Date
July 2, 2025, 11:10 a.m.
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 27.261630] ================================================================== [ 27.262033] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 27.262421] Read of size 121 at addr ffff88810255ef00 by task kunit_try_catch/334 [ 27.262762] [ 27.262855] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.262910] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.262948] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.262975] Call Trace: [ 27.262999] <TASK> [ 27.263024] dump_stack_lvl+0x73/0xb0 [ 27.263057] print_report+0xd1/0x650 [ 27.263093] ? __virt_addr_valid+0x1db/0x2d0 [ 27.263120] ? copy_user_test_oob+0x604/0x10f0 [ 27.263169] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.263213] ? copy_user_test_oob+0x604/0x10f0 [ 27.263254] kasan_report+0x141/0x180 [ 27.263292] ? copy_user_test_oob+0x604/0x10f0 [ 27.263336] kasan_check_range+0x10c/0x1c0 [ 27.263389] __kasan_check_read+0x15/0x20 [ 27.263429] copy_user_test_oob+0x604/0x10f0 [ 27.263456] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.263481] ? finish_task_switch.isra.0+0x153/0x700 [ 27.263522] ? __switch_to+0x47/0xf50 [ 27.263551] ? __schedule+0x10cc/0x2b60 [ 27.263574] ? __pfx_read_tsc+0x10/0x10 [ 27.263598] ? ktime_get_ts64+0x86/0x230 [ 27.263627] kunit_try_run_case+0x1a5/0x480 [ 27.263656] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.263682] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.263705] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.263732] ? __kthread_parkme+0x82/0x180 [ 27.263773] ? preempt_count_sub+0x50/0x80 [ 27.263799] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.263827] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.263855] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.263882] kthread+0x337/0x6f0 [ 27.263905] ? trace_preempt_on+0x20/0xc0 [ 27.263970] ? __pfx_kthread+0x10/0x10 [ 27.263994] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.264022] ? calculate_sigpending+0x7b/0xa0 [ 27.264049] ? __pfx_kthread+0x10/0x10 [ 27.264082] ret_from_fork+0x116/0x1d0 [ 27.264105] ? __pfx_kthread+0x10/0x10 [ 27.264127] ret_from_fork_asm+0x1a/0x30 [ 27.264162] </TASK> [ 27.264178] [ 27.274623] Allocated by task 334: [ 27.274788] kasan_save_stack+0x45/0x70 [ 27.275404] kasan_save_track+0x18/0x40 [ 27.276042] kasan_save_alloc_info+0x3b/0x50 [ 27.276648] __kasan_kmalloc+0xb7/0xc0 [ 27.277201] __kmalloc_noprof+0x1c9/0x500 [ 27.277772] kunit_kmalloc_array+0x25/0x60 [ 27.278429] copy_user_test_oob+0xab/0x10f0 [ 27.278988] kunit_try_run_case+0x1a5/0x480 [ 27.279564] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.280283] kthread+0x337/0x6f0 [ 27.280733] ret_from_fork+0x116/0x1d0 [ 27.280873] ret_from_fork_asm+0x1a/0x30 [ 27.281438] [ 27.281739] The buggy address belongs to the object at ffff88810255ef00 [ 27.281739] which belongs to the cache kmalloc-128 of size 128 [ 27.282502] The buggy address is located 0 bytes inside of [ 27.282502] allocated 120-byte region [ffff88810255ef00, ffff88810255ef78) [ 27.282852] [ 27.282924] The buggy address belongs to the physical page: [ 27.283814] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10255e [ 27.284835] flags: 0x200000000000000(node=0|zone=2) [ 27.285454] page_type: f5(slab) [ 27.285907] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.286675] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.286908] page dumped because: kasan: bad access detected [ 27.287755] [ 27.288056] Memory state around the buggy address: [ 27.288715] ffff88810255ee00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.289212] ffff88810255ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.289434] >ffff88810255ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.289643] ^ [ 27.289857] ffff88810255ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.290903] ffff88810255f000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.291733] ================================================================== [ 27.242674] ================================================================== [ 27.243088] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 27.243616] Write of size 121 at addr ffff88810255ef00 by task kunit_try_catch/334 [ 27.243926] [ 27.244043] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.244110] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.244126] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.244152] Call Trace: [ 27.244175] <TASK> [ 27.244198] dump_stack_lvl+0x73/0xb0 [ 27.244229] print_report+0xd1/0x650 [ 27.244254] ? __virt_addr_valid+0x1db/0x2d0 [ 27.244280] ? copy_user_test_oob+0x557/0x10f0 [ 27.244305] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.244333] ? copy_user_test_oob+0x557/0x10f0 [ 27.244358] kasan_report+0x141/0x180 [ 27.244383] ? copy_user_test_oob+0x557/0x10f0 [ 27.244412] kasan_check_range+0x10c/0x1c0 [ 27.244438] __kasan_check_write+0x18/0x20 [ 27.244463] copy_user_test_oob+0x557/0x10f0 [ 27.244490] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.244515] ? finish_task_switch.isra.0+0x153/0x700 [ 27.244540] ? __switch_to+0x47/0xf50 [ 27.244568] ? __schedule+0x10cc/0x2b60 [ 27.244592] ? __pfx_read_tsc+0x10/0x10 [ 27.244617] ? ktime_get_ts64+0x86/0x230 [ 27.244644] kunit_try_run_case+0x1a5/0x480 [ 27.244672] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.244698] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.244723] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.244747] ? __kthread_parkme+0x82/0x180 [ 27.244770] ? preempt_count_sub+0x50/0x80 [ 27.244795] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.244822] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.244850] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.244877] kthread+0x337/0x6f0 [ 27.244899] ? trace_preempt_on+0x20/0xc0 [ 27.244925] ? __pfx_kthread+0x10/0x10 [ 27.244948] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.244975] ? calculate_sigpending+0x7b/0xa0 [ 27.245001] ? __pfx_kthread+0x10/0x10 [ 27.245025] ret_from_fork+0x116/0x1d0 [ 27.245047] ? __pfx_kthread+0x10/0x10 [ 27.245114] ret_from_fork_asm+0x1a/0x30 [ 27.245149] </TASK> [ 27.245164] [ 27.252721] Allocated by task 334: [ 27.252936] kasan_save_stack+0x45/0x70 [ 27.253124] kasan_save_track+0x18/0x40 [ 27.253318] kasan_save_alloc_info+0x3b/0x50 [ 27.253524] __kasan_kmalloc+0xb7/0xc0 [ 27.253654] __kmalloc_noprof+0x1c9/0x500 [ 27.253799] kunit_kmalloc_array+0x25/0x60 [ 27.253972] copy_user_test_oob+0xab/0x10f0 [ 27.254128] kunit_try_run_case+0x1a5/0x480 [ 27.254275] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.254516] kthread+0x337/0x6f0 [ 27.254688] ret_from_fork+0x116/0x1d0 [ 27.254905] ret_from_fork_asm+0x1a/0x30 [ 27.255163] [ 27.255276] The buggy address belongs to the object at ffff88810255ef00 [ 27.255276] which belongs to the cache kmalloc-128 of size 128 [ 27.255825] The buggy address is located 0 bytes inside of [ 27.255825] allocated 120-byte region [ffff88810255ef00, ffff88810255ef78) [ 27.256375] [ 27.256490] The buggy address belongs to the physical page: [ 27.256736] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10255e [ 27.257176] flags: 0x200000000000000(node=0|zone=2) [ 27.257479] page_type: f5(slab) [ 27.257693] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.258113] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.258456] page dumped because: kasan: bad access detected [ 27.258725] [ 27.258822] Memory state around the buggy address: [ 27.259087] ffff88810255ee00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.259414] ffff88810255ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.259740] >ffff88810255ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.260098] ^ [ 27.260365] ffff88810255ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.260586] ffff88810255f000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.260803] ================================================================== [ 27.224057] ================================================================== [ 27.224462] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 27.224811] Read of size 121 at addr ffff88810255ef00 by task kunit_try_catch/334 [ 27.225160] [ 27.225303] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.225357] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.225372] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.225399] Call Trace: [ 27.225441] <TASK> [ 27.225463] dump_stack_lvl+0x73/0xb0 [ 27.225495] print_report+0xd1/0x650 [ 27.225520] ? __virt_addr_valid+0x1db/0x2d0 [ 27.225546] ? copy_user_test_oob+0x4aa/0x10f0 [ 27.225572] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.225619] ? copy_user_test_oob+0x4aa/0x10f0 [ 27.225645] kasan_report+0x141/0x180 [ 27.225670] ? copy_user_test_oob+0x4aa/0x10f0 [ 27.225699] kasan_check_range+0x10c/0x1c0 [ 27.225725] __kasan_check_read+0x15/0x20 [ 27.225750] copy_user_test_oob+0x4aa/0x10f0 [ 27.225778] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.225825] ? finish_task_switch.isra.0+0x153/0x700 [ 27.225850] ? __switch_to+0x47/0xf50 [ 27.225880] ? __schedule+0x10cc/0x2b60 [ 27.225905] ? __pfx_read_tsc+0x10/0x10 [ 27.225950] ? ktime_get_ts64+0x86/0x230 [ 27.225996] kunit_try_run_case+0x1a5/0x480 [ 27.226026] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.226052] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.226085] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.226109] ? __kthread_parkme+0x82/0x180 [ 27.226132] ? preempt_count_sub+0x50/0x80 [ 27.226158] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.226204] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.226231] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.226259] kthread+0x337/0x6f0 [ 27.226281] ? trace_preempt_on+0x20/0xc0 [ 27.226307] ? __pfx_kthread+0x10/0x10 [ 27.226331] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.226375] ? calculate_sigpending+0x7b/0xa0 [ 27.226402] ? __pfx_kthread+0x10/0x10 [ 27.226427] ret_from_fork+0x116/0x1d0 [ 27.226448] ? __pfx_kthread+0x10/0x10 [ 27.226488] ret_from_fork_asm+0x1a/0x30 [ 27.226522] </TASK> [ 27.226536] [ 27.234112] Allocated by task 334: [ 27.234281] kasan_save_stack+0x45/0x70 [ 27.234489] kasan_save_track+0x18/0x40 [ 27.234689] kasan_save_alloc_info+0x3b/0x50 [ 27.234884] __kasan_kmalloc+0xb7/0xc0 [ 27.235121] __kmalloc_noprof+0x1c9/0x500 [ 27.235316] kunit_kmalloc_array+0x25/0x60 [ 27.235468] copy_user_test_oob+0xab/0x10f0 [ 27.235609] kunit_try_run_case+0x1a5/0x480 [ 27.235750] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.235929] kthread+0x337/0x6f0 [ 27.236045] ret_from_fork+0x116/0x1d0 [ 27.236247] ret_from_fork_asm+0x1a/0x30 [ 27.236448] [ 27.236545] The buggy address belongs to the object at ffff88810255ef00 [ 27.236545] which belongs to the cache kmalloc-128 of size 128 [ 27.237171] The buggy address is located 0 bytes inside of [ 27.237171] allocated 120-byte region [ffff88810255ef00, ffff88810255ef78) [ 27.237700] [ 27.237772] The buggy address belongs to the physical page: [ 27.237975] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10255e [ 27.238222] flags: 0x200000000000000(node=0|zone=2) [ 27.238383] page_type: f5(slab) [ 27.238501] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.238726] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.239080] page dumped because: kasan: bad access detected [ 27.239360] [ 27.239473] Memory state around the buggy address: [ 27.239740] ffff88810255ee00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.240165] ffff88810255ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.240545] >ffff88810255ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.240901] ^ [ 27.241257] ffff88810255ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.241605] ffff88810255f000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.241957] ================================================================== [ 27.205967] ================================================================== [ 27.206360] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 27.206677] Write of size 121 at addr ffff88810255ef00 by task kunit_try_catch/334 [ 27.207008] [ 27.207123] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.207179] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.207195] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.207221] Call Trace: [ 27.207238] <TASK> [ 27.207260] dump_stack_lvl+0x73/0xb0 [ 27.207292] print_report+0xd1/0x650 [ 27.207317] ? __virt_addr_valid+0x1db/0x2d0 [ 27.207345] ? copy_user_test_oob+0x3fd/0x10f0 [ 27.207371] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.207400] ? copy_user_test_oob+0x3fd/0x10f0 [ 27.207426] kasan_report+0x141/0x180 [ 27.207450] ? copy_user_test_oob+0x3fd/0x10f0 [ 27.207480] kasan_check_range+0x10c/0x1c0 [ 27.207506] __kasan_check_write+0x18/0x20 [ 27.207531] copy_user_test_oob+0x3fd/0x10f0 [ 27.207558] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.207583] ? finish_task_switch.isra.0+0x153/0x700 [ 27.207608] ? __switch_to+0x47/0xf50 [ 27.207637] ? __schedule+0x10cc/0x2b60 [ 27.207663] ? __pfx_read_tsc+0x10/0x10 [ 27.207688] ? ktime_get_ts64+0x86/0x230 [ 27.207716] kunit_try_run_case+0x1a5/0x480 [ 27.207744] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.207771] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.207795] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.207820] ? __kthread_parkme+0x82/0x180 [ 27.207843] ? preempt_count_sub+0x50/0x80 [ 27.207869] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.207896] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.207947] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.207976] kthread+0x337/0x6f0 [ 27.207998] ? trace_preempt_on+0x20/0xc0 [ 27.208024] ? __pfx_kthread+0x10/0x10 [ 27.208047] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.208082] ? calculate_sigpending+0x7b/0xa0 [ 27.208109] ? __pfx_kthread+0x10/0x10 [ 27.208133] ret_from_fork+0x116/0x1d0 [ 27.208155] ? __pfx_kthread+0x10/0x10 [ 27.208178] ret_from_fork_asm+0x1a/0x30 [ 27.208211] </TASK> [ 27.208226] [ 27.215179] Allocated by task 334: [ 27.215367] kasan_save_stack+0x45/0x70 [ 27.215568] kasan_save_track+0x18/0x40 [ 27.215761] kasan_save_alloc_info+0x3b/0x50 [ 27.215987] __kasan_kmalloc+0xb7/0xc0 [ 27.216133] __kmalloc_noprof+0x1c9/0x500 [ 27.216281] kunit_kmalloc_array+0x25/0x60 [ 27.216428] copy_user_test_oob+0xab/0x10f0 [ 27.216636] kunit_try_run_case+0x1a5/0x480 [ 27.216865] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.217184] kthread+0x337/0x6f0 [ 27.217359] ret_from_fork+0x116/0x1d0 [ 27.217564] ret_from_fork_asm+0x1a/0x30 [ 27.217760] [ 27.217882] The buggy address belongs to the object at ffff88810255ef00 [ 27.217882] which belongs to the cache kmalloc-128 of size 128 [ 27.218419] The buggy address is located 0 bytes inside of [ 27.218419] allocated 120-byte region [ffff88810255ef00, ffff88810255ef78) [ 27.218983] [ 27.219109] The buggy address belongs to the physical page: [ 27.219369] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10255e [ 27.219729] flags: 0x200000000000000(node=0|zone=2) [ 27.220016] page_type: f5(slab) [ 27.220206] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.220471] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.220704] page dumped because: kasan: bad access detected [ 27.220874] [ 27.221023] Memory state around the buggy address: [ 27.221267] ffff88810255ee00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.221609] ffff88810255ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.221997] >ffff88810255ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.222332] ^ [ 27.222675] ffff88810255ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.223001] ffff88810255f000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.223334] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-_copy_to_user
[ 27.183955] ================================================================== [ 27.184363] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70 [ 27.184675] Read of size 121 at addr ffff88810255ef00 by task kunit_try_catch/334 [ 27.185035] [ 27.185162] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.185220] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.185236] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.185262] Call Trace: [ 27.185287] <TASK> [ 27.185311] dump_stack_lvl+0x73/0xb0 [ 27.185345] print_report+0xd1/0x650 [ 27.185372] ? __virt_addr_valid+0x1db/0x2d0 [ 27.185401] ? _copy_to_user+0x3c/0x70 [ 27.185425] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.185455] ? _copy_to_user+0x3c/0x70 [ 27.185478] kasan_report+0x141/0x180 [ 27.185503] ? _copy_to_user+0x3c/0x70 [ 27.185531] kasan_check_range+0x10c/0x1c0 [ 27.185557] __kasan_check_read+0x15/0x20 [ 27.185582] _copy_to_user+0x3c/0x70 [ 27.185606] copy_user_test_oob+0x364/0x10f0 [ 27.185635] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.185660] ? finish_task_switch.isra.0+0x153/0x700 [ 27.185686] ? __switch_to+0x47/0xf50 [ 27.185716] ? __schedule+0x10cc/0x2b60 [ 27.185741] ? __pfx_read_tsc+0x10/0x10 [ 27.185765] ? ktime_get_ts64+0x86/0x230 [ 27.185795] kunit_try_run_case+0x1a5/0x480 [ 27.185829] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.185856] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.185881] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.185907] ? __kthread_parkme+0x82/0x180 [ 27.185954] ? preempt_count_sub+0x50/0x80 [ 27.185980] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.186008] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.186037] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.186074] kthread+0x337/0x6f0 [ 27.186097] ? trace_preempt_on+0x20/0xc0 [ 27.186124] ? __pfx_kthread+0x10/0x10 [ 27.186147] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.186175] ? calculate_sigpending+0x7b/0xa0 [ 27.186203] ? __pfx_kthread+0x10/0x10 [ 27.186228] ret_from_fork+0x116/0x1d0 [ 27.186249] ? __pfx_kthread+0x10/0x10 [ 27.186273] ret_from_fork_asm+0x1a/0x30 [ 27.186308] </TASK> [ 27.186324] [ 27.193569] Allocated by task 334: [ 27.193717] kasan_save_stack+0x45/0x70 [ 27.193954] kasan_save_track+0x18/0x40 [ 27.194128] kasan_save_alloc_info+0x3b/0x50 [ 27.194330] __kasan_kmalloc+0xb7/0xc0 [ 27.194463] __kmalloc_noprof+0x1c9/0x500 [ 27.194608] kunit_kmalloc_array+0x25/0x60 [ 27.194754] copy_user_test_oob+0xab/0x10f0 [ 27.194991] kunit_try_run_case+0x1a5/0x480 [ 27.195216] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.195466] kthread+0x337/0x6f0 [ 27.195586] ret_from_fork+0x116/0x1d0 [ 27.195718] ret_from_fork_asm+0x1a/0x30 [ 27.195858] [ 27.195953] The buggy address belongs to the object at ffff88810255ef00 [ 27.195953] which belongs to the cache kmalloc-128 of size 128 [ 27.196514] The buggy address is located 0 bytes inside of [ 27.196514] allocated 120-byte region [ffff88810255ef00, ffff88810255ef78) [ 27.197091] [ 27.197166] The buggy address belongs to the physical page: [ 27.197344] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10255e [ 27.197592] flags: 0x200000000000000(node=0|zone=2) [ 27.197762] page_type: f5(slab) [ 27.197945] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.198300] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.198640] page dumped because: kasan: bad access detected [ 27.198893] [ 27.199011] Memory state around the buggy address: [ 27.199250] ffff88810255ee00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.199538] ffff88810255ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.199757] >ffff88810255ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.199999] ^ [ 27.200334] ffff88810255ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.200666] ffff88810255f000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.201015] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-_copy_from_user
[ 27.162400] ================================================================== [ 27.163079] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 27.163516] Write of size 121 at addr ffff88810255ef00 by task kunit_try_catch/334 [ 27.163866] [ 27.164025] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.164100] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.164117] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.164146] Call Trace: [ 27.164163] <TASK> [ 27.164190] dump_stack_lvl+0x73/0xb0 [ 27.164228] print_report+0xd1/0x650 [ 27.164257] ? __virt_addr_valid+0x1db/0x2d0 [ 27.164287] ? _copy_from_user+0x32/0x90 [ 27.164310] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.164340] ? _copy_from_user+0x32/0x90 [ 27.164364] kasan_report+0x141/0x180 [ 27.164388] ? _copy_from_user+0x32/0x90 [ 27.164417] kasan_check_range+0x10c/0x1c0 [ 27.164443] __kasan_check_write+0x18/0x20 [ 27.164469] _copy_from_user+0x32/0x90 [ 27.164494] copy_user_test_oob+0x2be/0x10f0 [ 27.164523] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.164549] ? finish_task_switch.isra.0+0x153/0x700 [ 27.164576] ? __switch_to+0x47/0xf50 [ 27.164607] ? __schedule+0x10cc/0x2b60 [ 27.164631] ? __pfx_read_tsc+0x10/0x10 [ 27.164657] ? ktime_get_ts64+0x86/0x230 [ 27.164687] kunit_try_run_case+0x1a5/0x480 [ 27.164716] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.164742] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.164768] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.164793] ? __kthread_parkme+0x82/0x180 [ 27.164817] ? preempt_count_sub+0x50/0x80 [ 27.164843] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.164872] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.164900] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.164954] kthread+0x337/0x6f0 [ 27.164979] ? trace_preempt_on+0x20/0xc0 [ 27.165007] ? __pfx_kthread+0x10/0x10 [ 27.165032] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.165069] ? calculate_sigpending+0x7b/0xa0 [ 27.165097] ? __pfx_kthread+0x10/0x10 [ 27.165122] ret_from_fork+0x116/0x1d0 [ 27.165145] ? __pfx_kthread+0x10/0x10 [ 27.165170] ret_from_fork_asm+0x1a/0x30 [ 27.165205] </TASK> [ 27.165221] [ 27.172491] Allocated by task 334: [ 27.172699] kasan_save_stack+0x45/0x70 [ 27.172937] kasan_save_track+0x18/0x40 [ 27.173155] kasan_save_alloc_info+0x3b/0x50 [ 27.173378] __kasan_kmalloc+0xb7/0xc0 [ 27.173517] __kmalloc_noprof+0x1c9/0x500 [ 27.173667] kunit_kmalloc_array+0x25/0x60 [ 27.173886] copy_user_test_oob+0xab/0x10f0 [ 27.174130] kunit_try_run_case+0x1a5/0x480 [ 27.174322] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.174507] kthread+0x337/0x6f0 [ 27.174633] ret_from_fork+0x116/0x1d0 [ 27.174819] ret_from_fork_asm+0x1a/0x30 [ 27.175056] [ 27.175165] The buggy address belongs to the object at ffff88810255ef00 [ 27.175165] which belongs to the cache kmalloc-128 of size 128 [ 27.175747] The buggy address is located 0 bytes inside of [ 27.175747] allocated 120-byte region [ffff88810255ef00, ffff88810255ef78) [ 27.176293] [ 27.176395] The buggy address belongs to the physical page: [ 27.176584] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10255e [ 27.176970] flags: 0x200000000000000(node=0|zone=2) [ 27.177215] page_type: f5(slab) [ 27.177357] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.177600] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.177846] page dumped because: kasan: bad access detected [ 27.178080] [ 27.178177] Memory state around the buggy address: [ 27.178413] ffff88810255ee00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.178746] ffff88810255ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.179108] >ffff88810255ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.179426] ^ [ 27.179686] ffff88810255ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.179909] ffff88810255f000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.180161] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 27.127622] ================================================================== [ 27.128151] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 27.128462] Write of size 8 at addr ffff88810255ee78 by task kunit_try_catch/330 [ 27.128797] [ 27.128932] CPU: 0 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.128990] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.129006] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.129032] Call Trace: [ 27.129050] <TASK> [ 27.129084] dump_stack_lvl+0x73/0xb0 [ 27.129119] print_report+0xd1/0x650 [ 27.129145] ? __virt_addr_valid+0x1db/0x2d0 [ 27.129172] ? copy_to_kernel_nofault+0x99/0x260 [ 27.129200] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.129229] ? copy_to_kernel_nofault+0x99/0x260 [ 27.129256] kasan_report+0x141/0x180 [ 27.129280] ? copy_to_kernel_nofault+0x99/0x260 [ 27.129310] kasan_check_range+0x10c/0x1c0 [ 27.129336] __kasan_check_write+0x18/0x20 [ 27.129362] copy_to_kernel_nofault+0x99/0x260 [ 27.129389] copy_to_kernel_nofault_oob+0x288/0x560 [ 27.129415] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 27.129440] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.129467] ? trace_hardirqs_on+0x37/0xe0 [ 27.129500] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 27.129530] kunit_try_run_case+0x1a5/0x480 [ 27.129560] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.129586] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.129610] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.129635] ? __kthread_parkme+0x82/0x180 [ 27.129659] ? preempt_count_sub+0x50/0x80 [ 27.129686] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.129714] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.129740] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.129769] kthread+0x337/0x6f0 [ 27.129792] ? trace_preempt_on+0x20/0xc0 [ 27.129816] ? __pfx_kthread+0x10/0x10 [ 27.129848] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.129875] ? calculate_sigpending+0x7b/0xa0 [ 27.129902] ? __pfx_kthread+0x10/0x10 [ 27.129938] ret_from_fork+0x116/0x1d0 [ 27.129962] ? __pfx_kthread+0x10/0x10 [ 27.129985] ret_from_fork_asm+0x1a/0x30 [ 27.130019] </TASK> [ 27.130034] [ 27.138349] Allocated by task 330: [ 27.138581] kasan_save_stack+0x45/0x70 [ 27.138822] kasan_save_track+0x18/0x40 [ 27.139196] kasan_save_alloc_info+0x3b/0x50 [ 27.139437] __kasan_kmalloc+0xb7/0xc0 [ 27.139631] __kmalloc_cache_noprof+0x189/0x420 [ 27.139878] copy_to_kernel_nofault_oob+0x12f/0x560 [ 27.140125] kunit_try_run_case+0x1a5/0x480 [ 27.140319] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.140574] kthread+0x337/0x6f0 [ 27.140694] ret_from_fork+0x116/0x1d0 [ 27.140825] ret_from_fork_asm+0x1a/0x30 [ 27.140963] [ 27.141031] The buggy address belongs to the object at ffff88810255ee00 [ 27.141031] which belongs to the cache kmalloc-128 of size 128 [ 27.141585] The buggy address is located 0 bytes to the right of [ 27.141585] allocated 120-byte region [ffff88810255ee00, ffff88810255ee78) [ 27.142224] [ 27.142351] The buggy address belongs to the physical page: [ 27.142625] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10255e [ 27.143002] flags: 0x200000000000000(node=0|zone=2) [ 27.143309] page_type: f5(slab) [ 27.143501] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.143853] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.144371] page dumped because: kasan: bad access detected [ 27.144541] [ 27.144611] Memory state around the buggy address: [ 27.144765] ffff88810255ed00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.144982] ffff88810255ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.145595] >ffff88810255ee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.145947] ^ [ 27.146305] ffff88810255ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.146649] ffff88810255ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.147090] ================================================================== [ 27.097371] ================================================================== [ 27.098109] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 27.099104] Read of size 8 at addr ffff88810255ee78 by task kunit_try_catch/330 [ 27.099547] [ 27.099851] CPU: 0 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.099917] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.099945] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.099973] Call Trace: [ 27.099994] <TASK> [ 27.100017] dump_stack_lvl+0x73/0xb0 [ 27.100057] print_report+0xd1/0x650 [ 27.100101] ? __virt_addr_valid+0x1db/0x2d0 [ 27.100130] ? copy_to_kernel_nofault+0x225/0x260 [ 27.100158] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.100198] ? copy_to_kernel_nofault+0x225/0x260 [ 27.100226] kasan_report+0x141/0x180 [ 27.100250] ? copy_to_kernel_nofault+0x225/0x260 [ 27.100281] __asan_report_load8_noabort+0x18/0x20 [ 27.100308] copy_to_kernel_nofault+0x225/0x260 [ 27.100335] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 27.100362] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 27.100387] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.100413] ? trace_hardirqs_on+0x37/0xe0 [ 27.100449] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 27.100479] kunit_try_run_case+0x1a5/0x480 [ 27.100509] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.100536] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.100561] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.100586] ? __kthread_parkme+0x82/0x180 [ 27.100612] ? preempt_count_sub+0x50/0x80 [ 27.100640] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.100668] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.100696] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.100724] kthread+0x337/0x6f0 [ 27.100746] ? trace_preempt_on+0x20/0xc0 [ 27.100771] ? __pfx_kthread+0x10/0x10 [ 27.100794] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.100821] ? calculate_sigpending+0x7b/0xa0 [ 27.100849] ? __pfx_kthread+0x10/0x10 [ 27.100874] ret_from_fork+0x116/0x1d0 [ 27.100898] ? __pfx_kthread+0x10/0x10 [ 27.100921] ret_from_fork_asm+0x1a/0x30 [ 27.100956] </TASK> [ 27.100971] [ 27.113388] Allocated by task 330: [ 27.113787] kasan_save_stack+0x45/0x70 [ 27.114177] kasan_save_track+0x18/0x40 [ 27.114644] kasan_save_alloc_info+0x3b/0x50 [ 27.115046] __kasan_kmalloc+0xb7/0xc0 [ 27.115258] __kmalloc_cache_noprof+0x189/0x420 [ 27.115610] copy_to_kernel_nofault_oob+0x12f/0x560 [ 27.115844] kunit_try_run_case+0x1a5/0x480 [ 27.116351] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.116586] kthread+0x337/0x6f0 [ 27.116751] ret_from_fork+0x116/0x1d0 [ 27.117094] ret_from_fork_asm+0x1a/0x30 [ 27.117435] [ 27.117654] The buggy address belongs to the object at ffff88810255ee00 [ 27.117654] which belongs to the cache kmalloc-128 of size 128 [ 27.118386] The buggy address is located 0 bytes to the right of [ 27.118386] allocated 120-byte region [ffff88810255ee00, ffff88810255ee78) [ 27.119162] [ 27.119264] The buggy address belongs to the physical page: [ 27.119524] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10255e [ 27.120186] flags: 0x200000000000000(node=0|zone=2) [ 27.120594] page_type: f5(slab) [ 27.120795] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.121368] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.121785] page dumped because: kasan: bad access detected [ 27.122040] [ 27.122146] Memory state around the buggy address: [ 27.122623] ffff88810255ed00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.123015] ffff88810255ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.123826] >ffff88810255ee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.124551] ^ [ 27.124846] ffff88810255ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.125550] ffff88810255ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.125927] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 25.788075] ================================================================== [ 25.788380] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b88/0x5450 [ 25.788888] Read of size 4 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 25.789227] [ 25.789317] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.789372] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.789387] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.789412] Call Trace: [ 25.789428] <TASK> [ 25.789448] dump_stack_lvl+0x73/0xb0 [ 25.789480] print_report+0xd1/0x650 [ 25.789504] ? __virt_addr_valid+0x1db/0x2d0 [ 25.789529] ? kasan_atomics_helper+0x4b88/0x5450 [ 25.789552] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.789579] ? kasan_atomics_helper+0x4b88/0x5450 [ 25.789604] kasan_report+0x141/0x180 [ 25.789627] ? kasan_atomics_helper+0x4b88/0x5450 [ 25.789654] __asan_report_load4_noabort+0x18/0x20 [ 25.789681] kasan_atomics_helper+0x4b88/0x5450 [ 25.789706] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.789730] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.789757] ? kasan_atomics+0x152/0x310 [ 25.789784] kasan_atomics+0x1dc/0x310 [ 25.789809] ? __pfx_kasan_atomics+0x10/0x10 [ 25.789838] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.789865] ? __pfx_read_tsc+0x10/0x10 [ 25.789889] ? ktime_get_ts64+0x86/0x230 [ 25.789916] kunit_try_run_case+0x1a5/0x480 [ 25.789945] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.789971] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.789994] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.790032] ? __kthread_parkme+0x82/0x180 [ 25.790056] ? preempt_count_sub+0x50/0x80 [ 25.790091] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.790118] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.790143] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.790170] kthread+0x337/0x6f0 [ 25.790191] ? trace_preempt_on+0x20/0xc0 [ 25.790216] ? __pfx_kthread+0x10/0x10 [ 25.790238] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.790265] ? calculate_sigpending+0x7b/0xa0 [ 25.790290] ? __pfx_kthread+0x10/0x10 [ 25.790313] ret_from_fork+0x116/0x1d0 [ 25.790333] ? __pfx_kthread+0x10/0x10 [ 25.790355] ret_from_fork_asm+0x1a/0x30 [ 25.790387] </TASK> [ 25.790402] [ 25.802886] Allocated by task 314: [ 25.803100] kasan_save_stack+0x45/0x70 [ 25.803355] kasan_save_track+0x18/0x40 [ 25.803670] kasan_save_alloc_info+0x3b/0x50 [ 25.804023] __kasan_kmalloc+0xb7/0xc0 [ 25.804248] __kmalloc_cache_noprof+0x189/0x420 [ 25.804637] kasan_atomics+0x95/0x310 [ 25.804769] kunit_try_run_case+0x1a5/0x480 [ 25.804924] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.805191] kthread+0x337/0x6f0 [ 25.805361] ret_from_fork+0x116/0x1d0 [ 25.805550] ret_from_fork_asm+0x1a/0x30 [ 25.805751] [ 25.805833] The buggy address belongs to the object at ffff888105a1e600 [ 25.805833] which belongs to the cache kmalloc-64 of size 64 [ 25.806346] The buggy address is located 0 bytes to the right of [ 25.806346] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 25.806786] [ 25.806859] The buggy address belongs to the physical page: [ 25.807502] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 25.807885] flags: 0x200000000000000(node=0|zone=2) [ 25.808129] page_type: f5(slab) [ 25.808523] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.809227] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.809891] page dumped because: kasan: bad access detected [ 25.810339] [ 25.810554] Memory state around the buggy address: [ 25.811072] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.811749] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.812213] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.812626] ^ [ 25.812971] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.813407] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.814074] ================================================================== [ 26.029322] ================================================================== [ 26.029677] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x860/0x5450 [ 26.030192] Write of size 4 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.030473] [ 26.030603] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.030654] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.030669] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.030694] Call Trace: [ 26.030715] <TASK> [ 26.030736] dump_stack_lvl+0x73/0xb0 [ 26.030766] print_report+0xd1/0x650 [ 26.030791] ? __virt_addr_valid+0x1db/0x2d0 [ 26.030816] ? kasan_atomics_helper+0x860/0x5450 [ 26.030838] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.030865] ? kasan_atomics_helper+0x860/0x5450 [ 26.030888] kasan_report+0x141/0x180 [ 26.030911] ? kasan_atomics_helper+0x860/0x5450 [ 26.030970] kasan_check_range+0x10c/0x1c0 [ 26.030995] __kasan_check_write+0x18/0x20 [ 26.031020] kasan_atomics_helper+0x860/0x5450 [ 26.031054] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.031086] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.031114] ? kasan_atomics+0x152/0x310 [ 26.031142] kasan_atomics+0x1dc/0x310 [ 26.031174] ? __pfx_kasan_atomics+0x10/0x10 [ 26.031198] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.031234] ? __pfx_read_tsc+0x10/0x10 [ 26.031258] ? ktime_get_ts64+0x86/0x230 [ 26.031284] kunit_try_run_case+0x1a5/0x480 [ 26.031321] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.031346] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.031370] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.031404] ? __kthread_parkme+0x82/0x180 [ 26.031427] ? preempt_count_sub+0x50/0x80 [ 26.031452] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.031486] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.031512] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.031538] kthread+0x337/0x6f0 [ 26.031569] ? trace_preempt_on+0x20/0xc0 [ 26.031595] ? __pfx_kthread+0x10/0x10 [ 26.031617] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.031652] ? calculate_sigpending+0x7b/0xa0 [ 26.031677] ? __pfx_kthread+0x10/0x10 [ 26.031701] ret_from_fork+0x116/0x1d0 [ 26.031733] ? __pfx_kthread+0x10/0x10 [ 26.031755] ret_from_fork_asm+0x1a/0x30 [ 26.031788] </TASK> [ 26.031802] [ 26.039379] Allocated by task 314: [ 26.039556] kasan_save_stack+0x45/0x70 [ 26.039740] kasan_save_track+0x18/0x40 [ 26.039954] kasan_save_alloc_info+0x3b/0x50 [ 26.040175] __kasan_kmalloc+0xb7/0xc0 [ 26.040348] __kmalloc_cache_noprof+0x189/0x420 [ 26.040532] kasan_atomics+0x95/0x310 [ 26.040659] kunit_try_run_case+0x1a5/0x480 [ 26.040801] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.040996] kthread+0x337/0x6f0 [ 26.041150] ret_from_fork+0x116/0x1d0 [ 26.041356] ret_from_fork_asm+0x1a/0x30 [ 26.041550] [ 26.041641] The buggy address belongs to the object at ffff888105a1e600 [ 26.041641] which belongs to the cache kmalloc-64 of size 64 [ 26.042173] The buggy address is located 0 bytes to the right of [ 26.042173] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.042535] [ 26.042605] The buggy address belongs to the physical page: [ 26.042786] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.043189] flags: 0x200000000000000(node=0|zone=2) [ 26.043445] page_type: f5(slab) [ 26.043640] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.044023] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.044401] page dumped because: kasan: bad access detected [ 26.044654] [ 26.044721] Memory state around the buggy address: [ 26.044905] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.045230] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.045448] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.045682] ^ [ 26.045951] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.046274] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.046583] ================================================================== [ 26.119191] ================================================================== [ 26.119544] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xb6a/0x5450 [ 26.119880] Write of size 4 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.120172] [ 26.120283] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.120335] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.120349] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.120374] Call Trace: [ 26.120396] <TASK> [ 26.120417] dump_stack_lvl+0x73/0xb0 [ 26.120447] print_report+0xd1/0x650 [ 26.120470] ? __virt_addr_valid+0x1db/0x2d0 [ 26.120495] ? kasan_atomics_helper+0xb6a/0x5450 [ 26.120517] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.120545] ? kasan_atomics_helper+0xb6a/0x5450 [ 26.120568] kasan_report+0x141/0x180 [ 26.120591] ? kasan_atomics_helper+0xb6a/0x5450 [ 26.120618] kasan_check_range+0x10c/0x1c0 [ 26.120642] __kasan_check_write+0x18/0x20 [ 26.120667] kasan_atomics_helper+0xb6a/0x5450 [ 26.120690] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.120713] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.120741] ? kasan_atomics+0x152/0x310 [ 26.120768] kasan_atomics+0x1dc/0x310 [ 26.120791] ? __pfx_kasan_atomics+0x10/0x10 [ 26.120814] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.120839] ? __pfx_read_tsc+0x10/0x10 [ 26.120862] ? ktime_get_ts64+0x86/0x230 [ 26.120889] kunit_try_run_case+0x1a5/0x480 [ 26.120916] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.120941] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.120964] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.120986] ? __kthread_parkme+0x82/0x180 [ 26.121009] ? preempt_count_sub+0x50/0x80 [ 26.121034] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.121531] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.121592] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.121622] kthread+0x337/0x6f0 [ 26.121655] ? trace_preempt_on+0x20/0xc0 [ 26.121681] ? __pfx_kthread+0x10/0x10 [ 26.121704] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.121743] ? calculate_sigpending+0x7b/0xa0 [ 26.121770] ? __pfx_kthread+0x10/0x10 [ 26.121794] ret_from_fork+0x116/0x1d0 [ 26.121830] ? __pfx_kthread+0x10/0x10 [ 26.121853] ret_from_fork_asm+0x1a/0x30 [ 26.121897] </TASK> [ 26.121912] [ 26.129448] Allocated by task 314: [ 26.129635] kasan_save_stack+0x45/0x70 [ 26.129856] kasan_save_track+0x18/0x40 [ 26.130088] kasan_save_alloc_info+0x3b/0x50 [ 26.130258] __kasan_kmalloc+0xb7/0xc0 [ 26.130457] __kmalloc_cache_noprof+0x189/0x420 [ 26.130634] kasan_atomics+0x95/0x310 [ 26.130833] kunit_try_run_case+0x1a5/0x480 [ 26.131018] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.131284] kthread+0x337/0x6f0 [ 26.131436] ret_from_fork+0x116/0x1d0 [ 26.131635] ret_from_fork_asm+0x1a/0x30 [ 26.131844] [ 26.131977] The buggy address belongs to the object at ffff888105a1e600 [ 26.131977] which belongs to the cache kmalloc-64 of size 64 [ 26.132488] The buggy address is located 0 bytes to the right of [ 26.132488] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.132967] [ 26.133041] The buggy address belongs to the physical page: [ 26.133221] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.133460] flags: 0x200000000000000(node=0|zone=2) [ 26.133621] page_type: f5(slab) [ 26.133748] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.134144] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.134475] page dumped because: kasan: bad access detected [ 26.134720] [ 26.134809] Memory state around the buggy address: [ 26.135053] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.135361] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.135619] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.135969] ^ [ 26.136243] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.136572] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.136829] ================================================================== [ 26.858310] ================================================================== [ 26.858573] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1eaa/0x5450 [ 26.858791] Write of size 8 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.859047] [ 26.859173] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.859225] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.859239] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.859263] Call Trace: [ 26.859284] <TASK> [ 26.859323] dump_stack_lvl+0x73/0xb0 [ 26.859354] print_report+0xd1/0x650 [ 26.859378] ? __virt_addr_valid+0x1db/0x2d0 [ 26.859403] ? kasan_atomics_helper+0x1eaa/0x5450 [ 26.859425] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.859452] ? kasan_atomics_helper+0x1eaa/0x5450 [ 26.859475] kasan_report+0x141/0x180 [ 26.859499] ? kasan_atomics_helper+0x1eaa/0x5450 [ 26.859525] kasan_check_range+0x10c/0x1c0 [ 26.859550] __kasan_check_write+0x18/0x20 [ 26.859575] kasan_atomics_helper+0x1eaa/0x5450 [ 26.859599] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.859622] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.859647] ? kasan_atomics+0x152/0x310 [ 26.859675] kasan_atomics+0x1dc/0x310 [ 26.859698] ? __pfx_kasan_atomics+0x10/0x10 [ 26.859721] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.859747] ? __pfx_read_tsc+0x10/0x10 [ 26.859770] ? ktime_get_ts64+0x86/0x230 [ 26.859796] kunit_try_run_case+0x1a5/0x480 [ 26.859823] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.859849] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.859872] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.859895] ? __kthread_parkme+0x82/0x180 [ 26.859919] ? preempt_count_sub+0x50/0x80 [ 26.859953] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.859980] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.860007] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.860034] kthread+0x337/0x6f0 [ 26.860055] ? trace_preempt_on+0x20/0xc0 [ 26.860092] ? __pfx_kthread+0x10/0x10 [ 26.860114] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.860140] ? calculate_sigpending+0x7b/0xa0 [ 26.860166] ? __pfx_kthread+0x10/0x10 [ 26.860189] ret_from_fork+0x116/0x1d0 [ 26.860210] ? __pfx_kthread+0x10/0x10 [ 26.860232] ret_from_fork_asm+0x1a/0x30 [ 26.860263] </TASK> [ 26.860277] [ 26.866636] Allocated by task 314: [ 26.866812] kasan_save_stack+0x45/0x70 [ 26.867104] kasan_save_track+0x18/0x40 [ 26.867296] kasan_save_alloc_info+0x3b/0x50 [ 26.867506] __kasan_kmalloc+0xb7/0xc0 [ 26.867693] __kmalloc_cache_noprof+0x189/0x420 [ 26.867913] kasan_atomics+0x95/0x310 [ 26.868289] kunit_try_run_case+0x1a5/0x480 [ 26.868495] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.868747] kthread+0x337/0x6f0 [ 26.868912] ret_from_fork+0x116/0x1d0 [ 26.869097] ret_from_fork_asm+0x1a/0x30 [ 26.869234] [ 26.869301] The buggy address belongs to the object at ffff888105a1e600 [ 26.869301] which belongs to the cache kmalloc-64 of size 64 [ 26.869639] The buggy address is located 0 bytes to the right of [ 26.869639] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.870512] [ 26.870605] The buggy address belongs to the physical page: [ 26.870848] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.871418] flags: 0x200000000000000(node=0|zone=2) [ 26.871576] page_type: f5(slab) [ 26.871692] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.871915] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.872271] page dumped because: kasan: bad access detected [ 26.872532] [ 26.872623] Memory state around the buggy address: [ 26.872851] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.873170] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.873383] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.873689] ^ [ 26.873912] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.874245] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.874508] ================================================================== [ 26.780290] ================================================================== [ 26.780641] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f30/0x5450 [ 26.781034] Read of size 8 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.781418] [ 26.781531] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.781584] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.781599] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.781624] Call Trace: [ 26.781645] <TASK> [ 26.781668] dump_stack_lvl+0x73/0xb0 [ 26.781699] print_report+0xd1/0x650 [ 26.781723] ? __virt_addr_valid+0x1db/0x2d0 [ 26.781749] ? kasan_atomics_helper+0x4f30/0x5450 [ 26.781772] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.781799] ? kasan_atomics_helper+0x4f30/0x5450 [ 26.781832] kasan_report+0x141/0x180 [ 26.781856] ? kasan_atomics_helper+0x4f30/0x5450 [ 26.781884] __asan_report_load8_noabort+0x18/0x20 [ 26.781909] kasan_atomics_helper+0x4f30/0x5450 [ 26.781955] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.781989] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.782017] ? kasan_atomics+0x152/0x310 [ 26.782044] kasan_atomics+0x1dc/0x310 [ 26.782087] ? __pfx_kasan_atomics+0x10/0x10 [ 26.782119] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.782146] ? __pfx_read_tsc+0x10/0x10 [ 26.782179] ? ktime_get_ts64+0x86/0x230 [ 26.782206] kunit_try_run_case+0x1a5/0x480 [ 26.782235] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.782259] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.782283] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.782316] ? __kthread_parkme+0x82/0x180 [ 26.782338] ? preempt_count_sub+0x50/0x80 [ 26.782363] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.782399] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.782425] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.782451] kthread+0x337/0x6f0 [ 26.782481] ? trace_preempt_on+0x20/0xc0 [ 26.782506] ? __pfx_kthread+0x10/0x10 [ 26.782528] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.782564] ? calculate_sigpending+0x7b/0xa0 [ 26.782589] ? __pfx_kthread+0x10/0x10 [ 26.782613] ret_from_fork+0x116/0x1d0 [ 26.782642] ? __pfx_kthread+0x10/0x10 [ 26.782664] ret_from_fork_asm+0x1a/0x30 [ 26.782707] </TASK> [ 26.782721] [ 26.790180] Allocated by task 314: [ 26.790345] kasan_save_stack+0x45/0x70 [ 26.790488] kasan_save_track+0x18/0x40 [ 26.790620] kasan_save_alloc_info+0x3b/0x50 [ 26.790764] __kasan_kmalloc+0xb7/0xc0 [ 26.790893] __kmalloc_cache_noprof+0x189/0x420 [ 26.791811] kasan_atomics+0x95/0x310 [ 26.792258] kunit_try_run_case+0x1a5/0x480 [ 26.792850] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.793748] kthread+0x337/0x6f0 [ 26.794172] ret_from_fork+0x116/0x1d0 [ 26.794688] ret_from_fork_asm+0x1a/0x30 [ 26.795258] [ 26.795425] The buggy address belongs to the object at ffff888105a1e600 [ 26.795425] which belongs to the cache kmalloc-64 of size 64 [ 26.796458] The buggy address is located 0 bytes to the right of [ 26.796458] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.796823] [ 26.796898] The buggy address belongs to the physical page: [ 26.797075] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.798020] flags: 0x200000000000000(node=0|zone=2) [ 26.798490] page_type: f5(slab) [ 26.798819] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.799625] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.800360] page dumped because: kasan: bad access detected [ 26.800864] [ 26.801015] Memory state around the buggy address: [ 26.801385] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.801596] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.801801] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.802025] ^ [ 26.802385] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.803177] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.803801] ================================================================== [ 25.952020] ================================================================== [ 25.953042] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5fe/0x5450 [ 25.953512] Write of size 4 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 25.953827] [ 25.953917] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.953991] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.954007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.954032] Call Trace: [ 25.954055] <TASK> [ 25.954093] dump_stack_lvl+0x73/0xb0 [ 25.954125] print_report+0xd1/0x650 [ 25.954149] ? __virt_addr_valid+0x1db/0x2d0 [ 25.954175] ? kasan_atomics_helper+0x5fe/0x5450 [ 25.954207] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.954235] ? kasan_atomics_helper+0x5fe/0x5450 [ 25.954270] kasan_report+0x141/0x180 [ 25.954294] ? kasan_atomics_helper+0x5fe/0x5450 [ 25.954323] kasan_check_range+0x10c/0x1c0 [ 25.954347] __kasan_check_write+0x18/0x20 [ 25.954382] kasan_atomics_helper+0x5fe/0x5450 [ 25.954406] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.954440] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.954468] ? kasan_atomics+0x152/0x310 [ 25.954496] kasan_atomics+0x1dc/0x310 [ 25.954520] ? __pfx_kasan_atomics+0x10/0x10 [ 25.954553] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.954580] ? __pfx_read_tsc+0x10/0x10 [ 25.954614] ? ktime_get_ts64+0x86/0x230 [ 25.954641] kunit_try_run_case+0x1a5/0x480 [ 25.954669] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.954704] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.954727] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.954752] ? __kthread_parkme+0x82/0x180 [ 25.954785] ? preempt_count_sub+0x50/0x80 [ 25.954812] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.954839] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.954874] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.954901] kthread+0x337/0x6f0 [ 25.954933] ? trace_preempt_on+0x20/0xc0 [ 25.954970] ? __pfx_kthread+0x10/0x10 [ 25.954993] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.955020] ? calculate_sigpending+0x7b/0xa0 [ 25.955053] ? __pfx_kthread+0x10/0x10 [ 25.955086] ret_from_fork+0x116/0x1d0 [ 25.955108] ? __pfx_kthread+0x10/0x10 [ 25.955143] ret_from_fork_asm+0x1a/0x30 [ 25.955176] </TASK> [ 25.955190] [ 25.963591] Allocated by task 314: [ 25.963755] kasan_save_stack+0x45/0x70 [ 25.963973] kasan_save_track+0x18/0x40 [ 25.964169] kasan_save_alloc_info+0x3b/0x50 [ 25.964376] __kasan_kmalloc+0xb7/0xc0 [ 25.964577] __kmalloc_cache_noprof+0x189/0x420 [ 25.964782] kasan_atomics+0x95/0x310 [ 25.964977] kunit_try_run_case+0x1a5/0x480 [ 25.965208] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.965451] kthread+0x337/0x6f0 [ 25.965602] ret_from_fork+0x116/0x1d0 [ 25.965729] ret_from_fork_asm+0x1a/0x30 [ 25.965871] [ 25.965937] The buggy address belongs to the object at ffff888105a1e600 [ 25.965937] which belongs to the cache kmalloc-64 of size 64 [ 25.966299] The buggy address is located 0 bytes to the right of [ 25.966299] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 25.966912] [ 25.967045] The buggy address belongs to the physical page: [ 25.967304] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 25.967654] flags: 0x200000000000000(node=0|zone=2) [ 25.967886] page_type: f5(slab) [ 25.968219] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.968562] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.968887] page dumped because: kasan: bad access detected [ 25.969197] [ 25.969272] Memory state around the buggy address: [ 25.969429] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.969642] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.969863] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.970172] ^ [ 25.970396] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.970719] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.971168] ================================================================== [ 26.047450] ================================================================== [ 26.047798] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x8f9/0x5450 [ 26.048211] Write of size 4 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.048531] [ 26.048651] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.048712] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.048727] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.048751] Call Trace: [ 26.048785] <TASK> [ 26.048808] dump_stack_lvl+0x73/0xb0 [ 26.048839] print_report+0xd1/0x650 [ 26.048870] ? __virt_addr_valid+0x1db/0x2d0 [ 26.048896] ? kasan_atomics_helper+0x8f9/0x5450 [ 26.048943] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.048971] ? kasan_atomics_helper+0x8f9/0x5450 [ 26.048994] kasan_report+0x141/0x180 [ 26.049024] ? kasan_atomics_helper+0x8f9/0x5450 [ 26.049051] kasan_check_range+0x10c/0x1c0 [ 26.049092] __kasan_check_write+0x18/0x20 [ 26.049116] kasan_atomics_helper+0x8f9/0x5450 [ 26.049140] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.049173] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.049209] ? kasan_atomics+0x152/0x310 [ 26.049235] kasan_atomics+0x1dc/0x310 [ 26.049259] ? __pfx_kasan_atomics+0x10/0x10 [ 26.049292] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.049318] ? __pfx_read_tsc+0x10/0x10 [ 26.049341] ? ktime_get_ts64+0x86/0x230 [ 26.049377] kunit_try_run_case+0x1a5/0x480 [ 26.049404] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.049429] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.049457] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.049480] ? __kthread_parkme+0x82/0x180 [ 26.049502] ? preempt_count_sub+0x50/0x80 [ 26.049527] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.049553] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.049580] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.049606] kthread+0x337/0x6f0 [ 26.049626] ? trace_preempt_on+0x20/0xc0 [ 26.049651] ? __pfx_kthread+0x10/0x10 [ 26.049673] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.049699] ? calculate_sigpending+0x7b/0xa0 [ 26.049724] ? __pfx_kthread+0x10/0x10 [ 26.049746] ret_from_fork+0x116/0x1d0 [ 26.049768] ? __pfx_kthread+0x10/0x10 [ 26.049790] ret_from_fork_asm+0x1a/0x30 [ 26.049828] </TASK> [ 26.049843] [ 26.057197] Allocated by task 314: [ 26.057381] kasan_save_stack+0x45/0x70 [ 26.057600] kasan_save_track+0x18/0x40 [ 26.057785] kasan_save_alloc_info+0x3b/0x50 [ 26.058007] __kasan_kmalloc+0xb7/0xc0 [ 26.058213] __kmalloc_cache_noprof+0x189/0x420 [ 26.058425] kasan_atomics+0x95/0x310 [ 26.058599] kunit_try_run_case+0x1a5/0x480 [ 26.058795] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.059099] kthread+0x337/0x6f0 [ 26.059221] ret_from_fork+0x116/0x1d0 [ 26.059350] ret_from_fork_asm+0x1a/0x30 [ 26.059546] [ 26.059652] The buggy address belongs to the object at ffff888105a1e600 [ 26.059652] which belongs to the cache kmalloc-64 of size 64 [ 26.060213] The buggy address is located 0 bytes to the right of [ 26.060213] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.060628] [ 26.060712] The buggy address belongs to the physical page: [ 26.060990] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.061364] flags: 0x200000000000000(node=0|zone=2) [ 26.061584] page_type: f5(slab) [ 26.061724] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.062122] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.062433] page dumped because: kasan: bad access detected [ 26.062688] [ 26.062770] Memory state around the buggy address: [ 26.063002] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.063327] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.063620] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.063848] ^ [ 26.064016] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.064236] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.064443] ================================================================== [ 26.725180] ================================================================== [ 26.725654] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1a7f/0x5450 [ 26.726089] Write of size 8 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.726438] [ 26.726542] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.726604] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.726618] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.726642] Call Trace: [ 26.726676] <TASK> [ 26.726697] dump_stack_lvl+0x73/0xb0 [ 26.726727] print_report+0xd1/0x650 [ 26.726763] ? __virt_addr_valid+0x1db/0x2d0 [ 26.726788] ? kasan_atomics_helper+0x1a7f/0x5450 [ 26.726810] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.726849] ? kasan_atomics_helper+0x1a7f/0x5450 [ 26.726872] kasan_report+0x141/0x180 [ 26.726896] ? kasan_atomics_helper+0x1a7f/0x5450 [ 26.726934] kasan_check_range+0x10c/0x1c0 [ 26.726959] __kasan_check_write+0x18/0x20 [ 26.726993] kasan_atomics_helper+0x1a7f/0x5450 [ 26.727017] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.727041] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.727077] ? kasan_atomics+0x152/0x310 [ 26.727104] kasan_atomics+0x1dc/0x310 [ 26.727138] ? __pfx_kasan_atomics+0x10/0x10 [ 26.727161] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.727188] ? __pfx_read_tsc+0x10/0x10 [ 26.727222] ? ktime_get_ts64+0x86/0x230 [ 26.727249] kunit_try_run_case+0x1a5/0x480 [ 26.727275] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.727300] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.727322] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.727344] ? __kthread_parkme+0x82/0x180 [ 26.727367] ? preempt_count_sub+0x50/0x80 [ 26.727392] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.727418] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.727443] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.727469] kthread+0x337/0x6f0 [ 26.727490] ? trace_preempt_on+0x20/0xc0 [ 26.727516] ? __pfx_kthread+0x10/0x10 [ 26.727537] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.727563] ? calculate_sigpending+0x7b/0xa0 [ 26.727589] ? __pfx_kthread+0x10/0x10 [ 26.727612] ret_from_fork+0x116/0x1d0 [ 26.727633] ? __pfx_kthread+0x10/0x10 [ 26.727655] ret_from_fork_asm+0x1a/0x30 [ 26.727687] </TASK> [ 26.727700] [ 26.735353] Allocated by task 314: [ 26.735486] kasan_save_stack+0x45/0x70 [ 26.735624] kasan_save_track+0x18/0x40 [ 26.735754] kasan_save_alloc_info+0x3b/0x50 [ 26.735906] __kasan_kmalloc+0xb7/0xc0 [ 26.736099] __kmalloc_cache_noprof+0x189/0x420 [ 26.736338] kasan_atomics+0x95/0x310 [ 26.736537] kunit_try_run_case+0x1a5/0x480 [ 26.736770] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.737137] kthread+0x337/0x6f0 [ 26.737302] ret_from_fork+0x116/0x1d0 [ 26.737508] ret_from_fork_asm+0x1a/0x30 [ 26.737677] [ 26.737769] The buggy address belongs to the object at ffff888105a1e600 [ 26.737769] which belongs to the cache kmalloc-64 of size 64 [ 26.738310] The buggy address is located 0 bytes to the right of [ 26.738310] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.738763] [ 26.738860] The buggy address belongs to the physical page: [ 26.739147] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.739493] flags: 0x200000000000000(node=0|zone=2) [ 26.739712] page_type: f5(slab) [ 26.739886] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.740238] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.740532] page dumped because: kasan: bad access detected [ 26.740758] [ 26.740846] Memory state around the buggy address: [ 26.741103] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.741387] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.741621] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.741834] ^ [ 26.741983] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.742204] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.742420] ================================================================== [ 25.743336] ================================================================== [ 25.743912] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4bbc/0x5450 [ 25.744200] Read of size 4 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 25.744575] [ 25.744672] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.744728] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.744742] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.744767] Call Trace: [ 25.744782] <TASK> [ 25.744803] dump_stack_lvl+0x73/0xb0 [ 25.744835] print_report+0xd1/0x650 [ 25.744859] ? __virt_addr_valid+0x1db/0x2d0 [ 25.744885] ? kasan_atomics_helper+0x4bbc/0x5450 [ 25.744907] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.744933] ? kasan_atomics_helper+0x4bbc/0x5450 [ 25.744956] kasan_report+0x141/0x180 [ 25.744978] ? kasan_atomics_helper+0x4bbc/0x5450 [ 25.745004] __asan_report_load4_noabort+0x18/0x20 [ 25.745029] kasan_atomics_helper+0x4bbc/0x5450 [ 25.745051] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.745087] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.745113] ? kasan_atomics+0x152/0x310 [ 