.111769] </TASK> [ 22.111781] [ 22.119404] Allocated by task 193: [ 22.119560] kasan_save_stack+0x45/0x70 [ 22.119759] kasan_save_track+0x18/0x40 [ 22.119913] kasan_save_alloc_info+0x3b/0x50 [ 22.120238] __kasan_kmalloc+0xb7/0xc0 [ 22.120398] __kmalloc_cache_noprof+0x189/0x420 [ 22.120644] krealloc_uaf+0xbb/0x5e0 [ 22.120768] kunit_try_run_case+0x1a5/0x480 [ 22.120971] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.121211] kthread+0x337/0x6f0 [ 22.121336] ret_from_fork+0x116/0x1d0 [ 22.121577] ret_from_fork_asm+0x1a/0x30 [ 22.121778] [ 22.121891] Freed by task 193: [ 22.122056] kasan_save_stack+0x45/0x70 [ 22.122191] kasan_save_track+0x18/0x40 [ 22.122390] kasan_save_free_info+0x3f/0x60 [ 22.122583] __kasan_slab_free+0x56/0x70 [ 22.122761] kfree+0x222/0x3f0 [ 22.122904] krealloc_uaf+0x13d/0x5e0 [ 22.123204] kunit_try_run_case+0x1a5/0x480 [ 22.123429] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.123642] kthread+0x337/0x6f0 [ 22.123795] ret_from_fork+0x116/0x1d0 [ 22.123922] ret_from_fork_asm+0x1a/0x30 [ 22.124055] [ 22.124120] The buggy address belongs to the object at ffff888103aaaa00 [ 22.124120] which belongs to the cache kmalloc-256 of size 256 [ 22.124480] The buggy address is located 0 bytes inside of [ 22.124480] freed 256-byte region [ffff888103aaaa00, ffff888103aaab00) [ 22.125069] [ 22.125159] The buggy address belongs to the physical page: [ 22.126081] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103aaa [ 22.126426] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.126648] flags: 0x200000000000040(head|node=0|zone=2) [ 22.126928] page_type: f5(slab) [ 22.127170] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.127522] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.127864] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.128301] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.128556] head: 0200000000000001 ffffea00040eaa81 00000000ffffffff 00000000ffffffff [ 22.128840] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 22.129208] page dumped because: kasan: bad access detected [ 22.129472] [ 22.129566] Memory state around the buggy address: [ 22.129817] ffff888103aaa900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.130129] ffff888103aaa980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.130379] >ffff888103aaaa00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.130600] ^ [ 22.130765] ffff888103aaaa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.131411] ffff888103aaab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.131727] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 21.872562] ================================================================== [ 21.873319] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 21.873887] Write of size 1 at addr ffff888103aaa8da by task kunit_try_catch/187 [ 21.874236] [ 21.874335] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 21.874383] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.874405] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.874428] Call Trace: [ 21.874441] <TASK> [ 21.874460] dump_stack_lvl+0x73/0xb0 [ 21.874501] print_report+0xd1/0x650 [ 21.874525] ? __virt_addr_valid+0x1db/0x2d0 [ 21.874548] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 21.874571] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.874605] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 21.874627] kasan_report+0x141/0x180 [ 21.874648] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 21.874684] __asan_report_store1_noabort+0x1b/0x30 [ 21.874707] krealloc_less_oob_helper+0xec6/0x11d0 [ 21.874731] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 21.874755] ? __kasan_check_write+0x18/0x20 [ 21.874834] ? queued_spin_lock_slowpath+0x116/0xb40 [ 21.874862] ? irqentry_exit+0x2a/0x60 [ 21.874881] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 21.874902] ? trace_hardirqs_on+0x37/0xe0 [ 21.874924] ? __pfx_read_tsc+0x10/0x10 [ 21.874949] krealloc_less_oob+0x1c/0x30 [ 21.874969] kunit_try_run_case+0x1a5/0x480 [ 21.874993] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.875040] ? queued_spin_lock_slowpath+0x116/0xb40 [ 21.875064] ? __kthread_parkme+0x82/0x180 [ 21.875084] ? preempt_count_sub+0x50/0x80 [ 21.875106] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.875130] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.875152] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.875175] kthread+0x337/0x6f0 [ 21.875194] ? trace_preempt_on+0x20/0xc0 [ 21.875215] ? __pfx_kthread+0x10/0x10 [ 21.875243] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.875266] ? calculate_sigpending+0x7b/0xa0 [ 21.875290] ? __pfx_kthread+0x10/0x10 [ 21.875310] ret_from_fork+0x116/0x1d0 [ 21.875328] ? __pfx_kthread+0x10/0x10 [ 21.875348] ret_from_fork_asm+0x1a/0x30 [ 21.875378] </TASK> [ 21.875389] [ 21.883591] Allocated by task 187: [ 21.883863] kasan_save_stack+0x45/0x70 [ 21.884082] kasan_save_track+0x18/0x40 [ 21.884276] kasan_save_alloc_info+0x3b/0x50 [ 21.884475] __kasan_krealloc+0x190/0x1f0 [ 21.884661] krealloc_noprof+0xf3/0x340 [ 21.884914] krealloc_less_oob_helper+0x1aa/0x11d0 [ 21.885178] krealloc_less_oob+0x1c/0x30 [ 21.885326] kunit_try_run_case+0x1a5/0x480 [ 21.885552] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.885741] kthread+0x337/0x6f0 [ 21.885864] ret_from_fork+0x116/0x1d0 [ 21.885990] ret_from_fork_asm+0x1a/0x30 [ 21.886131] [ 21.886321] The buggy address belongs to the object at ffff888103aaa800 [ 21.886321] which belongs to the cache kmalloc-256 of size 256 [ 21.886900] The buggy address is located 17 bytes to the right of [ 21.886900] allocated 201-byte region [ffff888103aaa800, ffff888103aaa8c9) [ 21.887473] [ 21.887541] The buggy address belongs to the physical page: [ 21.887742] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103aaa [ 21.888345] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.888667] flags: 0x200000000000040(head|node=0|zone=2) [ 21.888983] page_type: f5(slab) [ 21.889183] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 21.889502] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.889887] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 21.890240] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.890576] head: 0200000000000001 ffffea00040eaa81 00000000ffffffff 00000000ffffffff [ 21.890951] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 21.891232] page dumped because: kasan: bad access detected [ 21.891481] [ 21.891571] Memory state around the buggy address: [ 21.891827] ffff888103aaa780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.892069] ffff888103aaa800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.892417] >ffff888103aaa880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 21.892734] ^ [ 21.893191] ffff888103aaa900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.893476] ffff888103aaa980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.893865] ================================================================== [ 21.894411] ================================================================== [ 21.894838] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 21.895211] Write of size 1 at addr ffff888103aaa8ea by task kunit_try_catch/187 [ 21.895515] [ 21.895636] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 21.895692] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.895704] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.895725] Call Trace: [ 21.895743] <TASK> [ 21.895767] dump_stack_lvl+0x73/0xb0 [ 21.895869] print_report+0xd1/0x650 [ 21.895890] ? __virt_addr_valid+0x1db/0x2d0 [ 21.895913] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 21.895935] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.895960] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 21.895990] kasan_report+0x141/0x180 [ 21.896011] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 21.896037] __asan_report_store1_noabort+0x1b/0x30 [ 21.896081] krealloc_less_oob_helper+0xe90/0x11d0 [ 21.896107] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 21.896132] ? __kasan_check_write+0x18/0x20 [ 21.896154] ? queued_spin_lock_slowpath+0x116/0xb40 [ 21.896178] ? irqentry_exit+0x2a/0x60 [ 21.896198] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 21.896227] ? trace_hardirqs_on+0x37/0xe0 [ 21.896249] ? __pfx_read_tsc+0x10/0x10 [ 21.896273] krealloc_less_oob+0x1c/0x30 [ 21.896302] kunit_try_run_case+0x1a5/0x480 [ 21.896327] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.896350] ? queued_spin_lock_slowpath+0x116/0xb40 [ 21.896384] ? __kthread_parkme+0x82/0x180 [ 21.896404] ? preempt_count_sub+0x50/0x80 [ 21.896427] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.896449] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.896471] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.896503] kthread+0x337/0x6f0 [ 21.896521] ? trace_preempt_on+0x20/0xc0 [ 21.896542] ? __pfx_kthread+0x10/0x10 [ 21.896562] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.896595] ? calculate_sigpending+0x7b/0xa0 [ 21.896618] ? __pfx_kthread+0x10/0x10 [ 21.896639] ret_from_fork+0x116/0x1d0 [ 21.896656] ? __pfx_kthread+0x10/0x10 [ 21.896684] ret_from_fork_asm+0x1a/0x30 [ 21.896714] </TASK> [ 21.896725] [ 21.904746] Allocated by task 187: [ 21.905202] kasan_save_stack+0x45/0x70 [ 21.905423] kasan_save_track+0x18/0x40 [ 21.905608] kasan_save_alloc_info+0x3b/0x50 [ 21.905899] __kasan_krealloc+0x190/0x1f0 [ 21.906086] krealloc_noprof+0xf3/0x340 [ 21.906281] krealloc_less_oob_helper+0x1aa/0x11d0 [ 21.906495] krealloc_less_oob+0x1c/0x30 [ 21.906680] kunit_try_run_case+0x1a5/0x480 [ 21.906941] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.907206] kthread+0x337/0x6f0 [ 21.907382] ret_from_fork+0x116/0x1d0 [ 21.907554] ret_from_fork_asm+0x1a/0x30 [ 21.907734] [ 21.907868] The buggy address belongs to the object at ffff888103aaa800 [ 21.907868] which belongs to the cache kmalloc-256 of size 256 [ 21.908309] The buggy address is located 33 bytes to the right of [ 21.908309] allocated 201-byte region [ffff888103aaa800, ffff888103aaa8c9) [ 21.908937] [ 21.909033] The buggy address belongs to the physical page: [ 21.909337] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103aaa [ 21.909672] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.910177] flags: 0x200000000000040(head|node=0|zone=2) [ 21.910509] page_type: f5(slab) [ 21.910699] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 21.911198] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.911581] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 21.911994] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.912281] head: 0200000000000001 ffffea00040eaa81 00000000ffffffff 00000000ffffffff [ 21.912650] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 21.913025] page dumped because: kasan: bad access detected [ 21.913275] [ 21.913375] Memory state around the buggy address: [ 21.913595] ffff888103aaa780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.913875] ffff888103aaa800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.914280] >ffff888103aaa880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 21.914587] ^ [ 21.914981] ffff888103aaa900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.915353] ffff888103aaa980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.915671] ================================================================== [ 21.916130] ================================================================== [ 21.916481] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 21.916800] Write of size 1 at addr ffff888103aaa8eb by task