25.745140] kasan_atomics+0x1dc/0x310 [ 25.745163] ? __pfx_kasan_atomics+0x10/0x10 [ 25.745230] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.745259] ? __pfx_read_tsc+0x10/0x10 [ 25.745283] ? ktime_get_ts64+0x86/0x230 [ 25.745310] kunit_try_run_case+0x1a5/0x480 [ 25.745338] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.745362] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.745383] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.745406] ? __kthread_parkme+0x82/0x180 [ 25.745428] ? preempt_count_sub+0x50/0x80 [ 25.745454] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.745479] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.745505] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.745530] kthread+0x337/0x6f0 [ 25.745550] ? trace_preempt_on+0x20/0xc0 [ 25.745574] ? __pfx_kthread+0x10/0x10 [ 25.745595] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.745620] ? calculate_sigpending+0x7b/0xa0 [ 25.745646] ? __pfx_kthread+0x10/0x10 [ 25.745668] ret_from_fork+0x116/0x1d0 [ 25.745688] ? __pfx_kthread+0x10/0x10 [ 25.745709] ret_from_fork_asm+0x1a/0x30 [ 25.745741] </TASK> [ 25.745754] [ 25.756727] Allocated by task 314: [ 25.757082] kasan_save_stack+0x45/0x70 [ 25.757276] kasan_save_track+0x18/0x40 [ 25.757441] kasan_save_alloc_info+0x3b/0x50 [ 25.757650] __kasan_kmalloc+0xb7/0xc0 [ 25.757918] __kmalloc_cache_noprof+0x189/0x420 [ 25.758116] kasan_atomics+0x95/0x310 [ 25.758311] kunit_try_run_case+0x1a5/0x480 [ 25.758524] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.758784] kthread+0x337/0x6f0 [ 25.758957] ret_from_fork+0x116/0x1d0 [ 25.759141] ret_from_fork_asm+0x1a/0x30 [ 25.759440] [ 25.759509] The buggy address belongs to the object at ffff888105a1e600 [ 25.759509] which belongs to the cache kmalloc-64 of size 64 [ 25.760414] The buggy address is located 0 bytes to the right of [ 25.760414] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 25.761324] [ 25.761564] The buggy address belongs to the physical page: [ 25.761926] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 25.762573] flags: 0x200000000000000(node=0|zone=2) [ 25.762850] page_type: f5(slab) [ 25.763245] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.763688] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.764160] page dumped because: kasan: bad access detected [ 25.764651] [ 25.764753] Memory state around the buggy address: [ 25.765158] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.765589] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.765892] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.766435] ^ [ 25.766868] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.767378] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.767780] ================================================================== [ 26.596518] ================================================================== [ 26.596819] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16e7/0x5450 [ 26.597358] Write of size 8 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.597593] [ 26.597682] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.597737] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.597753] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.597778] Call Trace: [ 26.597802] <TASK> [ 26.597832] dump_stack_lvl+0x73/0xb0 [ 26.597864] print_report+0xd1/0x650 [ 26.597889] ? __virt_addr_valid+0x1db/0x2d0 [ 26.597916] ? kasan_atomics_helper+0x16e7/0x5450 [ 26.597939] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.597967] ? kasan_atomics_helper+0x16e7/0x5450 [ 26.598012] kasan_report+0x141/0x180 [ 26.598036] ? kasan_atomics_helper+0x16e7/0x5450 [ 26.598083] kasan_check_range+0x10c/0x1c0 [ 26.598110] __kasan_check_write+0x18/0x20 [ 26.598135] kasan_atomics_helper+0x16e7/0x5450 [ 26.598160] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.598185] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.598213] ? kasan_atomics+0x152/0x310 [ 26.598241] kasan_atomics+0x1dc/0x310 [ 26.598267] ? __pfx_kasan_atomics+0x10/0x10 [ 26.598291] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.598321] ? __pfx_read_tsc+0x10/0x10 [ 26.598346] ? ktime_get_ts64+0x86/0x230 [ 26.598374] kunit_try_run_case+0x1a5/0x480 [ 26.598402] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.598429] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.598451] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.598476] ? __kthread_parkme+0x82/0x180 [ 26.598499] ? preempt_count_sub+0x50/0x80 [ 26.598525] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.598553] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.598580] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.598607] kthread+0x337/0x6f0 [ 26.598630] ? trace_preempt_on+0x20/0xc0 [ 26.598656] ? __pfx_kthread+0x10/0x10 [ 26.598679] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.598706] ? calculate_sigpending+0x7b/0xa0 [ 26.598732] ? __pfx_kthread+0x10/0x10 [ 26.598756] ret_from_fork+0x116/0x1d0 [ 26.598778] ? __pfx_kthread+0x10/0x10 [ 26.598801] ret_from_fork_asm+0x1a/0x30 [ 26.598834] </TASK> [ 26.598848] [ 26.606909] Allocated by task 314: [ 26.607057] kasan_save_stack+0x45/0x70 [ 26.607222] kasan_save_track+0x18/0x40 [ 26.607613] kasan_save_alloc_info+0x3b/0x50 [ 26.608002] __kasan_kmalloc+0xb7/0xc0 [ 26.608349] __kmalloc_cache_noprof+0x189/0x420 [ 26.608755] kasan_atomics+0x95/0x310 [ 26.609116] kunit_try_run_case+0x1a5/0x480 [ 26.609521] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.610034] kthread+0x337/0x6f0 [ 26.610344] ret_from_fork+0x116/0x1d0 [ 26.610687] ret_from_fork_asm+0x1a/0x30 [ 26.611044] [ 26.611254] The buggy address belongs to the object at ffff888105a1e600 [ 26.611254] which belongs to the cache kmalloc-64 of size 64 [ 26.612545] The buggy address is located 0 bytes to the right of [ 26.612545] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.613925] [ 26.614108] The buggy address belongs to the physical page: [ 26.614618] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.615317] flags: 0x200000000000000(node=0|zone=2) [ 26.615764] page_type: f5(slab) [ 26.616081] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.616524] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.616753] page dumped because: kasan: bad access detected [ 26.616933] [ 26.617108] Memory state around the buggy address: [ 26.617540] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.618233] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.618851] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.619644] ^ [ 26.620138] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.620756] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.621229] ================================================================== [ 26.409138] ================================================================== [ 26.409470] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12e6/0x5450 [ 26.409789] Write of size 4 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.410450] [ 26.410675] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.410848] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.410869] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.410896] Call Trace: [ 26.410942] <TASK> [ 26.410967] dump_stack_lvl+0x73/0xb0 [ 26.411038] print_report+0xd1/0x650 [ 26.411078] ? __virt_addr_valid+0x1db/0x2d0 [ 26.411107] ? kasan_atomics_helper+0x12e6/0x5450 [ 26.411130] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.411158] ? kasan_atomics_helper+0x12e6/0x5450 [ 26.411181] kasan_report+0x141/0x180 [ 26.411204] ? kasan_atomics_helper+0x12e6/0x5450 [ 26.411231] kasan_check_range+0x10c/0x1c0 [ 26.411256] __kasan_check_write+0x18/0x20 [ 26.411280] kasan_atomics_helper+0x12e6/0x5450 [ 26.411305] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.411329] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.411356] ? kasan_atomics+0x152/0x310 [ 26.411383] kasan_atomics+0x1dc/0x310 [ 26.411407] ? __pfx_kasan_atomics+0x10/0x10 [ 26.411430] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.411457] ? __pfx_read_tsc+0x10/0x10 [ 26.411480] ? ktime_get_ts64+0x86/0x230 [ 26.411507] kunit_try_run_case+0x1a5/0x480 [ 26.411534] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.411559] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.411581] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.411604] ? __kthread_parkme+0x82/0x180 [ 26.411626] ? preempt_count_sub+0x50/0x80 [ 26.411652] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.411678] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.411703] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.411730] kthread+0x337/0x6f0 [ 26.411750] ? trace_preempt_on+0x20/0xc0 [ 26.411775] ? __pfx_kthread+0x10/0x10 [ 26.411797] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.411821] ? calculate_sigpending+0x7b/0xa0 [ 26.411847] ? __pfx_kthread+0x10/0x10 [ 26.411869] ret_from_fork+0x116/0x1d0 [ 26.411892] ? __pfx_kthread+0x10/0x10 [ 26.411916] ret_from_fork_asm+0x1a/0x30 [ 26.411949] </TASK> [ 26.411963] [ 26.423585] Allocated by task 314: [ 26.423934] kasan_save_stack+0x45/0x70 [ 26.424334] kasan_save_track+0x18/0x40 [ 26.424713] kasan_save_alloc_info+0x3b/0x50 [ 26.425153] __kasan_kmalloc+0xb7/0xc0 [ 26.425464] __kmalloc_cache_noprof+0x189/0x420 [ 26.425881] kasan_atomics+0x95/0x310 [ 26.426241] kunit_try_run_case+0x1a5/0x480 [ 26.426554] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.427107] kthread+0x337/0x6f0 [ 26.427404] ret_from_fork+0x116/0x1d0 [ 26.427721] ret_from_fork_asm+0x1a/0x30 [ 26.428139] [ 26.428241] The buggy address belongs to the object at ffff888105a1e600 [ 26.428241] which belongs to the cache kmalloc-64 of size 64 [ 26.428724] The buggy address is located 0 bytes to the right of [ 26.428724] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.429576] [ 26.429684] The buggy address belongs to the physical page: [ 26.429919] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.430609] flags: 0x200000000000000(node=0|zone=2) [ 26.430832] page_type: f5(slab) [ 26.431260] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.431699] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.432299] page dumped because: kasan: bad access detected [ 26.432609] [ 26.432831] Memory state around the buggy address: [ 26.433373] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.433810] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.434330] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.434624] ^ [ 26.434826] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.435395] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.435696] ================================================================== [ 26.175490] ================================================================== [ 26.175849] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd47/0x5450 [ 26.176238] Write of size 4 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.176561] [ 26.176661] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.176714] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.176727] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.176752] Call Trace: [ 26.176785] <TASK> [ 26.176805] dump_stack_lvl+0x73/0xb0 [ 26.176835] print_report+0xd1/0x650 [ 26.176872] ? __virt_addr_valid+0x1db/0x2d0 [ 26.176897] ? kasan_atomics_helper+0xd47/0x5450 [ 26.176925] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.176961] ? kasan_atomics_helper+0xd47/0x5450 [ 26.176984] kasan_report+0x141/0x180 [ 26.177007] ? kasan_atomics_helper+0xd47/0x5450 [ 26.177044] kasan_check_range+0x10c/0x1c0 [ 26.177082] __kasan_check_write+0x18/0x20 [ 26.177128] kasan_atomics_helper+0xd47/0x5450 [ 26.177151] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.177175] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.177212] ? kasan_atomics+0x152/0x310 [ 26.177240] kasan_atomics+0x1dc/0x310 [ 26.177263] ? __pfx_kasan_atomics+0x10/0x10 [ 26.177295] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.177322] ? __pfx_read_tsc+0x10/0x10 [ 26.177356] ? ktime_get_ts64+0x86/0x230 [ 26.177382] kunit_try_run_case+0x1a5/0x480 [ 26.177410] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.177434] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.177456] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.177488] ? __kthread_parkme+0x82/0x180 [ 26.177510] ? preempt_count_sub+0x50/0x80 [ 26.177534] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.177571] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.177598] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.177624] kthread+0x337/0x6f0 [ 26.177645] ? trace_preempt_on+0x20/0xc0 [ 26.177670] ? __pfx_kthread+0x10/0x10 [ 26.177692] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.177717] ? calculate_sigpending+0x7b/0xa0 [ 26.177744] ? __pfx_kthread+0x10/0x10 [ 26.177766] ret_from_fork+0x116/0x1d0 [ 26.177787] ? __pfx_kthread+0x10/0x10 [ 26.177810] ret_from_fork_asm+0x1a/0x30 [ 26.177849] </TASK> [ 26.177864] [ 26.185388] Allocated by task 314: [ 26.185516] kasan_save_stack+0x45/0x70 [ 26.185715] kasan_save_track+0x18/0x40 [ 26.185904] kasan_save_alloc_info+0x3b/0x50 [ 26.186145] __kasan_kmalloc+0xb7/0xc0 [ 26.186311] __kmalloc_cache_noprof+0x189/0x420 [ 26.186534] kasan_atomics+0x95/0x310 [ 26.186712] kunit_try_run_case+0x1a5/0x480 [ 26.186910] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.187184] kthread+0x337/0x6f0 [ 26.187327] ret_from_fork+0x116/0x1d0 [ 26.187531] ret_from_fork_asm+0x1a/0x30 [ 26.187712] [ 26.187788] The buggy address belongs to the object at ffff888105a1e600 [ 26.187788] which belongs to the cache kmalloc-64 of size 64 [ 26.188313] The buggy address is located 0 bytes to the right of [ 26.188313] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.188721] [ 26.188792] The buggy address belongs to the physical page: [ 26.188984] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.189323] flags: 0x200000000000000(node=0|zone=2) [ 26.189572] page_type: f5(slab) [ 26.189736] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.190105] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.190354] page dumped because: kasan: bad access detected [ 26.190521] [ 26.190587] Memory state around the buggy address: [ 26.190736] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.191110] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.191428] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.191755] ^ [ 26.192002] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.192335] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.192617] ================================================================== [ 26.894865] ================================================================== [ 26.895283] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f71/0x5450 [ 26.895636] Read of size 8 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.895997] [ 26.896126] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.896180] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.896196] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.896222] Call Trace: [ 26.896246] <TASK> [ 26.896267] dump_stack_lvl+0x73/0xb0 [ 26.896299] print_report+0xd1/0x650 [ 26.896324] ? __virt_addr_valid+0x1db/0x2d0 [ 26.896351] ? kasan_atomics_helper+0x4f71/0x5450 [ 26.896374] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.896403] ? kasan_atomics_helper+0x4f71/0x5450 [ 26.896428] kasan_report+0x141/0x180 [ 26.896452] ? kasan_atomics_helper+0x4f71/0x5450 [ 26.896481] __asan_report_load8_noabort+0x18/0x20 [ 26.896508] kasan_atomics_helper+0x4f71/0x5450 [ 26.896533] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.896557] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.896585] ? kasan_atomics+0x152/0x310 [ 26.896615] kasan_atomics+0x1dc/0x310 [ 26.896640] ? __pfx_kasan_atomics+0x10/0x10 [ 26.896664] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.896691] ? __pfx_read_tsc+0x10/0x10 [ 26.896716] ? ktime_get_ts64+0x86/0x230 [ 26.896743] kunit_try_run_case+0x1a5/0x480 [ 26.896772] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.896798] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.896822] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.896847] ? __kthread_parkme+0x82/0x180 [ 26.896870] ? preempt_count_sub+0x50/0x80 [ 26.896896] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.896946] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.896975] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.897003] kthread+0x337/0x6f0 [ 26.897025] ? trace_preempt_on+0x20/0xc0 [ 26.897052] ? __pfx_kthread+0x10/0x10 [ 26.897084] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.897112] ? calculate_sigpending+0x7b/0xa0 [ 26.897139] ? __pfx_kthread+0x10/0x10 [ 26.897165] ret_from_fork+0x116/0x1d0 [ 26.897188] ? __pfx_kthread+0x10/0x10 [ 26.897211] ret_from_fork_asm+0x1a/0x30 [ 26.897246] </TASK> [ 26.897260] [ 26.904729] Allocated by task 314: [ 26.904872] kasan_save_stack+0x45/0x70 [ 26.905084] kasan_save_track+0x18/0x40 [ 26.905279] kasan_save_alloc_info+0x3b/0x50 [ 26.905472] __kasan_kmalloc+0xb7/0xc0 [ 26.905605] __kmalloc_cache_noprof+0x189/0x420 [ 26.905818] kasan_atomics+0x95/0x310 [ 26.906043] kunit_try_run_case+0x1a5/0x480 [ 26.906284] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.906474] kthread+0x337/0x6f0 [ 26.906594] ret_from_fork+0x116/0x1d0 [ 26.906729] ret_from_fork_asm+0x1a/0x30 [ 26.906870] [ 26.906965] The buggy address belongs to the object at ffff888105a1e600 [ 26.906965] which belongs to the cache kmalloc-64 of size 64 [ 26.907332] The buggy address is located 0 bytes to the right of [ 26.907332] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.907744] [ 26.907840] The buggy address belongs to the physical page: [ 26.908140] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.908507] flags: 0x200000000000000(node=0|zone=2) [ 26.908751] page_type: f5(slab) [ 26.908942] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.909298] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.909632] page dumped because: kasan: bad access detected [ 26.909824] [ 26.909893] Memory state around the buggy address: [ 26.910077] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.910298] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.910515] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.910742] ^ [ 26.911001] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.911333] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.911659] ================================================================== [ 25.837908] ================================================================== [ 25.838189] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df/0x5450 [ 25.838602] Read of size 4 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 25.838970] [ 25.839096] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.839149] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.839164] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.839265] Call Trace: [ 25.839293] <TASK> [ 25.839346] dump_stack_lvl+0x73/0xb0 [ 25.839380] print_report+0xd1/0x650 [ 25.839433] ? __virt_addr_valid+0x1db/0x2d0 [ 25.839459] ? kasan_atomics_helper+0x3df/0x5450 [ 25.839493] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.839522] ? kasan_atomics_helper+0x3df/0x5450 [ 25.839545] kasan_report+0x141/0x180 [ 25.839569] ? kasan_atomics_helper+0x3df/0x5450 [ 25.839595] kasan_check_range+0x10c/0x1c0 [ 25.839620] __kasan_check_read+0x15/0x20 [ 25.839645] kasan_atomics_helper+0x3df/0x5450 [ 25.839669] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.839692] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.839720] ? kasan_atomics+0x152/0x310 [ 25.839748] kasan_atomics+0x1dc/0x310 [ 25.839772] ? __pfx_kasan_atomics+0x10/0x10 [ 25.839821] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.839847] ? __pfx_read_tsc+0x10/0x10 [ 25.839882] ? ktime_get_ts64+0x86/0x230 [ 25.839909] kunit_try_run_case+0x1a5/0x480 [ 25.839945] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.839970] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.839993] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.840017] ? __kthread_parkme+0x82/0x180 [ 25.840039] ? preempt_count_sub+0x50/0x80 [ 25.840075] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.840101] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.840127] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.840154] kthread+0x337/0x6f0 [ 25.840249] ? trace_preempt_on+0x20/0xc0 [ 25.840293] ? __pfx_kthread+0x10/0x10 [ 25.840317] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.840345] ? calculate_sigpending+0x7b/0xa0 [ 25.840401] ? __pfx_kthread+0x10/0x10 [ 25.840426] ret_from_fork+0x116/0x1d0 [ 25.840448] ? __pfx_kthread+0x10/0x10 [ 25.840481] ret_from_fork_asm+0x1a/0x30 [ 25.840514] </TASK> [ 25.840528] [ 25.850689] Allocated by task 314: [ 25.850876] kasan_save_stack+0x45/0x70 [ 25.851153] kasan_save_track+0x18/0x40 [ 25.851289] kasan_save_alloc_info+0x3b/0x50 [ 25.851632] __kasan_kmalloc+0xb7/0xc0 [ 25.851880] __kmalloc_cache_noprof+0x189/0x420 [ 25.852227] kasan_atomics+0x95/0x310 [ 25.852427] kunit_try_run_case+0x1a5/0x480 [ 25.852633] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.852898] kthread+0x337/0x6f0 [ 25.853037] ret_from_fork+0x116/0x1d0 [ 25.853425] ret_from_fork_asm+0x1a/0x30 [ 25.853849] [ 25.853966] The buggy address belongs to the object at ffff888105a1e600 [ 25.853966] which belongs to the cache kmalloc-64 of size 64 [ 25.854663] The buggy address is located 0 bytes to the right of [ 25.854663] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 25.855263] [ 25.855426] The buggy address belongs to the physical page: [ 25.855673] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 25.855931] flags: 0x200000000000000(node=0|zone=2) [ 25.856180] page_type: f5(slab) [ 25.856500] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.856822] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.857048] page dumped because: kasan: bad access detected [ 25.857282] [ 25.857396] Memory state around the buggy address: [ 25.857681] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.858380] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.858704] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.858920] ^ [ 25.859180] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.859626] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.860452] ================================================================== [ 26.687001] ================================================================== [ 26.688245] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x194a/0x5450 [ 26.688639] Write of size 8 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.688878] [ 26.689006] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.689073] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.689090] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.689118] Call Trace: [ 26.689140] <TASK> [ 26.689163] dump_stack_lvl+0x73/0xb0 [ 26.689194] print_report+0xd1/0x650 [ 26.689219] ? __virt_addr_valid+0x1db/0x2d0 [ 26.689245] ? kasan_atomics_helper+0x194a/0x5450 [ 26.689269] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.689298] ? kasan_atomics_helper+0x194a/0x5450 [ 26.689321] kasan_report+0x141/0x180 [ 26.689345] ? kasan_atomics_helper+0x194a/0x5450 [ 26.689373] kasan_check_range+0x10c/0x1c0 [ 26.689398] __kasan_check_write+0x18/0x20 [ 26.689434] kasan_atomics_helper+0x194a/0x5450 [ 26.689459] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.689494] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.689522] ? kasan_atomics+0x152/0x310 [ 26.689549] kasan_atomics+0x1dc/0x310 [ 26.689575] ? __pfx_kasan_atomics+0x10/0x10 [ 26.689598] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.689624] ? __pfx_read_tsc+0x10/0x10 [ 26.689648] ? ktime_get_ts64+0x86/0x230 [ 26.689675] kunit_try_run_case+0x1a5/0x480 [ 26.689702] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.689728] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.689751] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.689774] ? __kthread_parkme+0x82/0x180 [ 26.689797] ? preempt_count_sub+0x50/0x80 [ 26.689828] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.689855] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.689880] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.689906] kthread+0x337/0x6f0 [ 26.689936] ? trace_preempt_on+0x20/0xc0 [ 26.689963] ? __pfx_kthread+0x10/0x10 [ 26.689985] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.690011] ? calculate_sigpending+0x7b/0xa0 [ 26.690036] ? __pfx_kthread+0x10/0x10 [ 26.690070] ret_from_fork+0x116/0x1d0 [ 26.690093] ? __pfx_kthread+0x10/0x10 [ 26.690115] ret_from_fork_asm+0x1a/0x30 [ 26.690157] </TASK> [ 26.690171] [ 26.697874] Allocated by task 314: [ 26.698281] kasan_save_stack+0x45/0x70 [ 26.698487] kasan_save_track+0x18/0x40 [ 26.698670] kasan_save_alloc_info+0x3b/0x50 [ 26.698844] __kasan_kmalloc+0xb7/0xc0 [ 26.699092] __kmalloc_cache_noprof+0x189/0x420 [ 26.699273] kasan_atomics+0x95/0x310 [ 26.699402] kunit_try_run_case+0x1a5/0x480 [ 26.699546] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.699738] kthread+0x337/0x6f0 [ 26.699903] ret_from_fork+0x116/0x1d0 [ 26.700095] ret_from_fork_asm+0x1a/0x30 [ 26.700312] [ 26.700404] The buggy address belongs to the object at ffff888105a1e600 [ 26.700404] which belongs to the cache kmalloc-64 of size 64 [ 26.701085] The buggy address is located 0 bytes to the right of [ 26.701085] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.701448] [ 26.701519] The buggy address belongs to the physical page: [ 26.701700] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.702244] flags: 0x200000000000000(node=0|zone=2) [ 26.702506] page_type: f5(slab) [ 26.702688] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.703075] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.703551] page dumped because: kasan: bad access detected [ 26.703806] [ 26.703919] Memory state around the buggy address: [ 26.704135] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.704378] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.704612] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.704966] ^ [ 26.705201] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.705504] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.705783] ================================================================== [ 26.841014] ================================================================== [ 26.841385] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1e12/0x5450 [ 26.841607] Write of size 8 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.841815] [ 26.841904] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.841956] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.841971] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.841996] Call Trace: [ 26.842018] <TASK> [ 26.842040] dump_stack_lvl+0x73/0xb0 [ 26.842082] print_report+0xd1/0x650 [ 26.842106] ? __virt_addr_valid+0x1db/0x2d0 [ 26.842132] ? kasan_atomics_helper+0x1e12/0x5450 [ 26.842155] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.842183] ? kasan_atomics_helper+0x1e12/0x5450 [ 26.842206] kasan_report+0x141/0x180 [ 26.842229] ? kasan_atomics_helper+0x1e12/0x5450 [ 26.842257] kasan_check_range+0x10c/0x1c0 [ 26.842281] __kasan_check_write+0x18/0x20 [ 26.842306] kasan_atomics_helper+0x1e12/0x5450 [ 26.842329] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.842352] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.842379] ? kasan_atomics+0x152/0x310 [ 26.842406] kasan_atomics+0x1dc/0x310 [ 26.842429] ? __pfx_kasan_atomics+0x10/0x10 [ 26.842452] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.842479] ? __pfx_read_tsc+0x10/0x10 [ 26.842502] ? ktime_get_ts64+0x86/0x230 [ 26.842529] kunit_try_run_case+0x1a5/0x480 [ 26.842556] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.842582] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.842605] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.842629] ? __kthread_parkme+0x82/0x180 [ 26.842651] ? preempt_count_sub+0x50/0x80 [ 26.842676] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.842702] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.842728] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.842754] kthread+0x337/0x6f0 [ 26.842775] ? trace_preempt_on+0x20/0xc0 [ 26.842800] ? __pfx_kthread+0x10/0x10 [ 26.842823] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.842849] ? calculate_sigpending+0x7b/0xa0 [ 26.842874] ? __pfx_kthread+0x10/0x10 [ 26.842897] ret_from_fork+0x116/0x1d0 [ 26.842917] ? __pfx_kthread+0x10/0x10 [ 26.842952] ret_from_fork_asm+0x1a/0x30 [ 26.842984] </TASK> [ 26.842997] [ 26.850294] Allocated by task 314: [ 26.850483] kasan_save_stack+0x45/0x70 [ 26.850683] kasan_save_track+0x18/0x40 [ 26.850868] kasan_save_alloc_info+0x3b/0x50 [ 26.851238] __kasan_kmalloc+0xb7/0xc0 [ 26.851423] __kmalloc_cache_noprof+0x189/0x420 [ 26.851616] kasan_atomics+0x95/0x310 [ 26.851762] kunit_try_run_case+0x1a5/0x480 [ 26.851944] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.852123] kthread+0x337/0x6f0 [ 26.852236] ret_from_fork+0x116/0x1d0 [ 26.852358] ret_from_fork_asm+0x1a/0x30 [ 26.852486] [ 26.852549] The buggy address belongs to the object at ffff888105a1e600 [ 26.852549] which belongs to the cache kmalloc-64 of size 64 [ 26.852917] The buggy address is located 0 bytes to the right of [ 26.852917] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.853463] [ 26.853557] The buggy address belongs to the physical page: [ 26.853806] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.854308] flags: 0x200000000000000(node=0|zone=2) [ 26.854462] page_type: f5(slab) [ 26.854575] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.854787] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.854994] page dumped because: kasan: bad access detected [ 26.855160] [ 26.855250] Memory state around the buggy address: [ 26.855469] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.855770] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.856282] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.856593] ^ [ 26.856805] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.857298] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.857536] ================================================================== [ 26.265867] ================================================================== [ 26.266233] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a36/0x5450 [ 26.266568] Read of size 4 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.266893] [ 26.267002] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.267053] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.267227] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.267254] Call Trace: [ 26.267277] <TASK> [ 26.267298] dump_stack_lvl+0x73/0xb0 [ 26.267329] print_report+0xd1/0x650 [ 26.267353] ? __virt_addr_valid+0x1db/0x2d0 [ 26.267379] ? kasan_atomics_helper+0x4a36/0x5450 [ 26.267402] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.267430] ? kasan_atomics_helper+0x4a36/0x5450 [ 26.267453] kasan_report+0x141/0x180 [ 26.267476] ? kasan_atomics_helper+0x4a36/0x5450 [ 26.267503] __asan_report_load4_noabort+0x18/0x20 [ 26.267529] kasan_atomics_helper+0x4a36/0x5450 [ 26.267552] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.267576] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.267603] ? kasan_atomics+0x152/0x310 [ 26.267631] kasan_atomics+0x1dc/0x310 [ 26.267655] ? __pfx_kasan_atomics+0x10/0x10 [ 26.267678] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.267717] ? __pfx_read_tsc+0x10/0x10 [ 26.267740] ? ktime_get_ts64+0x86/0x230 [ 26.267780] kunit_try_run_case+0x1a5/0x480 [ 26.267808] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.267833] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.267855] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.267879] ? __kthread_parkme+0x82/0x180 [ 26.267901] ? preempt_count_sub+0x50/0x80 [ 26.267945] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.267972] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.268007] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.268032] kthread+0x337/0x6f0 [ 26.268054] ? trace_preempt_on+0x20/0xc0 [ 26.268156] ? __pfx_kthread+0x10/0x10 [ 26.268188] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.268216] ? calculate_sigpending+0x7b/0xa0 [ 26.268241] ? __pfx_kthread+0x10/0x10 [ 26.268275] ret_from_fork+0x116/0x1d0 [ 26.268296] ? __pfx_kthread+0x10/0x10 [ 26.268319] ret_from_fork_asm+0x1a/0x30 [ 26.268360] </TASK> [ 26.268374] [ 26.277602] Allocated by task 314: [ 26.277774] kasan_save_stack+0x45/0x70 [ 26.278293] kasan_save_track+0x18/0x40 [ 26.278477] kasan_save_alloc_info+0x3b/0x50 [ 26.278668] __kasan_kmalloc+0xb7/0xc0 [ 26.278834] __kmalloc_cache_noprof+0x189/0x420 [ 26.279364] kasan_atomics+0x95/0x310 [ 26.279668] kunit_try_run_case+0x1a5/0x480 [ 26.280097] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.280559] kthread+0x337/0x6f0 [ 26.280814] ret_from_fork+0x116/0x1d0 [ 26.281143] ret_from_fork_asm+0x1a/0x30 [ 26.281542] [ 26.281772] The buggy address belongs to the object at ffff888105a1e600 [ 26.281772] which belongs to the cache kmalloc-64 of size 64 [ 26.282620] The buggy address is located 0 bytes to the right of [ 26.282620] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.283370] [ 26.283629] The buggy address belongs to the physical page: [ 26.284272] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.284605] flags: 0x200000000000000(node=0|zone=2) [ 26.284810] page_type: f5(slab) [ 26.285198] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.285539] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.285849] page dumped because: kasan: bad access detected [ 26.286506] [ 26.286604] Memory state around the buggy address: [ 26.287183] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.287507] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.287795] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.288361] ^ [ 26.288720] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.289330] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.289788] ================================================================== [ 26.876121] ================================================================== [ 26.876675] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1f43/0x5450 [ 26.876912] Write of size 8 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.877556] [ 26.877656] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.877710] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.877725] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.877751] Call Trace: [ 26.877771] <TASK> [ 26.877792] dump_stack_lvl+0x73/0xb0 [ 26.877830] print_report+0xd1/0x650 [ 26.877856] ? __virt_addr_valid+0x1db/0x2d0 [ 26.877882] ? kasan_atomics_helper+0x1f43/0x5450 [ 26.877906] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.878339] ? kasan_atomics_helper+0x1f43/0x5450 [ 26.878379] kasan_report+0x141/0x180 [ 26.878405] ? kasan_atomics_helper+0x1f43/0x5450 [ 26.878434] kasan_check_range+0x10c/0x1c0 [ 26.878460] __kasan_check_write+0x18/0x20 [ 26.878485] kasan_atomics_helper+0x1f43/0x5450 [ 26.878510] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.878534] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.878562] ? kasan_atomics+0x152/0x310 [ 26.878590] kasan_atomics+0x1dc/0x310 [ 26.878614] ? __pfx_kasan_atomics+0x10/0x10 [ 26.878638] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.878666] ? __pfx_read_tsc+0x10/0x10 [ 26.878690] ? ktime_get_ts64+0x86/0x230 [ 26.878718] kunit_try_run_case+0x1a5/0x480 [ 26.878746] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.878772] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.878796] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.878820] ? __kthread_parkme+0x82/0x180 [ 26.878842] ? preempt_count_sub+0x50/0x80 [ 26.878868] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.878896] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.878923] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.878960] kthread+0x337/0x6f0 [ 26.878982] ? trace_preempt_on+0x20/0xc0 [ 26.879008] ? __pfx_kthread+0x10/0x10 [ 26.879031] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.879058] ? calculate_sigpending+0x7b/0xa0 [ 26.879099] ? __pfx_kthread+0x10/0x10 [ 26.879123] ret_from_fork+0x116/0x1d0 [ 26.879144] ? __pfx_kthread+0x10/0x10 [ 26.879168] ret_from_fork_asm+0x1a/0x30 [ 26.879201] </TASK> [ 26.879216] [ 26.887033] Allocated by task 314: [ 26.887215] kasan_save_stack+0x45/0x70 [ 26.887365] kasan_save_track+0x18/0x40 [ 26.887500] kasan_save_alloc_info+0x3b/0x50 [ 26.887649] __kasan_kmalloc+0xb7/0xc0 [ 26.887779] __kmalloc_cache_noprof+0x189/0x420 [ 26.887932] kasan_atomics+0x95/0x310 [ 26.888170] kunit_try_run_case+0x1a5/0x480 [ 26.888393] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.888658] kthread+0x337/0x6f0 [ 26.888831] ret_from_fork+0x116/0x1d0 [ 26.889048] ret_from_fork_asm+0x1a/0x30 [ 26.889231] [ 26.889325] The buggy address belongs to the object at ffff888105a1e600 [ 26.889325] which belongs to the cache kmalloc-64 of size 64 [ 26.889756] The buggy address is located 0 bytes to the right of [ 26.889756] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.890162] [ 26.890234] The buggy address belongs to the physical page: [ 26.890406] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.890772] flags: 0x200000000000000(node=0|zone=2) [ 26.891028] page_type: f5(slab) [ 26.891213] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.891572] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.891964] page dumped because: kasan: bad access detected [ 26.892249] [ 26.892346] Memory state around the buggy address: [ 26.892587] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.892936] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.893203] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.893418] ^ [ 26.893637] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.894002] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.894241] ================================================================== [ 25.992439] ================================================================== [ 25.993117] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x72f/0x5450 [ 25.993512] Write of size 4 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 25.993849] [ 25.993985] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.994041] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.994057] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.994092] Call Trace: [ 25.994116] <TASK> [ 25.994138] dump_stack_lvl+0x73/0xb0 [ 25.994168] print_report+0xd1/0x650 [ 25.994194] ? __virt_addr_valid+0x1db/0x2d0 [ 25.994219] ? kasan_atomics_helper+0x72f/0x5450 [ 25.994242] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.994270] ? kasan_atomics_helper+0x72f/0x5450 [ 25.994293] kasan_report+0x141/0x180 [ 25.994316] ? kasan_atomics_helper+0x72f/0x5450 [ 25.994343] kasan_check_range+0x10c/0x1c0 [ 25.994369] __kasan_check_write+0x18/0x20 [ 25.994394] kasan_atomics_helper+0x72f/0x5450 [ 25.994418] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.994441] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.994469] ? kasan_atomics+0x152/0x310 [ 25.994508] kasan_atomics+0x1dc/0x310 [ 25.994532] ? __pfx_kasan_atomics+0x10/0x10 [ 25.994568] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.994595] ? __pfx_read_tsc+0x10/0x10 [ 25.994619] ? ktime_get_ts64+0x86/0x230 [ 25.994658] kunit_try_run_case+0x1a5/0x480 [ 25.994686] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.994723] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.994746] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.994771] ? __kthread_parkme+0x82/0x180 [ 25.994805] ? preempt_count_sub+0x50/0x80 [ 25.994831] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.994858] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.994894] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.994946] kthread+0x337/0x6f0 [ 25.994969] ? trace_preempt_on+0x20/0xc0 [ 25.995005] ? __pfx_kthread+0x10/0x10 [ 25.995028] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.995054] ? calculate_sigpending+0x7b/0xa0 [ 25.995095] ? __pfx_kthread+0x10/0x10 [ 25.995119] ret_from_fork+0x116/0x1d0 [ 25.995140] ? __pfx_kthread+0x10/0x10 [ 25.995163] ret_from_fork_asm+0x1a/0x30 [ 25.995205] </TASK> [ 25.995220] [ 26.002763] Allocated by task 314: [ 26.002973] kasan_save_stack+0x45/0x70 [ 26.003184] kasan_save_track+0x18/0x40 [ 26.003329] kasan_save_alloc_info+0x3b/0x50 [ 26.003475] __kasan_kmalloc+0xb7/0xc0 [ 26.003681] __kmalloc_cache_noprof+0x189/0x420 [ 26.003900] kasan_atomics+0x95/0x310 [ 26.004100] kunit_try_run_case+0x1a5/0x480 [ 26.004250] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.004446] kthread+0x337/0x6f0 [ 26.004611] ret_from_fork+0x116/0x1d0 [ 26.004797] ret_from_fork_asm+0x1a/0x30 [ 26.005042] [ 26.005143] The buggy address belongs to the object at ffff888105a1e600 [ 26.005143] which belongs to the cache kmalloc-64 of size 64 [ 26.005497] The buggy address is located 0 bytes to the right of [ 26.005497] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.005882] [ 26.006023] The buggy address belongs to the physical page: [ 26.006287] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.006646] flags: 0x200000000000000(node=0|zone=2) [ 26.006881] page_type: f5(slab) [ 26.007087] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.007430] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.007735] page dumped because: kasan: bad access detected [ 26.007903] [ 26.007986] Memory state around the buggy address: [ 26.008191] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.008515] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.008855] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.009221] ^ [ 26.009446] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.009733] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.009976] ================================================================== [ 26.806153] ================================================================== [ 26.807189] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1ce1/0x5450 [ 26.807469] Write of size 8 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.807689] [ 26.807776] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.807833] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.807849] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.807874] Call Trace: [ 26.807898] <TASK> [ 26.807923] dump_stack_lvl+0x73/0xb0 [ 26.807956] print_report+0xd1/0x650 [ 26.807981] ? __virt_addr_valid+0x1db/0x2d0 [ 26.808008] ? kasan_atomics_helper+0x1ce1/0x5450 [ 26.808030] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.808058] ? kasan_atomics_helper+0x1ce1/0x5450 [ 26.808094] kasan_report+0x141/0x180 [ 26.808117] ? kasan_atomics_helper+0x1ce1/0x5450 [ 26.808145] kasan_check_range+0x10c/0x1c0 [ 26.808171] __kasan_check_write+0x18/0x20 [ 26.808197] kasan_atomics_helper+0x1ce1/0x5450 [ 26.808222] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.808246] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.808274] ? kasan_atomics+0x152/0x310 [ 26.808301] kasan_atomics+0x1dc/0x310 [ 26.808325] ? __pfx_kasan_atomics+0x10/0x10 [ 26.808349] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.808375] ? __pfx_read_tsc+0x10/0x10 [ 26.808399] ? ktime_get_ts64+0x86/0x230 [ 26.808426] kunit_try_run_case+0x1a5/0x480 [ 26.808454] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.808480] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.808503] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.808527] ? __kthread_parkme+0x82/0x180 [ 26.808549] ? preempt_count_sub+0x50/0x80 [ 26.808575] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.808601] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.808627] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.808652] kthread+0x337/0x6f0 [ 26.808674] ? trace_preempt_on+0x20/0xc0 [ 26.808698] ? __pfx_kthread+0x10/0x10 [ 26.808720] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.808746] ? calculate_sigpending+0x7b/0xa0 [ 26.808772] ? __pfx_kthread+0x10/0x10 [ 26.808795] ret_from_fork+0x116/0x1d0 [ 26.808815] ? __pfx_kthread+0x10/0x10 [ 26.808837] ret_from_fork_asm+0x1a/0x30 [ 26.808870] </TASK> [ 26.808885] [ 26.816178] Allocated by task 314: [ 26.816353] kasan_save_stack+0x45/0x70 [ 26.816583] kasan_save_track+0x18/0x40 [ 26.816728] kasan_save_alloc_info+0x3b/0x50 [ 26.816869] __kasan_kmalloc+0xb7/0xc0 [ 26.817049] __kmalloc_cache_noprof+0x189/0x420 [ 26.817287] kasan_atomics+0x95/0x310 [ 26.817446] kunit_try_run_case+0x1a5/0x480 [ 26.817639] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.817860] kthread+0x337/0x6f0 [ 26.818018] ret_from_fork+0x116/0x1d0 [ 26.818216] ret_from_fork_asm+0x1a/0x30 [ 26.818392] [ 26.818471] The buggy address belongs to the object at ffff888105a1e600 [ 26.818471] which belongs to the cache kmalloc-64 of size 64 [ 26.818852] The buggy address is located 0 bytes to the right of [ 26.818852] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.819329] [ 26.819398] The buggy address belongs to the physical page: [ 26.819793] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.820180] flags: 0x200000000000000(node=0|zone=2) [ 26.820372] page_type: f5(slab) [ 26.820544] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.820818] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.821159] page dumped because: kasan: bad access detected [ 26.821323] [ 26.821414] Memory state around the buggy address: [ 26.821636] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.821905] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.822125] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.822336] ^ [ 26.822488] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.822695] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.823095] ================================================================== [ 26.437148] ================================================================== [ 26.437459] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49ce/0x5450 [ 26.437785] Read of size 4 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.438093] [ 26.438250] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.438312] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.438328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.438354] Call Trace: [ 26.438376] <TASK> [ 26.438410] dump_stack_lvl+0x73/0xb0 [ 26.438442] print_report+0xd1/0x650 [ 26.438467] ? __virt_addr_valid+0x1db/0x2d0 [ 26.438493] ? kasan_atomics_helper+0x49ce/0x5450 [ 26.438515] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.438553] ? kasan_atomics_helper+0x49ce/0x5450 [ 26.438576] kasan_report+0x141/0x180 [ 26.438598] ? kasan_atomics_helper+0x49ce/0x5450 [ 26.438635] __asan_report_load4_noabort+0x18/0x20 [ 26.438662] kasan_atomics_helper+0x49ce/0x5450 [ 26.438686] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.438709] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.438735] ? kasan_atomics+0x152/0x310 [ 26.438762] kasan_atomics+0x1dc/0x310 [ 26.438786] ? __pfx_kasan_atomics+0x10/0x10 [ 26.438810] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.438845] ? __pfx_read_tsc+0x10/0x10 [ 26.438868] ? ktime_get_ts64+0x86/0x230 [ 26.438905] kunit_try_run_case+0x1a5/0x480 [ 26.438943] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.438968] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.438991] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.439014] ? __kthread_parkme+0x82/0x180 [ 26.439044] ? preempt_count_sub+0x50/0x80 [ 26.439085] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.439111] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.439137] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.439163] kthread+0x337/0x6f0 [ 26.439184] ? trace_preempt_on+0x20/0xc0 [ 26.439209] ? __pfx_kthread+0x10/0x10 [ 26.439230] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.439256] ? calculate_sigpending+0x7b/0xa0 [ 26.439280] ? __pfx_kthread+0x10/0x10 [ 26.439303] ret_from_fork+0x116/0x1d0 [ 26.439324] ? __pfx_kthread+0x10/0x10 [ 26.439346] ret_from_fork_asm+0x1a/0x30 [ 26.439378] </TASK> [ 26.439391] [ 26.448345] Allocated by task 314: [ 26.448504] kasan_save_stack+0x45/0x70 [ 26.448681] kasan_save_track+0x18/0x40 [ 26.448864] kasan_save_alloc_info+0x3b/0x50 [ 26.449146] __kasan_kmalloc+0xb7/0xc0 [ 26.449306] __kmalloc_cache_noprof+0x189/0x420 [ 26.449499] kasan_atomics+0x95/0x310 [ 26.449679] kunit_try_run_case+0x1a5/0x480 [ 26.449844] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.450160] kthread+0x337/0x6f0 [ 26.450305] ret_from_fork+0x116/0x1d0 [ 26.450473] ret_from_fork_asm+0x1a/0x30 [ 26.450645] [ 26.450720] The buggy address belongs to the object at ffff888105a1e600 [ 26.450720] which belongs to the cache kmalloc-64 of size 64 [ 26.451146] The buggy address is located 0 bytes to the right of [ 26.451146] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.451502] [ 26.451586] The buggy address belongs to the physical page: [ 26.451836] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.452190] flags: 0x200000000000000(node=0|zone=2) [ 26.452422] page_type: f5(slab) [ 26.452554] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.452785] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.453043] page dumped because: kasan: bad access detected [ 26.453309] [ 26.453400] Memory state around the buggy address: [ 26.453647] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.453978] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.454377] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.454710] ^ [ 26.454963] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.455282] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.455490] ================================================================== [ 26.539951] ================================================================== [ 26.540429] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x151d/0x5450 [ 26.540763] Write of size 8 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.541110] [ 26.541205] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.541260] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.541274] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.541300] Call Trace: [ 26.541324] <TASK> [ 26.541347] dump_stack_lvl+0x73/0xb0 [ 26.541378] print_report+0xd1/0x650 [ 26.541403] ? __virt_addr_valid+0x1db/0x2d0 [ 26.541429] ? kasan_atomics_helper+0x151d/0x5450 [ 26.541453] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.541480] ? kasan_atomics_helper+0x151d/0x5450 [ 26.541504] kasan_report+0x141/0x180 [ 26.541527] ? kasan_atomics_helper+0x151d/0x5450 [ 26.541554] kasan_check_range+0x10c/0x1c0 [ 26.541578] __kasan_check_write+0x18/0x20 [ 26.541603] kasan_atomics_helper+0x151d/0x5450 [ 26.541628] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.541651] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.541678] ? kasan_atomics+0x152/0x310 [ 26.541706] kasan_atomics+0x1dc/0x310 [ 26.541743] ? __pfx_kasan_atomics+0x10/0x10 [ 26.541766] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.541804] ? __pfx_read_tsc+0x10/0x10 [ 26.541835] ? ktime_get_ts64+0x86/0x230 [ 26.541863] kunit_try_run_case+0x1a5/0x480 [ 26.541890] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.541916] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.541939] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.541963] ? __kthread_parkme+0x82/0x180 [ 26.541986] ? preempt_count_sub+0x50/0x80 [ 26.542013] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.542047] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.542097] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.542136] kthread+0x337/0x6f0 [ 26.542158] ? trace_preempt_on+0x20/0xc0 [ 26.542184] ? __pfx_kthread+0x10/0x10 [ 26.542206] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.542233] ? calculate_sigpending+0x7b/0xa0 [ 26.542260] ? __pfx_kthread+0x10/0x10 [ 26.542284] ret_from_fork+0x116/0x1d0 [ 26.542306] ? __pfx_kthread+0x10/0x10 [ 26.542329] ret_from_fork_asm+0x1a/0x30 [ 26.542363] </TASK> [ 26.542379] [ 26.550069] Allocated by task 314: [ 26.550276] kasan_save_stack+0x45/0x70 [ 26.550506] kasan_save_track+0x18/0x40 [ 26.550695] kasan_save_alloc_info+0x3b/0x50 [ 26.550906] __kasan_kmalloc+0xb7/0xc0 [ 26.551259] __kmalloc_cache_noprof+0x189/0x420 [ 26.551482] kasan_atomics+0x95/0x310 [ 26.551668] kunit_try_run_case+0x1a5/0x480 [ 26.551834] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.552153] kthread+0x337/0x6f0 [ 26.552341] ret_from_fork+0x116/0x1d0 [ 26.552543] ret_from_fork_asm+0x1a/0x30 [ 26.552741] [ 26.552810] The buggy address belongs to the object at ffff888105a1e600 [ 26.552810] which belongs to the cache kmalloc-64 of size 64 [ 26.553262] The buggy address is located 0 bytes to the right of [ 26.553262] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.553844] [ 26.553937] The buggy address belongs to the physical page: [ 26.554271] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.554610] flags: 0x200000000000000(node=0|zone=2) [ 26.554843] page_type: f5(slab) [ 26.555002] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.555344] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.555679] page dumped because: kasan: bad access detected [ 26.555907] [ 26.556074] Memory state around the buggy address: [ 26.556287] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.556603] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.556849] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.557199] ^ [ 26.557395] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.557680] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.557983] ================================================================== [ 26.499211] ================================================================== [ 26.499764] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1467/0x5450 [ 26.500163] Write of size 8 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.500459] [ 26.500596] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.500651] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.500667] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.500692] Call Trace: [ 26.500727] <TASK> [ 26.500749] dump_stack_lvl+0x73/0xb0 [ 26.500792] print_report+0xd1/0x650 [ 26.500826] ? __virt_addr_valid+0x1db/0x2d0 [ 26.500851] ? kasan_atomics_helper+0x1467/0x5450 [ 26.500884] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.500911] ? kasan_atomics_helper+0x1467/0x5450 [ 26.500934] kasan_report+0x141/0x180 [ 26.500956] ? kasan_atomics_helper+0x1467/0x5450 [ 26.500983] kasan_check_range+0x10c/0x1c0 [ 26.501008] __kasan_check_write+0x18/0x20 [ 26.501032] kasan_atomics_helper+0x1467/0x5450 [ 26.501055] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.501089] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.501116] ? kasan_atomics+0x152/0x310 [ 26.501144] kasan_atomics+0x1dc/0x310 [ 26.501168] ? __pfx_kasan_atomics+0x10/0x10 [ 26.501199] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.501234] ? __pfx_read_tsc+0x10/0x10 [ 26.501258] ? ktime_get_ts64+0x86/0x230 [ 26.501284] kunit_try_run_case+0x1a5/0x480 [ 26.501323] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.501347] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.501370] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.501394] ? __kthread_parkme+0x82/0x180 [ 26.501416] ? preempt_count_sub+0x50/0x80 [ 26.501441] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.501467] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.501493] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.501519] kthread+0x337/0x6f0 [ 26.501540] ? trace_preempt_on+0x20/0xc0 [ 26.501574] ? __pfx_kthread+0x10/0x10 [ 26.501596] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.501622] ? calculate_sigpending+0x7b/0xa0 [ 26.501658] ? __pfx_kthread+0x10/0x10 [ 26.501682] ret_from_fork+0x116/0x1d0 [ 26.501702] ? __pfx_kthread+0x10/0x10 [ 26.501738] ret_from_fork_asm+0x1a/0x30 [ 26.501776] </TASK> [ 26.501800] [ 26.509808] Allocated by task 314: [ 26.510006] kasan_save_stack+0x45/0x70 [ 26.510214] kasan_save_track+0x18/0x40 [ 26.510348] kasan_save_alloc_info+0x3b/0x50 [ 26.510534] __kasan_kmalloc+0xb7/0xc0 [ 26.510728] __kmalloc_cache_noprof+0x189/0x420 [ 26.510942] kasan_atomics+0x95/0x310 [ 26.511156] kunit_try_run_case+0x1a5/0x480 [ 26.511350] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.511580] kthread+0x337/0x6f0 [ 26.511734] ret_from_fork+0x116/0x1d0 [ 26.511904] ret_from_fork_asm+0x1a/0x30 [ 26.512088] [ 26.512159] The buggy address belongs to the object at ffff888105a1e600 [ 26.512159] which belongs to the cache kmalloc-64 of size 64 [ 26.512631] The buggy address is located 0 bytes to the right of [ 26.512631] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.514220] [ 26.514367] The buggy address belongs to the physical page: [ 26.514546] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.514785] flags: 0x200000000000000(node=0|zone=2) [ 26.514949] page_type: f5(slab) [ 26.515081] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.516120] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.516586] page dumped because: kasan: bad access detected [ 26.516829] [ 26.516917] Memory state around the buggy address: [ 26.517134] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.517422] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.517706] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.518337] ^ [ 26.518758] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.519290] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.519789] ================================================================== [ 26.346402] ================================================================== [ 26.347362] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a02/0x5450 [ 26.347723] Read of size 4 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.348038] [ 26.348165] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.348243] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.348260] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.348285] Call Trace: [ 26.348367] <TASK> [ 26.348393] dump_stack_lvl+0x73/0xb0 [ 26.348438] print_report+0xd1/0x650 [ 26.348464] ? __virt_addr_valid+0x1db/0x2d0 [ 26.348502] ? kasan_atomics_helper+0x4a02/0x5450 [ 26.348525] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.348554] ? kasan_atomics_helper+0x4a02/0x5450 [ 26.348587] kasan_report+0x141/0x180 [ 26.348611] ? kasan_atomics_helper+0x4a02/0x5450 [ 26.348638] __asan_report_load4_noabort+0x18/0x20 [ 26.348675] kasan_atomics_helper+0x4a02/0x5450 [ 26.348699] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.348722] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.348751] ? kasan_atomics+0x152/0x310 [ 26.348779] kasan_atomics+0x1dc/0x310 [ 26.348802] ? __pfx_kasan_atomics+0x10/0x10 [ 26.348825] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.348851] ? __pfx_read_tsc+0x10/0x10 [ 26.348875] ? ktime_get_ts64+0x86/0x230 [ 26.348903] kunit_try_run_case+0x1a5/0x480 [ 26.348931] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.348956] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.348978] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.349002] ? __kthread_parkme+0x82/0x180 [ 26.349025] ? preempt_count_sub+0x50/0x80 [ 26.349050] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.349086] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.349113] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.349139] kthread+0x337/0x6f0 [ 26.349160] ? trace_preempt_on+0x20/0xc0 [ 26.349185] ? __pfx_kthread+0x10/0x10 [ 26.349207] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.349233] ? calculate_sigpending+0x7b/0xa0 [ 26.349258] ? __pfx_kthread+0x10/0x10 [ 26.349281] ret_from_fork+0x116/0x1d0 [ 26.349311] ? __pfx_kthread+0x10/0x10 [ 26.349333] ret_from_fork_asm+0x1a/0x30 [ 26.349377] </TASK> [ 26.349392] [ 26.357638] Allocated by task 314: [ 26.357842] kasan_save_stack+0x45/0x70 [ 26.358108] kasan_save_track+0x18/0x40 [ 26.358289] kasan_save_alloc_info+0x3b/0x50 [ 26.358475] __kasan_kmalloc+0xb7/0xc0 [ 26.358669] __kmalloc_cache_noprof+0x189/0x420 [ 26.358886] kasan_atomics+0x95/0x310 [ 26.359162] kunit_try_run_case+0x1a5/0x480 [ 26.359358] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.359600] kthread+0x337/0x6f0 [ 26.359758] ret_from_fork+0x116/0x1d0 [ 26.359942] ret_from_fork_asm+0x1a/0x30 [ 26.360177] [ 26.360292] The buggy address belongs to the object at ffff888105a1e600 [ 26.360292] which belongs to the cache kmalloc-64 of size 64 [ 26.360826] The buggy address is located 0 bytes to the right of [ 26.360826] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.361362] [ 26.361437] The buggy address belongs to the physical page: [ 26.361608] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.361850] flags: 0x200000000000000(node=0|zone=2) [ 26.362096] page_type: f5(slab) [ 26.362286] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.362622] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.362963] page dumped because: kasan: bad access detected [ 26.363219] [ 26.363313] Memory state around the buggy address: [ 26.363557] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.363854] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.364231] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.364440] ^ [ 26.364588] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.364798] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.365049] ================================================================== [ 26.667961] ================================================================== [ 26.668520] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x18b1/0x5450 [ 26.668836] Write of size 8 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.669078] [ 26.669197] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.669264] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.669279] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.669326] Call Trace: [ 26.669350] <TASK> [ 26.669373] dump_stack_lvl+0x73/0xb0 [ 26.669417] print_report+0xd1/0x650 [ 26.669445] ? __virt_addr_valid+0x1db/0x2d0 [ 26.669473] ? kasan_atomics_helper+0x18b1/0x5450 [ 26.669499] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.669532] ? kasan_atomics_helper+0x18b1/0x5450 [ 26.669557] kasan_report+0x141/0x180 [ 26.669582] ? kasan_atomics_helper+0x18b1/0x5450 [ 26.669611] kasan_check_range+0x10c/0x1c0 [ 26.669637] __kasan_check_write+0x18/0x20 [ 26.669663] kasan_atomics_helper+0x18b1/0x5450 [ 26.669689] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.669714] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.669755] ? kasan_atomics+0x152/0x310 [ 26.669783] kasan_atomics+0x1dc/0x310 [ 26.669829] ? __pfx_kasan_atomics+0x10/0x10 [ 26.669854] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.669881] ? __pfx_read_tsc+0x10/0x10 [ 26.669904] ? ktime_get_ts64+0x86/0x230 [ 26.669955] kunit_try_run_case+0x1a5/0x480 [ 26.669984] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.670030] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.670056] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.670091] ? __kthread_parkme+0x82/0x180 [ 26.670115] ? preempt_count_sub+0x50/0x80 [ 26.670150] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.670178] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.670206] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.670245] kthread+0x337/0x6f0 [ 26.670267] ? trace_preempt_on+0x20/0xc0 [ 26.670293] ? __pfx_kthread+0x10/0x10 [ 26.670325] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.670352] ? calculate_sigpending+0x7b/0xa0 [ 26.670379] ? __pfx_kthread+0x10/0x10 [ 26.670414] ret_from_fork+0x116/0x1d0 [ 26.670436] ? __pfx_kthread+0x10/0x10 [ 26.670459] ret_from_fork_asm+0x1a/0x30 [ 26.670494] </TASK> [ 26.670508] [ 26.678388] Allocated by task 314: [ 26.678520] kasan_save_stack+0x45/0x70 [ 26.678721] kasan_save_track+0x18/0x40 [ 26.678915] kasan_save_alloc_info+0x3b/0x50 [ 26.679287] __kasan_kmalloc+0xb7/0xc0 [ 26.679477] __kmalloc_cache_noprof+0x189/0x420 [ 26.679689] kasan_atomics+0x95/0x310 [ 26.679869] kunit_try_run_case+0x1a5/0x480 [ 26.680133] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.680376] kthread+0x337/0x6f0 [ 26.680541] ret_from_fork+0x116/0x1d0 [ 26.680722] ret_from_fork_asm+0x1a/0x30 [ 26.680903] [ 26.681001] The buggy address belongs to the object at ffff888105a1e600 [ 26.681001] which belongs to the cache kmalloc-64 of size 64 [ 26.681600] The buggy address is located 0 bytes to the right of [ 26.681600] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.682095] [ 26.682225] The buggy address belongs to the physical page: [ 26.682459] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.682733] flags: 0x200000000000000(node=0|zone=2) [ 26.682895] page_type: f5(slab) [ 26.683199] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.683563] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.683871] page dumped because: kasan: bad access detected [ 26.684038] [ 26.684115] Memory state around the buggy address: [ 26.684544] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.684889] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.685117] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.685325] ^ [ 26.685476] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.685688] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.686146] ================================================================== [ 26.291433] ================================================================== [ 26.291769] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1079/0x5450 [ 26.292156] Write of size 4 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.292452] [ 26.292579] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.292646] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.292673] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.292699] Call Trace: [ 26.292724] <TASK> [ 26.292746] dump_stack_lvl+0x73/0xb0 [ 26.292779] print_report+0xd1/0x650 [ 26.292805] ? __virt_addr_valid+0x1db/0x2d0 [ 26.292840] ? kasan_atomics_helper+0x1079/0x5450 [ 26.292863] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.292891] ? kasan_atomics_helper+0x1079/0x5450 [ 26.292924] kasan_report+0x141/0x180 [ 26.292947] ? kasan_atomics_helper+0x1079/0x5450 [ 26.292986] kasan_check_range+0x10c/0x1c0 [ 26.293010] __kasan_check_write+0x18/0x20 [ 26.293035] kasan_atomics_helper+0x1079/0x5450 [ 26.293069] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.293092] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.293128] ? kasan_atomics+0x152/0x310 [ 26.293156] kasan_atomics+0x1dc/0x310 [ 26.293179] ? __pfx_kasan_atomics+0x10/0x10 [ 26.293213] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.293239] ? __pfx_read_tsc+0x10/0x10 [ 26.293264] ? ktime_get_ts64+0x86/0x230 [ 26.293290] kunit_try_run_case+0x1a5/0x480 [ 26.293318] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.293342] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.293374] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.293398] ? __kthread_parkme+0x82/0x180 [ 26.293430] ? preempt_count_sub+0x50/0x80 [ 26.293456] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.293481] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.293507] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.293532] kthread+0x337/0x6f0 [ 26.293553] ? trace_preempt_on+0x20/0xc0 [ 26.293577] ? __pfx_kthread+0x10/0x10 [ 26.293599] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.293625] ? calculate_sigpending+0x7b/0xa0 [ 26.293649] ? __pfx_kthread+0x10/0x10 [ 26.293672] ret_from_fork+0x116/0x1d0 [ 26.293692] ? __pfx_kthread+0x10/0x10 [ 26.293714] ret_from_fork_asm+0x1a/0x30 [ 26.293746] </TASK> [ 26.293761] [ 26.301564] Allocated by task 314: [ 26.301714] kasan_save_stack+0x45/0x70 [ 26.301907] kasan_save_track+0x18/0x40 [ 26.302309] kasan_save_alloc_info+0x3b/0x50 [ 26.302488] __kasan_kmalloc+0xb7/0xc0 [ 26.302616] __kmalloc_cache_noprof+0x189/0x420 [ 26.302767] kasan_atomics+0x95/0x310 [ 26.302960] kunit_try_run_case+0x1a5/0x480 [ 26.303176] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.303452] kthread+0x337/0x6f0 [ 26.303641] ret_from_fork+0x116/0x1d0 [ 26.303826] ret_from_fork_asm+0x1a/0x30 [ 26.304016] [ 26.304107] The buggy address belongs to the object at ffff888105a1e600 [ 26.304107] which belongs to the cache kmalloc-64 of size 64 [ 26.304455] The buggy address is located 0 bytes to the right of [ 26.304455] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.304925] [ 26.305022] The buggy address belongs to the physical page: [ 26.305279] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.305659] flags: 0x200000000000000(node=0|zone=2) [ 26.305869] page_type: f5(slab) [ 26.306128] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.306379] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.306599] page dumped because: kasan: bad access detected [ 26.306818] [ 26.306907] Memory state around the buggy address: [ 26.307147] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.307486] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.307814] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.308205] ^ [ 26.308354] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.308562] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.309019] ================================================================== [ 26.309835] ================================================================== [ 26.310312] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a1c/0x5450 [ 26.310655] Read of size 4 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.310893] [ 26.311075] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.311131] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.311146] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.311172] Call Trace: [ 26.311196] <TASK> [ 26.311218] dump_stack_lvl+0x73/0xb0 [ 26.311249] print_report+0xd1/0x650 [ 26.311273] ? __virt_addr_valid+0x1db/0x2d0 [ 26.311299] ? kasan_atomics_helper+0x4a1c/0x5450 [ 26.311321] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.311349] ? kasan_atomics_helper+0x4a1c/0x5450 [ 26.311372] kasan_report+0x141/0x180 [ 26.311395] ? kasan_atomics_helper+0x4a1c/0x5450 [ 26.311422] __asan_report_load4_noabort+0x18/0x20 [ 26.311448] kasan_atomics_helper+0x4a1c/0x5450 [ 26.311472] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.311495] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.311534] ? kasan_atomics+0x152/0x310 [ 26.311560] kasan_atomics+0x1dc/0x310 [ 26.311584] ? __pfx_kasan_atomics+0x10/0x10 [ 26.311619] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.311645] ? __pfx_read_tsc+0x10/0x10 [ 26.311669] ? ktime_get_ts64+0x86/0x230 [ 26.311704] kunit_try_run_case+0x1a5/0x480 [ 26.311732] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.311757] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.311790] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.311814] ? __kthread_parkme+0x82/0x180 [ 26.311836] ? preempt_count_sub+0x50/0x80 [ 26.311871] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.311897] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.311923] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.311971] kthread+0x337/0x6f0 [ 26.311992] ? trace_preempt_on+0x20/0xc0 [ 26.312017] ? __pfx_kthread+0x10/0x10 [ 26.312038] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.312073] ? calculate_sigpending+0x7b/0xa0 [ 26.312100] ? __pfx_kthread+0x10/0x10 [ 26.312123] ret_from_fork+0x116/0x1d0 [ 26.312144] ? __pfx_kthread+0x10/0x10 [ 26.312165] ret_from_fork_asm+0x1a/0x30 [ 26.312197] </TASK> [ 26.312212] [ 26.319705] Allocated by task 314: [ 26.319846] kasan_save_stack+0x45/0x70 [ 26.320116] kasan_save_track+0x18/0x40 [ 26.320306] kasan_save_alloc_info+0x3b/0x50 [ 26.320510] __kasan_kmalloc+0xb7/0xc0 [ 26.320689] __kmalloc_cache_noprof+0x189/0x420 [ 26.320907] kasan_atomics+0x95/0x310 [ 26.321106] kunit_try_run_case+0x1a5/0x480 [ 26.321250] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.321420] kthread+0x337/0x6f0 [ 26.321584] ret_from_fork+0x116/0x1d0 [ 26.321793] ret_from_fork_asm+0x1a/0x30 [ 26.322078] [ 26.322171] The buggy address belongs to the object at ffff888105a1e600 [ 26.322171] which belongs to the cache kmalloc-64 of size 64 [ 26.322667] The buggy address is located 0 bytes to the right of [ 26.322667] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.323224] [ 26.323320] The buggy address belongs to the physical page: [ 26.323558] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.323893] flags: 0x200000000000000(node=0|zone=2) [ 26.324139] page_type: f5(slab) [ 26.324308] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.324635] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.324956] page dumped because: kasan: bad access detected [ 26.325189] [ 26.325269] Memory state around the buggy address: [ 26.325483] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.325730] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.325971] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.326292] ^ [ 26.326540] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.326754] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.327158] ================================================================== [ 26.101313] ================================================================== [ 26.101668] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xac7/0x5450 [ 26.101970] Write of size 4 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.102224] [ 26.102315] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.102368] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.102384] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.102410] Call Trace: [ 26.102433] <TASK> [ 26.102454] dump_stack_lvl+0x73/0xb0 [ 26.102485] print_report+0xd1/0x650 [ 26.102510] ? __virt_addr_valid+0x1db/0x2d0 [ 26.102536] ? kasan_atomics_helper+0xac7/0x5450 [ 26.102559] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.102586] ? kasan_atomics_helper+0xac7/0x5450 [ 26.102610] kasan_report+0x141/0x180 [ 26.102634] ? kasan_atomics_helper+0xac7/0x5450 [ 26.102661] kasan_check_range+0x10c/0x1c0 [ 26.102686] __kasan_check_write+0x18/0x20 [ 26.102710] kasan_atomics_helper+0xac7/0x5450 [ 26.102734] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.102758] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.102785] ? kasan_atomics+0x152/0x310 [ 26.102814] kasan_atomics+0x1dc/0x310 [ 26.102839] ? __pfx_kasan_atomics+0x10/0x10 [ 26.102862] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.102888] ? __pfx_read_tsc+0x10/0x10 [ 26.102913] ? ktime_get_ts64+0x86/0x230 [ 26.102973] kunit_try_run_case+0x1a5/0x480 [ 26.103002] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.103038] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.103077] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.103101] ? __kthread_parkme+0x82/0x180 [ 26.103124] ? preempt_count_sub+0x50/0x80 [ 26.103161] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.103188] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.103214] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.103253] kthread+0x337/0x6f0 [ 26.103274] ? trace_preempt_on+0x20/0xc0 [ 26.103311] ? __pfx_kthread+0x10/0x10 [ 26.103334] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.103360] ? calculate_sigpending+0x7b/0xa0 [ 26.103398] ? __pfx_kthread+0x10/0x10 [ 26.103422] ret_from_fork+0x116/0x1d0 [ 26.103444] ? __pfx_kthread+0x10/0x10 [ 26.103477] ret_from_fork_asm+0x1a/0x30 [ 26.103511] </TASK> [ 26.103526] [ 26.111377] Allocated by task 314: [ 26.111520] kasan_save_stack+0x45/0x70 [ 26.111661] kasan_save_track+0x18/0x40 [ 26.111793] kasan_save_alloc_info+0x3b/0x50 [ 26.111959] __kasan_kmalloc+0xb7/0xc0 [ 26.112121] __kmalloc_cache_noprof+0x189/0x420 [ 26.112297] kasan_atomics+0x95/0x310 [ 26.112425] kunit_try_run_case+0x1a5/0x480 [ 26.112567] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.112736] kthread+0x337/0x6f0 [ 26.112852] ret_from_fork+0x116/0x1d0 [ 26.113083] ret_from_fork_asm+0x1a/0x30 [ 26.113279] [ 26.113367] The buggy address belongs to the object at ffff888105a1e600 [ 26.113367] which belongs to the cache kmalloc-64 of size 64 [ 26.113884] The buggy address is located 0 bytes to the right of [ 26.113884] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.114450] [ 26.114520] The buggy address belongs to the physical page: [ 26.114688] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.114956] flags: 0x200000000000000(node=0|zone=2) [ 26.115199] page_type: f5(slab) [ 26.115369] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.115761] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.116143] page dumped because: kasan: bad access detected [ 26.116310] [ 26.116375] Memory state around the buggy address: [ 26.116524] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.116734] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.116971] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.117263] ^ [ 26.117490] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.117868] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.118264] ================================================================== [ 26.967672] ================================================================== [ 26.968057] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fb2/0x5450 [ 26.968361] Read of size 8 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.968598] [ 26.968694] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.968750] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.968765] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.968830] Call Trace: [ 26.968857] <TASK> [ 26.968905] dump_stack_lvl+0x73/0xb0 [ 26.969006] print_report+0xd1/0x650 [ 26.969058] ? __virt_addr_valid+0x1db/0x2d0 [ 26.969096] ? kasan_atomics_helper+0x4fb2/0x5450 [ 26.969121] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.969151] ? kasan_atomics_helper+0x4fb2/0x5450 [ 26.969175] kasan_report+0x141/0x180 [ 26.969199] ? kasan_atomics_helper+0x4fb2/0x5450 [ 26.969227] __asan_report_load8_noabort+0x18/0x20 [ 26.969254] kasan_atomics_helper+0x4fb2/0x5450 [ 26.969278] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.969302] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.969330] ? kasan_atomics+0x152/0x310 [ 26.969358] kasan_atomics+0x1dc/0x310 [ 26.969382] ? __pfx_kasan_atomics+0x10/0x10 [ 26.969406] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.969434] ? __pfx_read_tsc+0x10/0x10 [ 26.969458] ? ktime_get_ts64+0x86/0x230 [ 26.969487] kunit_try_run_case+0x1a5/0x480 [ 26.969515] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.969541] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.969564] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.969589] ? __kthread_parkme+0x82/0x180 [ 26.969613] ? preempt_count_sub+0x50/0x80 [ 26.969639] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.969666] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.969693] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.969719] kthread+0x337/0x6f0 [ 26.969742] ? trace_preempt_on+0x20/0xc0 [ 26.969768] ? __pfx_kthread+0x10/0x10 [ 26.969790] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.969817] ? calculate_sigpending+0x7b/0xa0 [ 26.969850] ? __pfx_kthread+0x10/0x10 [ 26.969873] ret_from_fork+0x116/0x1d0 [ 26.969937] ? __pfx_kthread+0x10/0x10 [ 26.969960] ret_from_fork_asm+0x1a/0x30 [ 26.969995] </TASK> [ 26.970009] [ 26.977330] Allocated by task 314: [ 26.977476] kasan_save_stack+0x45/0x70 [ 26.977697] kasan_save_track+0x18/0x40 [ 26.977895] kasan_save_alloc_info+0x3b/0x50 [ 26.978138] __kasan_kmalloc+0xb7/0xc0 [ 26.978366] __kmalloc_cache_noprof+0x189/0x420 [ 26.978592] kasan_atomics+0x95/0x310 [ 26.978794] kunit_try_run_case+0x1a5/0x480 [ 26.979043] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.979328] kthread+0x337/0x6f0 [ 26.979500] ret_from_fork+0x116/0x1d0 [ 26.979630] ret_from_fork_asm+0x1a/0x30 [ 26.979766] [ 26.979859] The buggy address belongs to the object at ffff888105a1e600 [ 26.979859] which belongs to the cache kmalloc-64 of size 64 [ 26.980414] The buggy address is located 0 bytes to the right of [ 26.980414] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.980959] [ 26.981056] The buggy address belongs to the physical page: [ 26.981297] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.981629] flags: 0x200000000000000(node=0|zone=2) [ 26.981799] page_type: f5(slab) [ 26.981945] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.982185] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.982494] page dumped because: kasan: bad access detected [ 26.982741] [ 26.982829] Memory state around the buggy address: [ 26.983087] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.983337] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.983549] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.983757] ^ [ 26.984001] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.984349] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.984662] ================================================================== [ 26.762291] ================================================================== [ 26.762676] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1c18/0x5450 [ 26.763024] Write of size 8 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.763311] [ 26.763449] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.763503] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.763518] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.763543] Call Trace: [ 26.763567] <TASK> [ 26.763589] dump_stack_lvl+0x73/0xb0 [ 26.763620] print_report+0xd1/0x650 [ 26.763643] ? __virt_addr_valid+0x1db/0x2d0 [ 26.763670] ? kasan_atomics_helper+0x1c18/0x5450 [ 26.763693] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.763721] ? kasan_atomics_helper+0x1c18/0x5450 [ 26.763745] kasan_report+0x141/0x180 [ 26.763770] ? kasan_atomics_helper+0x1c18/0x5450 [ 26.763798] kasan_check_range+0x10c/0x1c0 [ 26.763823] __kasan_check_write+0x18/0x20 [ 26.763848] kasan_atomics_helper+0x1c18/0x5450 [ 26.763872] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.763905] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.763957] ? kasan_atomics+0x152/0x310 [ 26.763984] kasan_atomics+0x1dc/0x310 [ 26.764008] ? __pfx_kasan_atomics+0x10/0x10 [ 26.764031] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.764058] ? __pfx_read_tsc+0x10/0x10 [ 26.764091] ? ktime_get_ts64+0x86/0x230 [ 26.764118] kunit_try_run_case+0x1a5/0x480 [ 26.764145] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.764170] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.764193] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.764216] ? __kthread_parkme+0x82/0x180 [ 26.764238] ? preempt_count_sub+0x50/0x80 [ 26.764263] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.764288] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.764314] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.764340] kthread+0x337/0x6f0 [ 26.764360] ? trace_preempt_on+0x20/0xc0 [ 26.764385] ? __pfx_kthread+0x10/0x10 [ 26.764408] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.764433] ? calculate_sigpending+0x7b/0xa0 [ 26.764458] ? __pfx_kthread+0x10/0x10 [ 26.764481] ret_from_fork+0x116/0x1d0 [ 26.764501] ? __pfx_kthread+0x10/0x10 [ 26.764523] ret_from_fork_asm+0x1a/0x30 [ 26.764555] </TASK> [ 26.764570] [ 26.772042] Allocated by task 314: [ 26.772181] kasan_save_stack+0x45/0x70 [ 26.772323] kasan_save_track+0x18/0x40 [ 26.772481] kasan_save_alloc_info+0x3b/0x50 [ 26.772710] __kasan_kmalloc+0xb7/0xc0 [ 26.772896] __kmalloc_cache_noprof+0x189/0x420 [ 26.773160] kasan_atomics+0x95/0x310 [ 26.773347] kunit_try_run_case+0x1a5/0x480 [ 26.773576] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.773806] kthread+0x337/0x6f0 [ 26.773969] ret_from_fork+0x116/0x1d0 [ 26.774175] ret_from_fork_asm+0x1a/0x30 [ 26.774354] [ 26.774443] The buggy address belongs to the object at ffff888105a1e600 [ 26.774443] which belongs to the cache kmalloc-64 of size 64 [ 26.774940] The buggy address is located 0 bytes to the right of [ 26.774940] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.775464] [ 26.775548] The buggy address belongs to the physical page: [ 26.775784] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.776155] flags: 0x200000000000000(node=0|zone=2) [ 26.776372] page_type: f5(slab) [ 26.776546] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.776851] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.777205] page dumped because: kasan: bad access detected [ 26.777420] [ 26.777485] Memory state around the buggy address: [ 26.777634] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.777851] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.778085] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.778431] ^ [ 26.778651] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.778986] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.779328] ================================================================== [ 26.823725] ================================================================== [ 26.824085] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1d7a/0x5450 [ 26.824613] Write of size 8 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.824837] [ 26.824922] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.824990] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.825005] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.825030] Call Trace: [ 26.825051] <TASK> [ 26.825084] dump_stack_lvl+0x73/0xb0 [ 26.825115] print_report+0xd1/0x650 [ 26.825138] ? __virt_addr_valid+0x1db/0x2d0 [ 26.825163] ? kasan_atomics_helper+0x1d7a/0x5450 [ 26.825185] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.825213] ? kasan_atomics_helper+0x1d7a/0x5450 [ 26.825236] kasan_report+0x141/0x180 [ 26.825259] ? kasan_atomics_helper+0x1d7a/0x5450 [ 26.825286] kasan_check_range+0x10c/0x1c0 [ 26.825311] __kasan_check_write+0x18/0x20 [ 26.825335] kasan_atomics_helper+0x1d7a/0x5450 [ 26.825359] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.825382] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.825409] ? kasan_atomics+0x152/0x310 [ 26.825435] kasan_atomics+0x1dc/0x310 [ 26.825458] ? __pfx_kasan_atomics+0x10/0x10 [ 26.825482] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.825508] ? __pfx_read_tsc+0x10/0x10 [ 26.825531] ? ktime_get_ts64+0x86/0x230 [ 26.825557] kunit_try_run_case+0x1a5/0x480 [ 26.825584] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.825609] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.825631] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.825655] ? __kthread_parkme+0x82/0x180 [ 26.825676] ? preempt_count_sub+0x50/0x80 [ 26.825701] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.825727] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.825753] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.825779] kthread+0x337/0x6f0 [ 26.825800] ? trace_preempt_on+0x20/0xc0 [ 26.825830] ? __pfx_kthread+0x10/0x10 [ 26.825855] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.825882] ? calculate_sigpending+0x7b/0xa0 [ 26.825907] ? __pfx_kthread+0x10/0x10 [ 26.825940] ret_from_fork+0x116/0x1d0 [ 26.825963] ? __pfx_kthread+0x10/0x10 [ 26.825985] ret_from_fork_asm+0x1a/0x30 [ 26.826017] </TASK> [ 26.826031] [ 26.832889] Allocated by task 314: [ 26.833083] kasan_save_stack+0x45/0x70 [ 26.833279] kasan_save_track+0x18/0x40 [ 26.833469] kasan_save_alloc_info+0x3b/0x50 [ 26.833677] __kasan_kmalloc+0xb7/0xc0 [ 26.833868] __kmalloc_cache_noprof+0x189/0x420 [ 26.834095] kasan_atomics+0x95/0x310 [ 26.834275] kunit_try_run_case+0x1a5/0x480 [ 26.834486] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.834742] kthread+0x337/0x6f0 [ 26.834904] ret_from_fork+0x116/0x1d0 [ 26.835082] ret_from_fork_asm+0x1a/0x30 [ 26.835244] [ 26.835308] The buggy address belongs to the object at ffff888105a1e600 [ 26.835308] which belongs to the cache kmalloc-64 of size 64 [ 26.835649] The buggy address is located 0 bytes to the right of [ 26.835649] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.836122] [ 26.836218] The buggy address belongs to the physical page: [ 26.836464] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.836806] flags: 0x200000000000000(node=0|zone=2) [ 26.837029] page_type: f5(slab) [ 26.837160] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.837389] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.837615] page dumped because: kasan: bad access detected [ 26.837781] [ 26.837850] Memory state around the buggy address: [ 26.838000] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.838551] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.838870] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.839198] ^ [ 26.839422] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.839754] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.840216] ================================================================== [ 26.193400] ================================================================== [ 26.193728] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xde0/0x5450 [ 26.194024] Write of size 4 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.194342] [ 26.194441] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.194492] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.194506] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.194531] Call Trace: [ 26.194552] <TASK> [ 26.194573] dump_stack_lvl+0x73/0xb0 [ 26.194603] print_report+0xd1/0x650 [ 26.194626] ? __virt_addr_valid+0x1db/0x2d0 [ 26.194651] ? kasan_atomics_helper+0xde0/0x5450 [ 26.194673] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.194699] ? kasan_atomics_helper+0xde0/0x5450 [ 26.194722] kasan_report+0x141/0x180 [ 26.194745] ? kasan_atomics_helper+0xde0/0x5450 [ 26.194772] kasan_check_range+0x10c/0x1c0 [ 26.194795] __kasan_check_write+0x18/0x20 [ 26.194820] kasan_atomics_helper+0xde0/0x5450 [ 26.194843] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.194867] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.194894] ? kasan_atomics+0x152/0x310 [ 26.194920] kasan_atomics+0x1dc/0x310 [ 26.194943] ? __pfx_kasan_atomics+0x10/0x10 [ 26.194966] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.194992] ? __pfx_read_tsc+0x10/0x10 [ 26.195015] ? ktime_get_ts64+0x86/0x230 [ 26.195041] kunit_try_run_case+0x1a5/0x480 [ 26.195108] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.195134] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.195156] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.195193] ? __kthread_parkme+0x82/0x180 [ 26.195215] ? preempt_count_sub+0x50/0x80 [ 26.195240] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.195275] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.195301] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.195327] kthread+0x337/0x6f0 [ 26.195357] ? trace_preempt_on+0x20/0xc0 [ 26.195383] ? __pfx_kthread+0x10/0x10 [ 26.195405] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.195431] ? calculate_sigpending+0x7b/0xa0 [ 26.195457] ? __pfx_kthread+0x10/0x10 [ 26.195479] ret_from_fork+0x116/0x1d0 [ 26.195499] ? __pfx_kthread+0x10/0x10 [ 26.195522] ret_from_fork_asm+0x1a/0x30 [ 26.195553] </TASK> [ 26.195568] [ 26.203087] Allocated by task 314: [ 26.203263] kasan_save_stack+0x45/0x70 [ 26.203466] kasan_save_track+0x18/0x40 [ 26.203659] kasan_save_alloc_info+0x3b/0x50 [ 26.203827] __kasan_kmalloc+0xb7/0xc0 [ 26.204052] __kmalloc_cache_noprof+0x189/0x420 [ 26.204244] kasan_atomics+0x95/0x310 [ 26.204433] kunit_try_run_case+0x1a5/0x480 [ 26.204575] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.204746] kthread+0x337/0x6f0 [ 26.204860] ret_from_fork+0x116/0x1d0 [ 26.205012] ret_from_fork_asm+0x1a/0x30 [ 26.205202] [ 26.205291] The buggy address belongs to the object at ffff888105a1e600 [ 26.205291] which belongs to the cache kmalloc-64 of size 64 [ 26.205831] The buggy address is located 0 bytes to the right of [ 26.205831] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.206403] [ 26.206499] The buggy address belongs to the physical page: [ 26.206702] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.206961] flags: 0x200000000000000(node=0|zone=2) [ 26.207130] page_type: f5(slab) [ 26.207270] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.207633] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.208023] page dumped because: kasan: bad access detected [ 26.208280] [ 26.208362] Memory state around the buggy address: [ 26.208524] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.208854] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.209195] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.209485] ^ [ 26.209693] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.210029] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.210338] ================================================================== [ 26.065196] ================================================================== [ 26.065549] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x992/0x5450 [ 26.065897] Write of size 4 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.066230] [ 26.066343] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.066396] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.066410] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.066658] Call Trace: [ 26.066687] <TASK> [ 26.066710] dump_stack_lvl+0x73/0xb0 [ 26.066744] print_report+0xd1/0x650 [ 26.066769] ? __virt_addr_valid+0x1db/0x2d0 [ 26.066794] ? kasan_atomics_helper+0x992/0x5450 [ 26.066817] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.066844] ? kasan_atomics_helper+0x992/0x5450 [ 26.066868] kasan_report+0x141/0x180 [ 26.066891] ? kasan_atomics_helper+0x992/0x5450 [ 26.066938] kasan_check_range+0x10c/0x1c0 [ 26.066964] __kasan_check_write+0x18/0x20 [ 26.066988] kasan_atomics_helper+0x992/0x5450 [ 26.067020] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.067044] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.067088] ? kasan_atomics+0x152/0x310 [ 26.067116] kasan_atomics+0x1dc/0x310 [ 26.067141] ? __pfx_kasan_atomics+0x10/0x10 [ 26.067166] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.067204] ? __pfx_read_tsc+0x10/0x10 [ 26.067229] ? ktime_get_ts64+0x86/0x230 [ 26.067268] kunit_try_run_case+0x1a5/0x480 [ 26.067297] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.067322] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.067354] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.067378] ? __kthread_parkme+0x82/0x180 [ 26.067402] ? preempt_count_sub+0x50/0x80 [ 26.067438] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.067465] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.067491] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.067526] kthread+0x337/0x6f0 [ 26.067546] ? trace_preempt_on+0x20/0xc0 [ 26.067571] ? __pfx_kthread+0x10/0x10 [ 26.067604] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.067629] ? calculate_sigpending+0x7b/0xa0 [ 26.067655] ? __pfx_kthread+0x10/0x10 [ 26.067686] ret_from_fork+0x116/0x1d0 [ 26.067707] ? __pfx_kthread+0x10/0x10 [ 26.067729] ret_from_fork_asm+0x1a/0x30 [ 26.067772] </TASK> [ 26.067786] [ 26.075456] Allocated by task 314: [ 26.075640] kasan_save_stack+0x45/0x70 [ 26.075833] kasan_save_track+0x18/0x40 [ 26.076080] kasan_save_alloc_info+0x3b/0x50 [ 26.076267] __kasan_kmalloc+0xb7/0xc0 [ 26.076449] __kmalloc_cache_noprof+0x189/0x420 [ 26.076623] kasan_atomics+0x95/0x310 [ 26.076825] kunit_try_run_case+0x1a5/0x480 [ 26.077055] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.077302] kthread+0x337/0x6f0 [ 26.077419] ret_from_fork+0x116/0x1d0 [ 26.077548] ret_from_fork_asm+0x1a/0x30 [ 26.077684] [ 26.077750] The buggy address belongs to the object at ffff888105a1e600 [ 26.077750] which belongs to the cache kmalloc-64 of size 64 [ 26.078185] The buggy address is located 0 bytes to the right of [ 26.078185] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.078733] [ 26.078827] The buggy address belongs to the physical page: [ 26.079136] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.079491] flags: 0x200000000000000(node=0|zone=2) [ 26.079726] page_type: f5(slab) [ 26.079933] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.080270] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.080506] page dumped because: kasan: bad access detected [ 26.080674] [ 26.080738] Memory state around the buggy address: [ 26.080890] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.081139] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.081477] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.081837] ^ [ 26.082104] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.082458] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.082788] ================================================================== [ 27.048455] ================================================================== [ 27.048788] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5115/0x5450 [ 27.049493] Read of size 8 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 27.050089] [ 27.050308] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.050465] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.050485] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.050512] Call Trace: [ 27.050538] <TASK> [ 27.050561] dump_stack_lvl+0x73/0xb0 [ 27.050605] print_report+0xd1/0x650 [ 27.050632] ? __virt_addr_valid+0x1db/0x2d0 [ 27.050659] ? kasan_atomics_helper+0x5115/0x5450 [ 27.050683] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.050711] ? kasan_atomics_helper+0x5115/0x5450 [ 27.050736] kasan_report+0x141/0x180 [ 27.050759] ? kasan_atomics_helper+0x5115/0x5450 [ 27.050787] __asan_report_load8_noabort+0x18/0x20 [ 27.050814] kasan_atomics_helper+0x5115/0x5450 [ 27.050839] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.050865] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.050894] ? kasan_atomics+0x152/0x310 [ 27.050922] kasan_atomics+0x1dc/0x310 [ 27.050981] ? __pfx_kasan_atomics+0x10/0x10 [ 27.051006] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 27.051034] ? __pfx_read_tsc+0x10/0x10 [ 27.051058] ? ktime_get_ts64+0x86/0x230 [ 27.051096] kunit_try_run_case+0x1a5/0x480 [ 27.051125] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.051152] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 27.051175] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.051199] ? __kthread_parkme+0x82/0x180 [ 27.051223] ? preempt_count_sub+0x50/0x80 [ 27.051250] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.051276] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.051304] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.051330] kthread+0x337/0x6f0 [ 27.051353] ? trace_preempt_on+0x20/0xc0 [ 27.051379] ? __pfx_kthread+0x10/0x10 [ 27.051401] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.051428] ? calculate_sigpending+0x7b/0xa0 [ 27.051455] ? __pfx_kthread+0x10/0x10 [ 27.051479] ret_from_fork+0x116/0x1d0 [ 27.051500] ? __pfx_kthread+0x10/0x10 [ 27.051523] ret_from_fork_asm+0x1a/0x30 [ 27.051558] </TASK> [ 27.051573] [ 27.063755] Allocated by task 314: [ 27.064083] kasan_save_stack+0x45/0x70 [ 27.064301] kasan_save_track+0x18/0x40 [ 27.064484] kasan_save_alloc_info+0x3b/0x50 [ 27.064686] __kasan_kmalloc+0xb7/0xc0 [ 27.064859] __kmalloc_cache_noprof+0x189/0x420 [ 27.065337] kasan_atomics+0x95/0x310 [ 27.065648] kunit_try_run_case+0x1a5/0x480 [ 27.066185] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.066505] kthread+0x337/0x6f0 [ 27.066773] ret_from_fork+0x116/0x1d0 [ 27.067113] ret_from_fork_asm+0x1a/0x30 [ 27.067422] [ 27.067529] The buggy address belongs to the object at ffff888105a1e600 [ 27.067529] which belongs to the cache kmalloc-64 of size 64 [ 27.068240] The buggy address is located 0 bytes to the right of [ 27.068240] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 27.069102] [ 27.069211] The buggy address belongs to the physical page: [ 27.069455] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 27.069792] flags: 0x200000000000000(node=0|zone=2) [ 27.070324] page_type: f5(slab) [ 27.070636] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.071310] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.071769] page dumped because: kasan: bad access detected [ 27.072271] [ 27.072510] Memory state around the buggy address: [ 27.072733] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.073294] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.073801] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.074293] ^ [ 27.074512] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.074810] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.075407] ================================================================== [ 25.861315] ================================================================== [ 25.862323] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b54/0x5450 [ 25.863070] Read of size 4 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 25.863559] [ 25.863832] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.863902] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.863918] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.863954] Call Trace: [ 25.863972] <TASK> [ 25.863993] dump_stack_lvl+0x73/0xb0 [ 25.864054] print_report+0xd1/0x650 [ 25.864095] ? __virt_addr_valid+0x1db/0x2d0 [ 25.864122] ? kasan_atomics_helper+0x4b54/0x5450 [ 25.864144] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.864172] ? kasan_atomics_helper+0x4b54/0x5450 [ 25.864222] kasan_report+0x141/0x180 [ 25.864246] ? kasan_atomics_helper+0x4b54/0x5450 [ 25.864273] __asan_report_load4_noabort+0x18/0x20 [ 25.864310] kasan_atomics_helper+0x4b54/0x5450 [ 25.864334] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.864357] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.864384] ? kasan_atomics+0x152/0x310 [ 25.864412] kasan_atomics+0x1dc/0x310 [ 25.864435] ? __pfx_kasan_atomics+0x10/0x10 [ 25.864458] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.864484] ? __pfx_read_tsc+0x10/0x10 [ 25.864508] ? ktime_get_ts64+0x86/0x230 [ 25.864534] kunit_try_run_case+0x1a5/0x480 [ 25.864562] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.864586] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.864609] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.864633] ? __kthread_parkme+0x82/0x180 [ 25.864654] ? preempt_count_sub+0x50/0x80 [ 25.864679] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.864705] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.864731] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.864757] kthread+0x337/0x6f0 [ 25.864779] ? trace_preempt_on+0x20/0xc0 [ 25.864805] ? __pfx_kthread+0x10/0x10 [ 25.864827] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.864853] ? calculate_sigpending+0x7b/0xa0 [ 25.864878] ? __pfx_kthread+0x10/0x10 [ 25.864901] ret_from_fork+0x116/0x1d0 [ 25.864922] ? __pfx_kthread+0x10/0x10 [ 25.864957] ret_from_fork_asm+0x1a/0x30 [ 25.864989] </TASK> [ 25.865003] [ 25.872907] Allocated by task 314: [ 25.874052] kasan_save_stack+0x45/0x70 [ 25.874703] kasan_save_track+0x18/0x40 [ 25.875312] kasan_save_alloc_info+0x3b/0x50 [ 25.875832] __kasan_kmalloc+0xb7/0xc0 [ 25.876445] __kmalloc_cache_noprof+0x189/0x420 [ 25.876698] kasan_atomics+0x95/0x310 [ 25.876831] kunit_try_run_case+0x1a5/0x480 [ 25.876980] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.877458] kthread+0x337/0x6f0 [ 25.877760] ret_from_fork+0x116/0x1d0 [ 25.878149] ret_from_fork_asm+0x1a/0x30 [ 25.878532] [ 25.878686] The buggy address belongs to the object at ffff888105a1e600 [ 25.878686] which belongs to the cache kmalloc-64 of size 64 [ 25.879654] The buggy address is located 0 bytes to the right of [ 25.879654] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 25.880186] [ 25.880346] The buggy address belongs to the physical page: [ 25.880818] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 25.881560] flags: 0x200000000000000(node=0|zone=2) [ 25.882096] page_type: f5(slab) [ 25.882396] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.883003] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.883240] page dumped because: kasan: bad access detected [ 25.883409] [ 25.883476] Memory state around the buggy address: [ 25.883631] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.883843] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.884089] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.884481] ^ [ 25.884717] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.884921] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.885581] ================================================================== [ 25.972632] ================================================================== [ 25.973160] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x697/0x5450 [ 25.973428] Write of size 4 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 25.973668] [ 25.973798] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.973871] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.973887] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.973913] Call Trace: [ 25.973939] <TASK> [ 25.973961] dump_stack_lvl+0x73/0xb0 [ 25.974003] print_report+0xd1/0x650 [ 25.974027] ? __virt_addr_valid+0x1db/0x2d0 [ 25.974074] ? kasan_atomics_helper+0x697/0x5450 [ 25.974097] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.974124] ? kasan_atomics_helper+0x697/0x5450 [ 25.974148] kasan_report+0x141/0x180 [ 25.974172] ? kasan_atomics_helper+0x697/0x5450 [ 25.974198] kasan_check_range+0x10c/0x1c0 [ 25.974223] __kasan_check_write+0x18/0x20 [ 25.974248] kasan_atomics_helper+0x697/0x5450 [ 25.974281] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.974305] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.974343] ? kasan_atomics+0x152/0x310 [ 25.974372] kasan_atomics+0x1dc/0x310 [ 25.974396] ? __pfx_kasan_atomics+0x10/0x10 [ 25.974420] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.974446] ? __pfx_read_tsc+0x10/0x10 [ 25.974469] ? ktime_get_ts64+0x86/0x230 [ 25.974497] kunit_try_run_case+0x1a5/0x480 [ 25.974525] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.974550] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.974573] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.974598] ? __kthread_parkme+0x82/0x180 [ 25.974620] ? preempt_count_sub+0x50/0x80 [ 25.974646] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.974673] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.974699] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.974726] kthread+0x337/0x6f0 [ 25.974758] ? trace_preempt_on+0x20/0xc0 [ 25.974782] ? __pfx_kthread+0x10/0x10 [ 25.974805] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.974842] ? calculate_sigpending+0x7b/0xa0 [ 25.974868] ? __pfx_kthread+0x10/0x10 [ 25.974892] ret_from_fork+0x116/0x1d0 [ 25.974913] ? __pfx_kthread+0x10/0x10 [ 25.974935] ret_from_fork_asm+0x1a/0x30 [ 25.974968] </TASK> [ 25.974983] [ 25.983105] Allocated by task 314: [ 25.983244] kasan_save_stack+0x45/0x70 [ 25.983509] kasan_save_track+0x18/0x40 [ 25.983754] kasan_save_alloc_info+0x3b/0x50 [ 25.984111] __kasan_kmalloc+0xb7/0xc0 [ 25.984339] __kmalloc_cache_noprof+0x189/0x420 [ 25.984519] kasan_atomics+0x95/0x310 [ 25.984650] kunit_try_run_case+0x1a5/0x480 [ 25.984797] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.985100] kthread+0x337/0x6f0 [ 25.985271] ret_from_fork+0x116/0x1d0 [ 25.985460] ret_from_fork_asm+0x1a/0x30 [ 25.985682] [ 25.985785] The buggy address belongs to the object at ffff888105a1e600 [ 25.985785] which belongs to the cache kmalloc-64 of size 64 [ 25.986385] The buggy address is located 0 bytes to the right of [ 25.986385] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 25.986756] [ 25.986855] The buggy address belongs to the physical page: [ 25.987326] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 25.987724] flags: 0x200000000000000(node=0|zone=2) [ 25.988017] page_type: f5(slab) [ 25.988169] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.988511] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.988829] page dumped because: kasan: bad access detected [ 25.989077] [ 25.989193] Memory state around the buggy address: [ 25.989387] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.989605] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.989823] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.990179] ^ [ 25.990410] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.990739] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.991089] ================================================================== [ 26.229071] ================================================================== [ 26.229666] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf10/0x5450 [ 26.230473] Write of size 4 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.230811] [ 26.230969] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.231024] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.231040] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.231075] Call Trace: [ 26.231107] <TASK> [ 26.231129] dump_stack_lvl+0x73/0xb0 [ 26.231173] print_report+0xd1/0x650 [ 26.231198] ? __virt_addr_valid+0x1db/0x2d0 [ 26.231222] ? kasan_atomics_helper+0xf10/0x5450 [ 26.231245] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.231281] ? kasan_atomics_helper+0xf10/0x5450 [ 26.231305] kasan_report+0x141/0x180 [ 26.231328] ? kasan_atomics_helper+0xf10/0x5450 [ 26.231366] kasan_check_range+0x10c/0x1c0 [ 26.231390] __kasan_check_write+0x18/0x20 [ 26.231416] kasan_atomics_helper+0xf10/0x5450 [ 26.231449] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.231472] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.231509] ? kasan_atomics+0x152/0x310 [ 26.231536] kasan_atomics+0x1dc/0x310 [ 26.231560] ? __pfx_kasan_atomics+0x10/0x10 [ 26.231591] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.231618] ? __pfx_read_tsc+0x10/0x10 [ 26.231641] ? ktime_get_ts64+0x86/0x230 [ 26.231678] kunit_try_run_case+0x1a5/0x480 [ 26.231706] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.231732] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.231763] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.231787] ? __kthread_parkme+0x82/0x180 [ 26.231809] ? preempt_count_sub+0x50/0x80 [ 26.231844] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.231870] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.231903] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.231947] kthread+0x337/0x6f0 [ 26.231968] ? trace_preempt_on+0x20/0xc0 [ 26.232004] ? __pfx_kthread+0x10/0x10 [ 26.232026] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.232052] ? calculate_sigpending+0x7b/0xa0 [ 26.232095] ? __pfx_kthread+0x10/0x10 [ 26.232118] ret_from_fork+0x116/0x1d0 [ 26.232139] ? __pfx_kthread+0x10/0x10 [ 26.232172] ret_from_fork_asm+0x1a/0x30 [ 26.232204] </TASK> [ 26.232218] [ 26.240051] Allocated by task 314: [ 26.240266] kasan_save_stack+0x45/0x70 [ 26.240432] kasan_save_track+0x18/0x40 [ 26.240625] kasan_save_alloc_info+0x3b/0x50 [ 26.240823] __kasan_kmalloc+0xb7/0xc0 [ 26.241037] __kmalloc_cache_noprof+0x189/0x420 [ 26.241253] kasan_atomics+0x95/0x310 [ 26.241435] kunit_try_run_case+0x1a5/0x480 [ 26.241625] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.241798] kthread+0x337/0x6f0 [ 26.241938] ret_from_fork+0x116/0x1d0 [ 26.242078] ret_from_fork_asm+0x1a/0x30 [ 26.242299] [ 26.242397] The buggy address belongs to the object at ffff888105a1e600 [ 26.242397] which belongs to the cache kmalloc-64 of size 64 [ 26.242959] The buggy address is located 0 bytes to the right of [ 26.242959] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.243529] [ 26.243618] The buggy address belongs to the physical page: [ 26.243789] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.244053] flags: 0x200000000000000(node=0|zone=2) [ 26.244248] page_type: f5(slab) [ 26.244417] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.244781] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.245172] page dumped because: kasan: bad access detected [ 26.245445] [ 26.245557] Memory state around the buggy address: [ 26.245767] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.246000] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.246328] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.246639] ^ [ 26.246800] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.247044] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.247262] ================================================================== [ 26.743367] ================================================================== [ 26.744122] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1b22/0x5450 [ 26.744556] Write of size 8 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.744777] [ 26.744866] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.744919] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.744942] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.744967] Call Trace: [ 26.744990] <TASK> [ 26.745013] dump_stack_lvl+0x73/0xb0 [ 26.745044] print_report+0xd1/0x650 [ 26.745082] ? __virt_addr_valid+0x1db/0x2d0 [ 26.745107] ? kasan_atomics_helper+0x1b22/0x5450 [ 26.745131] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.745158] ? kasan_atomics_helper+0x1b22/0x5450 [ 26.745181] kasan_report+0x141/0x180 [ 26.745205] ? kasan_atomics_helper+0x1b22/0x5450 [ 26.745232] kasan_check_range+0x10c/0x1c0 [ 26.745258] __kasan_check_write+0x18/0x20 [ 26.745282] kasan_atomics_helper+0x1b22/0x5450 [ 26.745306] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.745330] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.745358] ? kasan_atomics+0x152/0x310 [ 26.745385] kasan_atomics+0x1dc/0x310 [ 26.745409] ? __pfx_kasan_atomics+0x10/0x10 [ 26.745432] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.745460] ? __pfx_read_tsc+0x10/0x10 [ 26.745487] ? ktime_get_ts64+0x86/0x230 [ 26.745528] kunit_try_run_case+0x1a5/0x480 [ 26.745557] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.745593] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.745616] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.745640] ? __kthread_parkme+0x82/0x180 [ 26.745661] ? preempt_count_sub+0x50/0x80 [ 26.745687] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.745714] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.745740] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.745766] kthread+0x337/0x6f0 [ 26.745788] ? trace_preempt_on+0x20/0xc0 [ 26.745813] ? __pfx_kthread+0x10/0x10 [ 26.745839] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.745865] ? calculate_sigpending+0x7b/0xa0 [ 26.745890] ? __pfx_kthread+0x10/0x10 [ 26.745913] ret_from_fork+0x116/0x1d0 [ 26.745945] ? __pfx_kthread+0x10/0x10 [ 26.745968] ret_from_fork_asm+0x1a/0x30 [ 26.746001] </TASK> [ 26.746014] [ 26.753629] Allocated by task 314: [ 26.753768] kasan_save_stack+0x45/0x70 [ 26.753992] kasan_save_track+0x18/0x40 [ 26.754187] kasan_save_alloc_info+0x3b/0x50 [ 26.754390] __kasan_kmalloc+0xb7/0xc0 [ 26.754571] __kmalloc_cache_noprof+0x189/0x420 [ 26.754790] kasan_atomics+0x95/0x310 [ 26.754969] kunit_try_run_case+0x1a5/0x480 [ 26.755180] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.755491] kthread+0x337/0x6f0 [ 26.755606] ret_from_fork+0x116/0x1d0 [ 26.755734] ret_from_fork_asm+0x1a/0x30 [ 26.755867] [ 26.756070] The buggy address belongs to the object at ffff888105a1e600 [ 26.756070] which belongs to the cache kmalloc-64 of size 64 [ 26.756595] The buggy address is located 0 bytes to the right of [ 26.756595] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.757178] [ 26.757261] The buggy address belongs to the physical page: [ 26.757428] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.757665] flags: 0x200000000000000(node=0|zone=2) [ 26.757855] page_type: f5(slab) [ 26.758167] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.758504] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.758831] page dumped because: kasan: bad access detected [ 26.759242] [ 26.759312] Memory state around the buggy address: [ 26.759462] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.759674] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.759886] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.760165] ^ [ 26.760405] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.760755] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.761136] ================================================================== [ 26.521305] ================================================================== [ 26.521629] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x50d4/0x5450 [ 26.522271] Write of size 8 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.522614] [ 26.522725] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.522781] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.522797] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.522822] Call Trace: [ 26.522845] <TASK> [ 26.522867] dump_stack_lvl+0x73/0xb0 [ 26.522901] print_report+0xd1/0x650 [ 26.522925] ? __virt_addr_valid+0x1db/0x2d0 [ 26.522952] ? kasan_atomics_helper+0x50d4/0x5450 [ 26.522975] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.523002] ? kasan_atomics_helper+0x50d4/0x5450 [ 26.523025] kasan_report+0x141/0x180 [ 26.523048] ? kasan_atomics_helper+0x50d4/0x5450 [ 26.523086] __asan_report_store8_noabort+0x1b/0x30 [ 26.523123] kasan_atomics_helper+0x50d4/0x5450 [ 26.523146] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.523169] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.523208] ? kasan_atomics+0x152/0x310 [ 26.523236] kasan_atomics+0x1dc/0x310 [ 26.523259] ? __pfx_kasan_atomics+0x10/0x10 [ 26.523282] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.523308] ? __pfx_read_tsc+0x10/0x10 [ 26.523332] ? ktime_get_ts64+0x86/0x230 [ 26.523359] kunit_try_run_case+0x1a5/0x480 [ 26.523386] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.523411] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.523433] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.523457] ? __kthread_parkme+0x82/0x180 [ 26.523521] ? preempt_count_sub+0x50/0x80 [ 26.523547] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.523806] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.523844] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.523871] kthread+0x337/0x6f0 [ 26.523892] ? trace_preempt_on+0x20/0xc0 [ 26.523917] ? __pfx_kthread+0x10/0x10 [ 26.523953] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.523980] ? calculate_sigpending+0x7b/0xa0 [ 26.524007] ? __pfx_kthread+0x10/0x10 [ 26.524030] ret_from_fork+0x116/0x1d0 [ 26.524052] ? __pfx_kthread+0x10/0x10 [ 26.524085] ret_from_fork_asm+0x1a/0x30 [ 26.524118] </TASK> [ 26.524132] [ 26.531846] Allocated by task 314: [ 26.531987] kasan_save_stack+0x45/0x70 [ 26.532200] kasan_save_track+0x18/0x40 [ 26.532403] kasan_save_alloc_info+0x3b/0x50 [ 26.532607] __kasan_kmalloc+0xb7/0xc0 [ 26.532788] __kmalloc_cache_noprof+0x189/0x420 [ 26.533154] kasan_atomics+0x95/0x310 [ 26.533324] kunit_try_run_case+0x1a5/0x480 [ 26.533467] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.533706] kthread+0x337/0x6f0 [ 26.533874] ret_from_fork+0x116/0x1d0 [ 26.534171] ret_from_fork_asm+0x1a/0x30 [ 26.534354] [ 26.534448] The buggy address belongs to the object at ffff888105a1e600 [ 26.534448] which belongs to the cache kmalloc-64 of size 64 [ 26.534951] The buggy address is located 0 bytes to the right of [ 26.534951] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.535467] [ 26.535567] The buggy address belongs to the physical page: [ 26.535767] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.536004] flags: 0x200000000000000(node=0|zone=2) [ 26.536174] page_type: f5(slab) [ 26.536295] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.536656] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.537093] page dumped because: kasan: bad access detected [ 26.537342] [ 26.537422] Memory state around the buggy address: [ 26.537583] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.537811] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.538082] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.538325] ^ [ 26.538500] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.538742] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.538990] ================================================================== [ 25.888134] ================================================================== [ 25.888590] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a0/0x5450 [ 25.888839] Write of size 4 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 25.889424] [ 25.889629] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.889687] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.889702] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.889728] Call Trace: [ 25.889753] <TASK> [ 25.889795] dump_stack_lvl+0x73/0xb0 [ 25.889838] print_report+0xd1/0x650 [ 25.889865] ? __virt_addr_valid+0x1db/0x2d0 [ 25.889891] ? kasan_atomics_helper+0x4a0/0x5450 [ 25.889914] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.889943] ? kasan_atomics_helper+0x4a0/0x5450 [ 25.889986] kasan_report+0x141/0x180 [ 25.890024] ? kasan_atomics_helper+0x4a0/0x5450 [ 25.890052] kasan_check_range+0x10c/0x1c0 [ 25.890088] __kasan_check_write+0x18/0x20 [ 25.890113] kasan_atomics_helper+0x4a0/0x5450 [ 25.890137] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.890161] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.890189] ? kasan_atomics+0x152/0x310 [ 25.890216] kasan_atomics+0x1dc/0x310 [ 25.890241] ? __pfx_kasan_atomics+0x10/0x10 [ 25.890265] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.890292] ? __pfx_read_tsc+0x10/0x10 [ 25.890316] ? ktime_get_ts64+0x86/0x230 [ 25.890343] kunit_try_run_case+0x1a5/0x480 [ 25.890373] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.890400] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.890422] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.890446] ? __kthread_parkme+0x82/0x180 [ 25.890469] ? preempt_count_sub+0x50/0x80 [ 25.890495] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.890522] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.890548] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.890574] kthread+0x337/0x6f0 [ 25.890596] ? trace_preempt_on+0x20/0xc0 [ 25.890620] ? __pfx_kthread+0x10/0x10 [ 25.890644] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.890670] ? calculate_sigpending+0x7b/0xa0 [ 25.890696] ? __pfx_kthread+0x10/0x10 [ 25.890720] ret_from_fork+0x116/0x1d0 [ 25.890740] ? __pfx_kthread+0x10/0x10 [ 25.890763] ret_from_fork_asm+0x1a/0x30 [ 25.890796] </TASK> [ 25.890811] [ 25.900559] Allocated by task 314: [ 25.900754] kasan_save_stack+0x45/0x70 [ 25.900992] kasan_save_track+0x18/0x40 [ 25.901237] kasan_save_alloc_info+0x3b/0x50 [ 25.901388] __kasan_kmalloc+0xb7/0xc0 [ 25.901515] __kmalloc_cache_noprof+0x189/0x420 [ 25.901664] kasan_atomics+0x95/0x310 [ 25.901867] kunit_try_run_case+0x1a5/0x480 [ 25.902294] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.902974] kthread+0x337/0x6f0 [ 25.903233] ret_from_fork+0x116/0x1d0 [ 25.903400] ret_from_fork_asm+0x1a/0x30 [ 25.903636] [ 25.903732] The buggy address belongs to the object at ffff888105a1e600 [ 25.903732] which belongs to the cache kmalloc-64 of size 64 [ 25.904321] The buggy address is located 0 bytes to the right of [ 25.904321] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 25.905043] [ 25.905140] The buggy address belongs to the physical page: [ 25.905466] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 25.905896] flags: 0x200000000000000(node=0|zone=2) [ 25.906108] page_type: f5(slab) [ 25.906230] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.906577] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.906924] page dumped because: kasan: bad access detected [ 25.907312] [ 25.907405] Memory state around the buggy address: [ 25.907667] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.908108] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.908450] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.908723] ^ [ 25.908907] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.909196] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.909487] ================================================================== [ 26.328176] ================================================================== [ 26.328539] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1148/0x5450 [ 26.328868] Write of size 4 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.329267] [ 26.329400] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.329456] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.329471] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.329498] Call Trace: [ 26.329522] <TASK> [ 26.329544] dump_stack_lvl+0x73/0xb0 [ 26.329576] print_report+0xd1/0x650 [ 26.329602] ? __virt_addr_valid+0x1db/0x2d0 [ 26.329628] ? kasan_atomics_helper+0x1148/0x5450 [ 26.329651] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.329678] ? kasan_atomics_helper+0x1148/0x5450 [ 26.329702] kasan_report+0x141/0x180 [ 26.329725] ? kasan_atomics_helper+0x1148/0x5450 [ 26.329763] kasan_check_range+0x10c/0x1c0 [ 26.329788] __kasan_check_write+0x18/0x20 [ 26.329813] kasan_atomics_helper+0x1148/0x5450 [ 26.329849] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.329873] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.329900] ? kasan_atomics+0x152/0x310 [ 26.329927] kasan_atomics+0x1dc/0x310 [ 26.329950] ? __pfx_kasan_atomics+0x10/0x10 [ 26.329973] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.329999] ? __pfx_read_tsc+0x10/0x10 [ 26.330022] ? ktime_get_ts64+0x86/0x230 [ 26.330049] kunit_try_run_case+0x1a5/0x480 [ 26.330086] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.330111] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.330134] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.330157] ? __kthread_parkme+0x82/0x180 [ 26.330180] ? preempt_count_sub+0x50/0x80 [ 26.330221] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.330248] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.330274] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.330300] kthread+0x337/0x6f0 [ 26.330321] ? trace_preempt_on+0x20/0xc0 [ 26.330345] ? __pfx_kthread+0x10/0x10 [ 26.330367] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.330392] ? calculate_sigpending+0x7b/0xa0 [ 26.330418] ? __pfx_kthread+0x10/0x10 [ 26.330440] ret_from_fork+0x116/0x1d0 [ 26.330462] ? __pfx_kthread+0x10/0x10 [ 26.330484] ret_from_fork_asm+0x1a/0x30 [ 26.330516] </TASK> [ 26.330530] [ 26.338158] Allocated by task 314: [ 26.338352] kasan_save_stack+0x45/0x70 [ 26.338544] kasan_save_track+0x18/0x40 [ 26.338739] kasan_save_alloc_info+0x3b/0x50 [ 26.338907] __kasan_kmalloc+0xb7/0xc0 [ 26.339131] __kmalloc_cache_noprof+0x189/0x420 [ 26.339307] kasan_atomics+0x95/0x310 [ 26.339502] kunit_try_run_case+0x1a5/0x480 [ 26.339694] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.339931] kthread+0x337/0x6f0 [ 26.340116] ret_from_fork+0x116/0x1d0 [ 26.340276] ret_from_fork_asm+0x1a/0x30 [ 26.340462] [ 26.340553] The buggy address belongs to the object at ffff888105a1e600 [ 26.340553] which belongs to the cache kmalloc-64 of size 64 [ 26.341107] The buggy address is located 0 bytes to the right of [ 26.341107] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.341493] [ 26.341563] The buggy address belongs to the physical page: [ 26.341734] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.342009] flags: 0x200000000000000(node=0|zone=2) [ 26.342290] page_type: f5(slab) [ 26.342493] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.342874] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.343353] page dumped because: kasan: bad access detected [ 26.343579] [ 26.343644] Memory state around the buggy address: [ 26.343795] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.344150] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.344497] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.344861] ^ [ 