kunit_try_catch/187 [ 21.917111] [ 21.917196] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 21.917493] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.917509] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.917531] Call Trace: [ 21.917551] <TASK> [ 21.917582] dump_stack_lvl+0x73/0xb0 [ 21.917611] print_report+0xd1/0x650 [ 21.917633] ? __virt_addr_valid+0x1db/0x2d0 [ 21.917655] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 21.917678] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.917713] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 21.917735] kasan_report+0x141/0x180 [ 21.917755] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 21.917839] __asan_report_store1_noabort+0x1b/0x30 [ 21.917865] krealloc_less_oob_helper+0xd47/0x11d0 [ 21.917889] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 21.917913] ? __kasan_check_write+0x18/0x20 [ 21.917935] ? queued_spin_lock_slowpath+0x116/0xb40 [ 21.917959] ? irqentry_exit+0x2a/0x60 [ 21.917978] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 21.917999] ? trace_hardirqs_on+0x37/0xe0 [ 21.918038] ? __pfx_read_tsc+0x10/0x10 [ 21.918063] krealloc_less_oob+0x1c/0x30 [ 21.918083] kunit_try_run_case+0x1a5/0x480 [ 21.918106] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.918130] ? queued_spin_lock_slowpath+0x116/0xb40 [ 21.918154] ? __kthread_parkme+0x82/0x180 [ 21.918174] ? preempt_count_sub+0x50/0x80 [ 21.918196] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.918228] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.918250] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.918273] kthread+0x337/0x6f0 [ 21.918291] ? trace_preempt_on+0x20/0xc0 [ 21.918322] ? __pfx_kthread+0x10/0x10 [ 21.918341] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.918364] ? calculate_sigpending+0x7b/0xa0 [ 21.918398] ? __pfx_kthread+0x10/0x10 [ 21.918418] ret_from_fork+0x116/0x1d0 [ 21.918436] ? __pfx_kthread+0x10/0x10 [ 21.918456] ret_from_fork_asm+0x1a/0x30 [ 21.918487] </TASK> [ 21.918498] [ 21.926612] Allocated by task 187: [ 21.926749] kasan_save_stack+0x45/0x70 [ 21.927269] kasan_save_track+0x18/0x40 [ 21.927460] kasan_save_alloc_info+0x3b/0x50 [ 21.927665] __kasan_krealloc+0x190/0x1f0 [ 21.927859] krealloc_noprof+0xf3/0x340 [ 21.928171] krealloc_less_oob_helper+0x1aa/0x11d0 [ 21.928408] krealloc_less_oob+0x1c/0x30 [ 21.928602] kunit_try_run_case+0x1a5/0x480 [ 21.928860] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.929148] kthread+0x337/0x6f0 [ 21.929319] ret_from_fork+0x116/0x1d0 [ 21.929445] ret_from_fork_asm+0x1a/0x30 [ 21.929576] [ 21.929641] The buggy address belongs to the object at ffff888103aaa800 [ 21.929641] which belongs to the cache kmalloc-256 of size 256 [ 21.930267] The buggy address is located 34 bytes to the right of [ 21.930267] allocated 201-byte region [ffff888103aaa800, ffff888103aaa8c9) [ 21.930757] [ 21.930832] The buggy address belongs to the physical page: [ 21.931013] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103aaa [ 21.931488] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.932062] flags: 0x200000000000040(head|node=0|zone=2) [ 21.932342] page_type: f5(slab) [ 21.932517] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 21.932915] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.933276] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 21.933522] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.933887] head: 0200000000000001 ffffea00040eaa81 00000000ffffffff 00000000ffffffff [ 21.934261] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 21.934573] page dumped because: kasan: bad access detected [ 21.934763] [ 21.934942] Memory state around the buggy address: [ 21.935217] ffff888103aaa780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.935495] ffff888103aaa800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.935800] >ffff888103aaa880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 21.936171] ^ [ 21.936381] ffff888103aaa900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.936719] ffff888103aaa980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.937228] ================================================================== [ 21.849632] ================================================================== [ 21.850285] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 21.850534] Write of size 1 at addr ffff888103aaa8d0 by task kunit_try_catch/187 [ 21.851035] [ 21.851149] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 21.851198] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.851210] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.851241] Call Trace: [ 21.851260] <TASK> [ 21.851279] dump_stack_lvl+0x73/0xb0 [ 21.851307] print_report+0xd1/0x650 [ 21.851328] ? __virt_addr_valid+0x1db/0x2d0 [ 21.851351] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 21.851374] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.851398] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 21.851420] kasan_report+0x141/0x180 [ 21.851441] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 21.851467] __asan_report_store1_noabort+0x1b/0x30 [ 21.851490] krealloc_less_oob_helper+0xe23/0x11d0 [ 21.851514] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 21.851538] ? __kasan_check_write+0x18/0x20 [ 21.851560] ? queued_spin_lock_slowpath+0x116/0xb40 [ 21.851595] ? irqentry_exit+0x2a/0x60 [ 21.851614] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 21.851635] ? trace_hardirqs_on+0x37/0xe0 [ 21.851669] ? __pfx_read_tsc+0x10/0x10 [ 21.851693] krealloc_less_oob+0x1c/0x30 [ 21.851713] kunit_try_run_case+0x1a5/0x480 [ 21.851746] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.851769] ? queued_spin_lock_slowpath+0x116/0xb40 [ 21.851843] ? __kthread_parkme+0x82/0x180 [ 21.851867] ? preempt_count_sub+0x50/0x80 [ 21.851891] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.851914] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.851937] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.851959] kthread+0x337/0x6f0 [ 21.851979] ? trace_preempt_on+0x20/0xc0 [ 21.852000] ? __pfx_kthread+0x10/0x10 [ 21.852020] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.852042] ? calculate_sigpending+0x7b/0xa0 [ 21.852066] ? __pfx_kthread+0x10/0x10 [ 21.852086] ret_from_fork+0x116/0x1d0 [ 21.852105] ? __pfx_kthread+0x10/0x10 [ 21.852124] ret_from_fork_asm+0x1a/0x30 [ 21.852155] </TASK> [ 21.852166] [ 21.860173] Allocated by task 187: [ 21.860379] kasan_save_stack+0x45/0x70 [ 21.860584] kasan_save_track+0x18/0x40 [ 21.860713] kasan_save_alloc_info+0x3b/0x50 [ 21.861244] __kasan_krealloc+0x190/0x1f0 [ 21.861457] krealloc_noprof+0xf3/0x340 [ 21.861646] krealloc_less_oob_helper+0x1aa/0x11d0 [ 21.861959] krealloc_less_oob+0x1c/0x30 [ 21.862172] kunit_try_run_case+0x1a5/0x480 [ 21.862378] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.862580] kthread+0x337/0x6f0 [ 21.862704] ret_from_fork+0x116/0x1d0 [ 21.862896] ret_from_fork_asm+0x1a/0x30 [ 21.863138] [ 21.863238] The buggy address belongs to the object at ffff888103aaa800 [ 21.863238] which belongs to the cache kmalloc-256 of size 256 [ 21.863768] The buggy address is located 7 bytes to the right of [ 21.863768] allocated 201-byte region [ffff888103aaa800, ffff888103aaa8c9) [ 21.864362] [ 21.864433] The buggy address belongs to the physical page: [ 21.864604] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103aaa [ 21.864932] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.865331] flags: 0x200000000000040(head|node=0|zone=2) [ 21.865616] page_type: f5(slab) [ 21.866081] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 21.866504] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.866946] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 21.867302] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.867623] head: 0200000000000001 ffffea00040eaa81 00000000ffffffff 00000000ffffffff [ 21.868009] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 21.868345] page dumped because: kasan: bad access detected [ 21.868593] [ 21.868683] Memory state around the buggy address: [ 21.868955] ffff888103aaa780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.869293] ffff888103aaa800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.869585] >ffff888103aaa880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 21.869930] ^ [ 21.870241] ffff888103aaa900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.870538] ffff888103aaa980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.871193] ================================================================== [ 22.001112] ================================================================== [ 22.001717] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 22.002586] Write of size 1 at addr ffff888102bbe0d0 by task kunit_try_catch/191 [ 22.002819] [ 22.002909] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 22.002954] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.002966] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.002998] Call Trace: [ 22.003015] <TASK> [ 22.003038] dump_stack_lvl+0x73/0xb0 [ 22.003145] print_report+0xd1/0x650 [ 22.003168] ? __virt_addr_valid+0x1db/0x2d0 [ 22.003191] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 22.003213] ? kasan_addr_to_slab+0x11/0xa0 [ 22.003243] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 22.003265] kasan_report+0x141/0x180 [ 22.003287] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 22.003313] __asan_report_store1_noabort+0x1b/0x30 [ 22.003336] krealloc_less_oob_helper+0xe23/0x11d0 [ 22.003361] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.003384] ? finish_task_switch.isra.0+0x153/0x700 [ 22.003405] ? __switch_to+0x47/0xf50 [ 22.003439] ? __schedule+0x10cc/0x2b60 [ 22.003464] ? __pfx_read_tsc+0x10/0x10 [ 22.003489] krealloc_large_less_oob+0x1c/0x30 [ 22.003521] kunit_try_run_case+0x1a5/0x480 [ 22.003545] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.003567] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.003600] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.003624] ? __kthread_parkme+0x82/0x180 [ 22.003643] ? preempt_count_sub+0x50/0x80 [ 22.003675] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.003698] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.003721] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.003744] kthread+0x337/0x6f0 [ 22.003772] ? trace_preempt_on+0x20/0xc0 [ 22.003796] ? __pfx_kthread+0x10/0x10 [ 22.003819] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.003863] ? calculate_sigpending+0x7b/0xa0 [ 22.003886] ? __pfx_kthread+0x10/0x10 [ 22.003907] ret_from_fork+0x116/0x1d0 [ 22.003925] ? __pfx_kthread+0x10/0x10 [ 22.003984] ret_from_fork_asm+0x1a/0x30 [ 22.004038] </TASK> [ 22.004049] [ 22.012393] The buggy address belongs to the physical page: [ 22.012758] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bbc [ 22.013449] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.013768] flags: 0x200000000000040(head|node=0|zone=2) [ 22.014149] page_type: f8(unknown) [ 22.014327] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.014649] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.015062] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.015407] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.015634] head: 0200000000000002 ffffea00040aef01 00000000ffffffff 00000000ffffffff [ 22.015877] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.016303] page dumped because: kasan: bad access detected [ 22.016749] [ 22.016897] Memory state around the buggy address: [ 