26.345084] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.345364] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.345573] ================================================================== [ 26.384025] ================================================================== [ 26.384422] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49e8/0x5450 [ 26.384756] Read of size 4 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.385380] [ 26.385501] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.385553] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.385568] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.385593] Call Trace: [ 26.385617] <TASK> [ 26.385639] dump_stack_lvl+0x73/0xb0 [ 26.385670] print_report+0xd1/0x650 [ 26.385694] ? __virt_addr_valid+0x1db/0x2d0 [ 26.385719] ? kasan_atomics_helper+0x49e8/0x5450 [ 26.385742] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.385770] ? kasan_atomics_helper+0x49e8/0x5450 [ 26.385794] kasan_report+0x141/0x180 [ 26.385817] ? kasan_atomics_helper+0x49e8/0x5450 [ 26.385850] __asan_report_load4_noabort+0x18/0x20 [ 26.385876] kasan_atomics_helper+0x49e8/0x5450 [ 26.385900] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.385923] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.385960] ? kasan_atomics+0x152/0x310 [ 26.385988] kasan_atomics+0x1dc/0x310 [ 26.386021] ? __pfx_kasan_atomics+0x10/0x10 [ 26.386045] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.386089] ? __pfx_read_tsc+0x10/0x10 [ 26.386113] ? ktime_get_ts64+0x86/0x230 [ 26.386150] kunit_try_run_case+0x1a5/0x480 [ 26.386178] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.386213] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.386236] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.386259] ? __kthread_parkme+0x82/0x180 [ 26.386283] ? preempt_count_sub+0x50/0x80 [ 26.386308] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.386336] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.386361] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.386387] kthread+0x337/0x6f0 [ 26.386408] ? trace_preempt_on+0x20/0xc0 [ 26.386433] ? __pfx_kthread+0x10/0x10 [ 26.386464] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.386490] ? calculate_sigpending+0x7b/0xa0 [ 26.386515] ? __pfx_kthread+0x10/0x10 [ 26.386548] ret_from_fork+0x116/0x1d0 [ 26.386569] ? __pfx_kthread+0x10/0x10 [ 26.386592] ret_from_fork_asm+0x1a/0x30 [ 26.386633] </TASK> [ 26.386647] [ 26.396426] Allocated by task 314: [ 26.396754] kasan_save_stack+0x45/0x70 [ 26.397177] kasan_save_track+0x18/0x40 [ 26.397446] kasan_save_alloc_info+0x3b/0x50 [ 26.397833] __kasan_kmalloc+0xb7/0xc0 [ 26.398265] __kmalloc_cache_noprof+0x189/0x420 [ 26.398568] kasan_atomics+0x95/0x310 [ 26.398861] kunit_try_run_case+0x1a5/0x480 [ 26.399268] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.399636] kthread+0x337/0x6f0 [ 26.399806] ret_from_fork+0x116/0x1d0 [ 26.400252] ret_from_fork_asm+0x1a/0x30 [ 26.400504] [ 26.400754] The buggy address belongs to the object at ffff888105a1e600 [ 26.400754] which belongs to the cache kmalloc-64 of size 64 [ 26.401347] The buggy address is located 0 bytes to the right of [ 26.401347] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.401852] [ 26.402231] The buggy address belongs to the physical page: [ 26.402526] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.403202] flags: 0x200000000000000(node=0|zone=2) [ 26.403440] page_type: f5(slab) [ 26.403596] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.403903] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.404221] page dumped because: kasan: bad access detected [ 26.404448] [ 26.404531] Memory state around the buggy address: [ 26.404736] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.405482] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.406182] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.406631] ^ [ 26.406975] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.407294] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.407580] ================================================================== [ 26.365909] ================================================================== [ 26.366356] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1217/0x5450 [ 26.366699] Write of size 4 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.367137] [ 26.367250] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.367302] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.367317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.367342] Call Trace: [ 26.367365] <TASK> [ 26.367388] dump_stack_lvl+0x73/0xb0 [ 26.367419] print_report+0xd1/0x650 [ 26.367443] ? __virt_addr_valid+0x1db/0x2d0 [ 26.367468] ? kasan_atomics_helper+0x1217/0x5450 [ 26.367491] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.367518] ? kasan_atomics_helper+0x1217/0x5450 [ 26.367541] kasan_report+0x141/0x180 [ 26.367564] ? kasan_atomics_helper+0x1217/0x5450 [ 26.367591] kasan_check_range+0x10c/0x1c0 [ 26.367616] __kasan_check_write+0x18/0x20 [ 26.367641] kasan_atomics_helper+0x1217/0x5450 [ 26.367664] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.367700] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.367728] ? kasan_atomics+0x152/0x310 [ 26.367767] kasan_atomics+0x1dc/0x310 [ 26.367791] ? __pfx_kasan_atomics+0x10/0x10 [ 26.367814] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.367841] ? __pfx_read_tsc+0x10/0x10 [ 26.367873] ? ktime_get_ts64+0x86/0x230 [ 26.367901] kunit_try_run_case+0x1a5/0x480 [ 26.367946] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.367972] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.367995] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.368018] ? __kthread_parkme+0x82/0x180 [ 26.368041] ? preempt_count_sub+0x50/0x80 [ 26.368077] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.368103] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.368129] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.368155] kthread+0x337/0x6f0 [ 26.368177] ? trace_preempt_on+0x20/0xc0 [ 26.368202] ? __pfx_kthread+0x10/0x10 [ 26.368224] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.368249] ? calculate_sigpending+0x7b/0xa0 [ 26.368275] ? __pfx_kthread+0x10/0x10 [ 26.368297] ret_from_fork+0x116/0x1d0 [ 26.368318] ? __pfx_kthread+0x10/0x10 [ 26.368349] ret_from_fork_asm+0x1a/0x30 [ 26.368382] </TASK> [ 26.368396] [ 26.376076] Allocated by task 314: [ 26.376260] kasan_save_stack+0x45/0x70 [ 26.376413] kasan_save_track+0x18/0x40 [ 26.376597] kasan_save_alloc_info+0x3b/0x50 [ 26.376781] __kasan_kmalloc+0xb7/0xc0 [ 26.376935] __kmalloc_cache_noprof+0x189/0x420 [ 26.377244] kasan_atomics+0x95/0x310 [ 26.377437] kunit_try_run_case+0x1a5/0x480 [ 26.377619] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.377859] kthread+0x337/0x6f0 [ 26.378117] ret_from_fork+0x116/0x1d0 [ 26.378292] ret_from_fork_asm+0x1a/0x30 [ 26.378491] [ 26.378585] The buggy address belongs to the object at ffff888105a1e600 [ 26.378585] which belongs to the cache kmalloc-64 of size 64 [ 26.379072] The buggy address is located 0 bytes to the right of [ 26.379072] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.379549] [ 26.379643] The buggy address belongs to the physical page: [ 26.379891] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.380190] flags: 0x200000000000000(node=0|zone=2) [ 26.380411] page_type: f5(slab) [ 26.380582] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.380882] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.381322] page dumped because: kasan: bad access detected [ 26.381578] [ 26.381671] Memory state around the buggy address: [ 26.381885] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.382219] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.382525] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.382832] ^ [ 26.383091] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.383333] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.383544] ================================================================== [ 26.912464] ================================================================== [ 26.912827] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x2006/0x5450 [ 26.913708] Write of size 8 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.914112] [ 26.914228] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.914285] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.914301] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.914328] Call Trace: [ 26.914352] <TASK> [ 26.914375] dump_stack_lvl+0x73/0xb0 [ 26.914415] print_report+0xd1/0x650 [ 26.914444] ? __virt_addr_valid+0x1db/0x2d0 [ 26.914471] ? kasan_atomics_helper+0x2006/0x5450 [ 26.914496] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.914525] ? kasan_atomics_helper+0x2006/0x5450 [ 26.914549] kasan_report+0x141/0x180 [ 26.914573] ? kasan_atomics_helper+0x2006/0x5450 [ 26.914602] kasan_check_range+0x10c/0x1c0 [ 26.914631] __kasan_check_write+0x18/0x20 [ 26.914658] kasan_atomics_helper+0x2006/0x5450 [ 26.914683] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.914707] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.914736] ? kasan_atomics+0x152/0x310 [ 26.914765] kasan_atomics+0x1dc/0x310 [ 26.914790] ? __pfx_kasan_atomics+0x10/0x10 [ 26.914815] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.914842] ? __pfx_read_tsc+0x10/0x10 [ 26.914867] ? ktime_get_ts64+0x86/0x230 [ 26.914896] kunit_try_run_case+0x1a5/0x480 [ 26.914949] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.914975] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.914999] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.915023] ? __kthread_parkme+0x82/0x180 [ 26.915047] ? preempt_count_sub+0x50/0x80 [ 26.915083] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.915111] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.915138] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.915166] kthread+0x337/0x6f0 [ 26.915189] ? trace_preempt_on+0x20/0xc0 [ 26.915216] ? __pfx_kthread+0x10/0x10 [ 26.915239] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.915267] ? calculate_sigpending+0x7b/0xa0 [ 26.915295] ? __pfx_kthread+0x10/0x10 [ 26.915319] ret_from_fork+0x116/0x1d0 [ 26.915341] ? __pfx_kthread+0x10/0x10 [ 26.915365] ret_from_fork_asm+0x1a/0x30 [ 26.915400] </TASK> [ 26.915414] [ 26.922894] Allocated by task 314: [ 26.923075] kasan_save_stack+0x45/0x70 [ 26.923283] kasan_save_track+0x18/0x40 [ 26.923466] kasan_save_alloc_info+0x3b/0x50 [ 26.923657] __kasan_kmalloc+0xb7/0xc0 [ 26.923818] __kmalloc_cache_noprof+0x189/0x420 [ 26.924069] kasan_atomics+0x95/0x310 [ 26.924234] kunit_try_run_case+0x1a5/0x480 [ 26.924429] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.924647] kthread+0x337/0x6f0 [ 26.924813] ret_from_fork+0x116/0x1d0 [ 26.924997] ret_from_fork_asm+0x1a/0x30 [ 26.925173] [ 26.925242] The buggy address belongs to the object at ffff888105a1e600 [ 26.925242] which belongs to the cache kmalloc-64 of size 64 [ 26.925600] The buggy address is located 0 bytes to the right of [ 26.925600] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.926001] [ 26.926083] The buggy address belongs to the physical page: [ 26.926343] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.926699] flags: 0x200000000000000(node=0|zone=2) [ 26.926961] page_type: f5(slab) [ 26.927142] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.927487] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.927830] page dumped because: kasan: bad access detected [ 26.928119] [ 26.928212] Memory state around the buggy address: [ 26.928440] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.928729] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.928985] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.929215] ^ [ 26.929371] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.929587] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.929859] ================================================================== [ 26.083587] ================================================================== [ 26.083983] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa2b/0x5450 [ 26.084288] Write of size 4 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.084589] [ 26.084678] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.084730] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.084745] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.084769] Call Trace: [ 26.084791] <TASK> [ 26.084811] dump_stack_lvl+0x73/0xb0 [ 26.084841] print_report+0xd1/0x650 [ 26.084865] ? __virt_addr_valid+0x1db/0x2d0 [ 26.084891] ? kasan_atomics_helper+0xa2b/0x5450 [ 26.084936] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.084965] ? kasan_atomics_helper+0xa2b/0x5450 [ 26.084988] kasan_report+0x141/0x180 [ 26.085012] ? kasan_atomics_helper+0xa2b/0x5450 [ 26.085040] kasan_check_range+0x10c/0x1c0 [ 26.085074] __kasan_check_write+0x18/0x20 [ 26.085101] kasan_atomics_helper+0xa2b/0x5450 [ 26.085127] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.085150] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.085178] ? kasan_atomics+0x152/0x310 [ 26.085215] kasan_atomics+0x1dc/0x310 [ 26.085240] ? __pfx_kasan_atomics+0x10/0x10 [ 26.085263] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.085301] ? __pfx_read_tsc+0x10/0x10 [ 26.085324] ? ktime_get_ts64+0x86/0x230 [ 26.085352] kunit_try_run_case+0x1a5/0x480 [ 26.085379] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.085405] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.085429] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.085453] ? __kthread_parkme+0x82/0x180 [ 26.085476] ? preempt_count_sub+0x50/0x80 [ 26.085501] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.085528] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.085555] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.085581] kthread+0x337/0x6f0 [ 26.085603] ? trace_preempt_on+0x20/0xc0 [ 26.085630] ? __pfx_kthread+0x10/0x10 [ 26.085652] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.085678] ? calculate_sigpending+0x7b/0xa0 [ 26.085704] ? __pfx_kthread+0x10/0x10 [ 26.085728] ret_from_fork+0x116/0x1d0 [ 26.085749] ? __pfx_kthread+0x10/0x10 [ 26.085772] ret_from_fork_asm+0x1a/0x30 [ 26.085806] </TASK> [ 26.085825] [ 26.093321] Allocated by task 314: [ 26.093503] kasan_save_stack+0x45/0x70 [ 26.093688] kasan_save_track+0x18/0x40 [ 26.093828] kasan_save_alloc_info+0x3b/0x50 [ 26.094001] __kasan_kmalloc+0xb7/0xc0 [ 26.094150] __kmalloc_cache_noprof+0x189/0x420 [ 26.094305] kasan_atomics+0x95/0x310 [ 26.094435] kunit_try_run_case+0x1a5/0x480 [ 26.094580] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.094753] kthread+0x337/0x6f0 [ 26.094870] ret_from_fork+0x116/0x1d0 [ 26.095025] ret_from_fork_asm+0x1a/0x30 [ 26.095172] [ 26.095266] The buggy address belongs to the object at ffff888105a1e600 [ 26.095266] which belongs to the cache kmalloc-64 of size 64 [ 26.095807] The buggy address is located 0 bytes to the right of [ 26.095807] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.096206] [ 26.096278] The buggy address belongs to the physical page: [ 26.096450] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.096690] flags: 0x200000000000000(node=0|zone=2) [ 26.096911] page_type: f5(slab) [ 26.097123] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.097504] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.097867] page dumped because: kasan: bad access detected [ 26.098177] [ 26.098269] Memory state around the buggy address: [ 26.098494] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.098830] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.099196] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.099515] ^ [ 26.099666] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.100024] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.100313] ================================================================== [ 26.247894] ================================================================== [ 26.248324] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xfa9/0x5450 [ 26.248658] Write of size 4 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.249013] [ 26.249134] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.249188] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.249204] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.249229] Call Trace: [ 26.249251] <TASK> [ 26.249275] dump_stack_lvl+0x73/0xb0 [ 26.249304] print_report+0xd1/0x650 [ 26.249329] ? __virt_addr_valid+0x1db/0x2d0 [ 26.249354] ? kasan_atomics_helper+0xfa9/0x5450 [ 26.249376] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.249404] ? kasan_atomics_helper+0xfa9/0x5450 [ 26.249427] kasan_report+0x141/0x180 [ 26.249449] ? kasan_atomics_helper+0xfa9/0x5450 [ 26.249476] kasan_check_range+0x10c/0x1c0 [ 26.249501] __kasan_check_write+0x18/0x20 [ 26.249526] kasan_atomics_helper+0xfa9/0x5450 [ 26.249549] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.249572] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.249599] ? kasan_atomics+0x152/0x310 [ 26.249625] kasan_atomics+0x1dc/0x310 [ 26.249649] ? __pfx_kasan_atomics+0x10/0x10 [ 26.249673] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.249699] ? __pfx_read_tsc+0x10/0x10 [ 26.249721] ? ktime_get_ts64+0x86/0x230 [ 26.249747] kunit_try_run_case+0x1a5/0x480 [ 26.249774] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.249800] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.249827] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.249860] ? __kthread_parkme+0x82/0x180 [ 26.249882] ? preempt_count_sub+0x50/0x80 [ 26.249907] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.249968] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.249993] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.250031] kthread+0x337/0x6f0 [ 26.250052] ? trace_preempt_on+0x20/0xc0 [ 26.250088] ? __pfx_kthread+0x10/0x10 [ 26.250111] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.250138] ? calculate_sigpending+0x7b/0xa0 [ 26.250164] ? __pfx_kthread+0x10/0x10 [ 26.250196] ret_from_fork+0x116/0x1d0 [ 26.250217] ? __pfx_kthread+0x10/0x10 [ 26.250240] ret_from_fork_asm+0x1a/0x30 [ 26.250284] </TASK> [ 26.250298] [ 26.257951] Allocated by task 314: [ 26.258108] kasan_save_stack+0x45/0x70 [ 26.258255] kasan_save_track+0x18/0x40 [ 26.258465] kasan_save_alloc_info+0x3b/0x50 [ 26.258672] __kasan_kmalloc+0xb7/0xc0 [ 26.258853] __kmalloc_cache_noprof+0x189/0x420 [ 26.259104] kasan_atomics+0x95/0x310 [ 26.259289] kunit_try_run_case+0x1a5/0x480 [ 26.259492] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.259738] kthread+0x337/0x6f0 [ 26.259902] ret_from_fork+0x116/0x1d0 [ 26.260096] ret_from_fork_asm+0x1a/0x30 [ 26.260301] [ 26.260385] The buggy address belongs to the object at ffff888105a1e600 [ 26.260385] which belongs to the cache kmalloc-64 of size 64 [ 26.260762] The buggy address is located 0 bytes to the right of [ 26.260762] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.261356] [ 26.261447] The buggy address belongs to the physical page: [ 26.261686] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.262045] flags: 0x200000000000000(node=0|zone=2) [ 26.262287] page_type: f5(slab) [ 26.262452] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.262772] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.263118] page dumped because: kasan: bad access detected [ 26.263362] [ 26.263459] Memory state around the buggy address: [ 26.263658] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.263979] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.264291] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.264567] ^ [ 26.264784] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.265074] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.265285] ================================================================== [ 25.769384] ================================================================== [ 25.769777] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4ba2/0x5450 [ 25.770157] Write of size 4 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 25.770443] [ 25.770587] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.770642] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.770656] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.770681] Call Trace: [ 25.770704] <TASK> [ 25.770725] dump_stack_lvl+0x73/0xb0 [ 25.770755] print_report+0xd1/0x650 [ 25.770778] ? __virt_addr_valid+0x1db/0x2d0 [ 25.770803] ? kasan_atomics_helper+0x4ba2/0x5450 [ 25.770825] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.770851] ? kasan_atomics_helper+0x4ba2/0x5450 [ 25.770873] kasan_report+0x141/0x180 [ 25.770895] ? kasan_atomics_helper+0x4ba2/0x5450 [ 25.770921] __asan_report_store4_noabort+0x1b/0x30 [ 25.770946] kasan_atomics_helper+0x4ba2/0x5450 [ 25.770969] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.770991] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.771025] ? kasan_atomics+0x152/0x310 [ 25.771052] kasan_atomics+0x1dc/0x310 [ 25.771085] ? __pfx_kasan_atomics+0x10/0x10 [ 25.771107] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.771132] ? __pfx_read_tsc+0x10/0x10 [ 25.771155] ? ktime_get_ts64+0x86/0x230 [ 25.771181] kunit_try_run_case+0x1a5/0x480 [ 25.771208] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.771232] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.771254] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.771277] ? __kthread_parkme+0x82/0x180 [ 25.771309] ? preempt_count_sub+0x50/0x80 [ 25.771334] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.771362] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.771386] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.771411] kthread+0x337/0x6f0 [ 25.771431] ? trace_preempt_on+0x20/0xc0 [ 25.771455] ? __pfx_kthread+0x10/0x10 [ 25.771477] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.771501] ? calculate_sigpending+0x7b/0xa0 [ 25.771526] ? __pfx_kthread+0x10/0x10 [ 25.771548] ret_from_fork+0x116/0x1d0 [ 25.771568] ? __pfx_kthread+0x10/0x10 [ 25.771588] ret_from_fork_asm+0x1a/0x30 [ 25.771620] </TASK> [ 25.771632] [ 25.779471] Allocated by task 314: [ 25.779634] kasan_save_stack+0x45/0x70 [ 25.779779] kasan_save_track+0x18/0x40 [ 25.779910] kasan_save_alloc_info+0x3b/0x50 [ 25.780126] __kasan_kmalloc+0xb7/0xc0 [ 25.780487] __kmalloc_cache_noprof+0x189/0x420 [ 25.780704] kasan_atomics+0x95/0x310 [ 25.780856] kunit_try_run_case+0x1a5/0x480 [ 25.781039] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.781217] kthread+0x337/0x6f0 [ 25.781334] ret_from_fork+0x116/0x1d0 [ 25.781573] ret_from_fork_asm+0x1a/0x30 [ 25.781930] [ 25.782041] The buggy address belongs to the object at ffff888105a1e600 [ 25.782041] which belongs to the cache kmalloc-64 of size 64 [ 25.782472] The buggy address is located 0 bytes to the right of [ 25.782472] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 25.782831] [ 25.782900] The buggy address belongs to the physical page: [ 25.783241] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 25.783596] flags: 0x200000000000000(node=0|zone=2) [ 25.783823] page_type: f5(slab) [ 25.784018] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.784463] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.784685] page dumped because: kasan: bad access detected [ 25.784851] [ 25.784914] Memory state around the buggy address: [ 25.785072] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.785568] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.786166] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.786500] ^ [ 25.786769] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.787044] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.787328] ================================================================== [ 26.011377] ================================================================== [ 26.011827] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x7c7/0x5450 [ 26.012231] Write of size 4 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.012586] [ 26.012698] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.012752] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.012778] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.012803] Call Trace: [ 26.012819] <TASK> [ 26.012852] dump_stack_lvl+0x73/0xb0 [ 26.012884] print_report+0xd1/0x650 [ 26.012933] ? __virt_addr_valid+0x1db/0x2d0 [ 26.012970] ? kasan_atomics_helper+0x7c7/0x5450 [ 26.012994] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.013022] ? kasan_atomics_helper+0x7c7/0x5450 [ 26.013057] kasan_report+0x141/0x180 [ 26.013090] ? kasan_atomics_helper+0x7c7/0x5450 [ 26.013117] kasan_check_range+0x10c/0x1c0 [ 26.013143] __kasan_check_write+0x18/0x20 [ 26.013168] kasan_atomics_helper+0x7c7/0x5450 [ 26.013192] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.013215] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.013252] ? kasan_atomics+0x152/0x310 [ 26.013280] kasan_atomics+0x1dc/0x310 [ 26.013304] ? __pfx_kasan_atomics+0x10/0x10 [ 26.013339] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.013366] ? __pfx_read_tsc+0x10/0x10 [ 26.013401] ? ktime_get_ts64+0x86/0x230 [ 26.013429] kunit_try_run_case+0x1a5/0x480 [ 26.013456] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.013493] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.013516] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.013539] ? __kthread_parkme+0x82/0x180 [ 26.013562] ? preempt_count_sub+0x50/0x80 [ 26.013597] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.013623] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.013650] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.013687] kthread+0x337/0x6f0 [ 26.013709] ? trace_preempt_on+0x20/0xc0 [ 26.013734] ? __pfx_kthread+0x10/0x10 [ 26.013757] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.013783] ? calculate_sigpending+0x7b/0xa0 [ 26.013809] ? __pfx_kthread+0x10/0x10 [ 26.013839] ret_from_fork+0x116/0x1d0 [ 26.013861] ? __pfx_kthread+0x10/0x10 [ 26.013883] ret_from_fork_asm+0x1a/0x30 [ 26.013942] </TASK> [ 26.013957] [ 26.021282] Allocated by task 314: [ 26.021471] kasan_save_stack+0x45/0x70 [ 26.021607] kasan_save_track+0x18/0x40 [ 26.021733] kasan_save_alloc_info+0x3b/0x50 [ 26.021877] __kasan_kmalloc+0xb7/0xc0 [ 26.022105] __kmalloc_cache_noprof+0x189/0x420 [ 26.022324] kasan_atomics+0x95/0x310 [ 26.022503] kunit_try_run_case+0x1a5/0x480 [ 26.022704] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.022870] kthread+0x337/0x6f0 [ 26.023009] ret_from_fork+0x116/0x1d0 [ 26.023195] ret_from_fork_asm+0x1a/0x30 [ 26.023393] [ 26.023483] The buggy address belongs to the object at ffff888105a1e600 [ 26.023483] which belongs to the cache kmalloc-64 of size 64 [ 26.024053] The buggy address is located 0 bytes to the right of [ 26.024053] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.024576] [ 26.024671] The buggy address belongs to the physical page: [ 26.024888] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.025271] flags: 0x200000000000000(node=0|zone=2) [ 26.025506] page_type: f5(slab) [ 26.025673] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.026024] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.026354] page dumped because: kasan: bad access detected [ 26.026607] [ 26.026674] Memory state around the buggy address: [ 26.026820] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.027042] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.027254] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.027553] ^ [ 26.027765] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.028113] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.028425] ================================================================== [ 26.139275] ================================================================== [ 26.139651] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xc70/0x5450 [ 26.140416] Write of size 4 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.140786] [ 26.140906] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.140991] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.141007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.141033] Call Trace: [ 26.141076] <TASK> [ 26.141098] dump_stack_lvl+0x73/0xb0 [ 26.141131] print_report+0xd1/0x650 [ 26.141156] ? __virt_addr_valid+0x1db/0x2d0 [ 26.141183] ? kasan_atomics_helper+0xc70/0x5450 [ 26.141205] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.141243] ? kasan_atomics_helper+0xc70/0x5450 [ 26.141266] kasan_report+0x141/0x180 [ 26.141300] ? kasan_atomics_helper+0xc70/0x5450 [ 26.141327] kasan_check_range+0x10c/0x1c0 [ 26.141353] __kasan_check_write+0x18/0x20 [ 26.141377] kasan_atomics_helper+0xc70/0x5450 [ 26.141401] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.141425] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.141452] ? kasan_atomics+0x152/0x310 [ 26.141488] kasan_atomics+0x1dc/0x310 [ 26.141511] ? __pfx_kasan_atomics+0x10/0x10 [ 26.141545] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.141572] ? __pfx_read_tsc+0x10/0x10 [ 26.141596] ? ktime_get_ts64+0x86/0x230 [ 26.141623] kunit_try_run_case+0x1a5/0x480 [ 26.141651] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.141685] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.141707] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.141731] ? __kthread_parkme+0x82/0x180 [ 26.141764] ? preempt_count_sub+0x50/0x80 [ 26.141791] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.141824] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.141850] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.141875] kthread+0x337/0x6f0 [ 26.141897] ? trace_preempt_on+0x20/0xc0 [ 26.141940] ? __pfx_kthread+0x10/0x10 [ 26.141963] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.141989] ? calculate_sigpending+0x7b/0xa0 [ 26.142014] ? __pfx_kthread+0x10/0x10 [ 26.142037] ret_from_fork+0x116/0x1d0 [ 26.142058] ? __pfx_kthread+0x10/0x10 [ 26.142089] ret_from_fork_asm+0x1a/0x30 [ 26.142122] </TASK> [ 26.142136] [ 26.149565] Allocated by task 314: [ 26.149753] kasan_save_stack+0x45/0x70 [ 26.149975] kasan_save_track+0x18/0x40 [ 26.150184] kasan_save_alloc_info+0x3b/0x50 [ 26.150381] __kasan_kmalloc+0xb7/0xc0 [ 26.150509] __kmalloc_cache_noprof+0x189/0x420 [ 26.150709] kasan_atomics+0x95/0x310 [ 26.150901] kunit_try_run_case+0x1a5/0x480 [ 26.151138] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.151360] kthread+0x337/0x6f0 [ 26.151503] ret_from_fork+0x116/0x1d0 [ 26.151686] ret_from_fork_asm+0x1a/0x30 [ 26.151893] [ 26.151994] The buggy address belongs to the object at ffff888105a1e600 [ 26.151994] which belongs to the cache kmalloc-64 of size 64 [ 26.152478] The buggy address is located 0 bytes to the right of [ 26.152478] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.153018] [ 26.153106] The buggy address belongs to the physical page: [ 26.153361] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.153683] flags: 0x200000000000000(node=0|zone=2) [ 26.153851] page_type: f5(slab) [ 26.153996] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.154346] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.154675] page dumped because: kasan: bad access detected [ 26.154945] [ 26.155048] Memory state around the buggy address: [ 26.155262] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.155573] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.155798] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.156032] ^ [ 26.156220] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.156558] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.156898] ================================================================== [ 25.932895] ================================================================== [ 25.933253] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x565/0x5450 [ 25.934099] Write of size 4 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 25.934422] [ 25.934544] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.934599] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.934626] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.934652] Call Trace: [ 25.934676] <TASK> [ 25.934710] dump_stack_lvl+0x73/0xb0 [ 25.934742] print_report+0xd1/0x650 [ 25.934778] ? __virt_addr_valid+0x1db/0x2d0 [ 25.934804] ? kasan_atomics_helper+0x565/0x5450 [ 25.934826] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.934865] ? kasan_atomics_helper+0x565/0x5450 [ 25.934889] kasan_report+0x141/0x180 [ 25.934913] ? kasan_atomics_helper+0x565/0x5450 [ 25.934950] kasan_check_range+0x10c/0x1c0 [ 25.934975] __kasan_check_write+0x18/0x20 [ 25.935007] kasan_atomics_helper+0x565/0x5450 [ 25.935031] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.935054] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.935100] ? kasan_atomics+0x152/0x310 [ 25.935128] kasan_atomics+0x1dc/0x310 [ 25.935153] ? __pfx_kasan_atomics+0x10/0x10 [ 25.935185] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.935212] ? __pfx_read_tsc+0x10/0x10 [ 25.935235] ? ktime_get_ts64+0x86/0x230 [ 25.935273] kunit_try_run_case+0x1a5/0x480 [ 25.935302] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.935327] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.935349] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.935374] ? __kthread_parkme+0x82/0x180 [ 25.935396] ? preempt_count_sub+0x50/0x80 [ 25.935422] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.935449] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.935485] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.935511] kthread+0x337/0x6f0 [ 25.935532] ? trace_preempt_on+0x20/0xc0 [ 25.935568] ? __pfx_kthread+0x10/0x10 [ 25.935590] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.935616] ? calculate_sigpending+0x7b/0xa0 [ 25.935642] ? __pfx_kthread+0x10/0x10 [ 25.935665] ret_from_fork+0x116/0x1d0 [ 25.935686] ? __pfx_kthread+0x10/0x10 [ 25.935708] ret_from_fork_asm+0x1a/0x30 [ 25.935742] </TASK> [ 25.935756] [ 25.943479] Allocated by task 314: [ 25.943659] kasan_save_stack+0x45/0x70 [ 25.943837] kasan_save_track+0x18/0x40 [ 25.943971] kasan_save_alloc_info+0x3b/0x50 [ 25.944130] __kasan_kmalloc+0xb7/0xc0 [ 25.944260] __kmalloc_cache_noprof+0x189/0x420 [ 25.944413] kasan_atomics+0x95/0x310 [ 25.944561] kunit_try_run_case+0x1a5/0x480 [ 25.944785] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.945080] kthread+0x337/0x6f0 [ 25.945323] ret_from_fork+0x116/0x1d0 [ 25.945512] ret_from_fork_asm+0x1a/0x30 [ 25.945708] [ 25.945799] The buggy address belongs to the object at ffff888105a1e600 [ 25.945799] which belongs to the cache kmalloc-64 of size 64 [ 25.946778] The buggy address is located 0 bytes to the right of [ 25.946778] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 25.947358] [ 25.947451] The buggy address belongs to the physical page: [ 25.947677] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 25.948071] flags: 0x200000000000000(node=0|zone=2) [ 25.948234] page_type: f5(slab) [ 25.948356] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.948586] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.948810] page dumped because: kasan: bad access detected [ 25.949095] [ 25.949187] Memory state around the buggy address: [ 25.949410] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.949737] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.950069] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.950324] ^ [ 25.950477] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.950690] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.950900] ================================================================== [ 26.157742] ================================================================== [ 26.158125] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a84/0x5450 [ 26.158470] Read of size 4 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.158798] [ 26.158931] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.158994] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.159009] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.159044] Call Trace: [ 26.159075] <TASK> [ 26.159096] dump_stack_lvl+0x73/0xb0 [ 26.159127] print_report+0xd1/0x650 [ 26.159161] ? __virt_addr_valid+0x1db/0x2d0 [ 26.159186] ? kasan_atomics_helper+0x4a84/0x5450 [ 26.159208] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.159246] ? kasan_atomics_helper+0x4a84/0x5450 [ 26.159269] kasan_report+0x141/0x180 [ 26.159293] ? kasan_atomics_helper+0x4a84/0x5450 [ 26.159321] __asan_report_load4_noabort+0x18/0x20 [ 26.159356] kasan_atomics_helper+0x4a84/0x5450 [ 26.159380] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.159406] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.159446] ? kasan_atomics+0x152/0x310 [ 26.159476] kasan_atomics+0x1dc/0x310 [ 26.159500] ? __pfx_kasan_atomics+0x10/0x10 [ 26.159524] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.159551] ? __pfx_read_tsc+0x10/0x10 [ 26.159574] ? ktime_get_ts64+0x86/0x230 [ 26.159602] kunit_try_run_case+0x1a5/0x480 [ 26.159629] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.159657] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.159680] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.159704] ? __kthread_parkme+0x82/0x180 [ 26.159727] ? preempt_count_sub+0x50/0x80 [ 26.159752] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.159778] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.159803] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.159830] kthread+0x337/0x6f0 [ 26.159851] ? trace_preempt_on+0x20/0xc0 [ 26.159876] ? __pfx_kthread+0x10/0x10 [ 26.159898] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.159942] ? calculate_sigpending+0x7b/0xa0 [ 26.159977] ? __pfx_kthread+0x10/0x10 [ 26.160001] ret_from_fork+0x116/0x1d0 [ 26.160021] ? __pfx_kthread+0x10/0x10 [ 26.160054] ret_from_fork_asm+0x1a/0x30 [ 26.160095] </TASK> [ 26.160109] [ 26.167390] Allocated by task 314: [ 26.167569] kasan_save_stack+0x45/0x70 [ 26.167712] kasan_save_track+0x18/0x40 [ 26.167843] kasan_save_alloc_info+0x3b/0x50 [ 26.168014] __kasan_kmalloc+0xb7/0xc0 [ 26.168211] __kmalloc_cache_noprof+0x189/0x420 [ 26.168441] kasan_atomics+0x95/0x310 [ 26.168622] kunit_try_run_case+0x1a5/0x480 [ 26.168841] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.169096] kthread+0x337/0x6f0 [ 26.169269] ret_from_fork+0x116/0x1d0 [ 26.169454] ret_from_fork_asm+0x1a/0x30 [ 26.169590] [ 26.169658] The buggy address belongs to the object at ffff888105a1e600 [ 26.169658] which belongs to the cache kmalloc-64 of size 64 [ 26.170106] The buggy address is located 0 bytes to the right of [ 26.170106] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.170707] [ 26.170817] The buggy address belongs to the physical page: [ 26.171109] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.171392] flags: 0x200000000000000(node=0|zone=2) [ 26.171641] page_type: f5(slab) [ 26.171821] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.172165] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.172473] page dumped because: kasan: bad access detected [ 26.172717] [ 26.172810] Memory state around the buggy address: [ 26.173053] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.173369] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.173620] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.173831] ^ [ 26.174008] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.174345] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.174652] ================================================================== [ 26.475653] ================================================================== [ 26.476132] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4eae/0x5450 [ 26.476468] Read of size 8 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.476750] [ 26.476862] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.476925] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.476949] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.476984] Call Trace: [ 26.477006] <TASK> [ 26.477028] dump_stack_lvl+0x73/0xb0 [ 26.477058] print_report+0xd1/0x650 [ 26.477091] ? __virt_addr_valid+0x1db/0x2d0 [ 26.477117] ? kasan_atomics_helper+0x4eae/0x5450 [ 26.477140] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.477168] ? kasan_atomics_helper+0x4eae/0x5450 [ 26.477191] kasan_report+0x141/0x180 [ 26.477214] ? kasan_atomics_helper+0x4eae/0x5450 [ 26.477241] __asan_report_load8_noabort+0x18/0x20 [ 26.477266] kasan_atomics_helper+0x4eae/0x5450 [ 26.477298] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.477321] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.477359] ? kasan_atomics+0x152/0x310 [ 26.477385] kasan_atomics+0x1dc/0x310 [ 26.477409] ? __pfx_kasan_atomics+0x10/0x10 [ 26.477431] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.477457] ? __pfx_read_tsc+0x10/0x10 [ 26.477480] ? ktime_get_ts64+0x86/0x230 [ 26.477506] kunit_try_run_case+0x1a5/0x480 [ 26.477533] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.477558] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.477580] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.477603] ? __kthread_parkme+0x82/0x180 [ 26.477625] ? preempt_count_sub+0x50/0x80 [ 26.477649] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.477675] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.477701] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.477726] kthread+0x337/0x6f0 [ 26.477747] ? trace_preempt_on+0x20/0xc0 [ 26.477771] ? __pfx_kthread+0x10/0x10 [ 26.477794] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.477823] ? calculate_sigpending+0x7b/0xa0 [ 26.477848] ? __pfx_kthread+0x10/0x10 [ 26.477870] ret_from_fork+0x116/0x1d0 [ 26.477891] ? __pfx_kthread+0x10/0x10 [ 26.477913] ret_from_fork_asm+0x1a/0x30 [ 26.477946] </TASK> [ 26.477969] [ 26.485485] Allocated by task 314: [ 26.486425] kasan_save_stack+0x45/0x70 [ 26.486664] kasan_save_track+0x18/0x40 [ 26.486862] kasan_save_alloc_info+0x3b/0x50 [ 26.487423] __kasan_kmalloc+0xb7/0xc0 [ 26.487838] __kmalloc_cache_noprof+0x189/0x420 [ 26.488154] kasan_atomics+0x95/0x310 [ 26.488680] kunit_try_run_case+0x1a5/0x480 [ 26.488978] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.489408] kthread+0x337/0x6f0 [ 26.489701] ret_from_fork+0x116/0x1d0 [ 26.490092] ret_from_fork_asm+0x1a/0x30 [ 26.490292] [ 26.490379] The buggy address belongs to the object at ffff888105a1e600 [ 26.490379] which belongs to the cache kmalloc-64 of size 64 [ 26.490870] The buggy address is located 0 bytes to the right of [ 26.490870] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.491655] [ 26.491757] The buggy address belongs to the physical page: [ 26.492320] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.492804] flags: 0x200000000000000(node=0|zone=2) [ 26.493229] page_type: f5(slab) [ 26.493547] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.494173] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.494677] page dumped because: kasan: bad access detected [ 26.495142] [ 26.495372] Memory state around the buggy address: [ 26.495605] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.495894] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.496482] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.497104] ^ [ 26.497585] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.498055] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.498560] ================================================================== [ 26.558839] ================================================================== [ 26.559235] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b6/0x5450 [ 26.559517] Write of size 8 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.559762] [ 26.559875] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.559938] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.559953] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.559991] Call Trace: [ 26.560014] <TASK> [ 26.560035] dump_stack_lvl+0x73/0xb0 [ 26.560077] print_report+0xd1/0x650 [ 26.560101] ? __virt_addr_valid+0x1db/0x2d0 [ 26.560128] ? kasan_atomics_helper+0x15b6/0x5450 [ 26.560151] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.560179] ? kasan_atomics_helper+0x15b6/0x5450 [ 26.560202] kasan_report+0x141/0x180 [ 26.560226] ? kasan_atomics_helper+0x15b6/0x5450 [ 26.560252] kasan_check_range+0x10c/0x1c0 [ 26.560277] __kasan_check_write+0x18/0x20 [ 26.560302] kasan_atomics_helper+0x15b6/0x5450 [ 26.560325] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.560348] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.560375] ? kasan_atomics+0x152/0x310 [ 26.560402] kasan_atomics+0x1dc/0x310 [ 26.560426] ? __pfx_kasan_atomics+0x10/0x10 [ 26.560448] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.560474] ? __pfx_read_tsc+0x10/0x10 [ 26.560498] ? ktime_get_ts64+0x86/0x230 [ 26.560524] kunit_try_run_case+0x1a5/0x480 [ 26.560551] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.560575] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.560598] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.560629] ? __kthread_parkme+0x82/0x180 [ 26.560662] ? preempt_count_sub+0x50/0x80 [ 26.560688] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.560714] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.560750] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.560777] kthread+0x337/0x6f0 [ 26.560798] ? trace_preempt_on+0x20/0xc0 [ 26.560824] ? __pfx_kthread+0x10/0x10 [ 26.560846] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.560872] ? calculate_sigpending+0x7b/0xa0 [ 26.560898] ? __pfx_kthread+0x10/0x10 [ 26.560921] ret_from_fork+0x116/0x1d0 [ 26.560941] ? __pfx_kthread+0x10/0x10 [ 26.560964] ret_from_fork_asm+0x1a/0x30 [ 26.560996] </TASK> [ 26.561010] [ 26.568536] Allocated by task 314: [ 26.568693] kasan_save_stack+0x45/0x70 [ 26.568879] kasan_save_track+0x18/0x40 [ 26.569145] kasan_save_alloc_info+0x3b/0x50 [ 26.569344] __kasan_kmalloc+0xb7/0xc0 [ 26.569521] __kmalloc_cache_noprof+0x189/0x420 [ 26.569720] kasan_atomics+0x95/0x310 [ 26.569899] kunit_try_run_case+0x1a5/0x480 [ 26.570102] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.570318] kthread+0x337/0x6f0 [ 26.570445] ret_from_fork+0x116/0x1d0 [ 26.570668] ret_from_fork_asm+0x1a/0x30 [ 26.570856] [ 26.570926] The buggy address belongs to the object at ffff888105a1e600 [ 26.570926] which belongs to the cache kmalloc-64 of size 64 [ 26.571453] The buggy address is located 0 bytes to the right of [ 26.571453] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.571956] [ 26.572053] The buggy address belongs to the physical page: [ 26.572279] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.572619] flags: 0x200000000000000(node=0|zone=2) [ 26.572838] page_type: f5(slab) [ 26.573048] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.573379] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.573636] page dumped because: kasan: bad access detected [ 26.573805] [ 26.573874] Memory state around the buggy address: [ 26.574026] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.574248] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.574460] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.574767] ^ [ 26.575154] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.575488] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.575797] ================================================================== [ 27.003751] ================================================================== [ 27.004108] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fa5/0x5450 [ 27.004447] Read of size 8 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 27.004750] [ 27.004842] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.004896] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.004912] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.004957] Call Trace: [ 27.004980] <TASK> [ 27.005002] dump_stack_lvl+0x73/0xb0 [ 27.005034] print_report+0xd1/0x650 [ 27.005068] ? __virt_addr_valid+0x1db/0x2d0 [ 27.005098] ? kasan_atomics_helper+0x4fa5/0x5450 [ 27.005122] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.005151] ? kasan_atomics_helper+0x4fa5/0x5450 [ 27.005175] kasan_report+0x141/0x180 [ 27.005198] ? kasan_atomics_helper+0x4fa5/0x5450 [ 27.005227] __asan_report_load8_noabort+0x18/0x20 [ 27.005254] kasan_atomics_helper+0x4fa5/0x5450 [ 27.005280] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.005305] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.005332] ? kasan_atomics+0x152/0x310 [ 27.005360] kasan_atomics+0x1dc/0x310 [ 27.005385] ? __pfx_kasan_atomics+0x10/0x10 [ 27.005433] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 27.005461] ? __pfx_read_tsc+0x10/0x10 [ 27.005486] ? ktime_get_ts64+0x86/0x230 [ 27.005515] kunit_try_run_case+0x1a5/0x480 [ 27.005543] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.005569] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 27.005610] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.005635] ? __kthread_parkme+0x82/0x180 [ 27.005658] ? preempt_count_sub+0x50/0x80 [ 27.005684] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.005712] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.005740] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.005766] kthread+0x337/0x6f0 [ 27.005788] ? trace_preempt_on+0x20/0xc0 [ 27.005814] ? __pfx_kthread+0x10/0x10 [ 27.005857] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.005884] ? calculate_sigpending+0x7b/0xa0 [ 27.005942] ? __pfx_kthread+0x10/0x10 [ 27.005967] ret_from_fork+0x116/0x1d0 [ 27.005989] ? __pfx_kthread+0x10/0x10 [ 27.006012] ret_from_fork_asm+0x1a/0x30 [ 27.006044] </TASK> [ 27.006068] [ 27.013236] Allocated by task 314: [ 27.013418] kasan_save_stack+0x45/0x70 [ 27.013637] kasan_save_track+0x18/0x40 [ 27.013842] kasan_save_alloc_info+0x3b/0x50 [ 27.014131] __kasan_kmalloc+0xb7/0xc0 [ 27.014323] __kmalloc_cache_noprof+0x189/0x420 [ 27.014570] kasan_atomics+0x95/0x310 [ 27.014736] kunit_try_run_case+0x1a5/0x480 [ 27.014899] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.015181] kthread+0x337/0x6f0 [ 27.015351] ret_from_fork+0x116/0x1d0 [ 27.015492] ret_from_fork_asm+0x1a/0x30 [ 27.015633] [ 27.015701] The buggy address belongs to the object at ffff888105a1e600 [ 27.015701] which belongs to the cache kmalloc-64 of size 64 [ 27.016168] The buggy address is located 0 bytes to the right of [ 27.016168] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 27.016727] [ 27.016824] The buggy address belongs to the physical page: [ 27.017104] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 27.017348] flags: 0x200000000000000(node=0|zone=2) [ 27.017511] page_type: f5(slab) [ 27.017669] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.018080] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.018441] page dumped because: kasan: bad access detected [ 27.018698] [ 27.018791] Memory state around the buggy address: [ 27.019070] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.019367] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.019670] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.019980] ^ [ 27.020157] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.020373] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.020695] ================================================================== [ 26.706750] ================================================================== [ 26.707100] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x19e3/0x5450 [ 26.707617] Write of size 8 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.707849] [ 26.707990] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.708051] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.708083] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.708108] Call Trace: [ 26.708131] <TASK> [ 26.708162] dump_stack_lvl+0x73/0xb0 [ 26.708192] print_report+0xd1/0x650 [ 26.708217] ? __virt_addr_valid+0x1db/0x2d0 [ 26.708243] ? kasan_atomics_helper+0x19e3/0x5450 [ 26.708265] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.708293] ? kasan_atomics_helper+0x19e3/0x5450 [ 26.708318] kasan_report+0x141/0x180 [ 26.708342] ? kasan_atomics_helper+0x19e3/0x5450 [ 26.708370] kasan_check_range+0x10c/0x1c0 [ 26.708395] __kasan_check_write+0x18/0x20 [ 26.708420] kasan_atomics_helper+0x19e3/0x5450 [ 26.708444] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.708478] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.708505] ? kasan_atomics+0x152/0x310 [ 26.708544] kasan_atomics+0x1dc/0x310 [ 26.708568] ? __pfx_kasan_atomics+0x10/0x10 [ 26.708591] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.708630] ? __pfx_read_tsc+0x10/0x10 [ 26.708653] ? ktime_get_ts64+0x86/0x230 [ 26.708679] kunit_try_run_case+0x1a5/0x480 [ 26.708718] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.708742] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.708777] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.708800] ? __kthread_parkme+0x82/0x180 [ 26.708822] ? preempt_count_sub+0x50/0x80 [ 26.708859] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.708885] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.708911] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.708967] kthread+0x337/0x6f0 [ 26.708988] ? trace_preempt_on+0x20/0xc0 [ 26.709014] ? __pfx_kthread+0x10/0x10 [ 26.709046] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.709081] ? calculate_sigpending+0x7b/0xa0 [ 26.709107] ? __pfx_kthread+0x10/0x10 [ 26.709130] ret_from_fork+0x116/0x1d0 [ 26.709151] ? __pfx_kthread+0x10/0x10 [ 26.709173] ret_from_fork_asm+0x1a/0x30 [ 26.709205] </TASK> [ 26.709219] [ 26.716880] Allocated by task 314: [ 26.717180] kasan_save_stack+0x45/0x70 [ 26.717397] kasan_save_track+0x18/0x40 [ 26.717641] kasan_save_alloc_info+0x3b/0x50 [ 26.717858] __kasan_kmalloc+0xb7/0xc0 [ 26.718141] __kmalloc_cache_noprof+0x189/0x420 [ 26.718370] kasan_atomics+0x95/0x310 [ 26.718511] kunit_try_run_case+0x1a5/0x480 [ 26.718664] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.718837] kthread+0x337/0x6f0 [ 26.719038] ret_from_fork+0x116/0x1d0 [ 26.719232] ret_from_fork_asm+0x1a/0x30 [ 26.719455] [ 26.719552] The buggy address belongs to the object at ffff888105a1e600 [ 26.719552] which belongs to the cache kmalloc-64 of size 64 [ 26.720109] The buggy address is located 0 bytes to the right of [ 26.720109] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.720613] [ 26.720695] The buggy address belongs to the physical page: [ 26.720964] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.721229] flags: 0x200000000000000(node=0|zone=2) [ 26.721392] page_type: f5(slab) [ 26.721511] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.721736] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.722041] page dumped because: kasan: bad access detected [ 26.722297] [ 26.722385] Memory state around the buggy address: [ 26.722603] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.722914] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.723346] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.723656] ^ [ 26.723825] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.724327] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.724548] ================================================================== [ 27.021675] ================================================================== [ 27.022207] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x224c/0x5450 [ 27.022533] Write of size 8 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 27.022823] [ 27.022938] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.022991] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.023008] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.023031] Call Trace: [ 27.023054] <TASK> [ 27.023087] dump_stack_lvl+0x73/0xb0 [ 27.023117] print_report+0xd1/0x650 [ 27.023141] ? __virt_addr_valid+0x1db/0x2d0 [ 27.023167] ? kasan_atomics_helper+0x224c/0x5450 [ 27.023190] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.023218] ? kasan_atomics_helper+0x224c/0x5450 [ 27.023243] kasan_report+0x141/0x180 [ 27.023266] ? kasan_atomics_helper+0x224c/0x5450 [ 27.023293] kasan_check_range+0x10c/0x1c0 [ 27.023318] __kasan_check_write+0x18/0x20 [ 27.023343] kasan_atomics_helper+0x224c/0x5450 [ 27.023367] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.023390] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.023418] ? kasan_atomics+0x152/0x310 [ 27.023445] kasan_atomics+0x1dc/0x310 [ 27.023469] ? __pfx_kasan_atomics+0x10/0x10 [ 27.023493] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 27.023519] ? __pfx_read_tsc+0x10/0x10 [ 27.023543] ? ktime_get_ts64+0x86/0x230 [ 27.023570] kunit_try_run_case+0x1a5/0x480 [ 27.023598] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.023623] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 27.023645] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.023669] ? __kthread_parkme+0x82/0x180 [ 27.023691] ? preempt_count_sub+0x50/0x80 [ 27.023716] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.023742] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.023768] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.023794] kthread+0x337/0x6f0 [ 27.023815] ? trace_preempt_on+0x20/0xc0 [ 27.023840] ? __pfx_kthread+0x10/0x10 [ 27.023861] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.023888] ? calculate_sigpending+0x7b/0xa0 [ 27.024542] ? __pfx_kthread+0x10/0x10 [ 27.024568] ret_from_fork+0x116/0x1d0 [ 27.024599] ? __pfx_kthread+0x10/0x10 [ 27.024622] ret_from_fork_asm+0x1a/0x30 [ 27.024655] </TASK> [ 27.024671] [ 27.035539] Allocated by task 314: [ 27.035717] kasan_save_stack+0x45/0x70 [ 27.035908] kasan_save_track+0x18/0x40 [ 27.036477] kasan_save_alloc_info+0x3b/0x50 [ 27.036819] __kasan_kmalloc+0xb7/0xc0 [ 27.037114] __kmalloc_cache_noprof+0x189/0x420 [ 27.037510] kasan_atomics+0x95/0x310 [ 27.037694] kunit_try_run_case+0x1a5/0x480 [ 27.037900] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.038427] kthread+0x337/0x6f0 [ 27.038712] ret_from_fork+0x116/0x1d0 [ 27.038912] ret_from_fork_asm+0x1a/0x30 [ 27.039273] [ 27.039364] The buggy address belongs to the object at ffff888105a1e600 [ 27.039364] which belongs to the cache kmalloc-64 of size 64 [ 27.039854] The buggy address is located 0 bytes to the right of [ 27.039854] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 27.040820] [ 27.041069] The buggy address belongs to the physical page: [ 27.041578] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 27.042178] flags: 0x200000000000000(node=0|zone=2) [ 27.042427] page_type: f5(slab) [ 27.042590] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.042905] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.043222] page dumped because: kasan: bad access detected [ 27.043455] [ 27.043542] Memory state around the buggy address: [ 27.043752] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.044453] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.045043] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.045551] ^ [ 27.045908] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.046510] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.047045] ================================================================== [ 25.814687] ================================================================== [ 25.815192] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b6e/0x5450 [ 25.815493] Write of size 4 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 25.815870] [ 25.816029] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.816095] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.816111] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.816136] Call Trace: [ 25.816160] <TASK> [ 25.816243] dump_stack_lvl+0x73/0xb0 [ 25.816279] print_report+0xd1/0x650 [ 25.816339] ? __virt_addr_valid+0x1db/0x2d0 [ 25.816369] ? kasan_atomics_helper+0x4b6e/0x5450 [ 25.816392] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.816431] ? kasan_atomics_helper+0x4b6e/0x5450 [ 25.816454] kasan_report+0x141/0x180 [ 25.816504] ? kasan_atomics_helper+0x4b6e/0x5450 [ 25.816531] __asan_report_store4_noabort+0x1b/0x30 [ 25.816558] kasan_atomics_helper+0x4b6e/0x5450 [ 25.816592] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.816616] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.816669] ? kasan_atomics+0x152/0x310 [ 25.816697] kasan_atomics+0x1dc/0x310 [ 25.816732] ? __pfx_kasan_atomics+0x10/0x10 [ 25.816756] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.816782] ? __pfx_read_tsc+0x10/0x10 [ 25.816806] ? ktime_get_ts64+0x86/0x230 [ 25.816833] kunit_try_run_case+0x1a5/0x480 [ 25.816860] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.816886] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.816938] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.816976] ? __kthread_parkme+0x82/0x180 [ 25.817010] ? preempt_count_sub+0x50/0x80 [ 25.817036] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.817072] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.817114] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.817141] kthread+0x337/0x6f0 [ 25.817171] ? trace_preempt_on+0x20/0xc0 [ 25.817259] ? __pfx_kthread+0x10/0x10 [ 25.817283] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.817309] ? calculate_sigpending+0x7b/0xa0 [ 25.817335] ? __pfx_kthread+0x10/0x10 [ 25.817358] ret_from_fork+0x116/0x1d0 [ 25.817379] ? __pfx_kthread+0x10/0x10 [ 25.817401] ret_from_fork_asm+0x1a/0x30 [ 25.817434] </TASK> [ 25.817448] [ 25.826804] Allocated by task 314: [ 25.827052] kasan_save_stack+0x45/0x70 [ 25.827357] kasan_save_track+0x18/0x40 [ 25.827608] kasan_save_alloc_info+0x3b/0x50 [ 25.827799] __kasan_kmalloc+0xb7/0xc0 [ 25.828103] __kmalloc_cache_noprof+0x189/0x420 [ 25.828398] kasan_atomics+0x95/0x310 [ 25.828593] kunit_try_run_case+0x1a5/0x480 [ 25.828870] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.829210] kthread+0x337/0x6f0 [ 25.829444] ret_from_fork+0x116/0x1d0 [ 25.829827] ret_from_fork_asm+0x1a/0x30 [ 25.830114] [ 25.830274] The buggy address belongs to the object at ffff888105a1e600 [ 25.830274] which belongs to the cache kmalloc-64 of size 64 [ 25.830842] The buggy address is located 0 bytes to the right of [ 25.830842] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 25.831448] [ 25.831521] The buggy address belongs to the physical page: [ 25.831801] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 25.832375] flags: 0x200000000000000(node=0|zone=2) [ 25.832617] page_type: f5(slab) [ 25.832787] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.833503] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.833831] page dumped because: kasan: bad access detected [ 25.834000] [ 25.834083] Memory state around the buggy address: [ 25.834361] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.835085] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.835665] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.835887] ^ [ 25.836043] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.836378] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.837103] ================================================================== [ 26.211023] ================================================================== [ 26.211531] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe78/0x5450 [ 26.211863] Write of size 4 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.212174] [ 26.212261] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.212314] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.212329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.212354] Call Trace: [ 26.212376] <TASK> [ 26.212396] dump_stack_lvl+0x73/0xb0 [ 26.212425] print_report+0xd1/0x650 [ 26.212449] ? __virt_addr_valid+0x1db/0x2d0 [ 26.212475] ? kasan_atomics_helper+0xe78/0x5450 [ 26.212497] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.212524] ? kasan_atomics_helper+0xe78/0x5450 [ 26.212549] kasan_report+0x141/0x180 [ 26.212574] ? kasan_atomics_helper+0xe78/0x5450 [ 26.212602] kasan_check_range+0x10c/0x1c0 [ 26.212629] __kasan_check_write+0x18/0x20 [ 26.212653] kasan_atomics_helper+0xe78/0x5450 [ 26.212676] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.212700] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.212727] ? kasan_atomics+0x152/0x310 [ 26.212755] kasan_atomics+0x1dc/0x310 [ 