22.017245] ffff888102bbdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.017767] ffff888102bbe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.018215] >ffff888102bbe080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 22.018442] ^ [ 22.018737] ffff888102bbe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.019138] ffff888102bbe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.019469] ================================================================== [ 22.038496] ================================================================== [ 22.039000] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 22.039343] Write of size 1 at addr ffff888102bbe0ea by task kunit_try_catch/191 [ 22.039656] [ 22.039766] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 22.039826] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.039838] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.039861] Call Trace: [ 22.039966] <TASK> [ 22.039991] dump_stack_lvl+0x73/0xb0 [ 22.040034] print_report+0xd1/0x650 [ 22.040056] ? __virt_addr_valid+0x1db/0x2d0 [ 22.040092] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 22.040115] ? kasan_addr_to_slab+0x11/0xa0 [ 22.040134] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 22.040158] kasan_report+0x141/0x180 [ 22.040179] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 22.040213] __asan_report_store1_noabort+0x1b/0x30 [ 22.040252] krealloc_less_oob_helper+0xe90/0x11d0 [ 22.040276] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.040299] ? finish_task_switch.isra.0+0x153/0x700 [ 22.040321] ? __switch_to+0x47/0xf50 [ 22.040346] ? __schedule+0x10cc/0x2b60 [ 22.040370] ? __pfx_read_tsc+0x10/0x10 [ 22.040404] krealloc_large_less_oob+0x1c/0x30 [ 22.040425] kunit_try_run_case+0x1a5/0x480 [ 22.040450] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.040481] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.040506] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.040530] ? __kthread_parkme+0x82/0x180 [ 22.040551] ? preempt_count_sub+0x50/0x80 [ 22.040574] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.040598] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.040620] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.040643] kthread+0x337/0x6f0 [ 22.040662] ? trace_preempt_on+0x20/0xc0 [ 22.040686] ? __pfx_kthread+0x10/0x10 [ 22.040705] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.040737] ? calculate_sigpending+0x7b/0xa0 [ 22.040761] ? __pfx_kthread+0x10/0x10 [ 22.040781] ret_from_fork+0x116/0x1d0 [ 22.040810] ? __pfx_kthread+0x10/0x10 [ 22.040830] ret_from_fork_asm+0x1a/0x30 [ 22.040862] </TASK> [ 22.040873] [ 22.049414] The buggy address belongs to the physical page: [ 22.049708] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bbc [ 22.050156] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.050396] flags: 0x200000000000040(head|node=0|zone=2) [ 22.050609] page_type: f8(unknown) [ 22.050782] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.051071] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.051522] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.051769] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.052366] head: 0200000000000002 ffffea00040aef01 00000000ffffffff 00000000ffffffff [ 22.052646] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.052911] page dumped because: kasan: bad access detected [ 22.053184] [ 22.053298] Memory state around the buggy address: [ 22.053484] ffff888102bbdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.054091] ffff888102bbe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.054437] >ffff888102bbe080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 22.054733] ^ [ 22.055178] ffff888102bbe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.055468] ffff888102bbe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.055747] ================================================================== [ 21.827395] ================================================================== [ 21.827886] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 21.828513] Write of size 1 at addr ffff888103aaa8c9 by task kunit_try_catch/187 [ 21.828820] [ 21.828944] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 21.828998] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.829011] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.829035] Call Trace: [ 21.829049] <TASK> [ 21.829089] dump_stack_lvl+0x73/0xb0 [ 21.829132] print_report+0xd1/0x650 [ 21.829155] ? __virt_addr_valid+0x1db/0x2d0 [ 21.829180] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 21.829279] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.829304] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 21.829327] kasan_report+0x141/0x180 [ 21.829347] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 21.829374] __asan_report_store1_noabort+0x1b/0x30 [ 21.829408] krealloc_less_oob_helper+0xd70/0x11d0 [ 21.829432] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 21.829456] ? __kasan_check_write+0x18/0x20 [ 21.829490] ? queued_spin_lock_slowpath+0x116/0xb40 [ 21.829515] ? irqentry_exit+0x2a/0x60 [ 21.829534] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 21.829555] ? trace_hardirqs_on+0x37/0xe0 [ 21.829587] ? __pfx_read_tsc+0x10/0x10 [ 21.829612] krealloc_less_oob+0x1c/0x30 [ 21.829633] kunit_try_run_case+0x1a5/0x480 [ 21.829668] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.829692] ? queued_spin_lock_slowpath+0x116/0xb40 [ 21.829716] ? __kthread_parkme+0x82/0x180 [ 21.829736] ? preempt_count_sub+0x50/0x80 [ 21.829759] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.829782] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.829851] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.829874] kthread+0x337/0x6f0 [ 21.829893] ? trace_preempt_on+0x20/0xc0 [ 21.829915] ? __pfx_kthread+0x10/0x10 [ 21.829934] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.829957] ? calculate_sigpending+0x7b/0xa0 [ 21.829981] ? __pfx_kthread+0x10/0x10 [ 21.830002] ret_from_fork+0x116/0x1d0 [ 21.830020] ? __pfx_kthread+0x10/0x10 [ 21.830040] ret_from_fork_asm+0x1a/0x30 [ 21.830070] </TASK> [ 21.830082] [ 21.838526] Allocated by task 187: [ 21.838732] kasan_save_stack+0x45/0x70 [ 21.839002] kasan_save_track+0x18/0x40 [ 21.839197] kasan_save_alloc_info+0x3b/0x50 [ 21.839383] __kasan_krealloc+0x190/0x1f0 [ 21.839583] krealloc_noprof+0xf3/0x340 [ 21.839768] krealloc_less_oob_helper+0x1aa/0x11d0 [ 21.840067] krealloc_less_oob+0x1c/0x30 [ 21.840232] kunit_try_run_case+0x1a5/0x480 [ 21.840463] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.840672] kthread+0x337/0x6f0 [ 21.840851] ret_from_fork+0x116/0x1d0 [ 21.841009] ret_from_fork_asm+0x1a/0x30 [ 21.841413] [ 21.841516] The buggy address belongs to the object at ffff888103aaa800 [ 21.841516] which belongs to the cache kmalloc-256 of size 256 [ 21.842185] The buggy address is located 0 bytes to the right of [ 21.842185] allocated 201-byte region [ffff888103aaa800, ffff888103aaa8c9) [ 21.842617] [ 21.842689] The buggy address belongs to the physical page: [ 21.842901] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103aaa [ 21.843323] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.843574] flags: 0x200000000000040(head|node=0|zone=2) [ 21.843749] page_type: f5(slab) [ 21.843986] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 21.844375] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.844722] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 21.845107] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.845416] head: 0200000000000001 ffffea00040eaa81 00000000ffffffff 00000000ffffffff [ 21.845760] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 21.846195] page dumped because: kasan: bad access detected [ 21.846419] [ 21.846506] Memory state around the buggy address: [ 21.846686] ffff888103aaa780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.847256] ffff888103aaa800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.847579] >ffff888103aaa880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 21.847881] ^ [ 21.848294] ffff888103aaa900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.848587] ffff888103aaa980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.849040] ================================================================== [ 22.056300] ================================================================== [ 22.056619] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 22.057108] Write of size 1 at addr ffff888102bbe0eb by task kunit_try_catch/191 [ 22.057381] [ 22.057491] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 22.057548] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.057561] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.057582] Call Trace: [ 22.057612] <TASK> [ 22.057631] dump_stack_lvl+0x73/0xb0 [ 22.057659] print_report+0xd1/0x650 [ 22.057682] ? __virt_addr_valid+0x1db/0x2d0 [ 22.057705] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 22.057727] ? kasan_addr_to_slab+0x11/0xa0 [ 22.057747] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 22.057769] kasan_report+0x141/0x180 [ 22.057801] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 22.057828] __asan_report_store1_noabort+0x1b/0x30 [ 22.057949] krealloc_less_oob_helper+0xd47/0x11d0 [ 22.057976] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.058001] ? finish_task_switch.isra.0+0x153/0x700 [ 22.058023] ? __switch_to+0x47/0xf50 [ 22.058145] ? __schedule+0x10cc/0x2b60 [ 22.058171] ? __pfx_read_tsc+0x10/0x10 [ 22.058196] krealloc_large_less_oob+0x1c/0x30 [ 22.058218] kunit_try_run_case+0x1a5/0x480 [ 22.058253] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.058275] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.058299] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.058322] ? __kthread_parkme+0x82/0x180 [ 22.058342] ? preempt_count_sub+0x50/0x80 [ 22.058364] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.058429] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.058453] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.058487] kthread+0x337/0x6f0 [ 22.058507] ? trace_preempt_on+0x20/0xc0 [ 22.058530] ? __pfx_kthread+0x10/0x10 [ 22.058550] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.058572] ? calculate_sigpending+0x7b/0xa0 [ 22.058595] ? __pfx_kthread+0x10/0x10 [ 22.058616] ret_from_fork+0x116/0x1d0 [ 22.058634] ? __pfx_kthread+0x10/0x10 [ 22.058654] ret_from_fork_asm+0x1a/0x30 [ 22.058685] </TASK> [ 22.058696] [ 22.067037] The buggy address belongs to the physical page: [ 22.067405] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bbc [ 22.067770] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.068200] flags: 0x200000000000040(head|node=0|zone=2) [ 22.068460] page_type: f8(unknown) [ 22.068618] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.068928] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.069261] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.069488] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.070143] head: 0200000000000002 ffffea00040aef01 00000000ffffffff 00000000ffffffff [ 22.070564] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.070896] page dumped because: kasan: bad access detected [ 22.071307] [ 22.071414] Memory state around the buggy address: [ 22.071600] ffff888102bbdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.071996] ffff888102bbe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.072353] >ffff888102bbe080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 22.072647] ^ [ 22.072961] ffff888102bbe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.073330] ffff888102bbe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.073644] ================================================================== [ 22.019904] ================================================================== [ 22.020320] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 22.020674] Write of size 1 at addr ffff888102bbe0da by task kunit_try_catch/191 [ 22.021237] [ 22.021375] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 22.021425] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.021437] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.021460] Call Trace: [ 22.021480] <TASK> [ 22.021501] dump_stack_lvl+0x73/0xb0 [ 22.021543] print_report+0xd1/0x650 [ 22.021566] ? __virt_addr_valid+0x1db/0x2d0 [ 22.021589] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 22.021624] ? kasan_addr_to_slab+0x11/0xa0 [ 22.021643] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 22.021666] kasan_report+0x141/0x180 [ 22.021687] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 22.021713] __asan_report_store1_noabort+0x1b/0x30 [ 22.021737] krealloc_less_oob_helper+0xec6/0x11d0 [ 22.021761] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.021834] ? finish_task_switch.isra.0+0x153/0x700 [ 22.021861] ? __switch_to+0x47/0xf50 [ 22.021887] ? __schedule+0x10cc/0x2b60 [ 22.021967] ? __pfx_read_tsc+0x10/0x10 [ 22.021994] krealloc_large_less_oob+0x1c/0x30 [ 22.022027] kunit_try_run_case+0x1a5/0x480 [ 22.022052] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.022085] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.022110] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.022133] ? __kthread_parkme+0x82/0x180 [ 22.022153] ? preempt_count_sub+0x50/0x80 [ 22.022175] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.022198] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.022238] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.022261] kthread+0x337/0x6f0 [ 22.022291] ? trace_preempt_on+0x20/0xc0 [ 22.022314] ? __pfx_kthread+0x10/0x10 [ 22.022334] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.022357] ? calculate_sigpending+0x7b/0xa0 [ 22.022380] ? __pfx_kthread+0x10/0x10 [ 22.022401] ret_from_fork+0x116/0x1d0 [ 22.022419] ? __pfx_kthread+0x10/0x10 [ 22.022439] ret_from_fork_asm+0x1a/0x30 [ 22.022479] </TASK> [ 22.022490] [ 22.031051] The buggy address belongs to the physical page: [ 22.031266] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bbc [ 22.031627] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.031963] flags: 0x200000000000040(head|node=0|zone=2) [ 22.032276] page_type: f8(unknown) [ 22.032481] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.033058] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.033426] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.033670] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.033944] head: 0200000000000002 ffffea00040aef01 00000000ffffffff 00000000ffffffff [ 22.034366] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.034801] page dumped because: kasan: bad access detected [ 22.034966] [ 22.035035] Memory state around the buggy address: [ 22.035187] ffff888102bbdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.035880] ffff888102bbe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.036366] >ffff888102bbe080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 22.036575] ^ [ 22.037270] ffff888102bbe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.037561] ffff888102bbe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.038058] ================================================================== [ 21.984467] ================================================================== [ 21.984940] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 21.985362] Write of size 1 at addr ffff888102bbe0c9 by task kunit_try_catch/191 [ 21.985677] [ 21.985790] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 21.985854] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.985867] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.985890] Call Trace: [ 21.985916] <TASK> [ 21.985938] dump_stack_lvl+0x73/0xb0 [ 21.985971] print_report+0xd1/0x650 [ 21.985994] ? __virt_addr_valid+0x1db/0x2d0 [ 21.986019] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 21.986052] ? kasan_addr_to_slab+0x11/0xa0 [ 21.986071] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 21.986094] kasan_report+0x141/0x180 [ 21.986115] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 21.986151] __asan_report_store1_noabort+0x1b/0x30 [ 21.986174] krealloc_less_oob_helper+0xd70/0x11d0 [ 21.986198] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 21.986241] ? finish_task_switch.isra.0+0x153/0x700 [ 21.986264] ? __switch_to+0x47/0xf50 [ 21.986291] ? __schedule+0x10cc/0x2b60 [ 21.986316] ? __pfx_read_tsc+0x10/0x10 [ 21.986341] krealloc_large_less_oob+0x1c/0x30 [ 21.986362] kunit_try_run_case+0x1a5/0x480 [ 21.986388] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.986410] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.986443] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.986467] ? __kthread_parkme+0x82/0x180 [ 21.986488] ? preempt_count_sub+0x50/0x80 [ 21.986521] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.986544] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.986567] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.986590] kthread+0x337/0x6f0 [ 21.986609] ? trace_preempt_on+0x20/0xc0 [ 21.986634] ? __pfx_kthread+0x10/0x10 [ 21.986653] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.986676] ? calculate_sigpending+0x7b/0xa0 [ 21.986700] ? __pfx_kthread+0x10/0x10 [ 21.986720] ret_from_fork+0x116/0x1d0 [ 21.986739] ? __pfx_kthread+0x10/0x10 [ 21.986758] ret_from_fork_asm+0x1a/0x30 [ 21.986800] </TASK> [ 21.986813] [ 21.994625] The buggy address belongs to the physical page: [ 21.994816] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bbc [ 21.995180] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.995534] flags: 0x200000000000040(head|node=0|zone=2) [ 21.995711] page_type: f8(unknown) [ 21.996022] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.996574] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.996937] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.997413] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.997740] head: 0200000000000002 ffffea00040aef01 00000000ffffffff 00000000ffffffff [ 21.998216] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.998555] page dumped because: kasan: bad access detected [ 21.998777] [ 21.998944] Memory state around the buggy address: [ 21.999186] ffff888102bbdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.999435] ffff888102bbe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.999646] >ffff888102bbe080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 21.999913] ^ [ 22.000295] ffff888102bbe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.000591] ffff888102bbe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.000795] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 21.801089] ================================================================== [ 21.801427] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 21.801750] Write of size 1 at addr ffff888103aaa6f0 by task kunit_try_catch/185 [ 21.802041] [ 21.802156] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 21.802214] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.802288] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.802311] Call Trace: [ 21.802324] <TASK> [ 21.802342] dump_stack_lvl+0x73/0xb0 [ 21.802370] print_report+0xd1/0x650 [ 21.802391] ? __virt_addr_valid+0x1db/0x2d0 [ 21.802413] ? krealloc_more_oob_helper+0x7eb/0x930 [ 21.802435] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.802471] ? krealloc_more_oob_helper+0x7eb/0x930 [ 21.802493] kasan_report+0x141/0x180 [ 21.802513] ? krealloc_more_oob_helper+0x7eb/0x930 [ 21.802551] __asan_report_store1_noabort+0x1b/0x30 [ 21.802574] krealloc_more_oob_helper+0x7eb/0x930 [ 21.802594] ? __schedule+0x10cc/0x2b60 [ 21.802619] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 21.802641] ? finish_task_switch.isra.0+0x153/0x700 [ 21.802662] ? __switch_to+0x47/0xf50 [ 21.802687] ? __schedule+0x10cc/0x2b60 [ 21.802709] ? __pfx_read_tsc+0x10/0x10 [ 21.802732] krealloc_more_oob+0x1c/0x30 [ 21.802761] kunit_try_run_case+0x1a5/0x480 [ 21.802822] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.802846] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.802870] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.802894] ? __kthread_parkme+0x82/0x180 [ 21.802913] ? preempt_count_sub+0x50/0x80 [ 21.802936] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.802959] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.802981] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.803004] kthread+0x337/0x6f0 [ 21.803047] ? trace_preempt_on+0x20/0xc0 [ 21.803077] ? __pfx_kthread+0x10/0x10 [ 21.803097] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.803131] ? calculate_sigpending+0x7b/0xa0 [ 21.803154] ? __pfx_kthread+0x10/0x10 [ 21.803175] ret_from_fork+0x116/0x1d0 [ 21.803193] ? __pfx_kthread+0x10/0x10 [ 21.803213] ret_from_fork_asm+0x1a/0x30 [ 21.803251] </TASK> [ 21.803262] [ 21.811322] Allocated by task 185: [ 21.811762] kasan_save_stack+0x45/0x70 [ 21.811980] kasan_save_track+0x18/0x40 [ 21.812167] kasan_save_alloc_info+0x3b/0x50 [ 21.812458] __kasan_krealloc+0x190/0x1f0 [ 21.812620] krealloc_noprof+0xf3/0x340 [ 21.812878] krealloc_more_oob_helper+0x1a9/0x930 [ 21.813119] krealloc_more_oob+0x1c/0x30 [ 21.813272] kunit_try_run_case+0x1a5/0x480 [ 21.813487] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.813710] kthread+0x337/0x6f0 [ 21.813901] ret_from_fork+0x116/0x1d0 [ 21.814169] ret_from_fork_asm+0x1a/0x30 [ 21.814369] [ 21.814462] The buggy address belongs to the object at ffff888103aaa600 [ 21.814462] which belongs to the cache kmalloc-256 of size 256 [ 21.814977] The buggy address is located 5 bytes to the right of [ 21.814977] allocated 235-byte region [ffff888103aaa600, ffff888103aaa6eb) [ 21.815364] [ 21.815439] The buggy address belongs to the physical page: [ 21.815676] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103aaa [ 21.816661] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.817016] flags: 0x200000000000040(head|node=0|zone=2) [ 21.817309] page_type: f5(slab) [ 21.817450] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 21.817674] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.818162] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 21.818514] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.818914] head: 0200000000000001 ffffea00040eaa81 00000000ffffffff 00000000ffffffff [ 21.819331] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 21.819668] page dumped because: kasan: bad access detected [ 21.819950] [ 21.820051] Memory state around the buggy address: [ 21.820269] ffff888103aaa580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.820561] ffff888103aaa600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.820971] >ffff888103aaa680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 21.821536] ^ [ 21.821924] ffff888103aaa700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.822283] ffff888103aaa780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.822603] ================================================================== [ 21.962499] ================================================================== [ 21.962997] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 21.963569] Write of size 1 at addr ffff888102c8e0f0 by task kunit_try_catch/189 [ 21.964100] [ 