26.212778] ? __pfx_kasan_atomics+0x10/0x10 [ 26.212801] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.212827] ? __pfx_read_tsc+0x10/0x10 [ 26.212850] ? ktime_get_ts64+0x86/0x230 [ 26.212877] kunit_try_run_case+0x1a5/0x480 [ 26.212905] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.212954] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.212977] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.213010] ? __kthread_parkme+0x82/0x180 [ 26.213033] ? preempt_count_sub+0x50/0x80 [ 26.213074] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.213101] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.213130] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.213160] kthread+0x337/0x6f0 [ 26.213181] ? trace_preempt_on+0x20/0xc0 [ 26.213206] ? __pfx_kthread+0x10/0x10 [ 26.213229] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.213255] ? calculate_sigpending+0x7b/0xa0 [ 26.213279] ? __pfx_kthread+0x10/0x10 [ 26.213303] ret_from_fork+0x116/0x1d0 [ 26.213323] ? __pfx_kthread+0x10/0x10 [ 26.213346] ret_from_fork_asm+0x1a/0x30 [ 26.213379] </TASK> [ 26.213394] [ 26.220833] Allocated by task 314: [ 26.221070] kasan_save_stack+0x45/0x70 [ 26.221268] kasan_save_track+0x18/0x40 [ 26.221448] kasan_save_alloc_info+0x3b/0x50 [ 26.221651] __kasan_kmalloc+0xb7/0xc0 [ 26.221840] __kmalloc_cache_noprof+0x189/0x420 [ 26.222094] kasan_atomics+0x95/0x310 [ 26.222268] kunit_try_run_case+0x1a5/0x480 [ 26.222490] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.222749] kthread+0x337/0x6f0 [ 26.222895] ret_from_fork+0x116/0x1d0 [ 26.223128] ret_from_fork_asm+0x1a/0x30 [ 26.223337] [ 26.223405] The buggy address belongs to the object at ffff888105a1e600 [ 26.223405] which belongs to the cache kmalloc-64 of size 64 [ 26.223756] The buggy address is located 0 bytes to the right of [ 26.223756] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.224147] [ 26.224218] The buggy address belongs to the physical page: [ 26.224387] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.224685] flags: 0x200000000000000(node=0|zone=2) [ 26.224950] page_type: f5(slab) [ 26.225125] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.225457] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.225783] page dumped because: kasan: bad access detected [ 26.226077] [ 26.226167] Memory state around the buggy address: [ 26.226390] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.226718] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.227078] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.227414] ^ [ 26.227637] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.227967] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.228234] ================================================================== [ 26.930485] ================================================================== [ 26.930833] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f98/0x5450 [ 26.931450] Read of size 8 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.931795] [ 26.931912] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.931986] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.932002] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.932028] Call Trace: [ 26.932049] <TASK> [ 26.932079] dump_stack_lvl+0x73/0xb0 [ 26.932111] print_report+0xd1/0x650 [ 26.932135] ? __virt_addr_valid+0x1db/0x2d0 [ 26.932160] ? kasan_atomics_helper+0x4f98/0x5450 [ 26.932184] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.932211] ? kasan_atomics_helper+0x4f98/0x5450 [ 26.932235] kasan_report+0x141/0x180 [ 26.932258] ? kasan_atomics_helper+0x4f98/0x5450 [ 26.932286] __asan_report_load8_noabort+0x18/0x20 [ 26.932312] kasan_atomics_helper+0x4f98/0x5450 [ 26.932335] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.932359] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.932386] ? kasan_atomics+0x152/0x310 [ 26.932413] kasan_atomics+0x1dc/0x310 [ 26.932437] ? __pfx_kasan_atomics+0x10/0x10 [ 26.932460] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.932486] ? __pfx_read_tsc+0x10/0x10 [ 26.932510] ? ktime_get_ts64+0x86/0x230 [ 26.932537] kunit_try_run_case+0x1a5/0x480 [ 26.932565] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.932590] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.932614] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.932638] ? __kthread_parkme+0x82/0x180 [ 26.932660] ? preempt_count_sub+0x50/0x80 [ 26.932685] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.932713] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.932739] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.932766] kthread+0x337/0x6f0 [ 26.932787] ? trace_preempt_on+0x20/0xc0 [ 26.932812] ? __pfx_kthread+0x10/0x10 [ 26.932835] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.932864] ? calculate_sigpending+0x7b/0xa0 [ 26.932891] ? __pfx_kthread+0x10/0x10 [ 26.932934] ret_from_fork+0x116/0x1d0 [ 26.932957] ? __pfx_kthread+0x10/0x10 [ 26.932980] ret_from_fork_asm+0x1a/0x30 [ 26.933014] </TASK> [ 26.933029] [ 26.939911] Allocated by task 314: [ 26.940071] kasan_save_stack+0x45/0x70 [ 26.940220] kasan_save_track+0x18/0x40 [ 26.940357] kasan_save_alloc_info+0x3b/0x50 [ 26.940506] __kasan_kmalloc+0xb7/0xc0 [ 26.940638] __kmalloc_cache_noprof+0x189/0x420 [ 26.940860] kasan_atomics+0x95/0x310 [ 26.941105] kunit_try_run_case+0x1a5/0x480 [ 26.941326] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.941617] kthread+0x337/0x6f0 [ 26.941792] ret_from_fork+0x116/0x1d0 [ 26.942025] ret_from_fork_asm+0x1a/0x30 [ 26.942244] [ 26.942364] The buggy address belongs to the object at ffff888105a1e600 [ 26.942364] which belongs to the cache kmalloc-64 of size 64 [ 26.942898] The buggy address is located 0 bytes to the right of [ 26.942898] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.943317] [ 26.943391] The buggy address belongs to the physical page: [ 26.943586] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.943978] flags: 0x200000000000000(node=0|zone=2) [ 26.944238] page_type: f5(slab) [ 26.944442] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.944759] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.945090] page dumped because: kasan: bad access detected [ 26.945345] [ 26.945442] Memory state around the buggy address: [ 26.945649] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.945938] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.946173] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.946391] ^ [ 26.946547] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.946767] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.947151] ================================================================== [ 25.910422] ================================================================== [ 25.911440] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b3a/0x5450 [ 25.911840] Write of size 4 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 25.912268] [ 25.912442] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.912499] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.912514] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.912539] Call Trace: [ 25.912564] <TASK> [ 25.912585] dump_stack_lvl+0x73/0xb0 [ 25.912619] print_report+0xd1/0x650 [ 25.912690] ? __virt_addr_valid+0x1db/0x2d0 [ 25.912719] ? kasan_atomics_helper+0x4b3a/0x5450 [ 25.912743] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.912819] ? kasan_atomics_helper+0x4b3a/0x5450 [ 25.912843] kasan_report+0x141/0x180 [ 25.912878] ? kasan_atomics_helper+0x4b3a/0x5450 [ 25.912906] __asan_report_store4_noabort+0x1b/0x30 [ 25.912944] kasan_atomics_helper+0x4b3a/0x5450 [ 25.912968] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.912991] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.913020] ? kasan_atomics+0x152/0x310 [ 25.913049] kasan_atomics+0x1dc/0x310 [ 25.913083] ? __pfx_kasan_atomics+0x10/0x10 [ 25.913107] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.913135] ? __pfx_read_tsc+0x10/0x10 [ 25.913159] ? ktime_get_ts64+0x86/0x230 [ 25.913187] kunit_try_run_case+0x1a5/0x480 [ 25.913215] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.913242] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.913265] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.913289] ? __kthread_parkme+0x82/0x180 [ 25.913312] ? preempt_count_sub+0x50/0x80 [ 25.913339] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.913366] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.913393] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.913419] kthread+0x337/0x6f0 [ 25.913442] ? trace_preempt_on+0x20/0xc0 [ 25.913468] ? __pfx_kthread+0x10/0x10 [ 25.913490] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.913517] ? calculate_sigpending+0x7b/0xa0 [ 25.913544] ? __pfx_kthread+0x10/0x10 [ 25.913568] ret_from_fork+0x116/0x1d0 [ 25.913588] ? __pfx_kthread+0x10/0x10 [ 25.913611] ret_from_fork_asm+0x1a/0x30 [ 25.913645] </TASK> [ 25.913659] [ 25.924919] Allocated by task 314: [ 25.925110] kasan_save_stack+0x45/0x70 [ 25.925259] kasan_save_track+0x18/0x40 [ 25.925579] kasan_save_alloc_info+0x3b/0x50 [ 25.925792] __kasan_kmalloc+0xb7/0xc0 [ 25.926012] __kmalloc_cache_noprof+0x189/0x420 [ 25.926278] kasan_atomics+0x95/0x310 [ 25.926453] kunit_try_run_case+0x1a5/0x480 [ 25.926645] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.926823] kthread+0x337/0x6f0 [ 25.927072] ret_from_fork+0x116/0x1d0 [ 25.927269] ret_from_fork_asm+0x1a/0x30 [ 25.927417] [ 25.927488] The buggy address belongs to the object at ffff888105a1e600 [ 25.927488] which belongs to the cache kmalloc-64 of size 64 [ 25.928030] The buggy address is located 0 bytes to the right of [ 25.928030] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 25.928497] [ 25.928567] The buggy address belongs to the physical page: [ 25.928732] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 25.928982] flags: 0x200000000000000(node=0|zone=2) [ 25.929249] page_type: f5(slab) [ 25.929414] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.929755] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.930042] page dumped because: kasan: bad access detected [ 25.930216] [ 25.930280] Memory state around the buggy address: [ 25.930429] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.930677] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.931004] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.931341] ^ [ 25.931587] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.931910] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.932259] ================================================================== [ 26.456437] ================================================================== [ 26.457419] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x13b5/0x5450 [ 26.457763] Read of size 8 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.458145] [ 26.458262] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.458317] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.458344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.458369] Call Trace: [ 26.458392] <TASK> [ 26.458424] dump_stack_lvl+0x73/0xb0 [ 26.458456] print_report+0xd1/0x650 [ 26.458480] ? __virt_addr_valid+0x1db/0x2d0 [ 26.458515] ? kasan_atomics_helper+0x13b5/0x5450 [ 26.458539] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.458578] ? kasan_atomics_helper+0x13b5/0x5450 [ 26.458601] kasan_report+0x141/0x180 [ 26.458624] ? kasan_atomics_helper+0x13b5/0x5450 [ 26.458660] kasan_check_range+0x10c/0x1c0 [ 26.458685] __kasan_check_read+0x15/0x20 [ 26.458710] kasan_atomics_helper+0x13b5/0x5450 [ 26.458745] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.458768] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.458795] ? kasan_atomics+0x152/0x310 [ 26.458831] kasan_atomics+0x1dc/0x310 [ 26.458854] ? __pfx_kasan_atomics+0x10/0x10 [ 26.458888] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.458913] ? __pfx_read_tsc+0x10/0x10 [ 26.458949] ? ktime_get_ts64+0x86/0x230 [ 26.458975] kunit_try_run_case+0x1a5/0x480 [ 26.459003] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.459035] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.459057] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.459096] ? __kthread_parkme+0x82/0x180 [ 26.459119] ? preempt_count_sub+0x50/0x80 [ 26.459143] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.459169] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.459195] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.459220] kthread+0x337/0x6f0 [ 26.459242] ? trace_preempt_on+0x20/0xc0 [ 26.459267] ? __pfx_kthread+0x10/0x10 [ 26.459288] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.459314] ? calculate_sigpending+0x7b/0xa0 [ 26.459339] ? __pfx_kthread+0x10/0x10 [ 26.459362] ret_from_fork+0x116/0x1d0 [ 26.459382] ? __pfx_kthread+0x10/0x10 [ 26.459405] ret_from_fork_asm+0x1a/0x30 [ 26.459446] </TASK> [ 26.459459] [ 26.466849] Allocated by task 314: [ 26.466989] kasan_save_stack+0x45/0x70 [ 26.467149] kasan_save_track+0x18/0x40 [ 26.467352] kasan_save_alloc_info+0x3b/0x50 [ 26.467587] __kasan_kmalloc+0xb7/0xc0 [ 26.467797] __kmalloc_cache_noprof+0x189/0x420 [ 26.468058] kasan_atomics+0x95/0x310 [ 26.468275] kunit_try_run_case+0x1a5/0x480 [ 26.468482] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.468731] kthread+0x337/0x6f0 [ 26.468893] ret_from_fork+0x116/0x1d0 [ 26.469282] ret_from_fork_asm+0x1a/0x30 [ 26.469480] [ 26.469580] The buggy address belongs to the object at ffff888105a1e600 [ 26.469580] which belongs to the cache kmalloc-64 of size 64 [ 26.470159] The buggy address is located 0 bytes to the right of [ 26.470159] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.470628] [ 26.470724] The buggy address belongs to the physical page: [ 26.471019] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.471350] flags: 0x200000000000000(node=0|zone=2) [ 26.471568] page_type: f5(slab) [ 26.471748] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.472090] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.472415] page dumped because: kasan: bad access detected [ 26.472627] [ 26.472718] Memory state around the buggy address: [ 26.472982] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.473322] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.473631] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.473921] ^ [ 26.474213] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.474527] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.474814] ================================================================== [ 26.622007] ================================================================== [ 26.622716] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x177f/0x5450 [ 26.623523] Write of size 8 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.624242] [ 26.624422] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.624481] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.624509] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.624548] Call Trace: [ 26.624573] <TASK> [ 26.624596] dump_stack_lvl+0x73/0xb0 [ 26.624642] print_report+0xd1/0x650 [ 26.624668] ? __virt_addr_valid+0x1db/0x2d0 [ 26.624695] ? kasan_atomics_helper+0x177f/0x5450 [ 26.624719] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.624748] ? kasan_atomics_helper+0x177f/0x5450 [ 26.624772] kasan_report+0x141/0x180 [ 26.624797] ? kasan_atomics_helper+0x177f/0x5450 [ 26.624826] kasan_check_range+0x10c/0x1c0 [ 26.624853] __kasan_check_write+0x18/0x20 [ 26.624878] kasan_atomics_helper+0x177f/0x5450 [ 26.624903] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.624936] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.624965] ? kasan_atomics+0x152/0x310 [ 26.624994] kasan_atomics+0x1dc/0x310 [ 26.625019] ? __pfx_kasan_atomics+0x10/0x10 [ 26.625043] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.625080] ? __pfx_read_tsc+0x10/0x10 [ 26.625105] ? ktime_get_ts64+0x86/0x230 [ 26.625133] kunit_try_run_case+0x1a5/0x480 [ 26.625162] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.625187] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.625211] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.625235] ? __kthread_parkme+0x82/0x180 [ 26.625258] ? preempt_count_sub+0x50/0x80 [ 26.625285] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.625313] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.625340] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.625367] kthread+0x337/0x6f0 [ 26.625390] ? trace_preempt_on+0x20/0xc0 [ 26.625415] ? __pfx_kthread+0x10/0x10 [ 26.625438] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.625465] ? calculate_sigpending+0x7b/0xa0 [ 26.625491] ? __pfx_kthread+0x10/0x10 [ 26.625515] ret_from_fork+0x116/0x1d0 [ 26.625536] ? __pfx_kthread+0x10/0x10 [ 26.625559] ret_from_fork_asm+0x1a/0x30 [ 26.625592] </TASK> [ 26.625608] [ 26.639373] Allocated by task 314: [ 26.639669] kasan_save_stack+0x45/0x70 [ 26.640005] kasan_save_track+0x18/0x40 [ 26.640422] kasan_save_alloc_info+0x3b/0x50 [ 26.640787] __kasan_kmalloc+0xb7/0xc0 [ 26.640921] __kmalloc_cache_noprof+0x189/0x420 [ 26.641086] kasan_atomics+0x95/0x310 [ 26.641218] kunit_try_run_case+0x1a5/0x480 [ 26.641363] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.641535] kthread+0x337/0x6f0 [ 26.641654] ret_from_fork+0x116/0x1d0 [ 26.641785] ret_from_fork_asm+0x1a/0x30 [ 26.641934] [ 26.642005] The buggy address belongs to the object at ffff888105a1e600 [ 26.642005] which belongs to the cache kmalloc-64 of size 64 [ 26.642401] The buggy address is located 0 bytes to the right of [ 26.642401] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.642998] [ 26.643106] The buggy address belongs to the physical page: [ 26.643320] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.643568] flags: 0x200000000000000(node=0|zone=2) [ 26.643831] page_type: f5(slab) [ 26.644044] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.644341] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.644687] page dumped because: kasan: bad access detected [ 26.644933] [ 26.645075] Memory state around the buggy address: [ 26.645230] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.645508] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.645858] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.646349] ^ [ 26.646503] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.647053] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.647361] ================================================================== [ 26.648382] ================================================================== [ 26.648774] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1818/0x5450 [ 26.649146] Write of size 8 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.649488] [ 26.649616] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.649684] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.649701] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.649728] Call Trace: [ 26.649752] <TASK> [ 26.649775] dump_stack_lvl+0x73/0xb0 [ 26.649808] print_report+0xd1/0x650 [ 26.649840] ? __virt_addr_valid+0x1db/0x2d0 [ 26.649867] ? kasan_atomics_helper+0x1818/0x5450 [ 26.649891] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.649921] ? kasan_atomics_helper+0x1818/0x5450 [ 26.649958] kasan_report+0x141/0x180 [ 26.649982] ? kasan_atomics_helper+0x1818/0x5450 [ 26.650011] kasan_check_range+0x10c/0x1c0 [ 26.650038] __kasan_check_write+0x18/0x20 [ 26.650073] kasan_atomics_helper+0x1818/0x5450 [ 26.650098] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.650123] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.650152] ? kasan_atomics+0x152/0x310 [ 26.650182] kasan_atomics+0x1dc/0x310 [ 26.650217] ? __pfx_kasan_atomics+0x10/0x10 [ 26.650241] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.650280] ? __pfx_read_tsc+0x10/0x10 [ 26.650304] ? ktime_get_ts64+0x86/0x230 [ 26.650333] kunit_try_run_case+0x1a5/0x480 [ 26.650363] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.650389] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.650414] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.650438] ? __kthread_parkme+0x82/0x180 [ 26.650462] ? preempt_count_sub+0x50/0x80 [ 26.650488] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.650516] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.650544] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.650572] kthread+0x337/0x6f0 [ 26.650593] ? trace_preempt_on+0x20/0xc0 [ 26.650620] ? __pfx_kthread+0x10/0x10 [ 26.650652] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.650680] ? calculate_sigpending+0x7b/0xa0 [ 26.650707] ? __pfx_kthread+0x10/0x10 [ 26.650742] ret_from_fork+0x116/0x1d0 [ 26.650764] ? __pfx_kthread+0x10/0x10 [ 26.650787] ret_from_fork_asm+0x1a/0x30 [ 26.650831] </TASK> [ 26.650846] [ 26.659119] Allocated by task 314: [ 26.659322] kasan_save_stack+0x45/0x70 [ 26.659520] kasan_save_track+0x18/0x40 [ 26.659709] kasan_save_alloc_info+0x3b/0x50 [ 26.659927] __kasan_kmalloc+0xb7/0xc0 [ 26.660135] __kmalloc_cache_noprof+0x189/0x420 [ 26.660336] kasan_atomics+0x95/0x310 [ 26.660508] kunit_try_run_case+0x1a5/0x480 [ 26.660735] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.660992] kthread+0x337/0x6f0 [ 26.661144] ret_from_fork+0x116/0x1d0 [ 26.661363] ret_from_fork_asm+0x1a/0x30 [ 26.661517] [ 26.661586] The buggy address belongs to the object at ffff888105a1e600 [ 26.661586] which belongs to the cache kmalloc-64 of size 64 [ 26.661963] The buggy address is located 0 bytes to the right of [ 26.661963] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.662563] [ 26.662674] The buggy address belongs to the physical page: [ 26.662934] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.663213] flags: 0x200000000000000(node=0|zone=2) [ 26.663380] page_type: f5(slab) [ 26.663504] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.663846] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.664556] page dumped because: kasan: bad access detected [ 26.664818] [ 26.664939] Memory state around the buggy address: [ 26.665205] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.665465] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.665685] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.666328] ^ [ 26.666573] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.666857] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.667305] ================================================================== [ 26.948023] ================================================================== [ 26.948425] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x20c8/0x5450 [ 26.948782] Write of size 8 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.949161] [ 26.949280] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.949335] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.949351] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.949376] Call Trace: [ 26.949401] <TASK> [ 26.949424] dump_stack_lvl+0x73/0xb0 [ 26.949457] print_report+0xd1/0x650 [ 26.949483] ? __virt_addr_valid+0x1db/0x2d0 [ 26.949510] ? kasan_atomics_helper+0x20c8/0x5450 [ 26.949533] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.949561] ? kasan_atomics_helper+0x20c8/0x5450 [ 26.949586] kasan_report+0x141/0x180 [ 26.949611] ? kasan_atomics_helper+0x20c8/0x5450 [ 26.949640] kasan_check_range+0x10c/0x1c0 [ 26.949666] __kasan_check_write+0x18/0x20 [ 26.949691] kasan_atomics_helper+0x20c8/0x5450 [ 26.949716] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.949741] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.949769] ? kasan_atomics+0x152/0x310 [ 26.949797] kasan_atomics+0x1dc/0x310 [ 26.949828] ? __pfx_kasan_atomics+0x10/0x10 [ 26.949852] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.949879] ? __pfx_read_tsc+0x10/0x10 [ 26.949904] ? ktime_get_ts64+0x86/0x230 [ 26.949954] kunit_try_run_case+0x1a5/0x480 [ 26.949983] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.950010] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.950035] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.950149] ? __kthread_parkme+0x82/0x180 [ 26.950178] ? preempt_count_sub+0x50/0x80 [ 26.950206] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.950234] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.950262] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.950289] kthread+0x337/0x6f0 [ 26.950311] ? trace_preempt_on+0x20/0xc0 [ 26.950338] ? __pfx_kthread+0x10/0x10 [ 26.950361] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.950389] ? calculate_sigpending+0x7b/0xa0 [ 26.950416] ? __pfx_kthread+0x10/0x10 [ 26.950440] ret_from_fork+0x116/0x1d0 [ 26.950463] ? __pfx_kthread+0x10/0x10 [ 26.950487] ret_from_fork_asm+0x1a/0x30 [ 26.950521] </TASK> [ 26.950536] [ 26.958335] Allocated by task 314: [ 26.958540] kasan_save_stack+0x45/0x70 [ 26.958751] kasan_save_track+0x18/0x40 [ 26.958972] kasan_save_alloc_info+0x3b/0x50 [ 26.959199] __kasan_kmalloc+0xb7/0xc0 [ 26.959387] __kmalloc_cache_noprof+0x189/0x420 [ 26.959546] kasan_atomics+0x95/0x310 [ 26.959738] kunit_try_run_case+0x1a5/0x480 [ 26.960012] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.960281] kthread+0x337/0x6f0 [ 26.960473] ret_from_fork+0x116/0x1d0 [ 26.960689] ret_from_fork_asm+0x1a/0x30 [ 26.960877] [ 26.961031] The buggy address belongs to the object at ffff888105a1e600 [ 26.961031] which belongs to the cache kmalloc-64 of size 64 [ 26.961574] The buggy address is located 0 bytes to the right of [ 26.961574] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.962172] [ 26.962277] The buggy address belongs to the physical page: [ 26.962540] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.962887] flags: 0x200000000000000(node=0|zone=2) [ 26.963188] page_type: f5(slab) [ 26.963356] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.963699] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.963999] page dumped because: kasan: bad access detected [ 26.964273] [ 26.964367] Memory state around the buggy address: [ 26.964631] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.964894] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.965181] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.965579] ^ [ 26.965846] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.966220] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.966468] ================================================================== [ 26.576684] ================================================================== [ 26.577406] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x164f/0x5450 [ 26.578073] Write of size 8 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.578390] [ 26.578477] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.578532] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.578547] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.578572] Call Trace: [ 26.578595] <TASK> [ 26.578616] dump_stack_lvl+0x73/0xb0 [ 26.578649] print_report+0xd1/0x650 [ 26.578673] ? __virt_addr_valid+0x1db/0x2d0 [ 26.578699] ? kasan_atomics_helper+0x164f/0x5450 [ 26.578722] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.578750] ? kasan_atomics_helper+0x164f/0x5450 [ 26.578773] kasan_report+0x141/0x180 [ 26.578796] ? kasan_atomics_helper+0x164f/0x5450 [ 26.578824] kasan_check_range+0x10c/0x1c0 [ 26.578851] __kasan_check_write+0x18/0x20 [ 26.578878] kasan_atomics_helper+0x164f/0x5450 [ 26.578903] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.578927] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.578954] ? kasan_atomics+0x152/0x310 [ 26.578981] kasan_atomics+0x1dc/0x310 [ 26.579004] ? __pfx_kasan_atomics+0x10/0x10 [ 26.579028] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.579055] ? __pfx_read_tsc+0x10/0x10 [ 26.579093] ? ktime_get_ts64+0x86/0x230 [ 26.579121] kunit_try_run_case+0x1a5/0x480 [ 26.579149] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.579174] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.579199] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.579223] ? __kthread_parkme+0x82/0x180 [ 26.579246] ? preempt_count_sub+0x50/0x80 [ 26.579271] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.579298] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.579324] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.579350] kthread+0x337/0x6f0 [ 26.579371] ? trace_preempt_on+0x20/0xc0 [ 26.579396] ? __pfx_kthread+0x10/0x10 [ 26.579418] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.579444] ? calculate_sigpending+0x7b/0xa0 [ 26.579469] ? __pfx_kthread+0x10/0x10 [ 26.579493] ret_from_fork+0x116/0x1d0 [ 26.579514] ? __pfx_kthread+0x10/0x10 [ 26.579537] ret_from_fork_asm+0x1a/0x30 [ 26.579570] </TASK> [ 26.579583] [ 26.588172] Allocated by task 314: [ 26.588367] kasan_save_stack+0x45/0x70 [ 26.588586] kasan_save_track+0x18/0x40 [ 26.588777] kasan_save_alloc_info+0x3b/0x50 [ 26.589019] __kasan_kmalloc+0xb7/0xc0 [ 26.589201] __kmalloc_cache_noprof+0x189/0x420 [ 26.589422] kasan_atomics+0x95/0x310 [ 26.589616] kunit_try_run_case+0x1a5/0x480 [ 26.589792] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.590043] kthread+0x337/0x6f0 [ 26.590241] ret_from_fork+0x116/0x1d0 [ 26.590423] ret_from_fork_asm+0x1a/0x30 [ 26.590567] [ 26.590658] The buggy address belongs to the object at ffff888105a1e600 [ 26.590658] which belongs to the cache kmalloc-64 of size 64 [ 26.591286] The buggy address is located 0 bytes to the right of [ 26.591286] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.591641] [ 26.591713] The buggy address belongs to the physical page: [ 26.591986] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.592347] flags: 0x200000000000000(node=0|zone=2) [ 26.592577] page_type: f5(slab) [ 26.592743] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.593152] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.593384] page dumped because: kasan: bad access detected [ 26.593555] [ 26.593642] Memory state around the buggy address: [ 26.593870] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.594478] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.594740] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.594986] ^ [ 26.595219] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.595477] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.595743] ================================================================== [ 26.985693] ================================================================== [ 26.986115] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x218a/0x5450 [ 26.986457] Write of size 8 at addr ffff888105a1e630 by task kunit_try_catch/314 [ 26.986787] [ 26.986898] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.986972] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.986988] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.987033] Call Trace: [ 26.987056] <TASK> [ 26.987086] dump_stack_lvl+0x73/0xb0 [ 26.987118] print_report+0xd1/0x650 [ 26.987142] ? __virt_addr_valid+0x1db/0x2d0 [ 26.987168] ? kasan_atomics_helper+0x218a/0x5450 [ 26.987192] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.987220] ? kasan_atomics_helper+0x218a/0x5450 [ 26.987243] kasan_report+0x141/0x180 [ 26.987267] ? kasan_atomics_helper+0x218a/0x5450 [ 26.987294] kasan_check_range+0x10c/0x1c0 [ 26.987318] __kasan_check_write+0x18/0x20 [ 26.987343] kasan_atomics_helper+0x218a/0x5450 [ 26.987367] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.987391] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.987417] ? kasan_atomics+0x152/0x310 [ 26.987445] kasan_atomics+0x1dc/0x310 [ 26.987469] ? __pfx_kasan_atomics+0x10/0x10 [ 26.987493] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.987520] ? __pfx_read_tsc+0x10/0x10 [ 26.987561] ? ktime_get_ts64+0x86/0x230 [ 26.987588] kunit_try_run_case+0x1a5/0x480 [ 26.987616] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.987641] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.987664] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.987688] ? __kthread_parkme+0x82/0x180 [ 26.987711] ? preempt_count_sub+0x50/0x80 [ 26.987737] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.987763] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.987790] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.987816] kthread+0x337/0x6f0 [ 26.987837] ? trace_preempt_on+0x20/0xc0 [ 26.987862] ? __pfx_kthread+0x10/0x10 [ 26.987884] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.987910] ? calculate_sigpending+0x7b/0xa0 [ 26.987958] ? __pfx_kthread+0x10/0x10 [ 26.987981] ret_from_fork+0x116/0x1d0 [ 26.988002] ? __pfx_kthread+0x10/0x10 [ 26.988027] ret_from_fork_asm+0x1a/0x30 [ 26.988071] </TASK> [ 26.988086] [ 26.995460] Allocated by task 314: [ 26.995655] kasan_save_stack+0x45/0x70 [ 26.995884] kasan_save_track+0x18/0x40 [ 26.996111] kasan_save_alloc_info+0x3b/0x50 [ 26.996347] __kasan_kmalloc+0xb7/0xc0 [ 26.996535] __kmalloc_cache_noprof+0x189/0x420 [ 26.996776] kasan_atomics+0x95/0x310 [ 26.996980] kunit_try_run_case+0x1a5/0x480 [ 26.997210] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.997423] kthread+0x337/0x6f0 [ 26.997600] ret_from_fork+0x116/0x1d0 [ 26.997776] ret_from_fork_asm+0x1a/0x30 [ 26.998012] [ 26.998111] The buggy address belongs to the object at ffff888105a1e600 [ 26.998111] which belongs to the cache kmalloc-64 of size 64 [ 26.998470] The buggy address is located 0 bytes to the right of [ 26.998470] allocated 48-byte region [ffff888105a1e600, ffff888105a1e630) [ 26.998938] [ 26.999035] The buggy address belongs to the physical page: [ 26.999294] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 26.999644] flags: 0x200000000000000(node=0|zone=2) [ 26.999842] page_type: f5(slab) [ 26.999988] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.000315] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.000680] page dumped because: kasan: bad access detected [ 27.000947] [ 27.001073] Memory state around the buggy address: [ 27.001248] ffff888105a1e500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.001463] ffff888105a1e580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.001770] >ffff888105a1e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.002121] ^ [ 27.002314] ffff888105a1e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.002531] ffff888105a1e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.002861] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 25.654457] ================================================================== [ 25.654809] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 25.655177] Write of size 8 at addr ffff8881049ad5c8 by task kunit_try_catch/310 [ 25.655603] [ 25.655696] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.655747] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.655760] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.655784] Call Trace: [ 25.655807] <TASK> [ 25.655826] dump_stack_lvl+0x73/0xb0 [ 25.655857] print_report+0xd1/0x650 [ 25.655880] ? __virt_addr_valid+0x1db/0x2d0 [ 25.655905] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 25.655931] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.655958] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 25.655985] kasan_report+0x141/0x180 [ 25.656007] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 25.656038] kasan_check_range+0x10c/0x1c0 [ 25.656073] __kasan_check_write+0x18/0x20 [ 25.656100] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 25.656128] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.656156] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.656181] ? trace_hardirqs_on+0x37/0xe0 [ 25.656204] ? kasan_bitops_generic+0x92/0x1c0 [ 25.656231] kasan_bitops_generic+0x121/0x1c0 [ 25.656254] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.656279] ? __pfx_read_tsc+0x10/0x10 [ 25.656302] ? ktime_get_ts64+0x86/0x230 [ 25.656329] kunit_try_run_case+0x1a5/0x480 [ 25.656355] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.656379] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.656413] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.656436] ? __kthread_parkme+0x82/0x180 [ 25.656456] ? preempt_count_sub+0x50/0x80 [ 25.656480] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.656505] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.656530] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.656554] kthread+0x337/0x6f0 [ 25.656574] ? trace_preempt_on+0x20/0xc0 [ 25.656596] ? __pfx_kthread+0x10/0x10 [ 25.656617] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.656641] ? calculate_sigpending+0x7b/0xa0 [ 25.656664] ? __pfx_kthread+0x10/0x10 [ 25.656686] ret_from_fork+0x116/0x1d0 [ 25.656706] ? __pfx_kthread+0x10/0x10 [ 25.656727] ret_from_fork_asm+0x1a/0x30 [ 25.656759] </TASK> [ 25.656771] [ 25.665853] Allocated by task 310: [ 25.666413] kasan_save_stack+0x45/0x70 [ 25.666643] kasan_save_track+0x18/0x40 [ 25.666836] kasan_save_alloc_info+0x3b/0x50 [ 25.667258] __kasan_kmalloc+0xb7/0xc0 [ 25.667454] __kmalloc_cache_noprof+0x189/0x420 [ 25.667672] kasan_bitops_generic+0x92/0x1c0 [ 25.667876] kunit_try_run_case+0x1a5/0x480 [ 25.668089] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.668402] kthread+0x337/0x6f0 [ 25.668528] ret_from_fork+0x116/0x1d0 [ 25.668700] ret_from_fork_asm+0x1a/0x30 [ 25.668890] [ 25.668976] The buggy address belongs to the object at ffff8881049ad5c0 [ 25.668976] which belongs to the cache kmalloc-16 of size 16 [ 25.669387] The buggy address is located 8 bytes inside of [ 25.669387] allocated 9-byte region [ffff8881049ad5c0, ffff8881049ad5c9) [ 25.669730] [ 25.669868] The buggy address belongs to the physical page: [ 25.670174] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ad [ 25.670511] flags: 0x200000000000000(node=0|zone=2) [ 25.670742] page_type: f5(slab) [ 25.670917] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.671620] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.671964] page dumped because: kasan: bad access detected [ 25.672155] [ 25.672403] Memory state around the buggy address: [ 25.672642] ffff8881049ad480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.672928] ffff8881049ad500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.673292] >ffff8881049ad580: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.673576] ^ [ 25.673750] ffff8881049ad600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.673987] ffff8881049ad680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.674666] ================================================================== [ 25.541928] ================================================================== [ 25.542311] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 25.542799] Write of size 8 at addr ffff8881049ad5c8 by task kunit_try_catch/310 [ 25.543196] [ 25.543419] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.543490] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.543504] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.543527] Call Trace: [ 25.543550] <TASK> [ 25.543739] dump_stack_lvl+0x73/0xb0 [ 25.543779] print_report+0xd1/0x650 [ 25.543804] ? __virt_addr_valid+0x1db/0x2d0 [ 25.543830] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 25.543856] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.543882] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 25.543909] kasan_report+0x141/0x180 [ 25.543930] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 25.543963] kasan_check_range+0x10c/0x1c0 [ 25.543986] __kasan_check_write+0x18/0x20 [ 25.544010] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 25.544037] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.544078] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.544105] ? trace_hardirqs_on+0x37/0xe0 [ 25.544131] ? kasan_bitops_generic+0x92/0x1c0 [ 25.544158] kasan_bitops_generic+0x121/0x1c0 [ 25.544191] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.544216] ? __pfx_read_tsc+0x10/0x10 [ 25.544239] ? ktime_get_ts64+0x86/0x230 [ 25.544274] kunit_try_run_case+0x1a5/0x480 [ 25.544301] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.544326] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.544348] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.544371] ? __kthread_parkme+0x82/0x180 [ 25.544392] ? preempt_count_sub+0x50/0x80 [ 25.544416] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.544441] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.544465] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.544551] kthread+0x337/0x6f0 [ 25.544573] ? trace_preempt_on+0x20/0xc0 [ 25.544595] ? __pfx_kthread+0x10/0x10 [ 25.544616] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.544641] ? calculate_sigpending+0x7b/0xa0 [ 25.544665] ? __pfx_kthread+0x10/0x10 [ 25.544686] ret_from_fork+0x116/0x1d0 [ 25.544707] ? __pfx_kthread+0x10/0x10 [ 25.544727] ret_from_fork_asm+0x1a/0x30 [ 25.544759] </TASK> [ 25.544772] [ 25.558632] Allocated by task 310: [ 25.558785] kasan_save_stack+0x45/0x70 [ 25.559096] kasan_save_track+0x18/0x40 [ 25.559660] kasan_save_alloc_info+0x3b/0x50 [ 25.560239] __kasan_kmalloc+0xb7/0xc0 [ 25.560699] __kmalloc_cache_noprof+0x189/0x420 [ 25.561252] kasan_bitops_generic+0x92/0x1c0 [ 25.561652] kunit_try_run_case+0x1a5/0x480 [ 25.561807] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.562016] kthread+0x337/0x6f0 [ 25.562554] ret_from_fork+0x116/0x1d0 [ 25.563074] ret_from_fork_asm+0x1a/0x30 [ 25.563645] [ 25.563902] The buggy address belongs to the object at ffff8881049ad5c0 [ 25.563902] which belongs to the cache kmalloc-16 of size 16 [ 25.565027] The buggy address is located 8 bytes inside of [ 25.565027] allocated 9-byte region [ffff8881049ad5c0, ffff8881049ad5c9) [ 25.566052] [ 25.566362] The buggy address belongs to the physical page: [ 25.566916] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ad [ 25.567632] flags: 0x200000000000000(node=0|zone=2) [ 25.567800] page_type: f5(slab) [ 25.567918] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.568148] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.568402] page dumped because: kasan: bad access detected [ 25.568575] [ 25.568994] Memory state around the buggy address: [ 25.569359] ffff8881049ad480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.569628] ffff8881049ad500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.569960] >ffff8881049ad580: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.570182] ^ [ 25.570396] ffff8881049ad600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.570774] ffff8881049ad680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.571098] ================================================================== [ 25.571775] ================================================================== [ 25.572076] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 25.572715] Write of size 8 at addr ffff8881049ad5c8 by task kunit_try_catch/310 [ 25.573141] [ 25.573319] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.573375] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.573390] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.573416] Call Trace: [ 25.573438] <TASK> [ 25.573460] dump_stack_lvl+0x73/0xb0 [ 25.573492] print_report+0xd1/0x650 [ 25.573515] ? __virt_addr_valid+0x1db/0x2d0 [ 25.573540] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 25.573567] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.573593] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 25.573621] kasan_report+0x141/0x180 [ 25.573643] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 25.573673] kasan_check_range+0x10c/0x1c0 [ 25.573697] __kasan_check_write+0x18/0x20 [ 25.573720] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 25.573747] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.573775] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.573800] ? trace_hardirqs_on+0x37/0xe0 [ 25.573829] ? kasan_bitops_generic+0x92/0x1c0 [ 25.573855] kasan_bitops_generic+0x121/0x1c0 [ 25.573878] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.573903] ? __pfx_read_tsc+0x10/0x10 [ 25.573924] ? ktime_get_ts64+0x86/0x230 [ 25.573950] kunit_try_run_case+0x1a5/0x480 [ 25.573977] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.573999] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.574023] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.574047] ? __kthread_parkme+0x82/0x180 [ 25.574080] ? preempt_count_sub+0x50/0x80 [ 25.574104] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.574130] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.574155] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.574180] kthread+0x337/0x6f0 [ 25.574201] ? trace_preempt_on+0x20/0xc0 [ 25.574234] ? __pfx_kthread+0x10/0x10 [ 25.574255] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.574280] ? calculate_sigpending+0x7b/0xa0 [ 25.574304] ? __pfx_kthread+0x10/0x10 [ 25.574326] ret_from_fork+0x116/0x1d0 [ 25.574346] ? __pfx_kthread+0x10/0x10 [ 25.574367] ret_from_fork_asm+0x1a/0x30 [ 25.574398] </TASK> [ 25.574410] [ 25.582756] Allocated by task 310: [ 25.582947] kasan_save_stack+0x45/0x70 [ 25.583359] kasan_save_track+0x18/0x40 [ 25.583549] kasan_save_alloc_info+0x3b/0x50 [ 25.583749] __kasan_kmalloc+0xb7/0xc0 [ 25.583938] __kmalloc_cache_noprof+0x189/0x420 [ 25.584155] kasan_bitops_generic+0x92/0x1c0 [ 25.584610] kunit_try_run_case+0x1a5/0x480 [ 25.584822] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.585099] kthread+0x337/0x6f0 [ 25.585350] ret_from_fork+0x116/0x1d0 [ 25.585539] ret_from_fork_asm+0x1a/0x30 [ 25.585690] [ 25.585754] The buggy address belongs to the object at ffff8881049ad5c0 [ 25.585754] which belongs to the cache kmalloc-16 of size 16 [ 25.586404] The buggy address is located 8 bytes inside of [ 25.586404] allocated 9-byte region [ffff8881049ad5c0, ffff8881049ad5c9) [ 25.586954] [ 25.587049] The buggy address belongs to the physical page: [ 25.587392] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ad [ 25.587734] flags: 0x200000000000000(node=0|zone=2) [ 25.588018] page_type: f5(slab) [ 25.588163] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.588761] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.589134] page dumped because: kasan: bad access detected [ 25.589481] [ 25.589565] Memory state around the buggy address: [ 25.589770] ffff8881049ad480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.590142] ffff8881049ad500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.590570] >ffff8881049ad580: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.590881] ^ [ 25.591121] ffff8881049ad600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.591556] ffff8881049ad680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.591813] ================================================================== [ 25.614213] ================================================================== [ 25.614836] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 25.615260] Write of size 8 at addr ffff8881049ad5c8 by task kunit_try_catch/310 [ 25.615538] [ 25.615779] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.615833] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.615846] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.615870] Call Trace: [ 25.615887] <TASK> [ 25.615907] dump_stack_lvl+0x73/0xb0 [ 25.615953] print_report+0xd1/0x650 [ 25.615977] ? __virt_addr_valid+0x1db/0x2d0 [ 25.616001] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 25.616027] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.616053] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 25.616091] kasan_report+0x141/0x180 [ 25.616112] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 25.616143] kasan_check_range+0x10c/0x1c0 [ 25.616167] __kasan_check_write+0x18/0x20 [ 25.616190] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 25.616295] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.616323] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.616348] ? trace_hardirqs_on+0x37/0xe0 [ 25.616371] ? kasan_bitops_generic+0x92/0x1c0 [ 25.616398] kasan_bitops_generic+0x121/0x1c0 [ 25.616420] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.616445] ? __pfx_read_tsc+0x10/0x10 [ 25.616467] ? ktime_get_ts64+0x86/0x230 [ 25.616491] kunit_try_run_case+0x1a5/0x480 [ 25.616518] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.616541] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.616565] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.616587] ? __kthread_parkme+0x82/0x180 [ 25.616608] ? preempt_count_sub+0x50/0x80 [ 25.616631] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.616656] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.616681] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.616705] kthread+0x337/0x6f0 [ 25.616725] ? trace_preempt_on+0x20/0xc0 [ 25.616747] ? __pfx_kthread+0x10/0x10 [ 25.616768] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.616792] ? calculate_sigpending+0x7b/0xa0 [ 25.616817] ? __pfx_kthread+0x10/0x10 [ 25.616838] ret_from_fork+0x116/0x1d0 [ 25.616857] ? __pfx_kthread+0x10/0x10 [ 25.616879] ret_from_fork_asm+0x1a/0x30 [ 25.616909] </TASK> [ 25.616923] [ 25.625023] Allocated by task 310: [ 25.625212] kasan_save_stack+0x45/0x70 [ 25.625392] kasan_save_track+0x18/0x40 [ 25.625557] kasan_save_alloc_info+0x3b/0x50 [ 25.625710] __kasan_kmalloc+0xb7/0xc0 [ 25.625841] __kmalloc_cache_noprof+0x189/0x420 [ 25.625994] kasan_bitops_generic+0x92/0x1c0 [ 25.626205] kunit_try_run_case+0x1a5/0x480 [ 25.626515] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.626872] kthread+0x337/0x6f0 [ 25.627106] ret_from_fork+0x116/0x1d0 [ 25.627542] ret_from_fork_asm+0x1a/0x30 [ 25.627715] [ 25.627796] The buggy address belongs to the object at ffff8881049ad5c0 [ 25.627796] which belongs to the cache kmalloc-16 of size 16 [ 25.628467] The buggy address is located 8 bytes inside of [ 25.628467] allocated 9-byte region [ffff8881049ad5c0, ffff8881049ad5c9) [ 25.628906] [ 25.629117] The buggy address belongs to the physical page: [ 25.629321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ad [ 25.629557] flags: 0x200000000000000(node=0|zone=2) [ 25.629715] page_type: f5(slab) [ 25.629839] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.630361] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.630706] page dumped because: kasan: bad access detected [ 25.630978] [ 25.631076] Memory state around the buggy address: [ 25.631548] ffff8881049ad480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.631854] ffff8881049ad500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.632183] >ffff8881049ad580: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.632449] ^ [ 25.632660] ffff8881049ad600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.633004] ffff8881049ad680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.633289] ================================================================== [ 25.633727] ================================================================== [ 25.633986] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 25.634402] Write of size 8 at addr ffff8881049ad5c8 by task kunit_try_catch/310 [ 25.635003] [ 25.635136] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.635191] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.635205] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.635413] Call Trace: [ 25.635438] <TASK> [ 25.635458] dump_stack_lvl+0x73/0xb0 [ 25.635489] print_report+0xd1/0x650 [ 25.635512] ? __virt_addr_valid+0x1db/0x2d0 [ 25.635537] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 25.635564] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.635589] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 25.635617] kasan_report+0x141/0x180 [ 25.635639] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 25.635670] kasan_check_range+0x10c/0x1c0 [ 25.635693] __kasan_check_write+0x18/0x20 [ 25.635716] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 25.635743] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.635771] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.635796] ? trace_hardirqs_on+0x37/0xe0 [ 25.635819] ? kasan_bitops_generic+0x92/0x1c0 [ 25.635846] kasan_bitops_generic+0x121/0x1c0 [ 25.635869] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.635894] ? __pfx_read_tsc+0x10/0x10 [ 25.635915] ? ktime_get_ts64+0x86/0x230 [ 25.635951] kunit_try_run_case+0x1a5/0x480 [ 25.635977] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.636001] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.636024] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.636046] ? __kthread_parkme+0x82/0x180 [ 25.636081] ? preempt_count_sub+0x50/0x80 [ 25.636105] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.636130] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.636156] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.636256] kthread+0x337/0x6f0 [ 25.636284] ? trace_preempt_on+0x20/0xc0 [ 25.636307] ? __pfx_kthread+0x10/0x10 [ 25.636327] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.636352] ? calculate_sigpending+0x7b/0xa0 [ 25.636377] ? __pfx_kthread+0x10/0x10 [ 25.636400] ret_from_fork+0x116/0x1d0 [ 25.636418] ? __pfx_kthread+0x10/0x10 [ 25.636439] ret_from_fork_asm+0x1a/0x30 [ 25.636471] </TASK> [ 25.636483] [ 25.645244] Allocated by task 310: [ 25.645444] kasan_save_stack+0x45/0x70 [ 25.645646] kasan_save_track+0x18/0x40 [ 25.645844] kasan_save_alloc_info+0x3b/0x50 [ 25.646147] __kasan_kmalloc+0xb7/0xc0 [ 25.646560] __kmalloc_cache_noprof+0x189/0x420 [ 25.646764] kasan_bitops_generic+0x92/0x1c0 [ 25.646906] kunit_try_run_case+0x1a5/0x480 [ 25.647132] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.647502] kthread+0x337/0x6f0 [ 25.647651] ret_from_fork+0x116/0x1d0 [ 25.647808] ret_from_fork_asm+0x1a/0x30 [ 25.647980] [ 25.648085] The buggy address belongs to the object at ffff8881049ad5c0 [ 25.648085] which belongs to the cache kmalloc-16 of size 16 [ 25.648843] The buggy address is located 8 bytes inside of [ 25.648843] allocated 9-byte region [ffff8881049ad5c0, ffff8881049ad5c9) [ 25.649515] [ 25.649614] The buggy address belongs to the physical page: [ 25.649785] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ad [ 25.650110] flags: 0x200000000000000(node=0|zone=2) [ 25.650343] page_type: f5(slab) [ 25.650561] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.650792] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.651439] page dumped because: kasan: bad access detected [ 25.651641] [ 25.651732] Memory state around the buggy address: [ 25.651922] ffff8881049ad480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.652232] ffff8881049ad500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.652697] >ffff8881049ad580: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.652987] ^ [ 25.653294] ffff8881049ad600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.653597] ffff8881049ad680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.653920] ================================================================== [ 25.695496] ================================================================== [ 25.695831] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 25.696397] Read of size 8 at addr ffff8881049ad5c8 by task kunit_try_catch/310 [ 25.696707] [ 25.696818] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.696870] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.696884] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.696908] Call Trace: [ 25.696940] <TASK> [ 25.696960] dump_stack_lvl+0x73/0xb0 [ 25.696990] print_report+0xd1/0x650 [ 25.697014] ? __virt_addr_valid+0x1db/0x2d0 [ 25.697039] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 25.697077] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.697104] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 25.697132] kasan_report+0x141/0x180 [ 25.697154] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 25.697186] kasan_check_range+0x10c/0x1c0 [ 25.697209] __kasan_check_read+0x15/0x20 [ 25.697232] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 25.697260] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.697288] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.697326] ? trace_hardirqs_on+0x37/0xe0 [ 25.697350] ? kasan_bitops_generic+0x92/0x1c0 [ 25.697377] kasan_bitops_generic+0x121/0x1c0 [ 25.697400] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.697425] ? __pfx_read_tsc+0x10/0x10 [ 25.697447] ? ktime_get_ts64+0x86/0x230 [ 25.697473] kunit_try_run_case+0x1a5/0x480 [ 25.697499] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.697523] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.697546] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.697568] ? __kthread_parkme+0x82/0x180 [ 25.697590] ? preempt_count_sub+0x50/0x80 [ 25.697614] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.697639] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.697665] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.697692] kthread+0x337/0x6f0 [ 25.697713] ? trace_preempt_on+0x20/0xc0 [ 25.697736] ? __pfx_kthread+0x10/0x10 [ 25.697757] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.697782] ? calculate_sigpending+0x7b/0xa0 [ 25.697807] ? __pfx_kthread+0x10/0x10 [ 25.697835] ret_from_fork+0x116/0x1d0 [ 25.697855] ? __pfx_kthread+0x10/0x10 [ 25.697878] ret_from_fork_asm+0x1a/0x30 [ 25.697912] </TASK> [ 25.697925] [ 25.706835] Allocated by task 310: [ 25.707016] kasan_save_stack+0x45/0x70 [ 25.707184] kasan_save_track+0x18/0x40 [ 25.707410] kasan_save_alloc_info+0x3b/0x50 [ 25.707625] __kasan_kmalloc+0xb7/0xc0 [ 25.707805] __kmalloc_cache_noprof+0x189/0x420 [ 25.708019] kasan_bitops_generic+0x92/0x1c0 [ 25.708237] kunit_try_run_case+0x1a5/0x480 [ 25.708491] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.708751] kthread+0x337/0x6f0 [ 25.708894] ret_from_fork+0x116/0x1d0 [ 25.709108] ret_from_fork_asm+0x1a/0x30 [ 25.709298] [ 25.709422] The buggy address belongs to the object at ffff8881049ad5c0 [ 25.709422] which belongs to the cache kmalloc-16 of size 16 [ 25.709881] The buggy address is located 8 bytes inside of [ 25.709881] allocated 9-byte region [ffff8881049ad5c0, ffff8881049ad5c9) [ 25.710615] [ 25.710704] The buggy address belongs to the physical page: [ 25.710928] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ad [ 25.711386] flags: 0x200000000000000(node=0|zone=2) [ 25.711585] page_type: f5(slab) [ 25.711754] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.712055] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.712289] page dumped because: kasan: bad access detected [ 25.712456] [ 25.712520] Memory state around the buggy address: [ 25.712669] ffff8881049ad480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.713039] ffff8881049ad500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.713675] >ffff8881049ad580: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.714096] ^ [ 25.714602] ffff8881049ad600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.714823] ffff8881049ad680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.715147] ================================================================== [ 25.675085] ================================================================== [ 25.675422] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 25.676111] Write of size 8 at addr ffff8881049ad5c8 by task kunit_try_catch/310 [ 25.676674] [ 25.676785] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.676839] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.676854] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.676877] Call Trace: [ 25.676900] <TASK> [ 25.676920] dump_stack_lvl+0x73/0xb0 [ 25.676952] print_report+0xd1/0x650 [ 25.676976] ? __virt_addr_valid+0x1db/0x2d0 [ 25.677002] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 25.677028] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.677055] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 25.677094] kasan_report+0x141/0x180 [ 25.677116] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 25.677148] kasan_check_range+0x10c/0x1c0 [ 25.677170] __kasan_check_write+0x18/0x20 [ 25.677244] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 25.677273] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.677302] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.677328] ? trace_hardirqs_on+0x37/0xe0 [ 25.677352] ? kasan_bitops_generic+0x92/0x1c0 [ 25.677380] kasan_bitops_generic+0x121/0x1c0 [ 25.677405] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.677430] ? __pfx_read_tsc+0x10/0x10 [ 25.677453] ? ktime_get_ts64+0x86/0x230 [ 25.677479] kunit_try_run_case+0x1a5/0x480 [ 25.677506] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.677530] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.677553] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.677576] ? __kthread_parkme+0x82/0x180 [ 25.677597] ? preempt_count_sub+0x50/0x80 [ 25.677621] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.677646] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.677671] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.677696] kthread+0x337/0x6f0 [ 25.677716] ? trace_preempt_on+0x20/0xc0 [ 25.677738] ? __pfx_kthread+0x10/0x10 [ 25.677759] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.677784] ? calculate_sigpending+0x7b/0xa0 [ 25.677808] ? __pfx_kthread+0x10/0x10 [ 25.677839] ret_from_fork+0x116/0x1d0 [ 25.677858] ? __pfx_kthread+0x10/0x10 [ 25.677879] ret_from_fork_asm+0x1a/0x30 [ 25.677911] </TASK> [ 25.677924] [ 25.686555] Allocated by task 310: [ 25.686706] kasan_save_stack+0x45/0x70 [ 25.686911] kasan_save_track+0x18/0x40 [ 25.687052] kasan_save_alloc_info+0x3b/0x50 [ 25.687203] __kasan_kmalloc+0xb7/0xc0 [ 25.687330] __kmalloc_cache_noprof+0x189/0x420 [ 25.687507] kasan_bitops_generic+0x92/0x1c0 [ 25.687993] kunit_try_run_case+0x1a5/0x480 [ 25.688335] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.688599] kthread+0x337/0x6f0 [ 25.688773] ret_from_fork+0x116/0x1d0 [ 25.688972] ret_from_fork_asm+0x1a/0x30 [ 25.689154] [ 25.689313] The buggy address belongs to the object at ffff8881049ad5c0 [ 25.689313] which belongs to the cache kmalloc-16 of size 16 [ 25.689800] The buggy address is located 8 bytes inside of [ 25.689800] allocated 9-byte region [ffff8881049ad5c0, ffff8881049ad5c9) [ 25.690403] [ 25.690552] The buggy address belongs to the physical page: [ 25.690734] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ad [ 25.690970] flags: 0x200000000000000(node=0|zone=2) [ 25.691144] page_type: f5(slab) [ 25.691314] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.691651] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.691984] page dumped because: kasan: bad access detected [ 25.692286] [ 25.692355] Memory state around the buggy address: [ 25.692505] ffff8881049ad480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.692781] ffff8881049ad500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.693137] >ffff8881049ad580: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.693640] ^ [ 25.693807] ffff8881049ad600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.694019] ffff8881049ad680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.694732] ================================================================== [ 25.592658] ================================================================== [ 25.592971] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 25.593425] Write of size 8 at addr ffff8881049ad5c8 by task kunit_try_catch/310 [ 25.593797] [ 25.593944] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.593998] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.594012] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.594035] Call Trace: [ 25.594086] <TASK> [ 25.594109] dump_stack_lvl+0x73/0xb0 [ 25.594141] print_report+0xd1/0x650 [ 25.594164] ? __virt_addr_valid+0x1db/0x2d0 [ 25.594307] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 25.594336] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.594361] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 25.594389] kasan_report+0x141/0x180 [ 25.594411] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 25.594443] kasan_check_range+0x10c/0x1c0 [ 25.594487] __kasan_check_write+0x18/0x20 [ 25.594510] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 25.594538] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.594580] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.594606] ? trace_hardirqs_on+0x37/0xe0 [ 25.594629] ? kasan_bitops_generic+0x92/0x1c0 [ 25.594657] kasan_bitops_generic+0x121/0x1c0 [ 25.594680] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.594705] ? __pfx_read_tsc+0x10/0x10 [ 25.594727] ? ktime_get_ts64+0x86/0x230 [ 25.594752] kunit_try_run_case+0x1a5/0x480 [ 25.594779] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.594803] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.594827] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.594849] ? __kthread_parkme+0x82/0x180 [ 25.594870] ? preempt_count_sub+0x50/0x80 [ 25.594894] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.594957] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.594984] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.595009] kthread+0x337/0x6f0 [ 25.595028] ? trace_preempt_on+0x20/0xc0 [ 25.595051] ? __pfx_kthread+0x10/0x10 [ 25.595081] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.595121] ? calculate_sigpending+0x7b/0xa0 [ 25.595146] ? __pfx_kthread+0x10/0x10 [ 25.595168] ret_from_fork+0x116/0x1d0 [ 25.595250] ? __pfx_kthread+0x10/0x10 [ 25.595272] ret_from_fork_asm+0x1a/0x30 [ 25.595304] </TASK> [ 25.595317] [ 25.604763] Allocated by task 310: [ 25.604939] kasan_save_stack+0x45/0x70 [ 25.605274] kasan_save_track+0x18/0x40 [ 25.605469] kasan_save_alloc_info+0x3b/0x50 [ 25.605640] __kasan_kmalloc+0xb7/0xc0 [ 25.605863] __kmalloc_cache_noprof+0x189/0x420 [ 25.606104] kasan_bitops_generic+0x92/0x1c0 [ 25.606415] kunit_try_run_case+0x1a5/0x480 [ 25.606630] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.606870] kthread+0x337/0x6f0 [ 25.607077] ret_from_fork+0x116/0x1d0 [ 25.607336] ret_from_fork_asm+0x1a/0x30 [ 25.607514] [ 25.607620] The buggy address belongs to the object at ffff8881049ad5c0 [ 25.607620] which belongs to the cache kmalloc-16 of size 16 [ 25.608145] The buggy address is located 8 bytes inside of [ 25.608145] allocated 9-byte region [ffff8881049ad5c0, ffff8881049ad5c9) [ 25.608753] [ 25.608846] The buggy address belongs to the physical page: [ 25.609145] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ad [ 25.609562] flags: 0x200000000000000(node=0|zone=2) [ 25.609784] page_type: f5(slab) [ 25.610007] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.610456] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.610769] page dumped because: kasan: bad access detected [ 25.611081] [ 25.611155] Memory state around the buggy address: [ 25.611583] ffff8881049ad480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.611840] ffff8881049ad500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.612159] >ffff8881049ad580: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.612400] ^ [ 25.612584] ffff8881049ad600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.612899] ffff8881049ad680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.613739] ================================================================== [ 25.715826] ================================================================== [ 25.716124] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 25.716390] Read of size 8 at addr ffff8881049ad5c8 by task kunit_try_catch/310 [ 25.716944] [ 25.717080] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.717133] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.717147] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.717171] Call Trace: [ 25.717194] <TASK> [ 25.717217] dump_stack_lvl+0x73/0xb0 [ 25.717250] print_report+0xd1/0x650 [ 25.717275] ? __virt_addr_valid+0x1db/0x2d0 [ 25.717300] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 25.717328] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.717356] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 25.717386] kasan_report+0x141/0x180 [ 25.717409] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 25.717442] __asan_report_load8_noabort+0x18/0x20 [ 25.717467] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 25.717495] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.717523] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.717549] ? trace_hardirqs_on+0x37/0xe0 [ 25.717573] ? kasan_bitops_generic+0x92/0x1c0 [ 25.717600] kasan_bitops_generic+0x121/0x1c0 [ 25.717625] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.717650] ? __pfx_read_tsc+0x10/0x10 [ 25.717673] ? ktime_get_ts64+0x86/0x230 [ 25.717698] kunit_try_run_case+0x1a5/0x480 [ 25.717725] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.717751] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.717774] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.717797] ? __kthread_parkme+0x82/0x180 [ 25.717824] ? preempt_count_sub+0x50/0x80 [ 25.717862] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.717888] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.717914] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.717939] kthread+0x337/0x6f0 [ 25.717960] ? trace_preempt_on+0x20/0xc0 [ 25.717983] ? __pfx_kthread+0x10/0x10 [ 25.718004] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.718029] ? calculate_sigpending+0x7b/0xa0 [ 25.718054] ? __pfx_kthread+0x10/0x10 [ 25.718085] ret_from_fork+0x116/0x1d0 [ 25.718105] ? __pfx_kthread+0x10/0x10 [ 25.718126] ret_from_fork_asm+0x1a/0x30 [ 25.718159] </TASK> [ 25.718172] [ 25.726687] Allocated by task 310: [ 25.726875] kasan_save_stack+0x45/0x70 [ 25.727046] kasan_save_track+0x18/0x40 [ 25.727385] kasan_save_alloc_info+0x3b/0x50 [ 25.727553] __kasan_kmalloc+0xb7/0xc0 [ 25.727679] __kmalloc_cache_noprof+0x189/0x420 [ 25.727827] kasan_bitops_generic+0x92/0x1c0 [ 25.728382] kunit_try_run_case+0x1a5/0x480 [ 25.728611] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.728862] kthread+0x337/0x6f0 [ 25.729053] ret_from_fork+0x116/0x1d0 [ 25.729296] ret_from_fork_asm+0x1a/0x30 [ 25.729506] [ 25.729597] The buggy address belongs to the object at ffff8881049ad5c0 [ 25.729597] which belongs to the cache kmalloc-16 of size 16 [ 25.729965] The buggy address is located 8 bytes inside of [ 25.729965] allocated 9-byte region [ffff8881049ad5c0, ffff8881049ad5c9) [ 25.730787] [ 25.730878] The buggy address belongs to the physical page: [ 25.731070] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ad [ 25.731300] flags: 0x200000000000000(node=0|zone=2) [ 25.731461] page_type: f5(slab) [ 25.731578] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.732104] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.732824] page dumped because: kasan: bad access detected [ 25.733074] [ 25.733446] Memory state around the buggy address: [ 25.733675] ffff8881049ad480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.733947] ffff8881049ad500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.734253] >ffff8881049ad580: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.734526] ^ [ 25.734717] ffff8881049ad600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.734917] ffff8881049ad680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.735274] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 25.518816] ================================================================== [ 25.519525] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.520033] Write of size 8 at addr ffff8881049ad5c8 by task kunit_try_catch/310 [ 25.520567] [ 25.520939] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.521002] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.521018] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.521043] Call Trace: [ 25.521078] <TASK> [ 25.521101] dump_stack_lvl+0x73/0xb0 [ 25.521135] print_report+0xd1/0x650 [ 25.521160] ? __virt_addr_valid+0x1db/0x2d0 [ 25.521197] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.521223] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.521249] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.521274] kasan_report+0x141/0x180 [ 25.521295] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.521325] kasan_check_range+0x10c/0x1c0 [ 25.521348] __kasan_check_write+0x18/0x20 [ 25.521371] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.521396] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.521421] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.521446] ? trace_hardirqs_on+0x37/0xe0 [ 25.521469] ? kasan_bitops_generic+0x92/0x1c0 [ 25.521496] kasan_bitops_generic+0x116/0x1c0 [ 25.521519] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.521543] ? __pfx_read_tsc+0x10/0x10 [ 25.521565] ? ktime_get_ts64+0x86/0x230 [ 25.521591] kunit_try_run_case+0x1a5/0x480 [ 25.521618] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.521642] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.521664] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.521686] ? __kthread_parkme+0x82/0x180 [ 25.521708] ? preempt_count_sub+0x50/0x80 [ 25.521731] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.521756] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.521780] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.521806] kthread+0x337/0x6f0 [ 25.521835] ? trace_preempt_on+0x20/0xc0 [ 25.521858] ? __pfx_kthread+0x10/0x10 [ 25.521878] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.521903] ? calculate_sigpending+0x7b/0xa0 [ 25.522292] ? __pfx_kthread+0x10/0x10 [ 25.522336] ret_from_fork+0x116/0x1d0 [ 25.522361] ? __pfx_kthread+0x10/0x10 [ 25.522382] ret_from_fork_asm+0x1a/0x30 [ 25.522414] </TASK> [ 25.522428] [ 25.531782] Allocated by task 310: [ 25.532056] kasan_save_stack+0x45/0x70 [ 25.532436] kasan_save_track+0x18/0x40 [ 25.532616] kasan_save_alloc_info+0x3b/0x50 [ 25.532827] __kasan_kmalloc+0xb7/0xc0 [ 25.533081] __kmalloc_cache_noprof+0x189/0x420 [ 25.533234] kasan_bitops_generic+0x92/0x1c0 [ 25.533377] kunit_try_run_case+0x1a5/0x480 [ 25.533522] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.533774] kthread+0x337/0x6f0 [ 25.534092] ret_from_fork+0x116/0x1d0 [ 25.534278] ret_from_fork_asm+0x1a/0x30 [ 25.534471] [ 25.534983] The buggy address belongs to the object at ffff8881049ad5c0 [ 25.534983] which belongs to the cache kmalloc-16 of size 16 [ 25.535523] The buggy address is located 8 bytes inside of [ 25.535523] allocated 9-byte region [ffff8881049ad5c0, ffff8881049ad5c9) [ 25.536257] [ 25.536370] The buggy address belongs to the physical page: [ 25.536591] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ad [ 25.536943] flags: 0x200000000000000(node=0|zone=2) [ 25.537137] page_type: f5(slab) [ 25.537358] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.537660] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.537892] page dumped because: kasan: bad access detected [ 25.538087] [ 25.538239] Memory state around the buggy address: [ 25.538465] ffff8881049ad480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.538757] ffff8881049ad500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.538968] >ffff8881049ad580: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.539562] ^ [ 25.539846] ffff8881049ad600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.540629] ffff8881049ad680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.540854] ================================================================== [ 25.431855] ================================================================== [ 25.432327] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.432695] Write of size 8 at addr ffff8881049ad5c8 by task kunit_try_catch/310 [ 25.433017] [ 25.433116] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.433381] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.433403] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.433428] Call Trace: [ 25.433451] <TASK> [ 25.433471] dump_stack_lvl+0x73/0xb0 [ 25.433504] print_report+0xd1/0x650 [ 25.433541] ? __virt_addr_valid+0x1db/0x2d0 [ 25.433566] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.433603] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.433629] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.433656] kasan_report+0x141/0x180 [ 25.433678] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.433707] kasan_check_range+0x10c/0x1c0 [ 25.433730] __kasan_check_write+0x18/0x20 [ 25.433754] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.433779] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.433806] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.433836] ? trace_hardirqs_on+0x37/0xe0 [ 25.433860] ? kasan_bitops_generic+0x92/0x1c0 [ 25.433887] kasan_bitops_generic+0x116/0x1c0 [ 25.433910] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.433936] ? __pfx_read_tsc+0x10/0x10 [ 25.433959] ? ktime_get_ts64+0x86/0x230 [ 25.433985] kunit_try_run_case+0x1a5/0x480 [ 25.434013] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.434073] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.434097] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.434129] ? __kthread_parkme+0x82/0x180 [ 25.434151] ? preempt_count_sub+0x50/0x80 [ 25.434195] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.434221] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.434246] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.434271] kthread+0x337/0x6f0 [ 25.434291] ? trace_preempt_on+0x20/0xc0 [ 25.434313] ? __pfx_kthread+0x10/0x10 [ 25.434334] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.434358] ? calculate_sigpending+0x7b/0xa0 [ 25.434488] ? __pfx_kthread+0x10/0x10 [ 25.434513] ret_from_fork+0x116/0x1d0 [ 25.434534] ? __pfx_kthread+0x10/0x10 [ 25.434555] ret_from_fork_asm+0x1a/0x30 [ 25.434588] </TASK> [ 25.434600] [ 25.443477] Allocated by task 310: [ 25.443652] kasan_save_stack+0x45/0x70 [ 25.443883] kasan_save_track+0x18/0x40 [ 25.444119] kasan_save_alloc_info+0x3b/0x50 [ 25.444390] __kasan_kmalloc+0xb7/0xc0 [ 25.444571] __kmalloc_cache_noprof+0x189/0x420 [ 25.444806] kasan_bitops_generic+0x92/0x1c0 [ 25.445040] kunit_try_run_case+0x1a5/0x480 [ 25.445477] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.445709] kthread+0x337/0x6f0 [ 25.445908] ret_from_fork+0x116/0x1d0 [ 25.446140] ret_from_fork_asm+0x1a/0x30 [ 25.446430] [ 25.446527] The buggy address belongs to the object at ffff8881049ad5c0 [ 25.446527] which belongs to the cache kmalloc-16 of size 16 [ 25.447016] The buggy address is located 8 bytes inside of [ 25.447016] allocated 9-byte region [ffff8881049ad5c0, ffff8881049ad5c9) [ 25.447718] [ 25.447839] The buggy address belongs to the physical page: [ 25.448084] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ad [ 25.448508] flags: 0x200000000000000(node=0|zone=2) [ 25.448768] page_type: f5(slab) [ 25.448988] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.449606] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.449963] page dumped because: kasan: bad access detected [ 25.450303] [ 25.450420] Memory state around the buggy address: [ 25.450607] ffff8881049ad480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.450828] ffff8881049ad500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.451305] >ffff8881049ad580: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.451640] ^ [ 25.451897] ffff8881049ad600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.452284] ffff8881049ad680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.452628] ================================================================== [ 25.410676] ================================================================== [ 25.410996] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.411412] Write of size 8 at addr ffff8881049ad5c8 by task kunit_try_catch/310 [ 25.411695] [ 25.411822] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.411875] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.411889] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.411913] Call Trace: [ 25.411934] <TASK> [ 25.411956] dump_stack_lvl+0x73/0xb0 [ 25.411986] print_report+0xd1/0x650 [ 25.412010] ? __virt_addr_valid+0x1db/0x2d0 [ 25.412035] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.412070] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.412096] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.412122] kasan_report+0x141/0x180 [ 25.412154] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.412200] kasan_check_range+0x10c/0x1c0 [ 25.412224] __kasan_check_write+0x18/0x20 [ 25.412248] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.412365] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.412399] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.412426] ? trace_hardirqs_on+0x37/0xe0 [ 25.412539] ? kasan_bitops_generic+0x92/0x1c0 [ 25.412573] kasan_bitops_generic+0x116/0x1c0 [ 25.412597] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.412684] ? __pfx_read_tsc+0x10/0x10 [ 25.412723] ? ktime_get_ts64+0x86/0x230 [ 25.412748] kunit_try_run_case+0x1a5/0x480 [ 25.412776] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.412801] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.412824] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.412847] ? __kthread_parkme+0x82/0x180 [ 25.412868] ? preempt_count_sub+0x50/0x80 [ 25.412892] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.412918] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.412953] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.412979] kthread+0x337/0x6f0 [ 25.412998] ? trace_preempt_on+0x20/0xc0 [ 25.413021] ? __pfx_kthread+0x10/0x10 [ 25.413043] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.413085] ? calculate_sigpending+0x7b/0xa0 [ 25.413110] ? __pfx_kthread+0x10/0x10 [ 25.413142] ret_from_fork+0x116/0x1d0 [ 25.413162] ? __pfx_kthread+0x10/0x10 [ 25.413231] ret_from_fork_asm+0x1a/0x30 [ 25.413267] </TASK> [ 25.413291] [ 25.422264] Allocated by task 310: [ 25.422481] kasan_save_stack+0x45/0x70 [ 25.422686] kasan_save_track+0x18/0x40 [ 25.422864] kasan_save_alloc_info+0x3b/0x50 [ 25.423078] __kasan_kmalloc+0xb7/0xc0 [ 25.423302] __kmalloc_cache_noprof+0x189/0x420 [ 25.423552] kasan_bitops_generic+0x92/0x1c0 [ 25.423784] kunit_try_run_case+0x1a5/0x480 [ 25.423981] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.424192] kthread+0x337/0x6f0 [ 25.424361] ret_from_fork+0x116/0x1d0 [ 25.424540] ret_from_fork_asm+0x1a/0x30 [ 25.424706] [ 25.424789] The buggy address belongs to the object at ffff8881049ad5c0 [ 25.424789] which belongs to the cache kmalloc-16 of size 16 [ 25.425586] The buggy address is located 8 bytes inside of [ 25.425586] allocated 9-byte region [ffff8881049ad5c0, ffff8881049ad5c9) [ 25.426002] [ 25.426084] The buggy address belongs to the physical page: [ 25.426437] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ad [ 25.426793] flags: 0x200000000000000(node=0|zone=2) [ 25.427081] page_type: f5(slab) [ 25.427321] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.427640] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.427875] page dumped because: kasan: bad access detected [ 25.428257] [ 25.428369] Memory state around the buggy address: [ 25.428595] ffff8881049ad480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.428875] ffff8881049ad500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.429129] >ffff8881049ad580: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.429632] ^ [ 25.429903] ffff8881049ad600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.430348] ffff8881049ad680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.430666] ================================================================== [ 25.367149] ================================================================== [ 25.368018] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.368549] Write of size 8 at addr ffff8881049ad5c8 by task kunit_try_catch/310 [ 25.368844] [ 25.368976] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.369043] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.369057] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.369099] Call Trace: [ 25.369114] <TASK> [ 25.369145] dump_stack_lvl+0x73/0xb0 [ 25.369181] print_report+0xd1/0x650 [ 25.369217] ? __virt_addr_valid+0x1db/0x2d0 [ 25.369245] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.369270] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.369369] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.369399] kasan_report+0x141/0x180 [ 25.369434] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.369463] kasan_check_range+0x10c/0x1c0 [ 25.369499] __kasan_check_write+0x18/0x20 [ 25.369523] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.369557] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.369583] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.369609] ? trace_hardirqs_on+0x37/0xe0 [ 25.369644] ? kasan_bitops_generic+0x92/0x1c0 [ 25.369670] kasan_bitops_generic+0x116/0x1c0 [ 25.369694] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.369718] ? __pfx_read_tsc+0x10/0x10 [ 25.369742] ? ktime_get_ts64+0x86/0x230 [ 25.369768] kunit_try_run_case+0x1a5/0x480 [ 25.369796] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.369826] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.369849] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.369872] ? __kthread_parkme+0x82/0x180 [ 25.369894] ? preempt_count_sub+0x50/0x80 [ 25.369919] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.369956] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.369981] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.370006] kthread+0x337/0x6f0 [ 25.370025] ? trace_preempt_on+0x20/0xc0 [ 25.370048] ? __pfx_kthread+0x10/0x10 [ 25.370077] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.370102] ? calculate_sigpending+0x7b/0xa0 [ 25.370126] ? __pfx_kthread+0x10/0x10 [ 25.370148] ret_from_fork+0x116/0x1d0 [ 25.370167] ? __pfx_kthread+0x10/0x10 [ 25.370333] ret_from_fork_asm+0x1a/0x30 [ 25.370374] </TASK> [ 25.370387] [ 25.378792] Allocated by task 310: [ 25.379022] kasan_save_stack+0x45/0x70 [ 25.379443] kasan_save_track+0x18/0x40 [ 25.379666] kasan_save_alloc_info+0x3b/0x50 [ 25.379837] __kasan_kmalloc+0xb7/0xc0 [ 25.380093] __kmalloc_cache_noprof+0x189/0x420 [ 25.380419] kasan_bitops_generic+0x92/0x1c0 [ 25.380626] kunit_try_run_case+0x1a5/0x480 [ 25.380834] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.381160] kthread+0x337/0x6f0 [ 25.381367] ret_from_fork+0x116/0x1d0 [ 25.381566] ret_from_fork_asm+0x1a/0x30 [ 25.381756] [ 25.381855] The buggy address belongs to the object at ffff8881049ad5c0 [ 25.381855] which belongs to the cache kmalloc-16 of size 16 [ 25.382482] The buggy address is located 8 bytes inside of [ 25.382482] allocated 9-byte region [ffff8881049ad5c0, ffff8881049ad5c9) [ 25.382840] [ 25.382910] The buggy address belongs to the physical page: [ 25.383261] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ad [ 25.383617] flags: 0x200000000000000(node=0|zone=2) [ 25.383854] page_type: f5(slab) [ 25.384382] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.384749] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.384978] page dumped because: kasan: bad access detected [ 25.385157] [ 25.385224] Memory state around the buggy address: [ 25.385618] ffff8881049ad480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.385976] ffff8881049ad500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.386353] >ffff8881049ad580: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.386732] ^ [ 25.387104] ffff8881049ad600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.388551] ffff8881049ad680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.388858] ================================================================== [ 25.389427] ================================================================== [ 25.389711] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.390079] Write of size 8 at addr ffff8881049ad5c8 by task kunit_try_catch/310 [ 25.390536] [ 25.390645] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.390700] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.390714] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.390738] Call Trace: [ 25.390761] <TASK> [ 25.390782] dump_stack_lvl+0x73/0xb0 [ 25.390814] print_report+0xd1/0x650 [ 25.390838] ? __virt_addr_valid+0x1db/0x2d0 [ 25.390874] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.390901] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.390927] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.390966] kasan_report+0x141/0x180 [ 25.390989] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.391019] kasan_check_range+0x10c/0x1c0 [ 25.391043] __kasan_check_write+0x18/0x20 [ 25.391076] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.391102] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.391129] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.391154] ? trace_hardirqs_on+0x37/0xe0 [ 25.391191] ? kasan_bitops_generic+0x92/0x1c0 [ 25.391218] kasan_bitops_generic+0x116/0x1c0 [ 25.391242] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.391267] ? __pfx_read_tsc+0x10/0x10 [ 25.391289] ? ktime_get_ts64+0x86/0x230 [ 25.391385] kunit_try_run_case+0x1a5/0x480 [ 25.391414] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.391437] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.391460] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.391483] ? __kthread_parkme+0x82/0x180 [ 25.391505] ? preempt_count_sub+0x50/0x80 [ 25.391529] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.391554] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.391579] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.391604] kthread+0x337/0x6f0 [ 25.391624] ? trace_preempt_on+0x20/0xc0 [ 25.391646] ? __pfx_kthread+0x10/0x10 [ 25.391677] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.391701] ? calculate_sigpending+0x7b/0xa0 [ 25.391726] ? __pfx_kthread+0x10/0x10 [ 25.391757] ret_from_fork+0x116/0x1d0 [ 25.391778] ? __pfx_kthread+0x10/0x10 [ 25.391798] ret_from_fork_asm+0x1a/0x30 [ 25.391830] </TASK> [ 25.391852] [ 25.401086] Allocated by task 310: [ 25.401481] kasan_save_stack+0x45/0x70 [ 25.401636] kasan_save_track+0x18/0x40 [ 25.401768] kasan_save_alloc_info+0x3b/0x50 [ 25.401923] __kasan_kmalloc+0xb7/0xc0 [ 25.402135] __kmalloc_cache_noprof+0x189/0x420 [ 25.402643] kasan_bitops_generic+0x92/0x1c0 [ 25.402846] kunit_try_run_case+0x1a5/0x480 [ 25.402995] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.403178] kthread+0x337/0x6f0 [ 25.403413] ret_from_fork+0x116/0x1d0 [ 25.403608] ret_from_fork_asm+0x1a/0x30 [ 25.403800] [ 25.403888] The buggy address belongs to the object at ffff8881049ad5c0 [ 25.403888] which belongs to the cache kmalloc-16 of size 16 [ 25.404678] The buggy address is located 8 bytes inside of [ 25.404678] allocated 9-byte region [ffff8881049ad5c0, ffff8881049ad5c9) [ 25.405043] [ 25.405243] The buggy address belongs to the physical page: [ 25.405550] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ad [ 25.406179] flags: 0x200000000000000(node=0|zone=2) [ 25.406470] page_type: f5(slab) [ 25.406592] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.406880] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.407247] page dumped because: kasan: bad access detected [ 25.407601] [ 25.407664] Memory state around the buggy address: [ 25.407813] ffff8881049ad480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.408169] ffff8881049ad500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.408494] >ffff8881049ad580: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.409264] ^ [ 25.409450] ffff8881049ad600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.409790] ffff8881049ad680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.410077] ================================================================== [ 25.453162] ================================================================== [ 25.453774] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.454212] Write of size 8 at addr ffff8881049ad5c8 by task kunit_try_catch/310 [ 25.454489] [ 25.454699] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.454756] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.454770] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.454795] Call Trace: [ 25.454818] <TASK> [ 25.454839] dump_stack_lvl+0x73/0xb0 [ 25.454872] print_report+0xd1/0x650 [ 25.454896] ? __virt_addr_valid+0x1db/0x2d0 [ 25.454942] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.454979] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.455006] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.455033] kasan_report+0x141/0x180 [ 25.455074] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.455106] kasan_check_range+0x10c/0x1c0 [ 25.455131] __kasan_check_write+0x18/0x20 [ 25.455155] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.455273] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.455305] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.455332] ? trace_hardirqs_on+0x37/0xe0 [ 25.455355] ? kasan_bitops_generic+0x92/0x1c0 [ 25.455383] kasan_bitops_generic+0x116/0x1c0 [ 25.455407] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.455432] ? __pfx_read_tsc+0x10/0x10 [ 25.455455] ? ktime_get_ts64+0x86/0x230 [ 25.455482] kunit_try_run_case+0x1a5/0x480 [ 25.455509] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.455533] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.455556] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.455592] ? __kthread_parkme+0x82/0x180 [ 25.455614] ? preempt_count_sub+0x50/0x80 [ 25.455650] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.455676] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.455702] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.455727] kthread+0x337/0x6f0 [ 25.455748] ? trace_preempt_on+0x20/0xc0 [ 25.455771] ? __pfx_kthread+0x10/0x10 [ 25.455792] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.455817] ? calculate_sigpending+0x7b/0xa0 [ 25.455842] ? __pfx_kthread+0x10/0x10 [ 25.455864] ret_from_fork+0x116/0x1d0 [ 25.455884] ? __pfx_kthread+0x10/0x10 [ 25.455906] ret_from_fork_asm+0x1a/0x30 [ 25.455956] </TASK> [ 25.455970] [ 25.464943] Allocated by task 310: [ 25.465439] kasan_save_stack+0x45/0x70 [ 25.465702] kasan_save_track+0x18/0x40 [ 25.465906] kasan_save_alloc_info+0x3b/0x50 [ 25.466148] __kasan_kmalloc+0xb7/0xc0 [ 25.466407] __kmalloc_cache_noprof+0x189/0x420 [ 25.466624] kasan_bitops_generic+0x92/0x1c0 [ 25.466830] kunit_try_run_case+0x1a5/0x480 [ 25.467072] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.467426] kthread+0x337/0x6f0 [ 25.467556] ret_from_fork+0x116/0x1d0 [ 25.467685] ret_from_fork_asm+0x1a/0x30 [ 25.467821] [ 25.467923] The buggy address belongs to the object at ffff8881049ad5c0 [ 25.467923] which belongs to the cache kmalloc-16 of size 16 [ 25.468504] The buggy address is located 8 bytes inside of [ 25.468504] allocated 9-byte region [ffff8881049ad5c0, ffff8881049ad5c9) [ 25.468944] [ 25.469012] The buggy address belongs to the physical page: [ 25.469271] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ad [ 25.469621] flags: 0x200000000000000(node=0|zone=2) [ 25.469845] page_type: f5(slab) [ 25.469972] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.470627] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.471011] page dumped because: kasan: bad access detected [ 25.471354] [ 25.471467] Memory state around the buggy address: [ 25.471687] ffff8881049ad480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.472044] ffff8881049ad500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.472445] >ffff8881049ad580: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.472734] ^ [ 25.473025] ffff8881049ad600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.473495] ffff8881049ad680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.473854] ================================================================== [ 25.474465] ================================================================== [ 25.474812] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.475221] Write of size 8 at addr ffff8881049ad5c8 by task kunit_try_catch/310 [ 25.475662] [ 25.475804] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.475859] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.475873] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.475898] Call Trace: [ 25.475929] <TASK> [ 25.475950] dump_stack_lvl+0x73/0xb0 [ 25.475983] print_report+0xd1/0x650 [ 25.476031] ? __virt_addr_valid+0x1db/0x2d0 [ 25.476056] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.476090] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.476118] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.476152] kasan_report+0x141/0x180 [ 25.476250] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.476287] kasan_check_range+0x10c/0x1c0 [ 25.476311] __kasan_check_write+0x18/0x20 [ 25.476334] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.476371] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.476398] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.476426] ? trace_hardirqs_on+0x37/0xe0 [ 25.476462] ? kasan_bitops_generic+0x92/0x1c0 [ 25.476489] kasan_bitops_generic+0x116/0x1c0 [ 25.476513] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.476538] ? __pfx_read_tsc+0x10/0x10 [ 25.476562] ? ktime_get_ts64+0x86/0x230 [ 25.476588] kunit_try_run_case+0x1a5/0x480 [ 25.476615] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.476640] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.476664] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.476686] ? __kthread_parkme+0x82/0x180 [ 25.476717] ? preempt_count_sub+0x50/0x80 [ 25.476742] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.476778] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.476803] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.476829] kthread+0x337/0x6f0 [ 25.476850] ? trace_preempt_on+0x20/0xc0 [ 25.476872] ? __pfx_kthread+0x10/0x10 [ 25.476893] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.476917] ? calculate_sigpending+0x7b/0xa0 [ 25.476943] ? __pfx_kthread+0x10/0x10 [ 25.476982] ret_from_fork+0x116/0x1d0 [ 25.477004] ? __pfx_kthread+0x10/0x10 [ 25.477026] ret_from_fork_asm+0x1a/0x30 [ 25.477067] </TASK> [ 25.477080] [ 25.486115] Allocated by task 310: [ 25.486393] kasan_save_stack+0x45/0x70 [ 25.486578] kasan_save_track+0x18/0x40 [ 25.486733] kasan_save_alloc_info+0x3b/0x50 [ 25.486946] __kasan_kmalloc+0xb7/0xc0 [ 25.487164] __kmalloc_cache_noprof+0x189/0x420 [ 25.487498] kasan_bitops_generic+0x92/0x1c0 [ 25.487708] kunit_try_run_case+0x1a5/0x480 [ 25.487846] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.488008] kthread+0x337/0x6f0 [ 25.488249] ret_from_fork+0x116/0x1d0 [ 25.488461] ret_from_fork_asm+0x1a/0x30 [ 25.488657] [ 25.488745] The buggy address belongs to the object at ffff8881049ad5c0 [ 25.488745] which belongs to the cache kmalloc-16 of size 16 [ 25.489572] The buggy address is located 8 bytes inside of [ 25.489572] allocated 9-byte region [ffff8881049ad5c0, ffff8881049ad5c9) [ 25.490011] [ 25.490115] The buggy address belongs to the physical page: [ 25.490472] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ad [ 25.490807] flags: 0x200000000000000(node=0|zone=2) [ 25.491055] page_type: f5(slab) [ 25.491346] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.491673] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.492014] page dumped because: kasan: bad access detected [ 25.492330] [ 25.492415] Memory state around the buggy address: [ 25.492644] ffff8881049ad480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.492965] ffff8881049ad500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.493512] >ffff8881049ad580: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.493808] ^ [ 25.494105] ffff8881049ad600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.494438] ffff8881049ad680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.494762] ================================================================== [ 25.495433] ================================================================== [ 25.495766] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.496144] Write of size 8 at addr ffff8881049ad5c8 by task kunit_try_catch/310 [ 25.496549] [ 25.496689] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.496743] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.496757] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.496782] Call Trace: [ 25.496804] <TASK> [ 25.496826] dump_stack_lvl+0x73/0xb0 [ 25.496857] print_report+0xd1/0x650 [ 25.496879] ? __virt_addr_valid+0x1db/0x2d0 [ 25.496904] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.496930] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.496955] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.497009] kasan_report+0x141/0x180 [ 25.497032] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.497078] kasan_check_range+0x10c/0x1c0 [ 25.497101] __kasan_check_write+0x18/0x20 [ 25.497125] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.497150] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.497481] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.497532] ? trace_hardirqs_on+0x37/0xe0 [ 25.497558] ? kasan_bitops_generic+0x92/0x1c0 [ 25.497586] kasan_bitops_generic+0x116/0x1c0 [ 25.497610] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.497635] ? __pfx_read_tsc+0x10/0x10 [ 25.497658] ? ktime_get_ts64+0x86/0x230 [ 25.497683] kunit_try_run_case+0x1a5/0x480 [ 25.497710] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.497735] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.497759] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.497781] ? __kthread_parkme+0x82/0x180 [ 25.497803] ? preempt_count_sub+0x50/0x80 [ 25.497832] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.497857] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.497882] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.497907] kthread+0x337/0x6f0 [ 25.497982] ? trace_preempt_on+0x20/0xc0 [ 25.498006] ? __pfx_kthread+0x10/0x10 [ 25.498028] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.498053] ? calculate_sigpending+0x7b/0xa0 [ 25.498088] ? __pfx_kthread+0x10/0x10 [ 25.498121] ret_from_fork+0x116/0x1d0 [ 25.498140] ? __pfx_kthread+0x10/0x10 [ 25.498163] ret_from_fork_asm+0x1a/0x30 [ 25.498268] </TASK> [ 25.498282] [ 25.507103] Allocated by task 310: [ 25.507286] kasan_save_stack+0x45/0x70 [ 25.507446] kasan_save_track+0x18/0x40 [ 25.507625] kasan_save_alloc_info+0x3b/0x50 [ 25.507814] __kasan_kmalloc+0xb7/0xc0 [ 25.507961] __kmalloc_cache_noprof+0x189/0x420 [ 25.508195] kasan_bitops_generic+0x92/0x1c0 [ 25.508402] kunit_try_run_case+0x1a5/0x480 [ 25.508599] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.508988] kthread+0x337/0x6f0 [ 25.509163] ret_from_fork+0x116/0x1d0 [ 25.509573] ret_from_fork_asm+0x1a/0x30 [ 25.509778] [ 25.509874] The buggy address belongs to the object at ffff8881049ad5c0 [ 25.509874] which belongs to the cache kmalloc-16 of size 16 [ 25.510515] The buggy address is located 8 bytes inside of [ 25.510515] allocated 9-byte region [ffff8881049ad5c0, ffff8881049ad5c9) [ 25.511036] [ 25.511455] The buggy address belongs to the physical page: [ 25.511717] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ad [ 25.511977] flags: 0x200000000000000(node=0|zone=2) [ 25.513118] page_type: f5(slab) [ 25.513497] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.513912] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.514236] page dumped because: kasan: bad access detected [ 25.514494] [ 25.514705] Memory state around the buggy address: [ 25.515139] ffff8881049ad480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.515655] ffff8881049ad500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.516073] >ffff8881049ad580: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.516593] ^ [ 25.516979] ffff8881049ad600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.517674] ffff8881049ad680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.517974] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 25.339903] ================================================================== [ 25.340269] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80 [ 25.340534] Read of size 1 at addr ffff888105a1be50 by task kunit_try_catch/308 [ 25.340857] [ 25.341282] CPU: 0 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.341352] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.341367] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.341392] Call Trace: [ 25.341415] <TASK> [ 25.341445] dump_stack_lvl+0x73/0xb0 [ 25.341478] print_report+0xd1/0x650 [ 25.341514] ? __virt_addr_valid+0x1db/0x2d0 [ 25.341540] ? strnlen+0x73/0x80 [ 25.341562] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.341590] ? strnlen+0x73/0x80 [ 25.341610] kasan_report+0x141/0x180 [ 25.341641] ? strnlen+0x73/0x80 [ 25.341666] __asan_report_load1_noabort+0x18/0x20 [ 25.341690] strnlen+0x73/0x80 [ 25.341722] kasan_strings+0x615/0xe80 [ 25.341743] ? trace_hardirqs_on+0x37/0xe0 [ 25.341767] ? __pfx_kasan_strings+0x10/0x10 [ 25.341787] ? finish_task_switch.isra.0+0x153/0x700 [ 25.341811] ? __switch_to+0x47/0xf50 [ 25.341843] ? __schedule+0x10cc/0x2b60 [ 25.341865] ? __pfx_read_tsc+0x10/0x10 [ 25.341886] ? ktime_get_ts64+0x86/0x230 [ 25.341910] kunit_try_run_case+0x1a5/0x480 [ 25.341954] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.341977] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.342000] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.342022] ? __kthread_parkme+0x82/0x180 [ 25.342042] ? preempt_count_sub+0x50/0x80 [ 25.342082] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.342107] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.342132] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.342226] kthread+0x337/0x6f0 [ 25.342262] ? trace_preempt_on+0x20/0xc0 [ 25.342285] ? __pfx_kthread+0x10/0x10 [ 25.342305] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.342330] ? calculate_sigpending+0x7b/0xa0 [ 25.342354] ? __pfx_kthread+0x10/0x10 [ 25.342375] ret_from_fork+0x116/0x1d0 [ 25.342404] ? __pfx_kthread+0x10/0x10 [ 25.342426] ret_from_fork_asm+0x1a/0x30 [ 25.342467] </TASK> [ 25.342480] [ 25.350284] Allocated by task 308: [ 25.350450] kasan_save_stack+0x45/0x70 [ 25.350654] kasan_save_track+0x18/0x40 [ 25.350800] kasan_save_alloc_info+0x3b/0x50 [ 25.351000] __kasan_kmalloc+0xb7/0xc0 [ 25.351194] __kmalloc_cache_noprof+0x189/0x420 [ 25.351391] kasan_strings+0xc0/0xe80 [ 25.351582] kunit_try_run_case+0x1a5/0x480 [ 25.351765] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.352397] kthread+0x337/0x6f0 [ 25.352560] ret_from_fork+0x116/0x1d0 [ 25.352746] ret_from_fork_asm+0x1a/0x30 [ 25.352971] [ 25.353068] Freed by task 308: [ 25.353265] kasan_save_stack+0x45/0x70 [ 25.353473] kasan_save_track+0x18/0x40 [ 25.353650] kasan_save_free_info+0x3f/0x60 [ 25.353861] __kasan_slab_free+0x56/0x70 [ 25.354021] kfree+0x222/0x3f0 [ 25.354147] kasan_strings+0x2aa/0xe80 [ 25.354330] kunit_try_run_case+0x1a5/0x480 [ 25.354477] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.354722] kthread+0x337/0x6f0 [ 25.354884] ret_from_fork+0x116/0x1d0 [ 25.355105] ret_from_fork_asm+0x1a/0x30 [ 25.355360] [ 25.355453] The buggy address belongs to the object at ffff888105a1be40 [ 25.355453] which belongs to the cache kmalloc-32 of size 32 [ 25.355991] The buggy address is located 16 bytes inside of [ 25.355991] freed 32-byte region [ffff888105a1be40, ffff888105a1be60) [ 25.357165] [ 25.357474] The buggy address belongs to the physical page: [ 25.358147] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1b [ 25.358673] flags: 0x200000000000000(node=0|zone=2) [ 25.358906] page_type: f5(slab) [ 25.359105] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.359489] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 25.359815] page dumped because: kasan: bad access detected [ 25.360101] [ 25.360260] Memory state around the buggy address: [ 25.360437] ffff888105a1bd00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.360734] ffff888105a1bd80: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 25.361089] >ffff888105a1be00: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.361384] ^ [ 25.361867] ffff888105a1be80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.362302] ffff888105a1bf00: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.362631] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strlen
[ 25.317920] ================================================================== [ 25.318249] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 25.318568] Read of size 1 at addr ffff888105a1be50 by task kunit_try_catch/308 [ 25.318895] [ 25.319000] CPU: 0 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.319052] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.319075] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.319109] Call Trace: [ 25.319131] <TASK> [ 25.319152] dump_stack_lvl+0x73/0xb0 [ 25.319209] print_report+0xd1/0x650 [ 25.319234] ? __virt_addr_valid+0x1db/0x2d0 [ 25.319258] ? strlen+0x8f/0xb0 [ 25.319279] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.319306] ? strlen+0x8f/0xb0 [ 25.319327] kasan_report+0x141/0x180 [ 25.319349] ? strlen+0x8f/0xb0 [ 25.319374] __asan_report_load1_noabort+0x18/0x20 [ 25.319399] strlen+0x8f/0xb0 [ 25.319422] kasan_strings+0x57b/0xe80 [ 25.319442] ? trace_hardirqs_on+0x37/0xe0 [ 25.319468] ? __pfx_kasan_strings+0x10/0x10 [ 25.319489] ? finish_task_switch.isra.0+0x153/0x700 [ 25.319512] ? __switch_to+0x47/0xf50 [ 25.319538] ? __schedule+0x10cc/0x2b60 [ 25.319608] ? __pfx_read_tsc+0x10/0x10 [ 25.319643] ? ktime_get_ts64+0x86/0x230 [ 25.319668] kunit_try_run_case+0x1a5/0x480 [ 25.319693] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.319717] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.319738] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.319760] ? __kthread_parkme+0x82/0x180 [ 25.319781] ? preempt_count_sub+0x50/0x80 [ 25.319803] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.319828] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.319853] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.319878] kthread+0x337/0x6f0 [ 25.319898] ? trace_preempt_on+0x20/0xc0 [ 25.319920] ? __pfx_kthread+0x10/0x10 [ 25.319941] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.319964] ? calculate_sigpending+0x7b/0xa0 [ 25.319998] ? __pfx_kthread+0x10/0x10 [ 25.320020] ret_from_fork+0x116/0x1d0 [ 25.320039] ? __pfx_kthread+0x10/0x10 [ 25.320078] ret_from_fork_asm+0x1a/0x30 [ 25.320110] </TASK> [ 25.320122] [ 25.327838] Allocated by task 308: [ 25.328036] kasan_save_stack+0x45/0x70 [ 25.328521] kasan_save_track+0x18/0x40 [ 25.328714] kasan_save_alloc_info+0x3b/0x50 [ 25.328945] __kasan_kmalloc+0xb7/0xc0 [ 25.329142] __kmalloc_cache_noprof+0x189/0x420 [ 25.329445] kasan_strings+0xc0/0xe80 [ 25.329633] kunit_try_run_case+0x1a5/0x480 [ 25.329807] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.330090] kthread+0x337/0x6f0 [ 25.330261] ret_from_fork+0x116/0x1d0 [ 25.330439] ret_from_fork_asm+0x1a/0x30 [ 25.330604] [ 25.330691] Freed by task 308: [ 25.330827] kasan_save_stack+0x45/0x70 [ 25.331084] kasan_save_track+0x18/0x40 [ 25.331363] kasan_save_free_info+0x3f/0x60 [ 25.331521] __kasan_slab_free+0x56/0x70 [ 25.331739] kfree+0x222/0x3f0 [ 25.331885] kasan_strings+0x2aa/0xe80 [ 25.332122] kunit_try_run_case+0x1a5/0x480 [ 25.332428] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.332667] kthread+0x337/0x6f0 [ 25.332821] ret_from_fork+0x116/0x1d0 [ 25.332982] ret_from_fork_asm+0x1a/0x30 [ 25.333132] [ 25.333473] The buggy address belongs to the object at ffff888105a1be40 [ 25.333473] which belongs to the cache kmalloc-32 of size 32 [ 25.334056] The buggy address is located 16 bytes inside of [ 25.334056] freed 32-byte region [ffff888105a1be40, ffff888105a1be60) [ 25.334651] [ 25.334736] The buggy address belongs to the physical page: [ 25.334907] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1b [ 25.335193] flags: 0x200000000000000(node=0|zone=2) [ 25.335430] page_type: f5(slab) [ 25.335698] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.336091] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 25.336502] page dumped because: kasan: bad access detected [ 25.336754] [ 25.336831] Memory state around the buggy address: [ 25.337058] ffff888105a1bd00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.337461] ffff888105a1bd80: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 25.337774] >ffff888105a1be00: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.338095] ^ [ 25.338613] ffff888105a1be80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.338930] ffff888105a1bf00: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.339304] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 25.283793] ================================================================== [ 25.284054] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80 [ 25.285344] Read of size 1 at addr ffff888105a1be50 by task kunit_try_catch/308 [ 25.286282] [ 25.286580] CPU: 0 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.286641] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.286656] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.286682] Call Trace: [ 25.286698] <TASK> [ 25.286718] dump_stack_lvl+0x73/0xb0 [ 25.286752] print_report+0xd1/0x650 [ 25.286776] ? __virt_addr_valid+0x1db/0x2d0 [ 25.286801] ? kasan_strings+0xcbc/0xe80 [ 25.286822] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.286848] ? kasan_strings+0xcbc/0xe80 [ 25.286869] kasan_report+0x141/0x180 [ 25.286891] ? kasan_strings+0xcbc/0xe80 [ 25.286916] __asan_report_load1_noabort+0x18/0x20 [ 25.286940] kasan_strings+0xcbc/0xe80 [ 25.286960] ? trace_hardirqs_on+0x37/0xe0 [ 25.286984] ? __pfx_kasan_strings+0x10/0x10 [ 25.287005] ? finish_task_switch.isra.0+0x153/0x700 [ 25.287027] ? __switch_to+0x47/0xf50 [ 25.287053] ? __schedule+0x10cc/0x2b60 [ 25.287085] ? __pfx_read_tsc+0x10/0x10 [ 25.287106] ? ktime_get_ts64+0x86/0x230 [ 25.287130] kunit_try_run_case+0x1a5/0x480 [ 25.287158] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.287181] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.287203] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.287225] ? __kthread_parkme+0x82/0x180 [ 25.287245] ? preempt_count_sub+0x50/0x80 [ 25.287268] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.287304] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.287327] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.287352] kthread+0x337/0x6f0 [ 25.287384] ? trace_preempt_on+0x20/0xc0 [ 25.287405] ? __pfx_kthread+0x10/0x10 [ 25.287426] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.287450] ? calculate_sigpending+0x7b/0xa0 [ 25.287474] ? __pfx_kthread+0x10/0x10 [ 25.287496] ret_from_fork+0x116/0x1d0 [ 25.287516] ? __pfx_kthread+0x10/0x10 [ 25.287536] ret_from_fork_asm+0x1a/0x30 [ 25.287566] </TASK> [ 25.287579] [ 25.303533] Allocated by task 308: [ 25.303858] kasan_save_stack+0x45/0x70 [ 25.304189] kasan_save_track+0x18/0x40 [ 25.304805] kasan_save_alloc_info+0x3b/0x50 [ 25.305014] __kasan_kmalloc+0xb7/0xc0 [ 25.305466] __kmalloc_cache_noprof+0x189/0x420 [ 25.305995] kasan_strings+0xc0/0xe80 [ 25.306143] kunit_try_run_case+0x1a5/0x480 [ 25.306357] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.306878] kthread+0x337/0x6f0 [ 25.307316] ret_from_fork+0x116/0x1d0 [ 25.307689] ret_from_fork_asm+0x1a/0x30 [ 25.308093] [ 25.308305] Freed by task 308: [ 25.308463] kasan_save_stack+0x45/0x70 [ 25.308844] kasan_save_track+0x18/0x40 [ 25.309172] kasan_save_free_info+0x3f/0x60 [ 25.309646] __kasan_slab_free+0x56/0x70 [ 25.309795] kfree+0x222/0x3f0 [ 25.309915] kasan_strings+0x2aa/0xe80 [ 25.310043] kunit_try_run_case+0x1a5/0x480 [ 25.310212] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.310433] kthread+0x337/0x6f0 [ 25.310582] ret_from_fork+0x116/0x1d0 [ 25.310762] ret_from_fork_asm+0x1a/0x30 [ 25.310915] [ 25.311019] The buggy address belongs to the object at ffff888105a1be40 [ 25.311019] which belongs to the cache kmalloc-32 of size 32 [ 25.311586] The buggy address is located 16 bytes inside of [ 25.311586] freed 32-byte region [ffff888105a1be40, ffff888105a1be60) [ 25.312172] [ 25.312313] The buggy address belongs to the physical page: [ 25.312490] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1b [ 25.312827] flags: 0x200000000000000(node=0|zone=2) [ 25.313087] page_type: f5(slab) [ 25.313205] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.313677] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 25.314076] page dumped because: kasan: bad access detected [ 25.314441] [ 25.314535] Memory state around the buggy address: [ 25.314762] ffff888105a1bd00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.315120] ffff888105a1bd80: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 25.315846] >ffff888105a1be00: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.316302] ^ [ 25.316504] ffff888105a1be80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.316859] ffff888105a1bf00: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.317311] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 25.260021] ================================================================== [ 25.261030] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0 [ 25.261453] Read of size 1 at addr ffff888105a1be50 by task kunit_try_catch/308 [ 25.261803] [ 25.261915] CPU: 0 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.261973] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.261987] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.262012] Call Trace: [ 25.262029] <TASK> [ 25.262051] dump_stack_lvl+0x73/0xb0 [ 25.262132] print_report+0xd1/0x650 [ 25.262159] ? __virt_addr_valid+0x1db/0x2d0 [ 25.262186] ? strcmp+0xb0/0xc0 [ 25.262256] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.262285] ? strcmp+0xb0/0xc0 [ 25.262306] kasan_report+0x141/0x180 [ 25.262328] ? strcmp+0xb0/0xc0 [ 25.262376] __asan_report_load1_noabort+0x18/0x20 [ 25.262402] strcmp+0xb0/0xc0 [ 25.262425] kasan_strings+0x431/0xe80 [ 25.262446] ? trace_hardirqs_on+0x37/0xe0 [ 25.262471] ? __pfx_kasan_strings+0x10/0x10 [ 25.262490] ? finish_task_switch.isra.0+0x153/0x700 [ 25.262514] ? __switch_to+0x47/0xf50 [ 25.262540] ? __schedule+0x10cc/0x2b60 [ 25.262562] ? __pfx_read_tsc+0x10/0x10 [ 25.262584] ? ktime_get_ts64+0x86/0x230 [ 25.262608] kunit_try_run_case+0x1a5/0x480 [ 25.262636] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.262660] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.262681] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.262719] ? __kthread_parkme+0x82/0x180 [ 25.262741] ? preempt_count_sub+0x50/0x80 [ 25.262764] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.262790] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.262815] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.262840] kthread+0x337/0x6f0 [ 25.262860] ? trace_preempt_on+0x20/0xc0 [ 25.262898] ? __pfx_kthread+0x10/0x10 [ 25.262918] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.262943] ? calculate_sigpending+0x7b/0xa0 [ 25.262967] ? __pfx_kthread+0x10/0x10 [ 25.262989] ret_from_fork+0x116/0x1d0 [ 25.263007] ? __pfx_kthread+0x10/0x10 [ 25.263028] ret_from_fork_asm+0x1a/0x30 [ 25.263070] </TASK> [ 25.263084] [ 25.271015] Allocated by task 308: [ 25.271350] kasan_save_stack+0x45/0x70 [ 25.271515] kasan_save_track+0x18/0x40 [ 25.271912] kasan_save_alloc_info+0x3b/0x50 [ 25.272147] __kasan_kmalloc+0xb7/0xc0 [ 25.272317] __kmalloc_cache_noprof+0x189/0x420 [ 25.272468] kasan_strings+0xc0/0xe80 [ 25.272602] kunit_try_run_case+0x1a5/0x480 [ 25.272940] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.273234] kthread+0x337/0x6f0 [ 25.273399] ret_from_fork+0x116/0x1d0 [ 25.273525] ret_from_fork_asm+0x1a/0x30 [ 25.273659] [ 25.273806] Freed by task 308: [ 25.274018] kasan_save_stack+0x45/0x70 [ 25.274283] kasan_save_track+0x18/0x40 [ 25.274496] kasan_save_free_info+0x3f/0x60 [ 25.274704] __kasan_slab_free+0x56/0x70 [ 25.274853] kfree+0x222/0x3f0 [ 25.275052] kasan_strings+0x2aa/0xe80 [ 25.275334] kunit_try_run_case+0x1a5/0x480 [ 25.275522] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.275691] kthread+0x337/0x6f0 [ 25.275804] ret_from_fork+0x116/0x1d0 [ 25.275928] ret_from_fork_asm+0x1a/0x30 [ 25.276120] [ 25.276227] The buggy address belongs to the object at ffff888105a1be40 [ 25.276227] which belongs to the cache kmalloc-32 of size 32 [ 25.277041] The buggy address is located 16 bytes inside of [ 25.277041] freed 32-byte region [ffff888105a1be40, ffff888105a1be60) [ 25.277691] [ 25.277767] The buggy address belongs to the physical page: [ 25.277951] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1b [ 25.278319] flags: 0x200000000000000(node=0|zone=2) [ 25.278744] page_type: f5(slab) [ 25.278995] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.279247] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 25.279585] page dumped because: kasan: bad access detected [ 25.279795] [ 25.280106] Memory state around the buggy address: [ 25.280325] ffff888105a1bd00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.280554] ffff888105a1bd80: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 25.280840] >ffff888105a1be00: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.281147] ^ [ 25.281391] ffff888105a1be80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.281679] ffff888105a1bf00: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.281967] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 25.229535] ================================================================== [ 25.229932] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 25.230840] Read of size 1 at addr ffff888105a1bd18 by task kunit_try_catch/306 [ 25.231668] [ 25.232101] CPU: 0 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.232202] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.232218] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.232249] Call Trace: [ 25.232266] <TASK> [ 25.232287] dump_stack_lvl+0x73/0xb0 [ 25.232321] print_report+0xd1/0x650 [ 25.232349] ? __virt_addr_valid+0x1db/0x2d0 [ 25.232375] ? memcmp+0x1b4/0x1d0 [ 25.232397] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.232424] ? memcmp+0x1b4/0x1d0 [ 25.232445] kasan_report+0x141/0x180 [ 25.232466] ? memcmp+0x1b4/0x1d0 [ 25.232491] __asan_report_load1_noabort+0x18/0x20 [ 25.232515] memcmp+0x1b4/0x1d0 [ 25.232538] kasan_memcmp+0x18f/0x390 [ 25.232558] ? trace_hardirqs_on+0x37/0xe0 [ 25.232584] ? __pfx_kasan_memcmp+0x10/0x10 [ 25.232603] ? finish_task_switch.isra.0+0x153/0x700 [ 25.232627] ? __switch_to+0x47/0xf50 [ 25.232657] ? __pfx_read_tsc+0x10/0x10 [ 25.232679] ? ktime_get_ts64+0x86/0x230 [ 25.232706] kunit_try_run_case+0x1a5/0x480 [ 25.232733] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.232757] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.232782] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.232806] ? __kthread_parkme+0x82/0x180 [ 25.232829] ? preempt_count_sub+0x50/0x80 [ 25.232852] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.232877] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.232902] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.232943] kthread+0x337/0x6f0 [ 25.232963] ? trace_preempt_on+0x20/0xc0 [ 25.232985] ? __pfx_kthread+0x10/0x10 [ 25.233006] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.233030] ? calculate_sigpending+0x7b/0xa0 [ 25.233055] ? __pfx_kthread+0x10/0x10 [ 25.233087] ret_from_fork+0x116/0x1d0 [ 25.233105] ? __pfx_kthread+0x10/0x10 [ 25.233126] ret_from_fork_asm+0x1a/0x30 [ 25.233158] </TASK> [ 25.233172] [ 25.241007] Allocated by task 306: [ 25.241246] kasan_save_stack+0x45/0x70 [ 25.241572] kasan_save_track+0x18/0x40 [ 25.241764] kasan_save_alloc_info+0x3b/0x50 [ 25.241940] __kasan_kmalloc+0xb7/0xc0 [ 25.242075] __kmalloc_cache_noprof+0x189/0x420 [ 25.242604] kasan_memcmp+0xb7/0x390 [ 25.242789] kunit_try_run_case+0x1a5/0x480 [ 25.242968] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.243335] kthread+0x337/0x6f0 [ 25.243481] ret_from_fork+0x116/0x1d0 [ 25.243699] ret_from_fork_asm+0x1a/0x30 [ 25.243887] [ 25.244009] The buggy address belongs to the object at ffff888105a1bd00 [ 25.244009] which belongs to the cache kmalloc-32 of size 32 [ 25.244630] The buggy address is located 0 bytes to the right of [ 25.244630] allocated 24-byte region [ffff888105a1bd00, ffff888105a1bd18) [ 25.245409] [ 25.245484] The buggy address belongs to the physical page: [ 25.245663] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1b [ 25.246009] flags: 0x200000000000000(node=0|zone=2) [ 25.246247] page_type: f5(slab) [ 25.246412] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.246722] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 25.247171] page dumped because: kasan: bad access detected [ 25.247530] [ 25.247620] Memory state around the buggy address: [ 25.247834] ffff888105a1bc00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.248424] ffff888105a1bc80: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 25.248789] >ffff888105a1bd00: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.249172] ^ [ 25.249389] ffff888105a1bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.249595] ffff888105a1be00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.249954] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 25.059039] ================================================================== [ 25.059896] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.060194] Free of addr ffff888103b7e801 by task kunit_try_catch/290 [ 25.061204] [ 25.061487] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.061550] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.061564] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.061589] Call Trace: [ 25.061605] <TASK> [ 25.061626] dump_stack_lvl+0x73/0xb0 [ 25.061662] print_report+0xd1/0x650 [ 25.061686] ? __virt_addr_valid+0x1db/0x2d0 [ 25.061712] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.061739] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.061765] kasan_report_invalid_free+0x10a/0x130 [ 25.061790] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.061817] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.061848] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.061872] check_slab_allocation+0x11f/0x130 [ 25.061894] __kasan_mempool_poison_object+0x91/0x1d0 [ 25.061918] mempool_free+0x2ec/0x380 [ 25.062021] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.062048] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 25.062087] ? __kasan_check_write+0x18/0x20 [ 25.062111] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.062134] ? finish_task_switch.isra.0+0x153/0x700 [ 25.062161] mempool_kmalloc_invalid_free+0xed/0x140 [ 25.062202] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 25.062230] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.062252] ? __pfx_mempool_kfree+0x10/0x10 [ 25.062278] ? __pfx_read_tsc+0x10/0x10 [ 25.062300] ? ktime_get_ts64+0x86/0x230 [ 25.062326] kunit_try_run_case+0x1a5/0x480 [ 25.062354] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.062378] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.062401] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.062424] ? __kthread_parkme+0x82/0x180 [ 25.062445] ? preempt_count_sub+0x50/0x80 [ 25.062469] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.062493] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.062517] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.062542] kthread+0x337/0x6f0 [ 25.062562] ? trace_preempt_on+0x20/0xc0 [ 25.062587] ? __pfx_kthread+0x10/0x10 [ 25.062608] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.062632] ? calculate_sigpending+0x7b/0xa0 [ 25.062656] ? __pfx_kthread+0x10/0x10 [ 25.062678] ret_from_fork+0x116/0x1d0 [ 25.062698] ? __pfx_kthread+0x10/0x10 [ 25.062719] ret_from_fork_asm+0x1a/0x30 [ 25.062750] </TASK> [ 25.062763] [ 25.079580] Allocated by task 290: [ 25.079738] kasan_save_stack+0x45/0x70 [ 25.079895] kasan_save_track+0x18/0x40 [ 25.080406] kasan_save_alloc_info+0x3b/0x50 [ 25.080834] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 25.081450] remove_element+0x11e/0x190 [ 25.081780] mempool_alloc_preallocated+0x4d/0x90 [ 25.081951] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 25.082510] mempool_kmalloc_invalid_free+0xed/0x140 [ 25.082981] kunit_try_run_case+0x1a5/0x480 [ 