21.964207] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 21.964277] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.964289] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.964311] Call Trace: [ 21.964325] <TASK> [ 21.964343] dump_stack_lvl+0x73/0xb0 [ 21.964373] print_report+0xd1/0x650 [ 21.964405] ? __virt_addr_valid+0x1db/0x2d0 [ 21.964429] ? krealloc_more_oob_helper+0x7eb/0x930 [ 21.964452] ? kasan_addr_to_slab+0x11/0xa0 [ 21.964481] ? krealloc_more_oob_helper+0x7eb/0x930 [ 21.964504] kasan_report+0x141/0x180 [ 21.964525] ? krealloc_more_oob_helper+0x7eb/0x930 [ 21.964552] __asan_report_store1_noabort+0x1b/0x30 [ 21.964575] krealloc_more_oob_helper+0x7eb/0x930 [ 21.964596] ? __schedule+0x10cc/0x2b60 [ 21.964619] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 21.964644] ? __kasan_check_write+0x18/0x20 [ 21.964665] ? queued_spin_lock_slowpath+0x116/0xb40 [ 21.964691] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 21.964716] ? __pfx_read_tsc+0x10/0x10 [ 21.964740] krealloc_large_more_oob+0x1c/0x30 [ 21.964770] kunit_try_run_case+0x1a5/0x480 [ 21.964794] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.964816] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 21.964859] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.964883] ? __kthread_parkme+0x82/0x180 [ 21.964903] ? preempt_count_sub+0x50/0x80 [ 21.964925] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.964948] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.965016] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.965051] kthread+0x337/0x6f0 [ 21.965070] ? trace_preempt_on+0x20/0xc0 [ 21.965093] ? __pfx_kthread+0x10/0x10 [ 21.965112] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.965135] ? calculate_sigpending+0x7b/0xa0 [ 21.965159] ? __pfx_kthread+0x10/0x10 [ 21.965179] ret_from_fork+0x116/0x1d0 [ 21.965198] ? __pfx_kthread+0x10/0x10 [ 21.965217] ret_from_fork_asm+0x1a/0x30 [ 21.965255] </TASK> [ 21.965267] [ 21.974331] The buggy address belongs to the physical page: [ 21.974598] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c8c [ 21.974874] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.975237] flags: 0x200000000000040(head|node=0|zone=2) [ 21.975439] page_type: f8(unknown) [ 21.975742] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.976208] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.976531] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.976936] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.977246] head: 0200000000000002 ffffea00040b2301 00000000ffffffff 00000000ffffffff [ 21.977470] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.977986] page dumped because: kasan: bad access detected [ 21.978334] [ 21.978398] Memory state around the buggy address: [ 21.978548] ffff888102c8df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.978754] ffff888102c8e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.979595] >ffff888102c8e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 21.980084] ^ [ 21.980417] ffff888102c8e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.980689] ffff888102c8e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.981139] ================================================================== [ 21.943244] ================================================================== [ 21.943677] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 21.944361] Write of size 1 at addr ffff888102c8e0eb by task kunit_try_catch/189 [ 21.944693] [ 21.944798] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 21.944849] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.944861] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.944884] Call Trace: [ 21.944898] <TASK> [ 21.944917] dump_stack_lvl+0x73/0xb0 [ 21.944989] print_report+0xd1/0x650 [ 21.945014] ? __virt_addr_valid+0x1db/0x2d0 [ 21.945037] ? krealloc_more_oob_helper+0x821/0x930 [ 21.945084] ? kasan_addr_to_slab+0x11/0xa0 [ 21.945103] ? krealloc_more_oob_helper+0x821/0x930 [ 21.945125] kasan_report+0x141/0x180 [ 21.945146] ? krealloc_more_oob_helper+0x821/0x930 [ 21.945173] __asan_report_store1_noabort+0x1b/0x30 [ 21.945196] krealloc_more_oob_helper+0x821/0x930 [ 21.945217] ? __schedule+0x10cc/0x2b60 [ 21.945260] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 21.945284] ? __kasan_check_write+0x18/0x20 [ 21.945306] ? queued_spin_lock_slowpath+0x116/0xb40 [ 21.945343] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 21.945368] ? __pfx_read_tsc+0x10/0x10 [ 21.945393] krealloc_large_more_oob+0x1c/0x30 [ 21.945414] kunit_try_run_case+0x1a5/0x480 [ 21.945447] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.945469] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 21.945492] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.945527] ? __kthread_parkme+0x82/0x180 [ 21.945547] ? preempt_count_sub+0x50/0x80 [ 21.945569] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.945592] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.945614] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.945636] kthread+0x337/0x6f0 [ 21.945655] ? trace_preempt_on+0x20/0xc0 [ 21.945677] ? __pfx_kthread+0x10/0x10 [ 21.945697] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.945720] ? calculate_sigpending+0x7b/0xa0 [ 21.945743] ? __pfx_kthread+0x10/0x10 [ 21.945763] ret_from_fork+0x116/0x1d0 [ 21.945782] ? __pfx_kthread+0x10/0x10 [ 21.945844] ret_from_fork_asm+0x1a/0x30 [ 21.945875] </TASK> [ 21.945887] [ 21.954006] The buggy address belongs to the physical page: [ 21.954313] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c8c [ 21.954677] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.954994] flags: 0x200000000000040(head|node=0|zone=2) [ 21.955344] page_type: f8(unknown) [ 21.955519] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.955793] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.956151] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.956547] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.956921] head: 0200000000000002 ffffea00040b2301 00000000ffffffff 00000000ffffffff [ 21.957245] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.957625] page dumped because: kasan: bad access detected [ 21.957931] [ 21.957994] Memory state around the buggy address: [ 21.958141] ffff888102c8df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.958356] ffff888102c8e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.958812] >ffff888102c8e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 21.959256] ^ [ 21.959461] ffff888102c8e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.959670] ffff888102c8e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.960140] ================================================================== [ 21.772929] ================================================================== [ 21.773540] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 21.774030] Write of size 1 at addr ffff888103aaa6eb by task kunit_try_catch/185 [ 21.774535] [ 21.774626] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 21.774714] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.774727] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.774751] Call Trace: [ 21.774777] <TASK> [ 21.774796] dump_stack_lvl+0x73/0xb0 [ 21.774827] print_report+0xd1/0x650 [ 21.774862] ? __virt_addr_valid+0x1db/0x2d0 [ 21.774885] ? krealloc_more_oob_helper+0x821/0x930 [ 21.774908] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.775057] ? krealloc_more_oob_helper+0x821/0x930 [ 21.775081] kasan_report+0x141/0x180 [ 21.775103] ? krealloc_more_oob_helper+0x821/0x930 [ 21.775141] __asan_report_store1_noabort+0x1b/0x30 [ 21.775164] krealloc_more_oob_helper+0x821/0x930 [ 21.775206] ? __schedule+0x10cc/0x2b60 [ 21.775240] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 21.775263] ? finish_task_switch.isra.0+0x153/0x700 [ 21.775284] ? __switch_to+0x47/0xf50 [ 21.775312] ? __schedule+0x10cc/0x2b60 [ 21.775334] ? __pfx_read_tsc+0x10/0x10 [ 21.775358] krealloc_more_oob+0x1c/0x30 [ 21.775378] kunit_try_run_case+0x1a5/0x480 [ 21.775403] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.775425] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.775448] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.775472] ? __kthread_parkme+0x82/0x180 [ 21.775492] ? preempt_count_sub+0x50/0x80 [ 21.775513] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.775536] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.775559] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.775581] kthread+0x337/0x6f0 [ 21.775601] ? trace_preempt_on+0x20/0xc0 [ 21.775623] ? __pfx_kthread+0x10/0x10 [ 21.775645] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.775667] ? calculate_sigpending+0x7b/0xa0 [ 21.775691] ? __pfx_kthread+0x10/0x10 [ 21.775713] ret_from_fork+0x116/0x1d0 [ 21.775734] ? __pfx_kthread+0x10/0x10 [ 21.775755] ret_from_fork_asm+0x1a/0x30 [ 21.775802] </TASK> [ 21.775814] [ 21.787116] Allocated by task 185: [ 21.787515] kasan_save_stack+0x45/0x70 [ 21.787807] kasan_save_track+0x18/0x40 [ 21.788164] kasan_save_alloc_info+0x3b/0x50 [ 21.788480] __kasan_krealloc+0x190/0x1f0 [ 21.788633] krealloc_noprof+0xf3/0x340 [ 21.788940] krealloc_more_oob_helper+0x1a9/0x930 [ 21.789626] krealloc_more_oob+0x1c/0x30 [ 21.789829] kunit_try_run_case+0x1a5/0x480 [ 21.790267] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.790519] kthread+0x337/0x6f0 [ 21.790667] ret_from_fork+0x116/0x1d0 [ 21.791086] ret_from_fork_asm+0x1a/0x30 [ 21.791382] [ 21.791472] The buggy address belongs to the object at ffff888103aaa600 [ 21.791472] which belongs to the cache kmalloc-256 of size 256 [ 21.792260] The buggy address is located 0 bytes to the right of [ 21.792260] allocated 235-byte region [ffff888103aaa600, ffff888103aaa6eb) [ 21.792818] [ 21.793232] The buggy address belongs to the physical page: [ 21.793441] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103aaa [ 21.794044] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.794358] flags: 0x200000000000040(head|node=0|zone=2) [ 21.794613] page_type: f5(slab) [ 21.794766] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 21.795426] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.795785] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 21.796265] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.796573] head: 0200000000000001 ffffea00040eaa81 00000000ffffffff 00000000ffffffff [ 21.796920] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 21.797353] page dumped because: kasan: bad access detected [ 21.797576] [ 21.797666] Memory state around the buggy address: [ 21.797967] ffff888103aaa580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.798372] ffff888103aaa600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.798649] >ffff888103aaa680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 21.799041] ^ [ 21.799423] ffff888103aaa700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.799720] ffff888103aaa780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.800087] ==================================================================
Failure - kunit - drm_managed_drm_managed
<8>[ 289.145272] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_managed_drm_managed RESULT=fail>
Failure - kunit - drm_managed_drm_test_managed_run_action
<8>[ 289.029187] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_managed_drm_test_managed_run_action RESULT=fail>
Failure - kunit - drm_managed_drm_test_managed_release_action
<8>[ 288.912462] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_managed_drm_test_managed_release_action RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_mode_valid_drm_atomic_helper_connector_hdmi_mode_valid