25.083177] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.083690] kthread+0x337/0x6f0 [ 25.083854] ret_from_fork+0x116/0x1d0 [ 25.083977] ret_from_fork_asm+0x1a/0x30 [ 25.084120] [ 25.084229] The buggy address belongs to the object at ffff888103b7e800 [ 25.084229] which belongs to the cache kmalloc-128 of size 128 [ 25.085297] The buggy address is located 1 bytes inside of [ 25.085297] 128-byte region [ffff888103b7e800, ffff888103b7e880) [ 25.086507] [ 25.086677] The buggy address belongs to the physical page: [ 25.086849] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103b7e [ 25.087539] flags: 0x200000000000000(node=0|zone=2) [ 25.088007] page_type: f5(slab) [ 25.088359] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.088625] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.088839] page dumped because: kasan: bad access detected [ 25.089173] [ 25.089323] Memory state around the buggy address: [ 25.089779] ffff888103b7e700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.090518] ffff888103b7e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.091259] >ffff888103b7e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.091919] ^ [ 25.092176] ffff888103b7e880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.092733] ffff888103b7e900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.093041] ================================================================== [ 25.096726] ================================================================== [ 25.097886] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.098826] Free of addr ffff8881061f0001 by task kunit_try_catch/292 [ 25.099045] [ 25.099186] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.099245] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.099259] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.099283] Call Trace: [ 25.099299] <TASK> [ 25.099321] dump_stack_lvl+0x73/0xb0 [ 25.099366] print_report+0xd1/0x650 [ 25.099390] ? __virt_addr_valid+0x1db/0x2d0 [ 25.099418] ? kasan_addr_to_slab+0x11/0xa0 [ 25.099438] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.099464] kasan_report_invalid_free+0x10a/0x130 [ 25.099489] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.099517] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.099541] __kasan_mempool_poison_object+0x102/0x1d0 [ 25.099565] mempool_free+0x2ec/0x380 [ 25.099594] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.099619] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 25.099646] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.099670] ? finish_task_switch.isra.0+0x153/0x700 [ 25.099697] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 25.099721] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 25.099748] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.099771] ? __pfx_mempool_kfree+0x10/0x10 [ 25.099795] ? __pfx_read_tsc+0x10/0x10 [ 25.099818] ? ktime_get_ts64+0x86/0x230 [ 25.099844] kunit_try_run_case+0x1a5/0x480 [ 25.099871] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.099894] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.099918] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.099991] ? __kthread_parkme+0x82/0x180 [ 25.100015] ? preempt_count_sub+0x50/0x80 [ 25.100039] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.100076] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.100101] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.100126] kthread+0x337/0x6f0 [ 25.100146] ? trace_preempt_on+0x20/0xc0 [ 25.100171] ? __pfx_kthread+0x10/0x10 [ 25.100232] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.100259] ? calculate_sigpending+0x7b/0xa0 [ 25.100285] ? __pfx_kthread+0x10/0x10 [ 25.100306] ret_from_fork+0x116/0x1d0 [ 25.100326] ? __pfx_kthread+0x10/0x10 [ 25.100347] ret_from_fork_asm+0x1a/0x30 [ 25.100380] </TASK> [ 25.100393] [ 25.110781] The buggy address belongs to the physical page: [ 25.111017] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061f0 [ 25.111463] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.111792] flags: 0x200000000000040(head|node=0|zone=2) [ 25.112096] page_type: f8(unknown) [ 25.112399] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.112753] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.112978] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.113423] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.114150] head: 0200000000000002 ffffea0004187c01 00000000ffffffff 00000000ffffffff [ 25.114503] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.114797] page dumped because: kasan: bad access detected [ 25.115050] [ 25.115155] Memory state around the buggy address: [ 25.115390] ffff8881061eff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.115715] ffff8881061eff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.115998] >ffff8881061f0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.116321] ^ [ 25.116438] ffff8881061f0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.116701] ffff8881061f0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.117009] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 24.976391] ================================================================== [ 24.976908] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 24.977717] Free of addr ffff88810255ea00 by task kunit_try_catch/284 [ 24.978001] [ 24.978349] CPU: 0 UID: 0 PID: 284 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 24.978412] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.978448] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.978473] Call Trace: [ 24.978487] <TASK> [ 24.978509] dump_stack_lvl+0x73/0xb0 [ 24.978544] print_report+0xd1/0x650 [ 24.978568] ? __virt_addr_valid+0x1db/0x2d0 [ 24.978594] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.978621] ? mempool_double_free_helper+0x184/0x370 [ 24.978646] kasan_report_invalid_free+0x10a/0x130 [ 24.978671] ? mempool_double_free_helper+0x184/0x370 [ 24.978696] ? mempool_double_free_helper+0x184/0x370 [ 24.978719] ? mempool_double_free_helper+0x184/0x370 [ 24.978743] check_slab_allocation+0x101/0x130 [ 24.978766] __kasan_mempool_poison_object+0x91/0x1d0 [ 24.978791] mempool_free+0x2ec/0x380 [ 24.978819] mempool_double_free_helper+0x184/0x370 [ 24.978844] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 24.978868] ? update_curr+0x5c1/0x810 [ 24.978899] mempool_kmalloc_double_free+0xed/0x140 [ 24.978922] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 24.978961] ? schedule+0x7c/0x2e0 [ 24.978983] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.979006] ? __pfx_mempool_kfree+0x10/0x10 [ 24.979032] ? __pfx_read_tsc+0x10/0x10 [ 24.979054] ? ktime_get_ts64+0x86/0x230 [ 24.979091] kunit_try_run_case+0x1a5/0x480 [ 24.979120] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.979145] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.979167] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.979281] ? __kthread_parkme+0x82/0x180 [ 24.979309] ? preempt_count_sub+0x50/0x80 [ 24.979332] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.979357] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.979384] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.979408] kthread+0x337/0x6f0 [ 24.979428] ? trace_preempt_on+0x20/0xc0 [ 24.979453] ? __pfx_kthread+0x10/0x10 [ 24.979474] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.979499] ? calculate_sigpending+0x7b/0xa0 [ 24.979524] ? __pfx_kthread+0x10/0x10 [ 24.979546] ret_from_fork+0x116/0x1d0 [ 24.979565] ? __pfx_kthread+0x10/0x10 [ 24.979587] ret_from_fork_asm+0x1a/0x30 [ 24.979618] </TASK> [ 24.979632] [ 24.990306] Allocated by task 284: [ 24.990629] kasan_save_stack+0x45/0x70 [ 24.990890] kasan_save_track+0x18/0x40 [ 24.991112] kasan_save_alloc_info+0x3b/0x50 [ 24.991364] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 24.991702] remove_element+0x11e/0x190 [ 24.991882] mempool_alloc_preallocated+0x4d/0x90 [ 24.992042] mempool_double_free_helper+0x8a/0x370 [ 24.992234] mempool_kmalloc_double_free+0xed/0x140 [ 24.992456] kunit_try_run_case+0x1a5/0x480 [ 24.993088] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.993451] kthread+0x337/0x6f0 [ 24.993574] ret_from_fork+0x116/0x1d0 [ 24.993698] ret_from_fork_asm+0x1a/0x30 [ 24.993858] [ 24.994021] Freed by task 284: [ 24.994190] kasan_save_stack+0x45/0x70 [ 24.994404] kasan_save_track+0x18/0x40 [ 24.994673] kasan_save_free_info+0x3f/0x60 [ 24.994857] __kasan_mempool_poison_object+0x131/0x1d0 [ 24.995164] mempool_free+0x2ec/0x380 [ 24.995409] mempool_double_free_helper+0x109/0x370 [ 24.995628] mempool_kmalloc_double_free+0xed/0x140 [ 24.995876] kunit_try_run_case+0x1a5/0x480 [ 24.996083] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.996549] kthread+0x337/0x6f0 [ 24.996741] ret_from_fork+0x116/0x1d0 [ 24.996928] ret_from_fork_asm+0x1a/0x30 [ 24.997131] [ 24.997201] The buggy address belongs to the object at ffff88810255ea00 [ 24.997201] which belongs to the cache kmalloc-128 of size 128 [ 24.997892] The buggy address is located 0 bytes inside of [ 24.997892] 128-byte region [ffff88810255ea00, ffff88810255ea80) [ 24.998453] [ 24.998581] The buggy address belongs to the physical page: [ 24.998784] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10255e [ 24.999290] flags: 0x200000000000000(node=0|zone=2) [ 24.999518] page_type: f5(slab) [ 24.999682] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.000055] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.000393] page dumped because: kasan: bad access detected [ 25.000897] [ 25.000998] Memory state around the buggy address: [ 25.001234] ffff88810255e900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.001781] ffff88810255e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.002115] >ffff88810255ea00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.002680] ^ [ 25.002944] ffff88810255ea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.003352] ffff88810255eb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.003639] ================================================================== [ 25.031183] ================================================================== [ 25.032501] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 25.033116] Free of addr ffff8881060cc000 by task kunit_try_catch/288 [ 25.033632] [ 25.033836] CPU: 1 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.033895] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.033910] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.033952] Call Trace: [ 25.033970] <TASK> [ 25.034003] dump_stack_lvl+0x73/0xb0 [ 25.034037] print_report+0xd1/0x650 [ 25.034070] ? __virt_addr_valid+0x1db/0x2d0 [ 25.034095] ? kasan_addr_to_slab+0x11/0xa0 [ 25.034115] ? mempool_double_free_helper+0x184/0x370 [ 25.034140] kasan_report_invalid_free+0x10a/0x130 [ 25.034163] ? mempool_double_free_helper+0x184/0x370 [ 25.034210] ? mempool_double_free_helper+0x184/0x370 [ 25.034233] __kasan_mempool_poison_pages+0x115/0x130 [ 25.034257] mempool_free+0x290/0x380 [ 25.034285] mempool_double_free_helper+0x184/0x370 [ 25.034308] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 25.034330] ? update_load_avg+0x1be/0x21b0 [ 25.034357] ? finish_task_switch.isra.0+0x153/0x700 [ 25.034383] mempool_page_alloc_double_free+0xe8/0x140 [ 25.034406] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 25.034434] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 25.034457] ? __pfx_mempool_free_pages+0x10/0x10 [ 25.034481] ? __pfx_read_tsc+0x10/0x10 [ 25.034504] ? ktime_get_ts64+0x86/0x230 [ 25.034528] kunit_try_run_case+0x1a5/0x480 [ 25.034555] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.034578] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.034600] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.034623] ? __kthread_parkme+0x82/0x180 [ 25.034643] ? preempt_count_sub+0x50/0x80 [ 25.034666] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.034690] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.034714] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.034738] kthread+0x337/0x6f0 [ 25.034758] ? trace_preempt_on+0x20/0xc0 [ 25.034782] ? __pfx_kthread+0x10/0x10 [ 25.034802] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.034826] ? calculate_sigpending+0x7b/0xa0 [ 25.034851] ? __pfx_kthread+0x10/0x10 [ 25.034872] ret_from_fork+0x116/0x1d0 [ 25.034892] ? __pfx_kthread+0x10/0x10 [ 25.034912] ret_from_fork_asm+0x1a/0x30 [ 25.034960] </TASK> [ 25.034973] [ 25.048608] The buggy address belongs to the physical page: [ 25.048966] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060cc [ 25.049223] flags: 0x200000000000000(node=0|zone=2) [ 25.049575] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 25.049812] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 25.050477] page dumped because: kasan: bad access detected [ 25.051058] [ 25.051219] Memory state around the buggy address: [ 25.051693] ffff8881060cbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.052389] ffff8881060cbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.052754] >ffff8881060cc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.053024] ^ [ 25.053329] ffff8881060cc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.054040] ffff8881060cc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.054947] ================================================================== [ 25.008743] ================================================================== [ 25.009700] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 25.010125] Free of addr ffff8881060cc000 by task kunit_try_catch/286 [ 25.010384] [ 25.010862] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.010943] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.010958] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.010997] Call Trace: [ 25.011015] <TASK> [ 25.011038] dump_stack_lvl+0x73/0xb0 [ 25.011108] print_report+0xd1/0x650 [ 25.011143] ? __virt_addr_valid+0x1db/0x2d0 [ 25.011171] ? kasan_addr_to_slab+0x11/0xa0 [ 25.011487] ? mempool_double_free_helper+0x184/0x370 [ 25.011517] kasan_report_invalid_free+0x10a/0x130 [ 25.011542] ? mempool_double_free_helper+0x184/0x370 [ 25.011569] ? mempool_double_free_helper+0x184/0x370 [ 25.011592] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 25.011617] mempool_free+0x2ec/0x380 [ 25.011647] mempool_double_free_helper+0x184/0x370 [ 25.011671] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 25.011694] ? update_load_avg+0x1be/0x21b0 [ 25.011723] ? finish_task_switch.isra.0+0x153/0x700 [ 25.011749] mempool_kmalloc_large_double_free+0xed/0x140 [ 25.011774] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 25.011802] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.011824] ? __pfx_mempool_kfree+0x10/0x10 [ 25.011850] ? __pfx_read_tsc+0x10/0x10 [ 25.011875] ? ktime_get_ts64+0x86/0x230 [ 25.011902] kunit_try_run_case+0x1a5/0x480 [ 25.011942] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.011967] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.011991] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.012014] ? __kthread_parkme+0x82/0x180 [ 25.012036] ? preempt_count_sub+0x50/0x80 [ 25.012075] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.012101] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.012125] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.012149] kthread+0x337/0x6f0 [ 25.012169] ? trace_preempt_on+0x20/0xc0 [ 25.012248] ? __pfx_kthread+0x10/0x10 [ 25.012271] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.012296] ? calculate_sigpending+0x7b/0xa0 [ 25.012322] ? __pfx_kthread+0x10/0x10 [ 25.012344] ret_from_fork+0x116/0x1d0 [ 25.012364] ? __pfx_kthread+0x10/0x10 [ 25.012385] ret_from_fork_asm+0x1a/0x30 [ 25.012417] </TASK> [ 25.012430] [ 25.020877] The buggy address belongs to the physical page: [ 25.021071] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060cc [ 25.021450] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.021789] flags: 0x200000000000040(head|node=0|zone=2) [ 25.022500] page_type: f8(unknown) [ 25.022695] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.022960] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.023431] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.023762] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.024396] head: 0200000000000002 ffffea0004183301 00000000ffffffff 00000000ffffffff [ 25.024732] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.025091] page dumped because: kasan: bad access detected [ 25.025443] [ 25.025537] Memory state around the buggy address: [ 25.025769] ffff8881060cbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.026098] ffff8881060cbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.026425] >ffff8881060cc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.026730] ^ [ 25.026890] ffff8881060cc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.027236] ffff8881060cc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.027432] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 24.888080] ================================================================== [ 24.888896] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 24.889265] Read of size 1 at addr ffff8881060cc000 by task kunit_try_catch/278 [ 24.889962] [ 24.890149] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 24.890207] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.890221] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.890246] Call Trace: [ 24.890262] <TASK> [ 24.890283] dump_stack_lvl+0x73/0xb0 [ 24.890315] print_report+0xd1/0x650 [ 24.890339] ? __virt_addr_valid+0x1db/0x2d0 [ 24.890364] ? mempool_uaf_helper+0x392/0x400 [ 24.890387] ? kasan_addr_to_slab+0x11/0xa0 [ 24.890407] ? mempool_uaf_helper+0x392/0x400 [ 24.890429] kasan_report+0x141/0x180 [ 24.890450] ? mempool_uaf_helper+0x392/0x400 [ 24.890477] __asan_report_load1_noabort+0x18/0x20 [ 24.890501] mempool_uaf_helper+0x392/0x400 [ 24.890524] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 24.890546] ? update_load_avg+0x1be/0x21b0 [ 24.890570] ? update_load_avg+0x1be/0x21b0 [ 24.890591] ? update_curr+0x80/0x810 [ 24.890615] ? finish_task_switch.isra.0+0x153/0x700 [ 24.890642] mempool_kmalloc_large_uaf+0xef/0x140 [ 24.890666] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 24.890692] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.890717] ? __pfx_mempool_kfree+0x10/0x10 [ 24.890741] ? __pfx_read_tsc+0x10/0x10 [ 24.890764] ? ktime_get_ts64+0x86/0x230 [ 24.890789] kunit_try_run_case+0x1a5/0x480 [ 24.890817] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.890842] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.890866] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.890891] ? __kthread_parkme+0x82/0x180 [ 24.890912] ? preempt_count_sub+0x50/0x80 [ 24.890935] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.890961] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.890986] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.891011] kthread+0x337/0x6f0 [ 24.891032] ? trace_preempt_on+0x20/0xc0 [ 24.891056] ? __pfx_kthread+0x10/0x10 [ 24.891088] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.891113] ? calculate_sigpending+0x7b/0xa0 [ 24.891138] ? __pfx_kthread+0x10/0x10 [ 24.891160] ret_from_fork+0x116/0x1d0 [ 24.891188] ? __pfx_kthread+0x10/0x10 [ 24.891209] ret_from_fork_asm+0x1a/0x30 [ 24.891241] </TASK> [ 24.891254] [ 24.903402] The buggy address belongs to the physical page: [ 24.903695] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060cc [ 24.904076] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.904538] flags: 0x200000000000040(head|node=0|zone=2) [ 24.904749] page_type: f8(unknown) [ 24.904953] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.905304] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.905807] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.906153] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.906429] head: 0200000000000002 ffffea0004183301 00000000ffffffff 00000000ffffffff [ 24.906645] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.906944] page dumped because: kasan: bad access detected [ 24.907210] [ 24.907296] Memory state around the buggy address: [ 24.907472] ffff8881060cbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.907671] ffff8881060cbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.908214] >ffff8881060cc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.908625] ^ [ 24.908815] ffff8881060cc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.909120] ffff8881060cc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.909630] ================================================================== [ 24.952602] ================================================================== [ 24.953607] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 24.953907] Read of size 1 at addr ffff8881061f0000 by task kunit_try_catch/282 [ 24.954393] [ 24.954519] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 24.954577] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.954592] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.954618] Call Trace: [ 24.954634] <TASK> [ 24.954656] dump_stack_lvl+0x73/0xb0 [ 24.954691] print_report+0xd1/0x650 [ 24.954716] ? __virt_addr_valid+0x1db/0x2d0 [ 24.954744] ? mempool_uaf_helper+0x392/0x400 [ 24.954768] ? kasan_addr_to_slab+0x11/0xa0 [ 24.954789] ? mempool_uaf_helper+0x392/0x400 [ 24.954813] kasan_report+0x141/0x180 [ 24.954838] ? mempool_uaf_helper+0x392/0x400 [ 24.954866] __asan_report_load1_noabort+0x18/0x20 [ 24.954890] mempool_uaf_helper+0x392/0x400 [ 24.954914] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 24.954951] ? __kasan_check_write+0x18/0x20 [ 24.954976] ? __pfx_sched_clock_cpu+0x10/0x10 [ 24.955000] ? finish_task_switch.isra.0+0x153/0x700 [ 24.955027] mempool_page_alloc_uaf+0xed/0x140 [ 24.955053] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 24.955092] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 24.955118] ? __pfx_mempool_free_pages+0x10/0x10 [ 24.955143] ? __pfx_read_tsc+0x10/0x10 [ 24.955166] ? ktime_get_ts64+0x86/0x230 [ 24.955241] kunit_try_run_case+0x1a5/0x480 [ 24.955272] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.955296] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.955320] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.955342] ? __kthread_parkme+0x82/0x180 [ 24.955364] ? preempt_count_sub+0x50/0x80 [ 24.955386] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.955411] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.955436] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.955461] kthread+0x337/0x6f0 [ 24.955481] ? trace_preempt_on+0x20/0xc0 [ 24.955506] ? __pfx_kthread+0x10/0x10 [ 24.955526] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.955551] ? calculate_sigpending+0x7b/0xa0 [ 24.955576] ? __pfx_kthread+0x10/0x10 [ 24.955597] ret_from_fork+0x116/0x1d0 [ 24.955618] ? __pfx_kthread+0x10/0x10 [ 24.955638] ret_from_fork_asm+0x1a/0x30 [ 24.955671] </TASK> [ 24.955684] [ 24.964567] The buggy address belongs to the physical page: [ 24.964884] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061f0 [ 24.965351] flags: 0x200000000000000(node=0|zone=2) [ 24.965615] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 24.965962] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 24.966321] page dumped because: kasan: bad access detected [ 24.966624] [ 24.966735] Memory state around the buggy address: [ 24.966963] ffff8881061eff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.967355] ffff8881061eff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.967563] >ffff8881061f0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.967762] ^ [ 24.967871] ffff8881061f0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.968183] ffff8881061f0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.968532] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 24.847379] ================================================================== [ 24.847803] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 24.848846] Read of size 1 at addr ffff888103b7e400 by task kunit_try_catch/276 [ 24.849889] [ 24.850261] CPU: 1 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 24.850324] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.850338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.850363] Call Trace: [ 24.850379] <TASK> [ 24.850400] dump_stack_lvl+0x73/0xb0 [ 24.850437] print_report+0xd1/0x650 [ 24.850462] ? __virt_addr_valid+0x1db/0x2d0 [ 24.850488] ? mempool_uaf_helper+0x392/0x400 [ 24.850510] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.850536] ? mempool_uaf_helper+0x392/0x400 [ 24.850558] kasan_report+0x141/0x180 [ 24.850579] ? mempool_uaf_helper+0x392/0x400 [ 24.850605] __asan_report_load1_noabort+0x18/0x20 [ 24.850629] mempool_uaf_helper+0x392/0x400 [ 24.850651] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 24.850674] ? __kasan_check_write+0x18/0x20 [ 24.850697] ? __pfx_sched_clock_cpu+0x10/0x10 [ 24.850720] ? finish_task_switch.isra.0+0x153/0x700 [ 24.850747] mempool_kmalloc_uaf+0xef/0x140 [ 24.850769] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 24.850793] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.850817] ? __pfx_mempool_kfree+0x10/0x10 [ 24.850841] ? __pfx_read_tsc+0x10/0x10 [ 24.850863] ? ktime_get_ts64+0x86/0x230 [ 24.850889] kunit_try_run_case+0x1a5/0x480 [ 24.850935] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.850959] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.850981] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.851003] ? __kthread_parkme+0x82/0x180 [ 24.851024] ? preempt_count_sub+0x50/0x80 [ 24.851047] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.851081] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.851105] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.851130] kthread+0x337/0x6f0 [ 24.851150] ? trace_preempt_on+0x20/0xc0 [ 24.851193] ? __pfx_kthread+0x10/0x10 [ 24.851215] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.851241] ? calculate_sigpending+0x7b/0xa0 [ 24.851266] ? __pfx_kthread+0x10/0x10 [ 24.851288] ret_from_fork+0x116/0x1d0 [ 24.851309] ? __pfx_kthread+0x10/0x10 [ 24.851330] ret_from_fork_asm+0x1a/0x30 [ 24.851361] </TASK> [ 24.851375] [ 24.863579] Allocated by task 276: [ 24.863897] kasan_save_stack+0x45/0x70 [ 24.864319] kasan_save_track+0x18/0x40 [ 24.864722] kasan_save_alloc_info+0x3b/0x50 [ 24.865181] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 24.865695] remove_element+0x11e/0x190 [ 24.866115] mempool_alloc_preallocated+0x4d/0x90 [ 24.866524] mempool_uaf_helper+0x96/0x400 [ 24.866949] mempool_kmalloc_uaf+0xef/0x140 [ 24.867399] kunit_try_run_case+0x1a5/0x480 [ 24.867881] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.868483] kthread+0x337/0x6f0 [ 24.868854] ret_from_fork+0x116/0x1d0 [ 24.869314] ret_from_fork_asm+0x1a/0x30 [ 24.869713] [ 24.869872] Freed by task 276: [ 24.870266] kasan_save_stack+0x45/0x70 [ 24.870675] kasan_save_track+0x18/0x40 [ 24.871055] kasan_save_free_info+0x3f/0x60 [ 24.871525] __kasan_mempool_poison_object+0x131/0x1d0 [ 24.872102] mempool_free+0x2ec/0x380 [ 24.872474] mempool_uaf_helper+0x11a/0x400 [ 24.872726] mempool_kmalloc_uaf+0xef/0x140 [ 24.872875] kunit_try_run_case+0x1a5/0x480 [ 24.873207] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.873828] kthread+0x337/0x6f0 [ 24.874174] ret_from_fork+0x116/0x1d0 [ 24.874600] ret_from_fork_asm+0x1a/0x30 [ 24.874883] [ 24.874967] The buggy address belongs to the object at ffff888103b7e400 [ 24.874967] which belongs to the cache kmalloc-128 of size 128 [ 24.876112] The buggy address is located 0 bytes inside of [ 24.876112] freed 128-byte region [ffff888103b7e400, ffff888103b7e480) [ 24.876943] [ 24.877117] The buggy address belongs to the physical page: [ 24.877644] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103b7e [ 24.877941] flags: 0x200000000000000(node=0|zone=2) [ 24.878430] page_type: f5(slab) [ 24.878741] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.879457] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.880103] page dumped because: kasan: bad access detected [ 24.880416] [ 24.880497] Memory state around the buggy address: [ 24.880829] ffff888103b7e300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.881463] ffff888103b7e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.881760] >ffff888103b7e400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.881995] ^ [ 24.882289] ffff888103b7e480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.882952] ffff888103b7e500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.883671] ================================================================== [ 24.915297] ================================================================== [ 24.915795] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 24.916151] Read of size 1 at addr ffff88810602a240 by task kunit_try_catch/280 [ 24.916512] [ 24.916711] CPU: 1 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 24.916770] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.916784] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.916810] Call Trace: [ 24.916825] <TASK> [ 24.916847] dump_stack_lvl+0x73/0xb0 [ 24.916882] print_report+0xd1/0x650 [ 24.916906] ? __virt_addr_valid+0x1db/0x2d0 [ 24.916933] ? mempool_uaf_helper+0x392/0x400 [ 24.916955] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.916983] ? mempool_uaf_helper+0x392/0x400 [ 24.917005] kasan_report+0x141/0x180 [ 24.917027] ? mempool_uaf_helper+0x392/0x400 [ 24.917054] __asan_report_load1_noabort+0x18/0x20 [ 24.917091] mempool_uaf_helper+0x392/0x400 [ 24.917145] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 24.917174] mempool_slab_uaf+0xea/0x140 [ 24.917197] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 24.917222] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 24.917249] ? __pfx_mempool_free_slab+0x10/0x10 [ 24.917283] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 24.917308] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 24.917333] kunit_try_run_case+0x1a5/0x480 [ 24.917362] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.917386] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.917427] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.917449] ? __kthread_parkme+0x82/0x180 [ 24.917478] ? preempt_count_sub+0x50/0x80 [ 24.917504] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.917529] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.917554] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.917580] kthread+0x337/0x6f0 [ 24.917599] ? trace_preempt_on+0x20/0xc0 [ 24.917625] ? __pfx_kthread+0x10/0x10 [ 24.917646] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.917671] ? calculate_sigpending+0x7b/0xa0 [ 24.917696] ? __pfx_kthread+0x10/0x10 [ 24.917717] ret_from_fork+0x116/0x1d0 [ 24.917738] ? __pfx_kthread+0x10/0x10 [ 24.917758] ret_from_fork_asm+0x1a/0x30 [ 24.917791] </TASK> [ 24.917804] [ 24.926103] Allocated by task 280: [ 24.926295] kasan_save_stack+0x45/0x70 [ 24.926498] kasan_save_track+0x18/0x40 [ 24.926824] kasan_save_alloc_info+0x3b/0x50 [ 24.927090] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 24.927271] remove_element+0x11e/0x190 [ 24.927406] mempool_alloc_preallocated+0x4d/0x90 [ 24.927560] mempool_uaf_helper+0x96/0x400 [ 24.927811] mempool_slab_uaf+0xea/0x140 [ 24.928109] kunit_try_run_case+0x1a5/0x480 [ 24.928489] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.928839] kthread+0x337/0x6f0 [ 24.929017] ret_from_fork+0x116/0x1d0 [ 24.929159] ret_from_fork_asm+0x1a/0x30 [ 24.929297] [ 24.929362] Freed by task 280: [ 24.929470] kasan_save_stack+0x45/0x70 [ 24.929652] kasan_save_track+0x18/0x40 [ 24.929877] kasan_save_free_info+0x3f/0x60 [ 24.930205] __kasan_mempool_poison_object+0x131/0x1d0 [ 24.930448] mempool_free+0x2ec/0x380 [ 24.930617] mempool_uaf_helper+0x11a/0x400 [ 24.930758] mempool_slab_uaf+0xea/0x140 [ 24.930890] kunit_try_run_case+0x1a5/0x480 [ 24.931583] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.931876] kthread+0x337/0x6f0 [ 24.932250] ret_from_fork+0x116/0x1d0 [ 24.932441] ret_from_fork_asm+0x1a/0x30 [ 24.932627] [ 24.932722] The buggy address belongs to the object at ffff88810602a240 [ 24.932722] which belongs to the cache test_cache of size 123 [ 24.933222] The buggy address is located 0 bytes inside of [ 24.933222] freed 123-byte region [ffff88810602a240, ffff88810602a2bb) [ 24.933768] [ 24.933919] The buggy address belongs to the physical page: [ 24.934290] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10602a [ 24.934534] flags: 0x200000000000000(node=0|zone=2) [ 24.935339] page_type: f5(slab) [ 24.935748] raw: 0200000000000000 ffff88810190e780 dead000000000122 0000000000000000 [ 24.936456] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 24.936952] page dumped because: kasan: bad access detected [ 24.937366] [ 24.937468] Memory state around the buggy address: [ 24.937849] ffff88810602a100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.938411] ffff88810602a180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.938800] >ffff88810602a200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 24.939292] ^ [ 24.939508] ffff88810602a280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.939821] ffff88810602a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.940428] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 24.780092] ================================================================== [ 24.780727] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 24.781127] Read of size 1 at addr ffff8881060c6001 by task kunit_try_catch/272 [ 24.781460] [ 24.781556] CPU: 1 UID: 0 PID: 272 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 24.781614] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.781626] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.781651] Call Trace: [ 24.781666] <TASK> [ 24.781686] dump_stack_lvl+0x73/0xb0 [ 24.781719] print_report+0xd1/0x650 [ 24.781743] ? __virt_addr_valid+0x1db/0x2d0 [ 24.781768] ? mempool_oob_right_helper+0x318/0x380 [ 24.781792] ? kasan_addr_to_slab+0x11/0xa0 [ 24.781812] ? mempool_oob_right_helper+0x318/0x380 [ 24.781847] kasan_report+0x141/0x180 [ 24.781870] ? mempool_oob_right_helper+0x318/0x380 [ 24.781898] __asan_report_load1_noabort+0x18/0x20 [ 24.781923] mempool_oob_right_helper+0x318/0x380 [ 24.781957] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 24.781980] ? update_load_avg+0x1be/0x21b0 [ 24.782009] ? finish_task_switch.isra.0+0x153/0x700 [ 24.782035] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 24.782072] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 24.782099] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.782124] ? __pfx_mempool_kfree+0x10/0x10 [ 24.782149] ? __pfx_read_tsc+0x10/0x10 [ 24.782171] ? ktime_get_ts64+0x86/0x230 [ 24.782396] kunit_try_run_case+0x1a5/0x480 [ 24.782428] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.782453] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.782476] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.782499] ? __kthread_parkme+0x82/0x180 [ 24.782520] ? preempt_count_sub+0x50/0x80 [ 24.782544] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.782570] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.782594] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.782619] kthread+0x337/0x6f0 [ 24.782639] ? trace_preempt_on+0x20/0xc0 [ 24.782663] ? __pfx_kthread+0x10/0x10 [ 24.782684] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.782709] ? calculate_sigpending+0x7b/0xa0 [ 24.782732] ? __pfx_kthread+0x10/0x10 [ 24.782755] ret_from_fork+0x116/0x1d0 [ 24.782775] ? __pfx_kthread+0x10/0x10 [ 24.782795] ret_from_fork_asm+0x1a/0x30 [ 24.782827] </TASK> [ 24.782841] [ 24.791390] The buggy address belongs to the physical page: [ 24.791831] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c4 [ 24.792163] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.792476] flags: 0x200000000000040(head|node=0|zone=2) [ 24.792656] page_type: f8(unknown) [ 24.792834] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.793421] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.793719] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.794084] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.794395] head: 0200000000000002 ffffea0004183101 00000000ffffffff 00000000ffffffff [ 24.794691] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.794978] page dumped because: kasan: bad access detected [ 24.795304] [ 24.795866] Memory state around the buggy address: [ 24.796095] ffff8881060c5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.796496] ffff8881060c5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.796778] >ffff8881060c6000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.797004] ^ [ 24.797263] ffff8881060c6080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.797565] ffff8881060c6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.797764] ================================================================== [ 24.749484] ================================================================== [ 24.749936] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 24.750557] Read of size 1 at addr ffff888103b7e073 by task kunit_try_catch/270 [ 24.750853] [ 24.750951] CPU: 1 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 24.751008] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.751026] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.751088] Call Trace: [ 24.751104] <TASK> [ 24.751125] dump_stack_lvl+0x73/0xb0 [ 24.751161] print_report+0xd1/0x650 [ 24.751186] ? __virt_addr_valid+0x1db/0x2d0 [ 24.751213] ? mempool_oob_right_helper+0x318/0x380 [ 24.751236] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.751262] ? mempool_oob_right_helper+0x318/0x380 [ 24.751286] kasan_report+0x141/0x180 [ 24.751307] ? mempool_oob_right_helper+0x318/0x380 [ 24.751334] __asan_report_load1_noabort+0x18/0x20 [ 24.751359] mempool_oob_right_helper+0x318/0x380 [ 24.751685] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 24.751712] ? __kasan_check_write+0x18/0x20 [ 24.751737] ? __pfx_sched_clock_cpu+0x10/0x10 [ 24.751762] ? finish_task_switch.isra.0+0x153/0x700 [ 24.751792] mempool_kmalloc_oob_right+0xf2/0x150 [ 24.751817] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 24.751842] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.751868] ? __pfx_mempool_kfree+0x10/0x10 [ 24.751893] ? __pfx_read_tsc+0x10/0x10 [ 24.751916] ? ktime_get_ts64+0x86/0x230 [ 24.752073] kunit_try_run_case+0x1a5/0x480 [ 24.752104] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.752127] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.752150] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.752172] ? __kthread_parkme+0x82/0x180 [ 24.752204] ? preempt_count_sub+0x50/0x80 [ 24.752227] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.752252] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.752277] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.752301] kthread+0x337/0x6f0 [ 24.752321] ? trace_preempt_on+0x20/0xc0 [ 24.752346] ? __pfx_kthread+0x10/0x10 [ 24.752367] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.752391] ? calculate_sigpending+0x7b/0xa0 [ 24.752417] ? __pfx_kthread+0x10/0x10 [ 24.752438] ret_from_fork+0x116/0x1d0 [ 24.752458] ? __pfx_kthread+0x10/0x10 [ 24.752479] ret_from_fork_asm+0x1a/0x30 [ 24.752511] </TASK> [ 24.752525] [ 24.764650] Allocated by task 270: [ 24.765162] kasan_save_stack+0x45/0x70 [ 24.765454] kasan_save_track+0x18/0x40 [ 24.765651] kasan_save_alloc_info+0x3b/0x50 [ 24.765890] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 24.766407] remove_element+0x11e/0x190 [ 24.766600] mempool_alloc_preallocated+0x4d/0x90 [ 24.766792] mempool_oob_right_helper+0x8a/0x380 [ 24.767165] mempool_kmalloc_oob_right+0xf2/0x150 [ 24.767516] kunit_try_run_case+0x1a5/0x480 [ 24.767786] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.768115] kthread+0x337/0x6f0 [ 24.768267] ret_from_fork+0x116/0x1d0 [ 24.768698] ret_from_fork_asm+0x1a/0x30 [ 24.768901] [ 24.769119] The buggy address belongs to the object at ffff888103b7e000 [ 24.769119] which belongs to the cache kmalloc-128 of size 128 [ 24.769777] The buggy address is located 0 bytes to the right of [ 24.769777] allocated 115-byte region [ffff888103b7e000, ffff888103b7e073) [ 24.770784] [ 24.770878] The buggy address belongs to the physical page: [ 24.771251] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103b7e [ 24.771695] flags: 0x200000000000000(node=0|zone=2) [ 24.771958] page_type: f5(slab) [ 24.772298] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.772833] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.773243] page dumped because: kasan: bad access detected [ 24.773616] [ 24.773836] Memory state around the buggy address: [ 24.773989] ffff888103b7df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.774426] ffff888103b7df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.775084] >ffff888103b7e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.775368] ^ [ 24.775878] ffff888103b7e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.776300] ffff888103b7e100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.776742] ================================================================== [ 24.802549] ================================================================== [ 24.803956] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 24.804261] Read of size 1 at addr ffff888105a1e2bb by task kunit_try_catch/274 [ 24.805440] [ 24.805663] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 24.805737] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.805778] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.805813] Call Trace: [ 24.805836] <TASK> [ 24.805858] dump_stack_lvl+0x73/0xb0 [ 24.805907] print_report+0xd1/0x650 [ 24.805931] ? __virt_addr_valid+0x1db/0x2d0 [ 24.805970] ? mempool_oob_right_helper+0x318/0x380 [ 24.805993] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.806019] ? mempool_oob_right_helper+0x318/0x380 [ 24.806043] kasan_report+0x141/0x180 [ 24.806075] ? mempool_oob_right_helper+0x318/0x380 [ 24.806101] __asan_report_load1_noabort+0x18/0x20 [ 24.806126] mempool_oob_right_helper+0x318/0x380 [ 24.806150] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 24.806175] ? __pfx_sched_clock_cpu+0x10/0x10 [ 24.806217] ? irqentry_exit+0x2a/0x60 [ 24.806239] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.806265] mempool_slab_oob_right+0xed/0x140 [ 24.806289] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 24.806314] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 24.806340] ? __pfx_mempool_free_slab+0x10/0x10 [ 24.806364] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 24.806390] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 24.806415] kunit_try_run_case+0x1a5/0x480 [ 24.806443] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.806467] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.806489] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.806511] ? __kthread_parkme+0x82/0x180 [ 24.806532] ? preempt_count_sub+0x50/0x80 [ 24.806556] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.806582] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.806606] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.806631] kthread+0x337/0x6f0 [ 24.806651] ? trace_preempt_on+0x20/0xc0 [ 24.806675] ? __pfx_kthread+0x10/0x10 [ 24.806696] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.806721] ? calculate_sigpending+0x7b/0xa0 [ 24.806746] ? __pfx_kthread+0x10/0x10 [ 24.806767] ret_from_fork+0x116/0x1d0 [ 24.806788] ? __pfx_kthread+0x10/0x10 [ 24.806809] ret_from_fork_asm+0x1a/0x30 [ 24.806841] </TASK> [ 24.806855] [ 24.820964] Allocated by task 274: [ 24.821433] kasan_save_stack+0x45/0x70 [ 24.821746] kasan_save_track+0x18/0x40 [ 24.821884] kasan_save_alloc_info+0x3b/0x50 [ 24.822164] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 24.822732] remove_element+0x11e/0x190 [ 24.823175] mempool_alloc_preallocated+0x4d/0x90 [ 24.823544] mempool_oob_right_helper+0x8a/0x380 [ 24.823695] mempool_slab_oob_right+0xed/0x140 [ 24.823837] kunit_try_run_case+0x1a5/0x480 [ 24.824005] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.824469] kthread+0x337/0x6f0 [ 24.824994] ret_from_fork+0x116/0x1d0 [ 24.825441] ret_from_fork_asm+0x1a/0x30 [ 24.825812] [ 24.825973] The buggy address belongs to the object at ffff888105a1e240 [ 24.825973] which belongs to the cache test_cache of size 123 [ 24.827104] The buggy address is located 0 bytes to the right of [ 24.827104] allocated 123-byte region [ffff888105a1e240, ffff888105a1e2bb) [ 24.827722] [ 24.827795] The buggy address belongs to the physical page: [ 24.828011] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a1e [ 24.828772] flags: 0x200000000000000(node=0|zone=2) [ 24.829322] page_type: f5(slab) [ 24.829874] raw: 0200000000000000 ffff888101095a00 dead000000000122 0000000000000000 [ 24.830661] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 24.831115] page dumped because: kasan: bad access detected [ 24.831538] [ 24.831694] Memory state around the buggy address: [ 24.832076] ffff888105a1e180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.832557] ffff888105a1e200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 24.833268] >ffff888105a1e280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 24.833552] ^ [ 24.833711] ffff888105a1e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.833926] ffff888105a1e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.834792] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 24.163349] ================================================================== [ 24.163780] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x1bf/0x380 [ 24.165106] Read of size 1 at addr ffff88810190e640 by task kunit_try_catch/264 [ 24.166028] [ 24.166585] CPU: 1 UID: 0 PID: 264 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 24.166662] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.166677] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.166703] Call Trace: [ 24.166720] <TASK> [ 24.166745] dump_stack_lvl+0x73/0xb0 [ 24.166785] print_report+0xd1/0x650 [ 24.166810] ? __virt_addr_valid+0x1db/0x2d0 [ 24.166837] ? kmem_cache_double_destroy+0x1bf/0x380 [ 24.166861] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.166889] ? kmem_cache_double_destroy+0x1bf/0x380 [ 24.166913] kasan_report+0x141/0x180 [ 24.167095] ? kmem_cache_double_destroy+0x1bf/0x380 [ 24.167128] ? kmem_cache_double_destroy+0x1bf/0x380 [ 24.167155] __kasan_check_byte+0x3d/0x50 [ 24.167177] kmem_cache_destroy+0x25/0x1d0 [ 24.167246] kmem_cache_double_destroy+0x1bf/0x380 [ 24.167269] ? __pfx_kmem_cache_double_destroy+0x10/0x10 [ 24.167294] ? finish_task_switch.isra.0+0x153/0x700 [ 24.167318] ? __switch_to+0x47/0xf50 [ 24.167347] ? __pfx_read_tsc+0x10/0x10 [ 24.167369] ? ktime_get_ts64+0x86/0x230 [ 24.167396] kunit_try_run_case+0x1a5/0x480 [ 24.167424] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.167449] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.167472] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.167494] ? __kthread_parkme+0x82/0x180 [ 24.167514] ? preempt_count_sub+0x50/0x80 [ 24.167537] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.167562] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.167585] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.167610] kthread+0x337/0x6f0 [ 24.167629] ? trace_preempt_on+0x20/0xc0 [ 24.167654] ? __pfx_kthread+0x10/0x10 [ 24.167674] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.167699] ? calculate_sigpending+0x7b/0xa0 [ 24.167724] ? __pfx_kthread+0x10/0x10 [ 24.167746] ret_from_fork+0x116/0x1d0 [ 24.167765] ? __pfx_kthread+0x10/0x10 [ 24.167785] ret_from_fork_asm+0x1a/0x30 [ 24.167816] </TASK> [ 24.167831] [ 24.180761] Allocated by task 264: [ 24.181037] kasan_save_stack+0x45/0x70 [ 24.181580] kasan_save_track+0x18/0x40 [ 24.181958] kasan_save_alloc_info+0x3b/0x50 [ 24.182474] __kasan_slab_alloc+0x91/0xa0 [ 24.182767] kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.182921] __kmem_cache_create_args+0x169/0x240 [ 24.183664] kmem_cache_double_destroy+0xd5/0x380 [ 24.184169] kunit_try_run_case+0x1a5/0x480 [ 24.184538] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.184806] kthread+0x337/0x6f0 [ 24.185417] ret_from_fork+0x116/0x1d0 [ 24.185906] ret_from_fork_asm+0x1a/0x30 [ 24.186438] [ 24.186515] Freed by task 264: [ 24.186621] kasan_save_stack+0x45/0x70 [ 24.186748] kasan_save_track+0x18/0x40 [ 24.186871] kasan_save_free_info+0x3f/0x60 [ 24.187624] __kasan_slab_free+0x56/0x70 [ 24.188031] kmem_cache_free+0x249/0x420 [ 24.188672] slab_kmem_cache_release+0x2e/0x40 [ 24.189126] kmem_cache_release+0x16/0x20 [ 24.189624] kobject_put+0x181/0x450 [ 24.190137] sysfs_slab_release+0x16/0x20 [ 24.190333] kmem_cache_destroy+0xf0/0x1d0 [ 24.190771] kmem_cache_double_destroy+0x14e/0x380 [ 24.190939] kunit_try_run_case+0x1a5/0x480 [ 24.191471] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.191897] kthread+0x337/0x6f0 [ 24.192022] ret_from_fork+0x116/0x1d0 [ 24.192157] ret_from_fork_asm+0x1a/0x30 [ 24.192742] [ 24.192905] The buggy address belongs to the object at ffff88810190e640 [ 24.192905] which belongs to the cache kmem_cache of size 208 [ 24.194125] The buggy address is located 0 bytes inside of [ 24.194125] freed 208-byte region [ffff88810190e640, ffff88810190e710) [ 24.195055] [ 24.195232] The buggy address belongs to the physical page: [ 24.195736] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10190e [ 24.195996] flags: 0x200000000000000(node=0|zone=2) [ 24.196450] page_type: f5(slab) [ 24.196986] raw: 0200000000000000 ffff888100041000 dead000000000100 dead000000000122 [ 24.197961] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 24.198252] page dumped because: kasan: bad access detected [ 24.198732] [ 24.198882] Memory state around the buggy address: [ 24.199333] ffff88810190e500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.199540] ffff88810190e580: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 24.199739] >ffff88810190e600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 24.199950] ^ [ 24.200606] ffff88810190e680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.201360] ffff88810190e700: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.201969] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 24.103371] ================================================================== [ 24.103887] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x3e3/0x510 [ 24.104163] Read of size 1 at addr ffff888105a16000 by task kunit_try_catch/262 [ 24.105248] [ 24.105718] CPU: 0 UID: 0 PID: 262 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 24.105782] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.105796] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.105827] Call Trace: [ 24.105844] <TASK> [ 24.105867] dump_stack_lvl+0x73/0xb0 [ 24.105904] print_report+0xd1/0x650 [ 24.105929] ? __virt_addr_valid+0x1db/0x2d0 [ 24.105954] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 24.106012] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.106038] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 24.106078] kasan_report+0x141/0x180 [ 24.106101] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 24.106139] __asan_report_load1_noabort+0x18/0x20 [ 24.106163] kmem_cache_rcu_uaf+0x3e3/0x510 [ 24.106196] ? __pfx_kmem_cache_rcu_uaf+0x10/0x10 [ 24.106219] ? finish_task_switch.isra.0+0x153/0x700 [ 24.106245] ? __switch_to+0x47/0xf50 [ 24.106275] ? __pfx_read_tsc+0x10/0x10 [ 24.106298] ? ktime_get_ts64+0x86/0x230 [ 24.106324] kunit_try_run_case+0x1a5/0x480 [ 24.106352] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.106376] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.106399] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.106421] ? __kthread_parkme+0x82/0x180 [ 24.106442] ? preempt_count_sub+0x50/0x80 [ 24.106465] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.106490] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.106514] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.106539] kthread+0x337/0x6f0 [ 24.106559] ? trace_preempt_on+0x20/0xc0 [ 24.106584] ? __pfx_kthread+0x10/0x10 [ 24.106605] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.106629] ? calculate_sigpending+0x7b/0xa0 [ 24.106654] ? __pfx_kthread+0x10/0x10 [ 24.106676] ret_from_fork+0x116/0x1d0 [ 24.106695] ? __pfx_kthread+0x10/0x10 [ 24.106716] ret_from_fork_asm+0x1a/0x30 [ 24.106747] </TASK> [ 24.106761] [ 24.117937] Allocated by task 262: [ 24.118114] kasan_save_stack+0x45/0x70 [ 24.118408] kasan_save_track+0x18/0x40 [ 24.118626] kasan_save_alloc_info+0x3b/0x50 [ 24.118820] __kasan_slab_alloc+0x91/0xa0 [ 24.118995] kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.119319] kmem_cache_rcu_uaf+0x155/0x510 [ 24.119534] kunit_try_run_case+0x1a5/0x480 [ 24.119723] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.120001] kthread+0x337/0x6f0 [ 24.120453] ret_from_fork+0x116/0x1d0 [ 24.120660] ret_from_fork_asm+0x1a/0x30 [ 24.120810] [ 24.120875] Freed by task 0: [ 24.121000] kasan_save_stack+0x45/0x70 [ 24.121298] kasan_save_track+0x18/0x40 [ 24.121519] kasan_save_free_info+0x3f/0x60 [ 24.121725] __kasan_slab_free+0x56/0x70 [ 24.121950] slab_free_after_rcu_debug+0xe4/0x310 [ 24.122136] rcu_core+0x66f/0x1c40 [ 24.122386] rcu_core_si+0x12/0x20 [ 24.122545] handle_softirqs+0x209/0x730 [ 24.122675] __irq_exit_rcu+0xc9/0x110 [ 24.122797] irq_exit_rcu+0x12/0x20 [ 24.123002] sysvec_apic_timer_interrupt+0x81/0x90 [ 24.123299] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 24.123540] [ 24.123634] Last potentially related work creation: [ 24.123849] kasan_save_stack+0x45/0x70 [ 24.124055] kasan_record_aux_stack+0xb2/0xc0 [ 24.124484] kmem_cache_free+0x131/0x420 [ 24.124707] kmem_cache_rcu_uaf+0x194/0x510 [ 24.124887] kunit_try_run_case+0x1a5/0x480 [ 24.125110] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.125453] kthread+0x337/0x6f0 [ 24.125623] ret_from_fork+0x116/0x1d0 [ 24.125791] ret_from_fork_asm+0x1a/0x30 [ 24.125929] [ 24.126019] The buggy address belongs to the object at ffff888105a16000 [ 24.126019] which belongs to the cache test_cache of size 200 [ 24.126635] The buggy address is located 0 bytes inside of [ 24.126635] freed 200-byte region [ffff888105a16000, ffff888105a160c8) [ 24.127067] [ 24.127160] The buggy address belongs to the physical page: [ 24.127506] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a16 [ 24.127877] flags: 0x200000000000000(node=0|zone=2) [ 24.128317] page_type: f5(slab) [ 24.128599] raw: 0200000000000000 ffff888101095640 dead000000000122 0000000000000000 [ 24.128953] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 24.129358] page dumped because: kasan: bad access detected [ 24.129606] [ 24.129673] Memory state around the buggy address: [ 24.129854] ffff888105a15f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.130290] ffff888105a15f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.130581] >ffff888105a16000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.130818] ^ [ 24.130974] ffff888105a16080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 24.131287] ffff888105a16100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.131529] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 24.036295] ================================================================== [ 24.037139] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 24.038013] Free of addr ffff888103b7c001 by task kunit_try_catch/260 [ 24.038482] [ 24.038671] CPU: 1 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 24.038727] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.038741] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.038765] Call Trace: [ 24.038781] <TASK> [ 24.038803] dump_stack_lvl+0x73/0xb0 [ 24.038878] print_report+0xd1/0x650 [ 24.038902] ? __virt_addr_valid+0x1db/0x2d0 [ 24.038978] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.039003] ? kmem_cache_invalid_free+0x1d8/0x460 [ 24.039028] kasan_report_invalid_free+0x10a/0x130 [ 24.039051] ? kmem_cache_invalid_free+0x1d8/0x460 [ 24.039085] ? kmem_cache_invalid_free+0x1d8/0x460 [ 24.039109] check_slab_allocation+0x11f/0x130 [ 24.039130] __kasan_slab_pre_free+0x28/0x40 [ 24.039150] kmem_cache_free+0xed/0x420 [ 24.039204] ? kasan_save_track+0x18/0x40 [ 24.039225] ? kasan_save_stack+0x45/0x70 [ 24.039243] ? kmem_cache_invalid_free+0x1d8/0x460 [ 24.039266] ? kmem_cache_invalid_free+0x157/0x460 [ 24.039291] kmem_cache_invalid_free+0x1d8/0x460 [ 24.039314] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 24.039337] ? finish_task_switch.isra.0+0x153/0x700 [ 24.039360] ? __switch_to+0x47/0xf50 [ 24.039389] ? __pfx_read_tsc+0x10/0x10 [ 24.039411] ? ktime_get_ts64+0x86/0x230 [ 24.039437] kunit_try_run_case+0x1a5/0x480 [ 24.039464] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.039487] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.039509] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.039531] ? __kthread_parkme+0x82/0x180 [ 24.039552] ? preempt_count_sub+0x50/0x80 [ 24.039574] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.039599] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.039623] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.039650] kthread+0x337/0x6f0 [ 24.039669] ? trace_preempt_on+0x20/0xc0 [ 24.039693] ? __pfx_kthread+0x10/0x10 [ 24.039713] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.039738] ? calculate_sigpending+0x7b/0xa0 [ 24.039768] ? __pfx_kthread+0x10/0x10 [ 24.039790] ret_from_fork+0x116/0x1d0 [ 24.039808] ? __pfx_kthread+0x10/0x10 [ 24.039829] ret_from_fork_asm+0x1a/0x30 [ 24.039861] </TASK> [ 24.039875] [ 24.053285] Allocated by task 260: [ 24.053619] kasan_save_stack+0x45/0x70 [ 24.054024] kasan_save_track+0x18/0x40 [ 24.054642] kasan_save_alloc_info+0x3b/0x50 [ 24.055152] __kasan_slab_alloc+0x91/0xa0 [ 24.055690] kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.056240] kmem_cache_invalid_free+0x157/0x460 [ 24.056633] kunit_try_run_case+0x1a5/0x480 [ 24.057033] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.057501] kthread+0x337/0x6f0 [ 24.057818] ret_from_fork+0x116/0x1d0 [ 24.058187] ret_from_fork_asm+0x1a/0x30 [ 24.058468] [ 24.058542] The buggy address belongs to the object at ffff888103b7c000 [ 24.058542] which belongs to the cache test_cache of size 200 [ 24.058880] The buggy address is located 1 bytes inside of [ 24.058880] 200-byte region [ffff888103b7c000, ffff888103b7c0c8) [ 24.059316] [ 24.059444] The buggy address belongs to the physical page: [ 24.059648] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103b7c [ 24.060074] flags: 0x200000000000000(node=0|zone=2) [ 24.060247] page_type: f5(slab) [ 24.060461] raw: 0200000000000000 ffff88810190e500 dead000000000122 0000000000000000 [ 24.061260] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 24.061913] page dumped because: kasan: bad access detected [ 24.062327] [ 24.062414] Memory state around the buggy address: [ 24.062880] ffff888103b7bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.063420] ffff888103b7bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.063839] >ffff888103b7c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.064398] ^ [ 24.064674] ffff888103b7c080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 24.065074] ffff888103b7c100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.065603] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 23.998011] ================================================================== [ 23.998495] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 23.998991] Free of addr ffff888105a14000 by task kunit_try_catch/258 [ 23.999368] [ 23.999513] CPU: 0 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.999582] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.999595] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.999619] Call Trace: [ 23.999634] <TASK> [ 23.999656] dump_stack_lvl+0x73/0xb0 [ 23.999690] print_report+0xd1/0x650 [ 23.999714] ? __virt_addr_valid+0x1db/0x2d0 [ 23.999741] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.999766] ? kmem_cache_double_free+0x1e5/0x480 [ 23.999791] kasan_report_invalid_free+0x10a/0x130 [ 23.999814] ? kmem_cache_double_free+0x1e5/0x480 [ 23.999839] ? kmem_cache_double_free+0x1e5/0x480 [ 24.000017] check_slab_allocation+0x101/0x130 [ 24.000056] __kasan_slab_pre_free+0x28/0x40 [ 24.000086] kmem_cache_free+0xed/0x420 [ 24.000112] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.000136] ? kmem_cache_double_free+0x1e5/0x480 [ 24.000162] kmem_cache_double_free+0x1e5/0x480 [ 24.000310] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 24.000341] ? finish_task_switch.isra.0+0x153/0x700 [ 24.000365] ? __switch_to+0x47/0xf50 [ 24.000504] ? __pfx_read_tsc+0x10/0x10 [ 24.000528] ? ktime_get_ts64+0x86/0x230 [ 24.000639] kunit_try_run_case+0x1a5/0x480 [ 24.000668] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.000691] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.000714] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.000735] ? __kthread_parkme+0x82/0x180 [ 24.000756] ? preempt_count_sub+0x50/0x80 [ 24.000779] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.000803] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.000827] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.000850] kthread+0x337/0x6f0 [ 24.000870] ? trace_preempt_on+0x20/0xc0 [ 24.000894] ? __pfx_kthread+0x10/0x10 [ 24.000914] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.000957] ? calculate_sigpending+0x7b/0xa0 [ 24.000983] ? __pfx_kthread+0x10/0x10 [ 24.001004] ret_from_fork+0x116/0x1d0 [ 24.001024] ? __pfx_kthread+0x10/0x10 [ 24.001044] ret_from_fork_asm+0x1a/0x30 [ 24.001086] </TASK> [ 24.001099] [ 24.011160] Allocated by task 258: [ 24.011391] kasan_save_stack+0x45/0x70 [ 24.011633] kasan_save_track+0x18/0x40 [ 24.011910] kasan_save_alloc_info+0x3b/0x50 [ 24.012085] __kasan_slab_alloc+0x91/0xa0 [ 24.012356] kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.012675] kmem_cache_double_free+0x14f/0x480 [ 24.012922] kunit_try_run_case+0x1a5/0x480 [ 24.013151] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.013348] kthread+0x337/0x6f0 [ 24.013463] ret_from_fork+0x116/0x1d0 [ 24.013630] ret_from_fork_asm+0x1a/0x30 [ 24.013816] [ 24.013909] Freed by task 258: [ 24.014057] kasan_save_stack+0x45/0x70 [ 24.014367] kasan_save_track+0x18/0x40 [ 24.014496] kasan_save_free_info+0x3f/0x60 [ 24.014649] __kasan_slab_free+0x56/0x70 [ 24.014837] kmem_cache_free+0x249/0x420 [ 24.015463] kmem_cache_double_free+0x16a/0x480 [ 24.015682] kunit_try_run_case+0x1a5/0x480 [ 24.015900] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.016096] kthread+0x337/0x6f0 [ 24.016221] ret_from_fork+0x116/0x1d0 [ 24.016449] ret_from_fork_asm+0x1a/0x30 [ 24.016828] [ 24.017152] The buggy address belongs to the object at ffff888105a14000 [ 24.017152] which belongs to the cache test_cache of size 200 [ 24.018535] The buggy address is located 0 bytes inside of [ 24.018535] 200-byte region [ffff888105a14000, ffff888105a140c8) [ 24.019184] [ 24.019355] The buggy address belongs to the physical page: [ 24.019589] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a14 [ 24.019874] flags: 0x200000000000000(node=0|zone=2) [ 24.020118] page_type: f5(slab) [ 24.020367] raw: 0200000000000000 ffff888101095500 dead000000000122 0000000000000000 [ 24.020647] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 24.020963] page dumped because: kasan: bad access detected [ 24.021162] [ 24.021229] Memory state around the buggy address: [ 24.021465] ffff888105a13f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.021733] ffff888105a13f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.022180] >ffff888105a14000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.022639] ^ [ 24.022814] ffff888105a14080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 24.023119] ffff888105a14100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.023410] ==================================================================
Failure - log-parser-boot - oops-oops-general-protection-fault-probably-for-non-canonical-address-smp-kasan-pti