<8>[ 288.794030] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_mode_valid_drm_atomic_helper_connector_hdmi_mode_valid RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_test_check_format_value
<8>[ 287.963679] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_test_check_format_value RESULT=fail>
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 21.750757] ================================================================== [ 21.751366] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 21.751970] Read of size 1 at addr ffff888102c20000 by task kunit_try_catch/183 [ 21.752417] [ 21.752529] CPU: 1 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 21.752580] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.752594] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.752616] Call Trace: [ 21.752631] <TASK> [ 21.752901] dump_stack_lvl+0x73/0xb0 [ 21.752962] print_report+0xd1/0x650 [ 21.752984] ? __virt_addr_valid+0x1db/0x2d0 [ 21.753010] ? page_alloc_uaf+0x356/0x3d0 [ 21.753147] ? kasan_addr_to_slab+0x11/0xa0 [ 21.753167] ? page_alloc_uaf+0x356/0x3d0 [ 21.753188] kasan_report+0x141/0x180 [ 21.753209] ? page_alloc_uaf+0x356/0x3d0 [ 21.753245] __asan_report_load1_noabort+0x18/0x20 [ 21.753268] page_alloc_uaf+0x356/0x3d0 [ 21.753288] ? __pfx_page_alloc_uaf+0x10/0x10 [ 21.753310] ? __schedule+0x10cc/0x2b60 [ 21.753335] ? __pfx_read_tsc+0x10/0x10 [ 21.753358] ? ktime_get_ts64+0x86/0x230 [ 21.753383] kunit_try_run_case+0x1a5/0x480 [ 21.753410] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.753431] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.753455] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.753480] ? __kthread_parkme+0x82/0x180 [ 21.753501] ? preempt_count_sub+0x50/0x80 [ 21.753523] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.753546] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.753569] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.753592] kthread+0x337/0x6f0 [ 21.753611] ? trace_preempt_on+0x20/0xc0 [ 21.753634] ? __pfx_kthread+0x10/0x10 [ 21.753654] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.753676] ? calculate_sigpending+0x7b/0xa0 [ 21.753700] ? __pfx_kthread+0x10/0x10 [ 21.753721] ret_from_fork+0x116/0x1d0 [ 21.753739] ? __pfx_kthread+0x10/0x10 [ 21.753758] ret_from_fork_asm+0x1a/0x30 [ 21.753790] </TASK> [ 21.753803] [ 21.762262] The buggy address belongs to the physical page: [ 21.762527] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c20 [ 21.762883] flags: 0x200000000000000(node=0|zone=2) [ 21.763245] page_type: f0(buddy) [ 21.763376] raw: 0200000000000000 ffff88817fffb4a8 ffff88817fffb4a8 0000000000000000 [ 21.763669] raw: 0000000000000000 0000000000000005 00000000f0000000 0000000000000000 [ 21.764154] page dumped because: kasan: bad access detected [ 21.764328] [ 21.764391] Memory state around the buggy address: [ 21.764713] ffff888102c1ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.765032] ffff888102c1ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.765286] >ffff888102c20000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.765910] ^ [ 21.766059] ffff888102c20080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.766368] ffff888102c20100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.766644] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-kfree
[ 21.724507] ================================================================== [ 21.725556] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 21.725980] Free of addr ffff888102bb8001 by task kunit_try_catch/179 [ 21.726342] [ 21.726451] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 21.726516] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.726529] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.726564] Call Trace: [ 21.726580] <TASK> [ 21.726601] dump_stack_lvl+0x73/0xb0 [ 21.726633] print_report+0xd1/0x650 [ 21.726656] ? __virt_addr_valid+0x1db/0x2d0 [ 21.726692] ? kasan_addr_to_slab+0x11/0xa0 [ 21.726711] ? kfree+0x274/0x3f0 [ 21.726733] kasan_report_invalid_free+0x10a/0x130 [ 21.726768] ? kfree+0x274/0x3f0 [ 21.726851] ? kfree+0x274/0x3f0 [ 21.726876] __kasan_kfree_large+0x86/0xd0 [ 21.726897] free_large_kmalloc+0x52/0x110 [ 21.726931] kfree+0x274/0x3f0 [ 21.726955] kmalloc_large_invalid_free+0x120/0x2b0 [ 21.726977] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 21.727010] ? __schedule+0x10cc/0x2b60 [ 21.727054] ? __pfx_read_tsc+0x10/0x10 [ 21.727077] ? ktime_get_ts64+0x86/0x230 [ 21.727101] kunit_try_run_case+0x1a5/0x480 [ 21.727127] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.727149] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.727173] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.727204] ? __kthread_parkme+0x82/0x180 [ 21.727242] ? preempt_count_sub+0x50/0x80 [ 21.727265] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.727288] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.727311] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.727333] kthread+0x337/0x6f0 [ 21.727352] ? trace_preempt_on+0x20/0xc0 [ 21.727375] ? __pfx_kthread+0x10/0x10 [ 21.727395] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.727417] ? calculate_sigpending+0x7b/0xa0 [ 21.727440] ? __pfx_kthread+0x10/0x10 [ 21.727461] ret_from_fork+0x116/0x1d0 [ 21.727479] ? __pfx_kthread+0x10/0x10 [ 21.727498] ret_from_fork_asm+0x1a/0x30 [ 21.727530] </TASK> [ 21.727543] [ 21.738188] The buggy address belongs to the physical page: [ 21.738450] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bb8 [ 21.738785] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.739103] flags: 0x200000000000040(head|node=0|zone=2) [ 21.739335] page_type: f8(unknown) [ 21.739489] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.739761] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.740463] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.740721] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.741018] head: 0200000000000002 ffffea00040aee01 00000000ffffffff 00000000ffffffff [ 21.741519] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.741972] page dumped because: kasan: bad access detected [ 21.742218] [ 21.742296] Memory state around the buggy address: [ 21.742450] ffff888102bb7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.742770] ffff888102bb7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.743090] >ffff888102bb8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.743356] ^ [ 21.743611] ffff888102bb8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.743849] ffff888102bb8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.744318] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 21.700590] ================================================================== [ 21.701349] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f1/0x340 [ 21.701646] Read of size 1 at addr ffff888102c88000 by task kunit_try_catch/177 [ 21.701971] [ 21.702099] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 21.702322] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.702341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.702364] Call Trace: [ 21.702377] <TASK> [ 21.702410] dump_stack_lvl+0x73/0xb0 [ 21.702443] print_report+0xd1/0x650 [ 21.702566] ? __virt_addr_valid+0x1db/0x2d0 [ 21.702594] ? kmalloc_large_uaf+0x2f1/0x340 [ 21.702614] ? kasan_addr_to_slab+0x11/0xa0 [ 21.702633] ? kmalloc_large_uaf+0x2f1/0x340 [ 21.702664] kasan_report+0x141/0x180 [ 21.702685] ? kmalloc_large_uaf+0x2f1/0x340 [ 21.702709] __asan_report_load1_noabort+0x18/0x20 [ 21.702743] kmalloc_large_uaf+0x2f1/0x340 [ 21.702763] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 21.702835] ? __schedule+0x10cc/0x2b60 [ 21.702874] ? __pfx_read_tsc+0x10/0x10 [ 21.702897] ? ktime_get_ts64+0x86/0x230 [ 21.702923] kunit_try_run_case+0x1a5/0x480 [ 21.702960] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.702981] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.703005] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.703036] ? __kthread_parkme+0x82/0x180 [ 21.703057] ? preempt_count_sub+0x50/0x80 [ 21.703079] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.703102] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.703125] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.703148] kthread+0x337/0x6f0 [ 21.703167] ? trace_preempt_on+0x20/0xc0 [ 21.703192] ? __pfx_kthread+0x10/0x10 [ 21.703214] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.703249] ? calculate_sigpending+0x7b/0xa0 [ 21.703272] ? __pfx_kthread+0x10/0x10 [ 21.703292] ret_from_fork+0x116/0x1d0 [ 21.703311] ? __pfx_kthread+0x10/0x10 [ 21.703331] ret_from_fork_asm+0x1a/0x30 [ 21.703362] </TASK> [ 21.703374] [ 21.715396] The buggy address belongs to the physical page: [ 21.715601] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c88 [ 21.715863] flags: 0x200000000000000(node=0|zone=2) [ 21.716040] raw: 0200000000000000 ffffea00040b2308 ffff88815b139fc0 0000000000000000 [ 21.716709] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 21.717183] page dumped because: kasan: bad access detected [ 21.717447] [ 21.717555] Memory state around the buggy address: [ 21.717756] ffff888102c87f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.718145] ffff888102c87f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.718474] >ffff888102c88000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.718713] ^ [ 21.718949] ffff888102c88080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.719364] ffff888102c88100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.719802] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 21.678117] ================================================================== [ 21.678623] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 21.678998] Write of size 1 at addr ffff888102c8a00a by task kunit_try_catch/175 [ 21.679525] [ 21.679660] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 21.679727] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.679740] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.679764] Call Trace: [ 21.679780] <TASK> [ 21.679849] dump_stack_lvl+0x73/0xb0 [ 21.679885] print_report+0xd1/0x650 [ 21.679908] ? __virt_addr_valid+0x1db/0x2d0 [ 21.679945] ? kmalloc_large_oob_right+0x2e9/0x330 [ 21.679966] ? kasan_addr_to_slab+0x11/0xa0 [ 21.679986] ? kmalloc_large_oob_right+0x2e9/0x330 [ 21.680019] kasan_report+0x141/0x180 [ 21.680048] ? kmalloc_large_oob_right+0x2e9/0x330 [ 21.680073] __asan_report_store1_noabort+0x1b/0x30 [ 21.680096] kmalloc_large_oob_right+0x2e9/0x330 [ 21.680117] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 21.680149] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 21.680173] kunit_try_run_case+0x1a5/0x480 [ 21.680198] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.680240] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.680266] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.680289] ? __kthread_parkme+0x82/0x180 [ 21.680309] ? preempt_count_sub+0x50/0x80 [ 21.680332] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.680354] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.680377] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.680399] kthread+0x337/0x6f0 [ 21.680417] ? trace_preempt_on+0x20/0xc0 [ 21.680440] ? __pfx_kthread+0x10/0x10 [ 21.680460] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.680483] ? calculate_sigpending+0x7b/0xa0 [ 21.680507] ? __pfx_kthread+0x10/0x10 [ 21.680529] ret_from_fork+0x116/0x1d0 [ 21.680548] ? __pfx_kthread+0x10/0x10 [ 21.680568] ret_from_fork_asm+0x1a/0x30 [ 21.680600] </TASK> [ 21.680613] [ 21.688401] The buggy address belongs to the physical page: [ 21.688674] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c88 [ 21.689103] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.689594] flags: 0x200000000000040(head|node=0|zone=2) [ 21.689802] page_type: f8(unknown) [ 21.689929] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.690537] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.691054] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 21.691316] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 21.691652] head: 0200000000000002 ffffea00040b2201 00000000ffffffff 00000000ffffffff [ 21.692112] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 21.692450] page dumped because: kasan: bad access detected [ 21.692685] [ 21.692775] Memory state around the buggy address: [ 21.693047] ffff888102c89f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.693339] ffff888102c89f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.693628] >ffff888102c8a000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.694138] ^ [ 21.694334] ffff888102c8a080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.694757] ffff888102c8a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.695145] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 21.638435] ================================================================== [ 21.638885] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 21.639140] Write of size 1 at addr ffff888102ce5f00 by task kunit_try_catch/173 [ 21.640064] [ 21.640203] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 21.640269] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.640282] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.640305] Call Trace: [ 21.640321] <TASK> [ 21.640342] dump_stack_lvl+0x73/0xb0 [ 21.640375] print_report+0xd1/0x650 [ 21.640398] ? __virt_addr_valid+0x1db/0x2d0 [ 21.640424] ? kmalloc_big_oob_right+0x316/0x370 [ 21.640445] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.640470] ? kmalloc_big_oob_right+0x316/0x370 [ 21.640491] kasan_report+0x141/0x180 [ 21.640511] ? kmalloc_big_oob_right+0x316/0x370 [ 21.640536] __asan_report_store1_noabort+0x1b/0x30 [ 21.640559] kmalloc_big_oob_right+0x316/0x370 [ 21.640580] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 21.640602] ? __schedule+0x10cc/0x2b60 [ 21.640626] ? __pfx_read_tsc+0x10/0x10 [ 21.640647] ? ktime_get_ts64+0x86/0x230 [ 21.640672] kunit_try_run_case+0x1a5/0x480 [ 21.640697] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.640718] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.640742] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.640766] ? __kthread_parkme+0x82/0x180 [ 21.641196] ? preempt_count_sub+0x50/0x80 [ 21.641233] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.641258] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.641282] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.641311] kthread+0x337/0x6f0 [ 21.641331] ? trace_preempt_on+0x20/0xc0 [ 21.641353] ? __pfx_kthread+0x10/0x10 [ 21.641373] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.641396] ? calculate_sigpending+0x7b/0xa0 [ 21.641420] ? __pfx_kthread+0x10/0x10 [ 21.641440] ret_from_fork+0x116/0x1d0 [ 21.641459] ? __pfx_kthread+0x10/0x10 [ 21.641478] ret_from_fork_asm+0x1a/0x30 [ 21.641509] </TASK> [ 21.641521] [ 21.657341] Allocated by task 173: [ 21.657478] kasan_save_stack+0x45/0x70 [ 21.657624] kasan_save_track+0x18/0x40 [ 21.657750] kasan_save_alloc_info+0x3b/0x50 [ 21.658522] __kasan_kmalloc+0xb7/0xc0 [ 21.658997] __kmalloc_cache_noprof+0x189/0x420 [ 21.659656] kmalloc_big_oob_right+0xa9/0x370 [ 21.660368] kunit_try_run_case+0x1a5/0x480 [ 21.660939] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.661776] kthread+0x337/0x6f0 [ 21.662210] ret_from_fork+0x116/0x1d0 [ 21.662522] ret_from_fork_asm+0x1a/0x30 [ 21.662659] [ 21.662726] The buggy address belongs to the object at ffff888102ce4000 [ 21.662726] which belongs to the cache kmalloc-8k of size 8192 [ 21.664462] The buggy address is located 0 bytes to the right of [ 21.664462] allocated 7936-byte region [ffff888102ce4000, ffff888102ce5f00) [ 21.665334] [ 21.665628] The buggy address belongs to the physical page: [ 21.666356] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ce0 [ 21.666641] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.666867] flags: 0x200000000000040(head|node=0|zone=2) [ 21.667314] page_type: f5(slab) [ 21.667604] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 21.668382] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 21.669184] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 21.669989] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 21.670396] head: 0200000000000003 ffffea00040b3801 00000000ffffffff 00000000ffffffff [ 21.670626] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 21.670874] page dumped because: kasan: bad access detected [ 21.671452] [ 21.671623] Memory state around the buggy address: [ 21.672112] ffff888102ce5e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.672824] ffff888102ce5e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.673622] >ffff888102ce5f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.674182] ^ [ 21.674320] ffff888102ce5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.674530] ffff888102ce6000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.674737] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 21.580311] ================================================================== [ 21.581603] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 21.582418] Write of size 1 at addr ffff8881024c9878 by task kunit_try_catch/171 [ 21.582699] [ 21.582788] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 21.582847] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.582860] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.582883] Call Trace: [ 21.582898] <TASK> [ 21.582918] dump_stack_lvl+0x73/0xb0 [ 21.582949] print_report+0xd1/0x650 [ 21.582973] ? __virt_addr_valid+0x1db/0x2d0 [ 21.582997] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 21.583021] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.583053] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 21.583077] kasan_report+0x141/0x180 [ 21.583098] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 21.583126] __asan_report_store1_noabort+0x1b/0x30 [ 21.583149] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 21.583173] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 21.583197] ? __schedule+0x10cc/0x2b60 [ 21.583232] ? __pfx_read_tsc+0x10/0x10 [ 21.583255] ? ktime_get_ts64+0x86/0x230 [ 21.583279] kunit_try_run_case+0x1a5/0x480 [ 21.583306] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.583327] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.583351] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.583376] ? __kthread_parkme+0x82/0x180 [ 21.583396] ? preempt_count_sub+0x50/0x80 [ 21.583419] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.583442] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.583465] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.583488] kthread+0x337/0x6f0 [ 21.583507] ? trace_preempt_on+0x20/0xc0 [ 21.583530] ? __pfx_kthread+0x10/0x10 [ 21.583550] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.583572] ? calculate_sigpending+0x7b/0xa0 [ 21.583596] ? __pfx_kthread+0x10/0x10 [ 21.583616] ret_from_fork+0x116/0x1d0 [ 21.583635] ? __pfx_kthread+0x10/0x10 [ 21.583655] ret_from_fork_asm+0x1a/0x30 [ 21.583686] </TASK> [ 21.583698] [ 21.596715] Allocated by task 171: [ 21.597028] kasan_save_stack+0x45/0x70 [ 21.597411] kasan_save_track+0x18/0x40 [ 21.597784] kasan_save_alloc_info+0x3b/0x50 [ 21.598325] __kasan_kmalloc+0xb7/0xc0 [ 21.598620] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 21.598887] kmalloc_track_caller_oob_right+0x99/0x520 [ 21.599508] kunit_try_run_case+0x1a5/0x480 [ 21.599995] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.600372] kthread+0x337/0x6f0 [ 21.600491] ret_from_fork+0x116/0x1d0 [ 21.600618] ret_from_fork_asm+0x1a/0x30 [ 21.600752] [ 21.600932] The buggy address belongs to the object at ffff8881024c9800 [ 21.600932] which belongs to the cache kmalloc-128 of size 128 [ 21.602158] The buggy address is located 0 bytes to the right of [ 21.602158] allocated 120-byte region [ffff8881024c9800, ffff8881024c9878) [ 21.603418] [ 21.603495] The buggy address belongs to the physical page: [ 21.603665] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024c9 [ 21.603904] flags: 0x200000000000000(node=0|zone=2) [ 21.604084] page_type: f5(slab) [ 21.604203] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 21.604726] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.605058] page dumped because: kasan: bad access detected [ 21.605346] [ 21.605498] Memory state around the buggy address: [ 21.605651] ffff8881024c9700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.606214] ffff8881024c9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.606536] >ffff8881024c9800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.606806] ^ [ 21.607082] ffff8881024c9880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.607670] ffff8881024c9900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.608071] ================================================================== [ 21.609372] ================================================================== [ 21.609764] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 21.610460] Write of size 1 at addr ffff8881024c9978 by task kunit_try_catch/171 [ 21.610763] [ 21.610950] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 21.611016] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.611043] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.611065] Call Trace: [ 21.611089] <TASK> [ 21.611107] dump_stack_lvl+0x73/0xb0 [ 21.611137] print_report+0xd1/0x650 [ 21.611159] ? __virt_addr_valid+0x1db/0x2d0 [ 21.611182] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 21.611205] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.611241] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 21.611274] kasan_report+0x141/0x180 [ 21.611295] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 21.611333] __asan_report_store1_noabort+0x1b/0x30 [ 21.611357] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 21.611380] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 21.611404] ? __schedule+0x10cc/0x2b60 [ 21.611429] ? __pfx_read_tsc+0x10/0x10 [ 21.611451] ? ktime_get_ts64+0x86/0x230 [ 21.611475] kunit_try_run_case+0x1a5/0x480 [ 21.611508] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.611530] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.611564] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.611589] ? __kthread_parkme+0x82/0x180 [ 21.611609] ? preempt_count_sub+0x50/0x80 [ 21.611632] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.611663] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.611686] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.611709] kthread+0x337/0x6f0 [ 21.611738] ? trace_preempt_on+0x20/0xc0 [ 21.611761] ? __pfx_kthread+0x10/0x10 [ 21.611781] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.611847] ? calculate_sigpending+0x7b/0xa0 [ 21.611874] ? __pfx_kthread+0x10/0x10 [ 21.611894] ret_from_fork+0x116/0x1d0 [ 21.611913] ? __pfx_kthread+0x10/0x10 [ 21.611933] ret_from_fork_asm+0x1a/0x30 [ 21.611963] </TASK> [ 21.611975] [ 21.620002] Allocated by task 171: [ 21.620193] kasan_save_stack+0x45/0x70 [ 21.620381] kasan_save_track+0x18/0x40 [ 21.620512] kasan_save_alloc_info+0x3b/0x50 [ 21.620653] __kasan_kmalloc+0xb7/0xc0 [ 21.620900] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 21.621358] kmalloc_track_caller_oob_right+0x19a/0x520 [ 21.621604] kunit_try_run_case+0x1a5/0x480 [ 21.621777] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.622681] kthread+0x337/0x6f0 [ 21.622880] ret_from_fork+0x116/0x1d0 [ 21.623131] ret_from_fork_asm+0x1a/0x30 [ 21.623325] [ 21.623392] The buggy address belongs to the object at ffff8881024c9900 [ 21.623392] which belongs to the cache kmalloc-128 of size 128 [ 21.623913] The buggy address is located 0 bytes to the right of [ 21.623913] allocated 120-byte region [ffff8881024c9900, ffff8881024c9978) [ 21.625358] [ 21.625460] The buggy address belongs to the physical page: [ 21.625905] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024c9 [ 21.626273] flags: 0x200000000000000(node=0|zone=2) [ 21.626484] page_type: f5(slab) [ 21.626630] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 21.627317] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.627764] page dumped because: kasan: bad access detected [ 21.628081] [ 21.628167] Memory state around the buggy address: [ 21.628376] ffff8881024c9800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.628659] ffff8881024c9880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.629433] >ffff8881024c9900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.629780] ^ [ 21.630492] ffff8881024c9980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.630979] ffff8881024c9a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.631631] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 21.546177] ================================================================== [ 21.546980] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0 [ 21.547388] Read of size 1 at addr ffff888103ab3000 by task kunit_try_catch/169 [ 21.547608] [ 21.547703] CPU: 1 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 21.547754] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.547766] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.547789] Call Trace: [ 21.547814] <TASK> [ 21.547835] dump_stack_lvl+0x73/0xb0 [ 21.547864] print_report+0xd1/0x650 [ 21.547885] ? __virt_addr_valid+0x1db/0x2d0 [ 21.547909] ? kmalloc_node_oob_right+0x369/0x3c0 [ 21.547931] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.547956] ? kmalloc_node_oob_right+0x369/0x3c0 [ 21.547978] kasan_report+0x141/0x180 [ 21.547998] ? kmalloc_node_oob_right+0x369/0x3c0 [ 21.548024] __asan_report_load1_noabort+0x18/0x20 [ 21.548047] kmalloc_node_oob_right+0x369/0x3c0 [ 21.548069] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 21.548092] ? __schedule+0x10cc/0x2b60 [ 21.548116] ? __pfx_read_tsc+0x10/0x10 [ 21.548137] ? ktime_get_ts64+0x86/0x230 [ 21.548161] kunit_try_run_case+0x1a5/0x480 [ 21.548186] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.548233] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.548257] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.548282] ? __kthread_parkme+0x82/0x180 [ 21.548302] ? preempt_count_sub+0x50/0x80 [ 21.548325] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.548348] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.548371] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.548393] kthread+0x337/0x6f0 [ 21.548412] ? trace_preempt_on+0x20/0xc0 [ 21.548435] ? __pfx_kthread+0x10/0x10 [ 21.548454] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.548476] ? calculate_sigpending+0x7b/0xa0 [ 21.548500] ? __pfx_kthread+0x10/0x10 [ 21.548520] ret_from_fork+0x116/0x1d0 [ 21.548538] ? __pfx_kthread+0x10/0x10 [ 21.548558] ret_from_fork_asm+0x1a/0x30 [ 21.548588] </TASK> [ 21.548600] [ 21.561605] Allocated by task 169: [ 21.561749] kasan_save_stack+0x45/0x70 [ 21.561910] kasan_save_track+0x18/0x40 [ 21.562103] kasan_save_alloc_info+0x3b/0x50 [ 21.562508] __kasan_kmalloc+0xb7/0xc0 [ 21.562740] __kmalloc_cache_node_noprof+0x188/0x420 [ 21.563148] kmalloc_node_oob_right+0xab/0x3c0 [ 21.563345] kunit_try_run_case+0x1a5/0x480 [ 21.563484] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.563650] kthread+0x337/0x6f0 [ 21.563899] ret_from_fork+0x116/0x1d0 [ 21.564088] ret_from_fork_asm+0x1a/0x30 [ 21.564333] [ 21.564454] The buggy address belongs to the object at ffff888103ab2000 [ 21.564454] which belongs to the cache kmalloc-4k of size 4096 [ 21.565398] The buggy address is located 0 bytes to the right of [ 21.565398] allocated 4096-byte region [ffff888103ab2000, ffff888103ab3000) [ 21.566373] [ 21.566476] The buggy address belongs to the physical page: [ 21.567446] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ab0 [ 21.567943] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.568356] flags: 0x200000000000040(head|node=0|zone=2) [ 21.568684] page_type: f5(slab) [ 21.568920] raw: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 21.569409] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 21.569826] head: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 21.570207] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 21.570779] head: 0200000000000003 ffffea00040eac01 00000000ffffffff 00000000ffffffff [ 21.571177] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 21.571722] page dumped because: kasan: bad access detected [ 21.572152] [ 21.572605] Memory state around the buggy address: [ 21.572912] ffff888103ab2f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.573375] ffff888103ab2f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.573990] >ffff888103ab3000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.574388] ^ [ 21.574504] ffff888103ab3080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.574713] ffff888103ab3100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.575312] ==================================================================
Failure - log-parser-boot - exception-warning-libmathint_log-at-intlog10
------------[ cut here ]------------ [ 122.521596] WARNING: lib/math/int_log.c:120 at intlog10+0x2a/0x40, CPU#0: kunit_try_catch/687 [ 122.522284] Modules linked in: [ 122.522477] CPU: 0 UID: 0 PID: 687 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 122.523009] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 122.523665] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 122.524509] RIP: 0010:intlog10+0x2a/0x40 [ 122.524824] Code: f3 0f 1e fa 0f 1f 44 00 00 85 ff 74 1c 55 48 89 e5 e8 ca fe ff ff 5d 89 c0 48 69 c0 a1 26 88 26 48 c1 e8 1f e9 d7 5c 8e 02 90 <0f> 0b 90 31 c0 e9 cc 5c 8e 02 66 2e 0f 1f 84 00 00 00 00 00 66 90 [ 122.525721] RSP: 0000:ffff888103957cb0 EFLAGS: 00010246 [ 122.526375] RAX: 0000000000000000 RBX: ffff8881003c7ae8 RCX: 1ffff1102072afb4 [ 122.526923] RDX: 1ffffffff6d5301c RSI: 1ffff1102072afb3 RDI: 0000000000000000 [ 122.527361] RBP: ffff888103957d60 R08: 0000000000000000 R09: ffffed10213418a0 [ 122.527765] R10: ffff888109a0c507 R11: 0000000000000000 R12: 1ffff1102072af97 [ 122.528274] R13: ffffffffb6a980e0 R14: 0000000000000000 R15: ffff888103957d38 [ 122.528567] FS: 0000000000000000(0000) GS:ffff8881a242e000(0000) knlGS:0000000000000000 [ 122.528899] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.529137] CR2: ffff88815a914000 CR3: 00000000204bc000 CR4: 00000000000006f0 [ 122.529435] DR0: ffffffffb8c98480 DR1: ffffffffb8c98481 DR2: ffffffffb8c98482 [ 122.529720] DR3: ffffffffb8c98483 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 122.530003] Call Trace: [ 122.530125] <TASK> [ 122.530777] ? intlog10_test+0xf2/0x220 [ 122.531007] ? __pfx_intlog10_test+0x10/0x10 [ 122.531170] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 122.531934] ? trace_hardirqs_on+0x37/0xe0 [ 122.532144] ? __pfx_read_tsc+0x10/0x10 [ 122.532341] ? ktime_get_ts64+0x86/0x230 [ 122.532807] kunit_try_run_case+0x1a5/0x480 [ 122.533234] ? __pfx_kunit_try_run_case+0x10/0x10 [ 122.533466] ? queued_spin_lock_slowpath+0x116/0xb40 [ 122.533701] ? __kthread_parkme+0x82/0x180 [ 122.534273] ? preempt_count_sub+0x50/0x80 [ 122.534613] ? __pfx_kunit_try_run_case+0x10/0x10 [ 122.534886] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 122.535481] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 122.535767] kthread+0x337/0x6f0 [ 122.536181] ? trace_preempt_on+0x20/0xc0 [ 122.536514] ? __pfx_kthread+0x10/0x10 [ 122.536968] ? _raw_spin_unlock_irq+0x47/0x80 [ 122.537276] ? calculate_sigpending+0x7b/0xa0 [ 122.537641] ? __pfx_kthread+0x10/0x10 [ 122.537873] ret_from_fork+0x116/0x1d0 [ 122.538334] ? __pfx_kthread+0x10/0x10 [ 122.538598] ret_from_fork_asm+0x1a/0x30 [ 122.538768] </TASK> [ 122.538967] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-warning-libmathint_log-at-intlog2
------------[ cut here ]------------ [ 122.478428] WARNING: lib/math/int_log.c:63 at intlog2+0xdf/0x110, CPU#1: kunit_try_catch/669 [ 122.478902] Modules linked in: [ 122.479171] CPU: 1 UID: 0 PID: 669 Comm: kunit_try_catch Tainted: G B D N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 122.479621] Tainted: [B]=BAD_PAGE, [D]=DIE, [N]=TEST [ 122.479838] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 122.480495] RIP: 0010:intlog2+0xdf/0x110 [ 122.480731] Code: a9 b6 c1 e0 18 48 83 c4 08 89 d1 c1 e2 08 29 cb 01 d0 0f b7 db 41 0f af dc c1 eb 0f 01 d8 5b 41 5c 41 5d 5d e9 42 5d 8e 02 90 <0f> 0b 90 31 c0 c3 cc cc cc cc 89 45 e4 e8 2f de 55 ff 8b 45 e4 eb [ 122.481924] RSP: 0000:ffff888109dffcb0 EFLAGS: 00010246 [ 122.482313] RAX: 0000000000000000 RBX: ffff8881003c7ae8 RCX: 1ffff110213bffb4 [ 122.482742] RDX: 1ffffffff6d53070 RSI: 1ffff110213bffb3 RDI: 0000000000000000 [ 122.483231] RBP: ffff888109dffd60 R08: 0000000000000000 R09: ffffed10201361a0 [ 122.483682] R10: ffff8881009b0d07 R11: 0000000000000000 R12: 1ffff110213bff97 [ 122.484401] R13: ffffffffb6a98380 R14: 0000000000000000 R15: ffff888109dffd38 [ 122.484702] FS: 0000000000000000(0000) GS:ffff8881a252e000(0000) knlGS:0000000000000000 [ 122.485374] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.485847] CR2: dffffc0000000000 CR3: 00000000204bc000 CR4: 00000000000006f0 [ 122.486441] DR0: ffffffffb8c98480 DR1: ffffffffb8c98481 DR2: ffffffffb8c98483 [ 122.486912] DR3: ffffffffb8c98485 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 122.487472] Call Trace: [ 122.487753] <TASK> [ 122.488181] ? intlog2_test+0xf2/0x220 [ 122.488442] ? __pfx_intlog2_test+0x10/0x10 [ 122.488635] ? __schedule+0x10cc/0x2b60 [ 122.489070] ? __pfx_read_tsc+0x10/0x10 [ 122.489485] ? ktime_get_ts64+0x86/0x230 [ 122.489907] kunit_try_run_case+0x1a5/0x480 [ 122.490347] ? __pfx_kunit_try_run_case+0x10/0x10 [ 122.490770] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 122.491064] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 122.491293] ? __kthread_parkme+0x82/0x180 [ 122.491487] ? preempt_count_sub+0x50/0x80 [ 122.491669] ? __pfx_kunit_try_run_case+0x10/0x10 [ 122.492317] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 122.492622] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 122.493417] kthread+0x337/0x6f0 [ 122.493643] ? trace_preempt_on+0x20/0xc0 [ 122.493977] ? __pfx_kthread+0x10/0x10 [ 122.494350] ? _raw_spin_unlock_irq+0x47/0x80 [ 122.494547] ? calculate_sigpending+0x7b/0xa0 [ 122.494740] ? __pfx_kthread+0x10/0x10 [ 122.495390] ret_from_fork+0x116/0x1d0 [ 122.495666] ? __pfx_kthread+0x10/0x10 [ 122.496130] ret_from_fork_asm+0x1a/0x30 [ 122.496373] </TASK> [ 122.496529] ---[ end trace 0000000000000000 ]---
Failure - kunit - drm_test_sysfb_build_fourcc_list_drm_sysfb_modeset_test
<8>[ 299.785446] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_sysfb_build_fourcc_list_drm_sysfb_modeset_test RESULT=fail>