[ 121.879231] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 58.964209] ================================================================== [ 58.964606] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0 [ 58.964606] [ 58.964924] Use-after-free read at 0x(____ptrval____) (in kfence-#150): [ 58.965261] test_krealloc+0x6fc/0xbe0 [ 58.965888] kunit_try_run_case+0x1a5/0x480 [ 58.966159] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 58.966413] kthread+0x337/0x6f0 [ 58.966558] ret_from_fork+0x116/0x1d0 [ 58.966752] ret_from_fork_asm+0x1a/0x30 [ 58.966918] [ 58.967397] kfence-#150: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 58.967397] [ 58.967768] allocated by task 386 on cpu 0 at 58.963576s (0.004190s ago): [ 58.968319] test_alloc+0x364/0x10f0 [ 58.968502] test_krealloc+0xad/0xbe0 [ 58.968659] kunit_try_run_case+0x1a5/0x480 [ 58.968838] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 58.969046] kthread+0x337/0x6f0 [ 58.969262] ret_from_fork+0x116/0x1d0 [ 58.969412] ret_from_fork_asm+0x1a/0x30 [ 58.969574] [ 58.969665] freed by task 386 on cpu 0 at 58.963812s (0.005850s ago): [ 58.969905] krealloc_noprof+0x108/0x340 [ 58.970110] test_krealloc+0x226/0xbe0 [ 58.970723] kunit_try_run_case+0x1a5/0x480 [ 58.970885] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 58.971214] kthread+0x337/0x6f0 [ 58.971386] ret_from_fork+0x116/0x1d0 [ 58.971560] ret_from_fork_asm+0x1a/0x30 [ 58.971716] [ 58.971846] CPU: 0 UID: 0 PID: 386 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 58.972680] Tainted: [B]=BAD_PAGE, [N]=TEST [ 58.972875] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 58.973420] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 58.880170] ================================================================== [ 58.880647] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 58.880647] [ 58.881066] Use-after-free read at 0x(____ptrval____) (in kfence-#149): [ 58.881464] test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 58.881673] kunit_try_run_case+0x1a5/0x480 [ 58.881843] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 58.882133] kthread+0x337/0x6f0 [ 58.882832] ret_from_fork+0x116/0x1d0 [ 58.882987] ret_from_fork_asm+0x1a/0x30 [ 58.883278] [ 58.883377] kfence-#149: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 58.883377] [ 58.883746] allocated by task 384 on cpu 1 at 58.859490s (0.024254s ago): [ 58.884446] test_alloc+0x2a6/0x10f0 [ 58.884788] test_memcache_typesafe_by_rcu+0x16f/0x670 [ 58.885126] kunit_try_run_case+0x1a5/0x480 [ 58.885300] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 58.885677] kthread+0x337/0x6f0 [ 58.885850] ret_from_fork+0x116/0x1d0 [ 58.886016] ret_from_fork_asm+0x1a/0x30 [ 58.886392] [ 58.886470] freed by task 384 on cpu 1 at 58.859633s (0.026834s ago): [ 58.886753] test_memcache_typesafe_by_rcu+0x1bf/0x670 [ 58.887137] kunit_try_run_case+0x1a5/0x480 [ 58.887330] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 58.887685] kthread+0x337/0x6f0 [ 58.887917] ret_from_fork+0x116/0x1d0 [ 58.888184] ret_from_fork_asm+0x1a/0x30 [ 58.888372] [ 58.888484] CPU: 1 UID: 0 PID: 384 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 58.888891] Tainted: [B]=BAD_PAGE, [N]=TEST [ 58.889163] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 58.889516] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 34.018421] ================================================================== [ 34.018931] BUG: KFENCE: invalid read in test_invalid_access+0xf0/0x210 [ 34.018931] [ 34.019520] Invalid read at 0x(____ptrval____): [ 34.019844] test_invalid_access+0xf0/0x210 [ 34.020011] kunit_try_run_case+0x1a5/0x480 [ 34.020219] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.020495] kthread+0x337/0x6f0 [ 34.020672] ret_from_fork+0x116/0x1d0 [ 34.020857] ret_from_fork_asm+0x1a/0x30 [ 34.021203] [ 34.021391] CPU: 0 UID: 0 PID: 380 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 34.021882] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.022114] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.022485] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 33.795860] ================================================================== [ 33.796324] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x24f/0x340 [ 33.796324] [ 33.796755] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#145): [ 33.797354] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 33.797530] kunit_try_run_case+0x1a5/0x480 [ 33.797947] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.798209] kthread+0x337/0x6f0 [ 33.798400] ret_from_fork+0x116/0x1d0 [ 33.798559] ret_from_fork_asm+0x1a/0x30 [ 33.798692] [ 33.798762] kfence-#145: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 33.798762] [ 33.799471] allocated by task 374 on cpu 1 at 33.795572s (0.003897s ago): [ 33.799770] test_alloc+0x364/0x10f0 [ 33.799963] test_kmalloc_aligned_oob_write+0xc8/0x340 [ 33.800207] kunit_try_run_case+0x1a5/0x480 [ 33.800379] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.800572] kthread+0x337/0x6f0 [ 33.800753] ret_from_fork+0x116/0x1d0 [ 33.800962] ret_from_fork_asm+0x1a/0x30 [ 33.801157] [ 33.801225] freed by task 374 on cpu 1 at 33.795733s (0.005489s ago): [ 33.801430] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 33.801649] kunit_try_run_case+0x1a5/0x480 [ 33.801856] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.802226] kthread+0x337/0x6f0 [ 33.802351] ret_from_fork+0x116/0x1d0 [ 33.802473] ret_from_fork_asm+0x1a/0x30 [ 33.802602] [ 33.802695] CPU: 1 UID: 0 PID: 374 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 33.803364] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.803568] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.803995] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 33.691807] ================================================================== [ 33.692222] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x27e/0x560 [ 33.692222] [ 33.692672] Out-of-bounds read at 0x(____ptrval____) (105B right of kfence-#144): [ 33.693140] test_kmalloc_aligned_oob_read+0x27e/0x560 [ 33.693392] kunit_try_run_case+0x1a5/0x480 [ 33.693676] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.693863] kthread+0x337/0x6f0 [ 33.693995] ret_from_fork+0x116/0x1d0 [ 33.694240] ret_from_fork_asm+0x1a/0x30 [ 33.694488] [ 33.694601] kfence-#144: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 33.694601] [ 33.695626] allocated by task 372 on cpu 0 at 33.691555s (0.004067s ago): [ 33.696085] test_alloc+0x364/0x10f0 [ 33.696479] test_kmalloc_aligned_oob_read+0x105/0x560 [ 33.696693] kunit_try_run_case+0x1a5/0x480 [ 33.696895] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.697127] kthread+0x337/0x6f0 [ 33.697298] ret_from_fork+0x116/0x1d0 [ 33.697473] ret_from_fork_asm+0x1a/0x30 [ 33.697648] [ 33.697772] CPU: 0 UID: 0 PID: 372 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 33.698356] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.698559] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.698935] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-test_corruption
[ 29.219813] ================================================================== [ 29.220234] BUG: KFENCE: memory corruption in test_corruption+0x2d2/0x3e0 [ 29.220234] [ 29.220671] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#101): [ 29.221518] test_corruption+0x2d2/0x3e0 [ 29.221700] kunit_try_run_case+0x1a5/0x480 [ 29.221849] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.222274] kthread+0x337/0x6f0 [ 29.222450] ret_from_fork+0x116/0x1d0 [ 29.222706] ret_from_fork_asm+0x1a/0x30 [ 29.222871] [ 29.222954] kfence-#101: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 29.222954] [ 29.223347] allocated by task 360 on cpu 1 at 29.219537s (0.003807s ago): [ 29.223636] test_alloc+0x364/0x10f0 [ 29.223821] test_corruption+0xe6/0x3e0 [ 29.224008] kunit_try_run_case+0x1a5/0x480 [ 29.224171] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.224440] kthread+0x337/0x6f0 [ 29.224591] ret_from_fork+0x116/0x1d0 [ 29.224720] ret_from_fork_asm+0x1a/0x30 [ 29.224855] [ 29.224923] freed by task 360 on cpu 1 at 29.219620s (0.005300s ago): [ 29.225240] test_corruption+0x2d2/0x3e0 [ 29.225453] kunit_try_run_case+0x1a5/0x480 [ 29.225674] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.226306] kthread+0x337/0x6f0 [ 29.226594] ret_from_fork+0x116/0x1d0 [ 29.227104] ret_from_fork_asm+0x1a/0x30 [ 29.227287] [ 29.227415] CPU: 1 UID: 0 PID: 360 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 29.228241] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.228519] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.229052] ================================================================== [ 29.323860] ================================================================== [ 29.324307] BUG: KFENCE: memory corruption in test_corruption+0x2df/0x3e0 [ 29.324307] [ 29.324859] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#102): [ 29.325619] test_corruption+0x2df/0x3e0 [ 29.325853] kunit_try_run_case+0x1a5/0x480 [ 29.326072] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.326531] kthread+0x337/0x6f0 [ 29.326730] ret_from_fork+0x116/0x1d0 [ 29.327161] ret_from_fork_asm+0x1a/0x30 [ 29.327370] [ 29.327602] kfence-#102: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 29.327602] [ 29.328008] allocated by task 360 on cpu 1 at 29.323567s (0.004438s ago): [ 29.328336] test_alloc+0x364/0x10f0 [ 29.328505] test_corruption+0x1cb/0x3e0 [ 29.328671] kunit_try_run_case+0x1a5/0x480 [ 29.328867] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.329485] kthread+0x337/0x6f0 [ 29.329632] ret_from_fork+0x116/0x1d0 [ 29.329992] ret_from_fork_asm+0x1a/0x30 [ 29.330304] [ 29.330382] freed by task 360 on cpu 1 at 29.323691s (0.006688s ago): [ 29.330838] test_corruption+0x2df/0x3e0 [ 29.331129] kunit_try_run_case+0x1a5/0x480 [ 29.331437] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.331767] kthread+0x337/0x6f0 [ 29.331908] ret_from_fork+0x116/0x1d0 [ 29.332132] ret_from_fork_asm+0x1a/0x30 [ 29.332565] [ 29.332702] CPU: 1 UID: 0 PID: 360 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 29.333423] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.333625] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.334202] ================================================================== [ 29.635652] ================================================================== [ 29.636157] BUG: KFENCE: memory corruption in test_corruption+0x131/0x3e0 [ 29.636157] [ 29.636472] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#105): [ 29.637157] test_corruption+0x131/0x3e0 [ 29.637350] kunit_try_run_case+0x1a5/0x480 [ 29.637584] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.637781] kthread+0x337/0x6f0 [ 29.637947] ret_from_fork+0x116/0x1d0 [ 29.638124] ret_from_fork_asm+0x1a/0x30 [ 29.638326] [ 29.638424] kfence-#105: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 29.638424] [ 29.638779] allocated by task 362 on cpu 0 at 29.635518s (0.003259s ago): [ 29.639056] test_alloc+0x2a6/0x10f0 [ 29.639338] test_corruption+0xe6/0x3e0 [ 29.639509] kunit_try_run_case+0x1a5/0x480 [ 29.639682] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.639850] kthread+0x337/0x6f0 [ 29.639965] ret_from_fork+0x116/0x1d0 [ 29.640105] ret_from_fork_asm+0x1a/0x30 [ 29.640464] [ 29.640559] freed by task 362 on cpu 0 at 29.635565s (0.004991s ago): [ 29.640855] test_corruption+0x131/0x3e0 [ 29.641014] kunit_try_run_case+0x1a5/0x480 [ 29.641161] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.641326] kthread+0x337/0x6f0 [ 29.641506] ret_from_fork+0x116/0x1d0 [ 29.641690] ret_from_fork_asm+0x1a/0x30 [ 29.641887] [ 29.642041] CPU: 0 UID: 0 PID: 362 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 29.642588] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.642772] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.643114] ================================================================== [ 29.843669] ================================================================== [ 29.844143] BUG: KFENCE: memory corruption in test_corruption+0x216/0x3e0 [ 29.844143] [ 29.844491] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#107): [ 29.845035] test_corruption+0x216/0x3e0 [ 29.845241] kunit_try_run_case+0x1a5/0x480 [ 29.845427] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.845640] kthread+0x337/0x6f0 [ 29.845765] ret_from_fork+0x116/0x1d0 [ 29.845905] ret_from_fork_asm+0x1a/0x30 [ 29.846134] [ 29.846236] kfence-#107: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 29.846236] [ 29.846627] allocated by task 362 on cpu 0 at 29.843520s (0.003104s ago): [ 29.846883] test_alloc+0x2a6/0x10f0 [ 29.847202] test_corruption+0x1cb/0x3e0 [ 29.847395] kunit_try_run_case+0x1a5/0x480 [ 29.847551] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.847791] kthread+0x337/0x6f0 [ 29.847945] ret_from_fork+0x116/0x1d0 [ 29.848144] ret_from_fork_asm+0x1a/0x30 [ 29.848328] [ 29.848403] freed by task 362 on cpu 0 at 29.843580s (0.004821s ago): [ 29.848645] test_corruption+0x216/0x3e0 [ 29.848779] kunit_try_run_case+0x1a5/0x480 [ 29.848922] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.849153] kthread+0x337/0x6f0 [ 29.849321] ret_from_fork+0x116/0x1d0 [ 29.849688] ret_from_fork_asm+0x1a/0x30 [ 29.849888] [ 29.850000] CPU: 0 UID: 0 PID: 362 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 29.850366] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.850720] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.851396] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 29.011684] ================================================================== [ 29.012202] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1e1/0x260 [ 29.012202] [ 29.012528] Invalid free of 0x(____ptrval____) (in kfence-#99): [ 29.012812] test_invalid_addr_free+0x1e1/0x260 [ 29.012995] kunit_try_run_case+0x1a5/0x480 [ 29.013205] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.013459] kthread+0x337/0x6f0 [ 29.013631] ret_from_fork+0x116/0x1d0 [ 29.013794] ret_from_fork_asm+0x1a/0x30 [ 29.013985] [ 29.014093] kfence-#99: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 29.014093] [ 29.014379] allocated by task 356 on cpu 0 at 29.011531s (0.002845s ago): [ 29.014707] test_alloc+0x364/0x10f0 [ 29.014878] test_invalid_addr_free+0xdb/0x260 [ 29.015079] kunit_try_run_case+0x1a5/0x480 [ 29.015219] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.015464] kthread+0x337/0x6f0 [ 29.015628] ret_from_fork+0x116/0x1d0 [ 29.015798] ret_from_fork_asm+0x1a/0x30 [ 29.015931] [ 29.016023] CPU: 0 UID: 0 PID: 356 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 29.016548] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.016749] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.017568] ================================================================== [ 29.115701] ================================================================== [ 29.116200] BUG: KFENCE: invalid free in test_invalid_addr_free+0xfb/0x260 [ 29.116200] [ 29.116487] Invalid free of 0x(____ptrval____) (in kfence-#100): [ 29.116768] test_invalid_addr_free+0xfb/0x260 [ 29.116965] kunit_try_run_case+0x1a5/0x480 [ 29.117126] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.117497] kthread+0x337/0x6f0 [ 29.117757] ret_from_fork+0x116/0x1d0 [ 29.117905] ret_from_fork_asm+0x1a/0x30 [ 29.118044] [ 29.118151] kfence-#100: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 29.118151] [ 29.118525] allocated by task 358 on cpu 0 at 29.115552s (0.002970s ago): [ 29.118814] test_alloc+0x2a6/0x10f0 [ 29.119025] test_invalid_addr_free+0xdb/0x260 [ 29.119217] kunit_try_run_case+0x1a5/0x480 [ 29.119362] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.119582] kthread+0x337/0x6f0 [ 29.119748] ret_from_fork+0x116/0x1d0 [ 29.120031] ret_from_fork_asm+0x1a/0x30 [ 29.120484] [ 29.121220] CPU: 0 UID: 0 PID: 358 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 29.121844] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.122177] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.122642] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 27.293396] ================================================================== [ 27.294085] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 27.294781] Write of size 121 at addr ffff88810255ef00 by task kunit_try_catch/334 [ 27.295474] [ 27.295660] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.295725] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.295741] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.295766] Call Trace: [ 27.295800] <TASK> [ 27.295823] dump_stack_lvl+0x73/0xb0 [ 27.295856] print_report+0xd1/0x650 [ 27.295881] ? __virt_addr_valid+0x1db/0x2d0 [ 27.295907] ? strncpy_from_user+0x2e/0x1d0 [ 27.295931] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.295958] ? strncpy_from_user+0x2e/0x1d0 [ 27.295982] kasan_report+0x141/0x180 [ 27.296005] ? strncpy_from_user+0x2e/0x1d0 [ 27.296047] kasan_check_range+0x10c/0x1c0 [ 27.296082] __kasan_check_write+0x18/0x20 [ 27.296106] strncpy_from_user+0x2e/0x1d0 [ 27.296129] ? __kasan_check_read+0x15/0x20 [ 27.296155] copy_user_test_oob+0x760/0x10f0 [ 27.296182] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.296205] ? finish_task_switch.isra.0+0x153/0x700 [ 27.296230] ? __switch_to+0x47/0xf50 [ 27.296257] ? __schedule+0x10cc/0x2b60 [ 27.296280] ? __pfx_read_tsc+0x10/0x10 [ 27.296302] ? ktime_get_ts64+0x86/0x230 [ 27.296329] kunit_try_run_case+0x1a5/0x480 [ 27.296356] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.296381] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.296403] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.296427] ? __kthread_parkme+0x82/0x180 [ 27.296450] ? preempt_count_sub+0x50/0x80 [ 27.296475] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.296501] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.296527] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.296553] kthread+0x337/0x6f0 [ 27.296575] ? trace_preempt_on+0x20/0xc0 [ 27.296599] ? __pfx_kthread+0x10/0x10 [ 27.296621] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.296647] ? calculate_sigpending+0x7b/0xa0 [ 27.296672] ? __pfx_kthread+0x10/0x10 [ 27.296695] ret_from_fork+0x116/0x1d0 [ 27.296716] ? __pfx_kthread+0x10/0x10 [ 27.296738] ret_from_fork_asm+0x1a/0x30 [ 27.296770] </TASK> [ 27.296783] [ 27.310362] Allocated by task 334: [ 27.310833] kasan_save_stack+0x45/0x70 [ 27.311335] kasan_save_track+0x18/0x40 [ 27.311619] kasan_save_alloc_info+0x3b/0x50 [ 27.311773] __kasan_kmalloc+0xb7/0xc0 [ 27.311895] __kmalloc_noprof+0x1c9/0x500 [ 27.312444] kunit_kmalloc_array+0x25/0x60 [ 27.312899] copy_user_test_oob+0xab/0x10f0 [ 27.313428] kunit_try_run_case+0x1a5/0x480 [ 27.313906] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.314378] kthread+0x337/0x6f0 [ 27.314504] ret_from_fork+0x116/0x1d0 [ 27.314630] ret_from_fork_asm+0x1a/0x30 [ 27.314761] [ 27.314827] The buggy address belongs to the object at ffff88810255ef00 [ 27.314827] which belongs to the cache kmalloc-128 of size 128 [ 27.316092] The buggy address is located 0 bytes inside of [ 27.316092] allocated 120-byte region [ffff88810255ef00, ffff88810255ef78) [ 27.316620] [ 27.316698] The buggy address belongs to the physical page: [ 27.316868] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10255e [ 27.317763] flags: 0x200000000000000(node=0|zone=2) [ 27.318342] page_type: f5(slab) [ 27.318732] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.319481] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.320189] page dumped because: kasan: bad access detected [ 27.320672] [ 27.320746] Memory state around the buggy address: [ 27.320896] ffff88810255ee00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.321672] ffff88810255ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.322452] >ffff88810255ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.322809] ^ [ 27.323311] ffff88810255ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.324018] ffff88810255f000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.324620] ================================================================== [ 27.325400] ================================================================== [ 27.325705] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 27.326161] Write of size 1 at addr ffff88810255ef78 by task kunit_try_catch/334 [ 27.326397] [ 27.326678] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.326743] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.326758] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.326783] Call Trace: [ 27.326807] <TASK> [ 27.326829] dump_stack_lvl+0x73/0xb0 [ 27.326861] print_report+0xd1/0x650 [ 27.326886] ? __virt_addr_valid+0x1db/0x2d0 [ 27.326912] ? strncpy_from_user+0x1a5/0x1d0 [ 27.327110] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.327142] ? strncpy_from_user+0x1a5/0x1d0 [ 27.327167] kasan_report+0x141/0x180 [ 27.327190] ? strncpy_from_user+0x1a5/0x1d0 [ 27.327219] __asan_report_store1_noabort+0x1b/0x30 [ 27.327245] strncpy_from_user+0x1a5/0x1d0 [ 27.327271] copy_user_test_oob+0x760/0x10f0 [ 27.327297] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.327321] ? finish_task_switch.isra.0+0x153/0x700 [ 27.327346] ? __switch_to+0x47/0xf50 [ 27.327374] ? __schedule+0x10cc/0x2b60 [ 27.327397] ? __pfx_read_tsc+0x10/0x10 [ 27.327420] ? ktime_get_ts64+0x86/0x230 [ 27.327447] kunit_try_run_case+0x1a5/0x480 [ 27.327473] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.327499] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.327522] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.327545] ? __kthread_parkme+0x82/0x180 [ 27.327568] ? preempt_count_sub+0x50/0x80 [ 27.327591] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.327617] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.327642] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.327669] kthread+0x337/0x6f0 [ 27.327690] ? trace_preempt_on+0x20/0xc0 [ 27.327716] ? __pfx_kthread+0x10/0x10 [ 27.327738] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.327763] ? calculate_sigpending+0x7b/0xa0 [ 27.327789] ? __pfx_kthread+0x10/0x10 [ 27.327812] ret_from_fork+0x116/0x1d0 [ 27.327833] ? __pfx_kthread+0x10/0x10 [ 27.327855] ret_from_fork_asm+0x1a/0x30 [ 27.327888] </TASK> [ 27.327903] [ 27.337725] Allocated by task 334: [ 27.338217] kasan_save_stack+0x45/0x70 [ 27.338487] kasan_save_track+0x18/0x40 [ 27.338673] kasan_save_alloc_info+0x3b/0x50 [ 27.338977] __kasan_kmalloc+0xb7/0xc0 [ 27.339257] __kmalloc_noprof+0x1c9/0x500 [ 27.339530] kunit_kmalloc_array+0x25/0x60 [ 27.339795] copy_user_test_oob+0xab/0x10f0 [ 27.339979] kunit_try_run_case+0x1a5/0x480 [ 27.340384] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.340652] kthread+0x337/0x6f0 [ 27.340890] ret_from_fork+0x116/0x1d0 [ 27.341177] ret_from_fork_asm+0x1a/0x30 [ 27.341350] [ 27.341446] The buggy address belongs to the object at ffff88810255ef00 [ 27.341446] which belongs to the cache kmalloc-128 of size 128 [ 27.342238] The buggy address is located 0 bytes to the right of [ 27.342238] allocated 120-byte region [ffff88810255ef00, ffff88810255ef78) [ 27.342713] [ 27.342884] The buggy address belongs to the physical page: [ 27.343174] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10255e [ 27.343636] flags: 0x200000000000000(node=0|zone=2) [ 27.343809] page_type: f5(slab) [ 27.344100] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.344552] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.344864] page dumped because: kasan: bad access detected [ 27.345251] [ 27.345332] Memory state around the buggy address: [ 27.345521] ffff88810255ee00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.345990] ffff88810255ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.346322] >ffff88810255ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.347004] ^ [ 27.347280] ffff88810255ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.347488] ffff88810255f000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.347688] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-free-in-test_double_free
[ 28.803832] ================================================================== [ 28.804317] BUG: KFENCE: invalid free in test_double_free+0x1d3/0x260 [ 28.804317] [ 28.804834] Invalid free of 0x(____ptrval____) (in kfence-#97): [ 28.805241] test_double_free+0x1d3/0x260 [ 28.805517] kunit_try_run_case+0x1a5/0x480 [ 28.806212] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.806453] kthread+0x337/0x6f0 [ 28.806883] ret_from_fork+0x116/0x1d0 [ 28.807075] ret_from_fork_asm+0x1a/0x30 [ 28.807297] [ 28.807411] kfence-#97: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 28.807411] [ 28.807866] allocated by task 352 on cpu 1 at 28.803543s (0.004320s ago): [ 28.808499] test_alloc+0x364/0x10f0 [ 28.808901] test_double_free+0xdb/0x260 [ 28.809203] kunit_try_run_case+0x1a5/0x480 [ 28.809397] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.809672] kthread+0x337/0x6f0 [ 28.810015] ret_from_fork+0x116/0x1d0 [ 28.810288] ret_from_fork_asm+0x1a/0x30 [ 28.810495] [ 28.810580] freed by task 352 on cpu 1 at 28.803605s (0.006972s ago): [ 28.811131] test_double_free+0x1e0/0x260 [ 28.811327] kunit_try_run_case+0x1a5/0x480 [ 28.811683] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.812033] kthread+0x337/0x6f0 [ 28.812229] ret_from_fork+0x116/0x1d0 [ 28.812518] ret_from_fork_asm+0x1a/0x30 [ 28.812798] [ 28.812941] CPU: 1 UID: 0 PID: 352 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 28.813445] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.813623] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.814233] ================================================================== [ 28.907689] ================================================================== [ 28.908128] BUG: KFENCE: invalid free in test_double_free+0x112/0x260 [ 28.908128] [ 28.908438] Invalid free of 0x(____ptrval____) (in kfence-#98): [ 28.908741] test_double_free+0x112/0x260 [ 28.908910] kunit_try_run_case+0x1a5/0x480 [ 28.909135] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.909325] kthread+0x337/0x6f0 [ 28.909493] ret_from_fork+0x116/0x1d0 [ 28.909675] ret_from_fork_asm+0x1a/0x30 [ 28.909851] [ 28.909921] kfence-#98: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 28.909921] [ 28.910300] allocated by task 354 on cpu 0 at 28.907470s (0.002828s ago): [ 28.910585] test_alloc+0x2a6/0x10f0 [ 28.910712] test_double_free+0xdb/0x260 [ 28.910847] kunit_try_run_case+0x1a5/0x480 [ 28.911047] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.911355] kthread+0x337/0x6f0 [ 28.911527] ret_from_fork+0x116/0x1d0 [ 28.911674] ret_from_fork_asm+0x1a/0x30 [ 28.911808] [ 28.911874] freed by task 354 on cpu 0 at 28.907522s (0.004350s ago): [ 28.912265] test_double_free+0xfa/0x260 [ 28.912460] kunit_try_run_case+0x1a5/0x480 [ 28.912665] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.912874] kthread+0x337/0x6f0 [ 28.913030] ret_from_fork+0x116/0x1d0 [ 28.913166] ret_from_fork_asm+0x1a/0x30 [ 28.913461] [ 28.913577] CPU: 0 UID: 0 PID: 354 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 28.914007] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.914154] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.914456] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 28.491710] ================================================================== [ 28.492244] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 28.492244] [ 28.492588] Use-after-free read at 0x(____ptrval____) (in kfence-#94): [ 28.492887] test_use_after_free_read+0x129/0x270 [ 28.493047] kunit_try_run_case+0x1a5/0x480 [ 28.493270] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.493557] kthread+0x337/0x6f0 [ 28.493718] ret_from_fork+0x116/0x1d0 [ 28.493853] ret_from_fork_asm+0x1a/0x30 [ 28.494026] [ 28.494131] kfence-#94: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 28.494131] [ 28.494969] allocated by task 346 on cpu 0 at 28.491563s (0.003402s ago): [ 28.495236] test_alloc+0x2a6/0x10f0 [ 28.495388] test_use_after_free_read+0xdc/0x270 [ 28.495557] kunit_try_run_case+0x1a5/0x480 [ 28.495766] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.495939] kthread+0x337/0x6f0 [ 28.496079] ret_from_fork+0x116/0x1d0 [ 28.496265] ret_from_fork_asm+0x1a/0x30 [ 28.496548] [ 28.496639] freed by task 346 on cpu 0 at 28.491621s (0.005015s ago): [ 28.496908] test_use_after_free_read+0xfb/0x270 [ 28.497164] kunit_try_run_case+0x1a5/0x480 [ 28.497358] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.497585] kthread+0x337/0x6f0 [ 28.497740] ret_from_fork+0x116/0x1d0 [ 28.497916] ret_from_fork_asm+0x1a/0x30 [ 28.498181] [ 28.498303] CPU: 0 UID: 0 PID: 346 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 28.498780] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.498975] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.499251] ================================================================== [ 28.387833] ================================================================== [ 28.388349] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 28.388349] [ 28.389118] Use-after-free read at 0x(____ptrval____) (in kfence-#93): [ 28.389389] test_use_after_free_read+0x129/0x270 [ 28.389617] kunit_try_run_case+0x1a5/0x480 [ 28.389804] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.390476] kthread+0x337/0x6f0 [ 28.390638] ret_from_fork+0x116/0x1d0 [ 28.390827] ret_from_fork_asm+0x1a/0x30 [ 28.391287] [ 28.391389] kfence-#93: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 28.391389] [ 28.391916] allocated by task 344 on cpu 1 at 28.387561s (0.004352s ago): [ 28.392273] test_alloc+0x364/0x10f0 [ 28.392438] test_use_after_free_read+0xdc/0x270 [ 28.392641] kunit_try_run_case+0x1a5/0x480 [ 28.392822] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.393048] kthread+0x337/0x6f0 [ 28.393568] ret_from_fork+0x116/0x1d0 [ 28.393733] ret_from_fork_asm+0x1a/0x30 [ 28.394046] [ 28.394484] freed by task 344 on cpu 1 at 28.387655s (0.006659s ago): [ 28.394839] test_use_after_free_read+0x1e7/0x270 [ 28.395173] kunit_try_run_case+0x1a5/0x480 [ 28.395386] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.395728] kthread+0x337/0x6f0 [ 28.395961] ret_from_fork+0x116/0x1d0 [ 28.396236] ret_from_fork_asm+0x1a/0x30 [ 28.396527] [ 28.396665] CPU: 1 UID: 0 PID: 344 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 28.397359] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.397545] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.398094] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 28.283621] ================================================================== [ 28.284128] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 28.284128] [ 28.284617] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#92): [ 28.284951] test_out_of_bounds_write+0x10d/0x260 [ 28.285200] kunit_try_run_case+0x1a5/0x480 [ 28.285366] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.285535] kthread+0x337/0x6f0 [ 28.285682] ret_from_fork+0x116/0x1d0 [ 28.285892] ret_from_fork_asm+0x1a/0x30 [ 28.286126] [ 28.286228] kfence-#92: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 28.286228] [ 28.286654] allocated by task 342 on cpu 0 at 28.283549s (0.003102s ago): [ 28.286952] test_alloc+0x2a6/0x10f0 [ 28.287116] test_out_of_bounds_write+0xd4/0x260 [ 28.287263] kunit_try_run_case+0x1a5/0x480 [ 28.287488] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.287741] kthread+0x337/0x6f0 [ 28.287958] ret_from_fork+0x116/0x1d0 [ 28.288132] ret_from_fork_asm+0x1a/0x30 [ 28.288343] [ 28.288444] CPU: 0 UID: 0 PID: 342 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 28.288864] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.289070] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.289445] ================================================================== [ 27.971689] ================================================================== [ 27.972196] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 27.972196] [ 27.972578] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#89): [ 27.972888] test_out_of_bounds_write+0x10d/0x260 [ 27.973109] kunit_try_run_case+0x1a5/0x480 [ 27.973756] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.974051] kthread+0x337/0x6f0 [ 27.974252] ret_from_fork+0x116/0x1d0 [ 27.974403] ret_from_fork_asm+0x1a/0x30 [ 27.974599] [ 27.974705] kfence-#89: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 27.974705] [ 27.975566] allocated by task 340 on cpu 1 at 27.971534s (0.004028s ago): [ 27.975846] test_alloc+0x364/0x10f0 [ 27.976255] test_out_of_bounds_write+0xd4/0x260 [ 27.976548] kunit_try_run_case+0x1a5/0x480 [ 27.976709] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.977200] kthread+0x337/0x6f0 [ 27.977391] ret_from_fork+0x116/0x1d0 [ 27.977780] ret_from_fork_asm+0x1a/0x30 [ 27.977957] [ 27.978226] CPU: 1 UID: 0 PID: 340 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.978700] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.978869] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.979479] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 27.867624] ================================================================== [ 27.868087] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 27.868087] [ 27.868469] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#88): [ 27.868773] test_out_of_bounds_read+0x216/0x4e0 [ 27.869048] kunit_try_run_case+0x1a5/0x480 [ 27.869261] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.869433] kthread+0x337/0x6f0 [ 27.869593] ret_from_fork+0x116/0x1d0 [ 27.869783] ret_from_fork_asm+0x1a/0x30 [ 27.869971] [ 27.870040] kfence-#88: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 27.870040] [ 27.870531] allocated by task 338 on cpu 1 at 27.867566s (0.002963s ago): [ 27.870846] test_alloc+0x2a6/0x10f0 [ 27.871126] test_out_of_bounds_read+0x1e2/0x4e0 [ 27.871327] kunit_try_run_case+0x1a5/0x480 [ 27.871505] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.871673] kthread+0x337/0x6f0 [ 27.871817] ret_from_fork+0x116/0x1d0 [ 27.871995] ret_from_fork_asm+0x1a/0x30 [ 27.872240] [ 27.872359] CPU: 1 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.872719] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.872916] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.873338] ================================================================== [ 27.659759] ================================================================== [ 27.660428] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 27.660428] [ 27.660833] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#86): [ 27.661273] test_out_of_bounds_read+0x216/0x4e0 [ 27.661531] kunit_try_run_case+0x1a5/0x480 [ 27.661683] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.661926] kthread+0x337/0x6f0 [ 27.662118] ret_from_fork+0x116/0x1d0 [ 27.662410] ret_from_fork_asm+0x1a/0x30 [ 27.662553] [ 27.662675] kfence-#86: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 27.662675] [ 27.663082] allocated by task 336 on cpu 1 at 27.659545s (0.003534s ago): [ 27.663321] test_alloc+0x364/0x10f0 [ 27.663517] test_out_of_bounds_read+0x1e2/0x4e0 [ 27.663751] kunit_try_run_case+0x1a5/0x480 [ 27.664015] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.664274] kthread+0x337/0x6f0 [ 27.664431] ret_from_fork+0x116/0x1d0 [ 27.664604] ret_from_fork_asm+0x1a/0x30 [ 27.664803] [ 27.664922] CPU: 1 UID: 0 PID: 336 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.665300] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.665476] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.665862] ================================================================== [ 27.763592] ================================================================== [ 27.764028] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 27.764028] [ 27.764417] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#87): [ 27.764740] test_out_of_bounds_read+0x126/0x4e0 [ 27.764901] kunit_try_run_case+0x1a5/0x480 [ 27.765139] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.765402] kthread+0x337/0x6f0 [ 27.765564] ret_from_fork+0x116/0x1d0 [ 27.765725] ret_from_fork_asm+0x1a/0x30 [ 27.765906] [ 27.766012] kfence-#87: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 27.766012] [ 27.766504] allocated by task 338 on cpu 1 at 27.763526s (0.002976s ago): [ 27.766796] test_alloc+0x2a6/0x10f0 [ 27.767056] test_out_of_bounds_read+0xed/0x4e0 [ 27.767286] kunit_try_run_case+0x1a5/0x480 [ 27.767493] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.767724] kthread+0x337/0x6f0 [ 27.767881] ret_from_fork+0x116/0x1d0 [ 27.768106] ret_from_fork_asm+0x1a/0x30 [ 27.768245] [ 27.768341] CPU: 1 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.768842] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.769040] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.769454] ================================================================== [ 27.452931] ================================================================== [ 27.453411] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 27.453411] [ 27.453895] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#84): [ 27.454301] test_out_of_bounds_read+0x126/0x4e0 [ 27.455035] kunit_try_run_case+0x1a5/0x480 [ 27.455267] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.455506] kthread+0x337/0x6f0 [ 27.455669] ret_from_fork+0x116/0x1d0 [ 27.455841] ret_from_fork_asm+0x1a/0x30 [ 27.456361] [ 27.456877] kfence-#84: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 27.456877] [ 27.457545] allocated by task 336 on cpu 1 at 27.451609s (0.005873s ago): [ 27.458142] test_alloc+0x364/0x10f0 [ 27.458319] test_out_of_bounds_read+0xed/0x4e0 [ 27.458507] kunit_try_run_case+0x1a5/0x480 [ 27.458715] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.458928] kthread+0x337/0x6f0 [ 27.459128] ret_from_fork+0x116/0x1d0 [ 27.459279] ret_from_fork_asm+0x1a/0x30 [ 27.459546] [ 27.459698] CPU: 1 UID: 0 PID: 336 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.460178] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.460389] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.460749] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 25.198088] ================================================================== [ 25.198662] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 25.199302] Read of size 1 at addr ffff8881061cfc4a by task kunit_try_catch/302 [ 25.199628] [ 25.199746] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.199805] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.199819] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.199844] Call Trace: [ 25.199859] <TASK> [ 25.199880] dump_stack_lvl+0x73/0xb0 [ 25.199914] print_report+0xd1/0x650 [ 25.200264] ? __virt_addr_valid+0x1db/0x2d0 [ 25.200295] ? kasan_alloca_oob_right+0x329/0x390 [ 25.200318] ? kasan_addr_to_slab+0x11/0xa0 [ 25.200339] ? kasan_alloca_oob_right+0x329/0x390 [ 25.200363] kasan_report+0x141/0x180 [ 25.200385] ? kasan_alloca_oob_right+0x329/0x390 [ 25.200412] __asan_report_load1_noabort+0x18/0x20 [ 25.200437] kasan_alloca_oob_right+0x329/0x390 [ 25.200459] ? __kasan_check_write+0x18/0x20 [ 25.200482] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.200505] ? finish_task_switch.isra.0+0x153/0x700 [ 25.200528] ? __ww_mutex_lock.constprop.0+0x1c7e/0x1e90 [ 25.200555] ? trace_hardirqs_on+0x37/0xe0 [ 25.200580] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 25.200605] ? __schedule+0x10cc/0x2b60 [ 25.200626] ? __pfx_read_tsc+0x10/0x10 [ 25.200649] ? ktime_get_ts64+0x86/0x230 [ 25.200674] kunit_try_run_case+0x1a5/0x480 [ 25.200702] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.200725] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.200747] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.200769] ? __kthread_parkme+0x82/0x180 [ 25.200791] ? preempt_count_sub+0x50/0x80 [ 25.200815] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.200840] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.200864] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.200889] kthread+0x337/0x6f0 [ 25.200909] ? trace_preempt_on+0x20/0xc0 [ 25.200947] ? __pfx_kthread+0x10/0x10 [ 25.200968] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.200993] ? calculate_sigpending+0x7b/0xa0 [ 25.201017] ? __pfx_kthread+0x10/0x10 [ 25.201039] ret_from_fork+0x116/0x1d0 [ 25.201058] ? __pfx_kthread+0x10/0x10 [ 25.201089] ret_from_fork_asm+0x1a/0x30 [ 25.201120] </TASK> [ 25.201134] [ 25.212896] The buggy address belongs to stack of task kunit_try_catch/302 [ 25.213575] [ 25.213683] The buggy address belongs to the physical page: [ 25.214182] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061cf [ 25.214622] flags: 0x200000000000000(node=0|zone=2) [ 25.214938] raw: 0200000000000000 ffffea00041873c8 ffffea00041873c8 0000000000000000 [ 25.215486] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 25.215984] page dumped because: kasan: bad access detected [ 25.216533] [ 25.216612] Memory state around the buggy address: [ 25.216861] ffff8881061cfb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.217425] ffff8881061cfb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.217710] >ffff8881061cfc00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 25.218288] ^ [ 25.218644] ffff8881061cfc80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 25.219164] ffff8881061cfd00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 25.219642] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 25.171465] ================================================================== [ 25.171934] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x320/0x380 [ 25.172745] Read of size 1 at addr ffff8881061afc3f by task kunit_try_catch/300 [ 25.173014] [ 25.173163] CPU: 0 UID: 0 PID: 300 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.173220] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.173233] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.173258] Call Trace: [ 25.173272] <TASK> [ 25.173306] dump_stack_lvl+0x73/0xb0 [ 25.173342] print_report+0xd1/0x650 [ 25.173367] ? __virt_addr_valid+0x1db/0x2d0 [ 25.173393] ? kasan_alloca_oob_left+0x320/0x380 [ 25.173415] ? kasan_addr_to_slab+0x11/0xa0 [ 25.173436] ? kasan_alloca_oob_left+0x320/0x380 [ 25.173458] kasan_report+0x141/0x180 [ 25.173480] ? kasan_alloca_oob_left+0x320/0x380 [ 25.173506] __asan_report_load1_noabort+0x18/0x20 [ 25.173532] kasan_alloca_oob_left+0x320/0x380 [ 25.173552] ? __kasan_check_write+0x18/0x20 [ 25.173576] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.173599] ? irqentry_exit+0x2a/0x60 [ 25.173622] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 25.173644] ? trace_hardirqs_on+0x37/0xe0 [ 25.173672] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 25.173698] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 25.173725] kunit_try_run_case+0x1a5/0x480 [ 25.173753] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.173777] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.173799] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.173828] ? __kthread_parkme+0x82/0x180 [ 25.173849] ? preempt_count_sub+0x50/0x80 [ 25.173874] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.173899] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.173922] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.173949] kthread+0x337/0x6f0 [ 25.173969] ? trace_preempt_on+0x20/0xc0 [ 25.173991] ? __pfx_kthread+0x10/0x10 [ 25.174028] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.174071] ? calculate_sigpending+0x7b/0xa0 [ 25.174096] ? __pfx_kthread+0x10/0x10 [ 25.174117] ret_from_fork+0x116/0x1d0 [ 25.174137] ? __pfx_kthread+0x10/0x10 [ 25.174158] ret_from_fork_asm+0x1a/0x30 [ 25.174189] </TASK> [ 25.174203] [ 25.186470] The buggy address belongs to stack of task kunit_try_catch/300 [ 25.186922] [ 25.187145] The buggy address belongs to the physical page: [ 25.187575] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061af [ 25.187903] flags: 0x200000000000000(node=0|zone=2) [ 25.188140] raw: 0200000000000000 ffffea0004186bc8 ffffea0004186bc8 0000000000000000 [ 25.188731] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 25.189555] page dumped because: kasan: bad access detected [ 25.189991] [ 25.190096] Memory state around the buggy address: [ 25.190440] ffff8881061afb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.190732] ffff8881061afb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.191095] >ffff8881061afc00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 25.191956] ^ [ 25.192470] ffff8881061afc80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 25.192960] ffff8881061afd00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 25.193865] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 25.143814] ================================================================== [ 25.144917] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2b5/0x300 [ 25.145315] Read of size 1 at addr ffff8881061cfd02 by task kunit_try_catch/298 [ 25.145619] [ 25.145734] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.145791] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.145804] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.145836] Call Trace: [ 25.145850] <TASK> [ 25.145871] dump_stack_lvl+0x73/0xb0 [ 25.145904] print_report+0xd1/0x650 [ 25.145927] ? __virt_addr_valid+0x1db/0x2d0 [ 25.146045] ? kasan_stack_oob+0x2b5/0x300 [ 25.146082] ? kasan_addr_to_slab+0x11/0xa0 [ 25.146102] ? kasan_stack_oob+0x2b5/0x300 [ 25.146127] kasan_report+0x141/0x180 [ 25.146149] ? kasan_stack_oob+0x2b5/0x300 [ 25.146176] __asan_report_load1_noabort+0x18/0x20 [ 25.146201] kasan_stack_oob+0x2b5/0x300 [ 25.146225] ? __pfx_kasan_stack_oob+0x10/0x10 [ 25.146248] ? finish_task_switch.isra.0+0x153/0x700 [ 25.146273] ? __switch_to+0x47/0xf50 [ 25.146301] ? __schedule+0x10cc/0x2b60 [ 25.146368] ? __pfx_read_tsc+0x10/0x10 [ 25.146417] ? ktime_get_ts64+0x86/0x230 [ 25.146445] kunit_try_run_case+0x1a5/0x480 [ 25.146473] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.146497] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.146536] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.146558] ? __kthread_parkme+0x82/0x180 [ 25.146579] ? preempt_count_sub+0x50/0x80 [ 25.146603] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.146627] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.146652] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.146677] kthread+0x337/0x6f0 [ 25.146697] ? trace_preempt_on+0x20/0xc0 [ 25.146721] ? __pfx_kthread+0x10/0x10 [ 25.146742] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.146769] ? calculate_sigpending+0x7b/0xa0 [ 25.146794] ? __pfx_kthread+0x10/0x10 [ 25.146816] ret_from_fork+0x116/0x1d0 [ 25.146836] ? __pfx_kthread+0x10/0x10 [ 25.146856] ret_from_fork_asm+0x1a/0x30 [ 25.146888] </TASK> [ 25.146901] [ 25.157942] The buggy address belongs to stack of task kunit_try_catch/298 [ 25.158553] and is located at offset 138 in frame: [ 25.158719] kasan_stack_oob+0x0/0x300 [ 25.159020] [ 25.159313] This frame has 4 objects: [ 25.159777] [48, 49) '__assertion' [ 25.159809] [64, 72) 'array' [ 25.160242] [96, 112) '__assertion' [ 25.160562] [128, 138) 'stack_array' [ 25.160939] [ 25.161554] The buggy address belongs to the physical page: [ 25.162091] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061cf [ 25.162845] flags: 0x200000000000000(node=0|zone=2) [ 25.163069] raw: 0200000000000000 ffffea00041873c8 ffffea00041873c8 0000000000000000 [ 25.163820] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 25.164424] page dumped because: kasan: bad access detected [ 25.164601] [ 25.164666] Memory state around the buggy address: [ 25.164819] ffff8881061cfc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 25.165246] ffff8881061cfc80: f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 [ 25.165890] >ffff8881061cfd00: 02 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 25.166594] ^ [ 25.166901] ffff8881061cfd80: f1 f1 f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 [ 25.167618] ffff8881061cfe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.168162] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 25.120426] ================================================================== [ 25.120936] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x286/0x2d0 [ 25.121264] Read of size 1 at addr ffffffffa2eaaecd by task kunit_try_catch/294 [ 25.121927] [ 25.122091] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.122151] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.122165] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.122237] Call Trace: [ 25.122255] <TASK> [ 25.122276] dump_stack_lvl+0x73/0xb0 [ 25.122311] print_report+0xd1/0x650 [ 25.122335] ? __virt_addr_valid+0x1db/0x2d0 [ 25.122362] ? kasan_global_oob_right+0x286/0x2d0 [ 25.122384] ? kasan_addr_to_slab+0x11/0xa0 [ 25.122405] ? kasan_global_oob_right+0x286/0x2d0 [ 25.122427] kasan_report+0x141/0x180 [ 25.122449] ? kasan_global_oob_right+0x286/0x2d0 [ 25.122475] __asan_report_load1_noabort+0x18/0x20 [ 25.122499] kasan_global_oob_right+0x286/0x2d0 [ 25.122520] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 25.122551] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 25.122581] kunit_try_run_case+0x1a5/0x480 [ 25.122615] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.122642] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.122665] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.122687] ? __kthread_parkme+0x82/0x180 [ 25.122710] ? preempt_count_sub+0x50/0x80 [ 25.122735] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.122760] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.122784] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.122808] kthread+0x337/0x6f0 [ 25.122830] ? trace_preempt_on+0x20/0xc0 [ 25.122855] ? __pfx_kthread+0x10/0x10 [ 25.122877] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.122904] ? calculate_sigpending+0x7b/0xa0 [ 25.122929] ? __pfx_kthread+0x10/0x10 [ 25.122962] ret_from_fork+0x116/0x1d0 [ 25.122982] ? __pfx_kthread+0x10/0x10 [ 25.123002] ret_from_fork_asm+0x1a/0x30 [ 25.123035] </TASK> [ 25.123048] [ 25.130187] The buggy address belongs to the variable: [ 25.130387] global_array+0xd/0x40 [ 25.130608] [ 25.130735] The buggy address belongs to the physical page: [ 25.130984] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1c6aa [ 25.131347] flags: 0x100000000002000(reserved|node=0|zone=1) [ 25.131738] raw: 0100000000002000 ffffea000071aa88 ffffea000071aa88 0000000000000000 [ 25.132153] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 25.132423] page dumped because: kasan: bad access detected [ 25.132612] [ 25.132700] Memory state around the buggy address: [ 25.132927] ffffffffa2eaad80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.133261] ffffffffa2eaae00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.133584] >ffffffffa2eaae80: 00 00 00 00 00 00 00 00 00 02 f9 f9 f9 f9 f9 f9 [ 25.133788] ^ [ 25.134203] ffffffffa2eaaf00: 00 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 [ 25.134530] ffffffffa2eaaf80: 02 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 [ 25.134841] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 23.952869] ================================================================== [ 23.954095] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 23.954796] Read of size 1 at addr ffff888103b780c8 by task kunit_try_catch/256 [ 23.955032] [ 23.955150] CPU: 1 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.955219] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.955232] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.955255] Call Trace: [ 23.955272] <TASK> [ 23.955293] dump_stack_lvl+0x73/0xb0 [ 23.955326] print_report+0xd1/0x650 [ 23.955350] ? __virt_addr_valid+0x1db/0x2d0 [ 23.955375] ? kmem_cache_oob+0x402/0x530 [ 23.955397] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.955424] ? kmem_cache_oob+0x402/0x530 [ 23.955448] kasan_report+0x141/0x180 [ 23.955469] ? kmem_cache_oob+0x402/0x530 [ 23.955580] __asan_report_load1_noabort+0x18/0x20 [ 23.955608] kmem_cache_oob+0x402/0x530 [ 23.955629] ? trace_hardirqs_on+0x37/0xe0 [ 23.955655] ? __pfx_kmem_cache_oob+0x10/0x10 [ 23.955677] ? finish_task_switch.isra.0+0x153/0x700 [ 23.955700] ? __switch_to+0x47/0xf50 [ 23.955730] ? __pfx_read_tsc+0x10/0x10 [ 23.955755] ? ktime_get_ts64+0x86/0x230 [ 23.955779] kunit_try_run_case+0x1a5/0x480 [ 23.955807] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.955830] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.955853] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.955875] ? __kthread_parkme+0x82/0x180 [ 23.955897] ? preempt_count_sub+0x50/0x80 [ 23.955919] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.955954] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.955978] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.956004] kthread+0x337/0x6f0 [ 23.956023] ? trace_preempt_on+0x20/0xc0 [ 23.956046] ? __pfx_kthread+0x10/0x10 [ 23.956077] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.956101] ? calculate_sigpending+0x7b/0xa0 [ 23.956125] ? __pfx_kthread+0x10/0x10 [ 23.956147] ret_from_fork+0x116/0x1d0 [ 23.956166] ? __pfx_kthread+0x10/0x10 [ 23.956268] ret_from_fork_asm+0x1a/0x30 [ 23.956305] </TASK> [ 23.956318] [ 23.966442] Allocated by task 256: [ 23.966636] kasan_save_stack+0x45/0x70 [ 23.966868] kasan_save_track+0x18/0x40 [ 23.967042] kasan_save_alloc_info+0x3b/0x50 [ 23.967196] __kasan_slab_alloc+0x91/0xa0 [ 23.967380] kmem_cache_alloc_noprof+0x123/0x3f0 [ 23.967625] kmem_cache_oob+0x157/0x530 [ 23.967869] kunit_try_run_case+0x1a5/0x480 [ 23.968012] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.968537] kthread+0x337/0x6f0 [ 23.968688] ret_from_fork+0x116/0x1d0 [ 23.969112] ret_from_fork_asm+0x1a/0x30 [ 23.969256] [ 23.969323] The buggy address belongs to the object at ffff888103b78000 [ 23.969323] which belongs to the cache test_cache of size 200 [ 23.970111] The buggy address is located 0 bytes to the right of [ 23.970111] allocated 200-byte region [ffff888103b78000, ffff888103b780c8) [ 23.970675] [ 23.970773] The buggy address belongs to the physical page: [ 23.971315] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103b78 [ 23.971605] flags: 0x200000000000000(node=0|zone=2) [ 23.971825] page_type: f5(slab) [ 23.972529] raw: 0200000000000000 ffff88810190e3c0 dead000000000122 0000000000000000 [ 23.972846] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 23.973171] page dumped because: kasan: bad access detected [ 23.973520] [ 23.973633] Memory state around the buggy address: [ 23.973813] ffff888103b77f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.974217] ffff888103b78000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.974653] >ffff888103b78080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 23.975360] ^ [ 23.975762] ffff888103b78100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.976144] ffff888103b78180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.976727] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 23.210872] ================================================================== [ 23.211220] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 23.211567] Write of size 1 at addr ffff8881060b20ea by task kunit_try_catch/211 [ 23.211814] [ 23.211940] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.212096] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.212111] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.212133] Call Trace: [ 23.212155] <TASK> [ 23.212176] dump_stack_lvl+0x73/0xb0 [ 23.212206] print_report+0xd1/0x650 [ 23.212229] ? __virt_addr_valid+0x1db/0x2d0 [ 23.212253] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.212276] ? kasan_addr_to_slab+0x11/0xa0 [ 23.212295] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.212318] kasan_report+0x141/0x180 [ 23.212340] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.212367] __asan_report_store1_noabort+0x1b/0x30 [ 23.212391] krealloc_less_oob_helper+0xe90/0x11d0 [ 23.212415] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.212438] ? finish_task_switch.isra.0+0x153/0x700 [ 23.212735] ? __switch_to+0x47/0xf50 [ 23.212786] ? __schedule+0x10cc/0x2b60 [ 23.212810] ? __pfx_read_tsc+0x10/0x10 [ 23.212836] krealloc_large_less_oob+0x1c/0x30 [ 23.212859] kunit_try_run_case+0x1a5/0x480 [ 23.212884] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.212908] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.213239] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.213276] ? __kthread_parkme+0x82/0x180 [ 23.213298] ? preempt_count_sub+0x50/0x80 [ 23.213320] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.213344] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.213370] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.213395] kthread+0x337/0x6f0 [ 23.213415] ? trace_preempt_on+0x20/0xc0 [ 23.213440] ? __pfx_kthread+0x10/0x10 [ 23.213460] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.213483] ? calculate_sigpending+0x7b/0xa0 [ 23.213507] ? __pfx_kthread+0x10/0x10 [ 23.213528] ret_from_fork+0x116/0x1d0 [ 23.213547] ? __pfx_kthread+0x10/0x10 [ 23.213567] ret_from_fork_asm+0x1a/0x30 [ 23.213598] </TASK> [ 23.213610] [ 23.223600] The buggy address belongs to the physical page: [ 23.224288] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060b0 [ 23.224655] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.225116] flags: 0x200000000000040(head|node=0|zone=2) [ 23.225484] page_type: f8(unknown) [ 23.225702] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.226049] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.226374] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.226804] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.227110] head: 0200000000000002 ffffea0004182c01 00000000ffffffff 00000000ffffffff [ 23.227490] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.227813] page dumped because: kasan: bad access detected [ 23.228195] [ 23.228547] Memory state around the buggy address: [ 23.228758] ffff8881060b1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.229152] ffff8881060b2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.229631] >ffff8881060b2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.229971] ^ [ 23.230428] ffff8881060b2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.230738] ffff8881060b2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.231145] ================================================================== [ 23.035640] ================================================================== [ 23.035935] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 23.036484] Write of size 1 at addr ffff8881055728ea by task kunit_try_catch/207 [ 23.036878] [ 23.037003] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.037080] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.037093] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.037129] Call Trace: [ 23.037151] <TASK> [ 23.037172] dump_stack_lvl+0x73/0xb0 [ 23.037203] print_report+0xd1/0x650 [ 23.037226] ? __virt_addr_valid+0x1db/0x2d0 [ 23.037249] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.037272] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.037298] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.037322] kasan_report+0x141/0x180 [ 23.037344] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.037372] __asan_report_store1_noabort+0x1b/0x30 [ 23.037396] krealloc_less_oob_helper+0xe90/0x11d0 [ 23.037476] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.037505] ? finish_task_switch.isra.0+0x4c5/0x700 [ 23.037550] ? __switch_to+0x47/0xf50 [ 23.037576] ? __schedule+0x10cc/0x2b60 [ 23.037598] ? __pfx_read_tsc+0x10/0x10 [ 23.037640] krealloc_less_oob+0x1c/0x30 [ 23.037661] kunit_try_run_case+0x1a5/0x480 [ 23.037687] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.037710] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.037732] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.037753] ? __kthread_parkme+0x82/0x180 [ 23.037773] ? preempt_count_sub+0x50/0x80 [ 23.037796] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.037825] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.037849] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.037890] kthread+0x337/0x6f0 [ 23.037909] ? trace_preempt_on+0x20/0xc0 [ 23.037940] ? __pfx_kthread+0x10/0x10 [ 23.037961] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.037984] ? calculate_sigpending+0x7b/0xa0 [ 23.038009] ? __pfx_kthread+0x10/0x10 [ 23.038030] ret_from_fork+0x116/0x1d0 [ 23.038049] ? __pfx_kthread+0x10/0x10 [ 23.038097] ret_from_fork_asm+0x1a/0x30 [ 23.038129] </TASK> [ 23.038141] [ 23.046557] Allocated by task 207: [ 23.046766] kasan_save_stack+0x45/0x70 [ 23.046986] kasan_save_track+0x18/0x40 [ 23.047230] kasan_save_alloc_info+0x3b/0x50 [ 23.047444] __kasan_krealloc+0x190/0x1f0 [ 23.047783] krealloc_noprof+0xf3/0x340 [ 23.048166] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.048349] krealloc_less_oob+0x1c/0x30 [ 23.048634] kunit_try_run_case+0x1a5/0x480 [ 23.048864] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.049098] kthread+0x337/0x6f0 [ 23.049248] ret_from_fork+0x116/0x1d0 [ 23.049493] ret_from_fork_asm+0x1a/0x30 [ 23.049643] [ 23.049750] The buggy address belongs to the object at ffff888105572800 [ 23.049750] which belongs to the cache kmalloc-256 of size 256 [ 23.050316] The buggy address is located 33 bytes to the right of [ 23.050316] allocated 201-byte region [ffff888105572800, ffff8881055728c9) [ 23.050904] [ 23.050970] The buggy address belongs to the physical page: [ 23.051401] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105572 [ 23.051801] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.052148] flags: 0x200000000000040(head|node=0|zone=2) [ 23.052399] page_type: f5(slab) [ 23.052521] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.052757] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.053090] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.053408] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.054126] head: 0200000000000001 ffffea0004155c81 00000000ffffffff 00000000ffffffff [ 23.054517] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.054865] page dumped because: kasan: bad access detected [ 23.055107] [ 23.055171] Memory state around the buggy address: [ 23.055313] ffff888105572780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.055511] ffff888105572800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.055946] >ffff888105572880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.056329] ^ [ 23.056612] ffff888105572900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.057031] ffff888105572980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.057456] ================================================================== [ 22.983037] ================================================================== [ 22.983494] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 22.983950] Write of size 1 at addr ffff8881055728d0 by task kunit_try_catch/207 [ 22.984208] [ 22.984568] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.984621] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.984634] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.984747] Call Trace: [ 22.984762] <TASK> [ 22.984783] dump_stack_lvl+0x73/0xb0 [ 22.984817] print_report+0xd1/0x650 [ 22.984840] ? __virt_addr_valid+0x1db/0x2d0 [ 22.984863] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 22.984886] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.984912] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 22.984935] kasan_report+0x141/0x180 [ 22.984958] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 22.984987] __asan_report_store1_noabort+0x1b/0x30 [ 22.985013] krealloc_less_oob_helper+0xe23/0x11d0 [ 22.985039] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.985074] ? finish_task_switch.isra.0+0x4c5/0x700 [ 22.985096] ? __switch_to+0x47/0xf50 [ 22.985122] ? __schedule+0x10cc/0x2b60 [ 22.985143] ? __pfx_read_tsc+0x10/0x10 [ 22.985167] krealloc_less_oob+0x1c/0x30 [ 22.985212] kunit_try_run_case+0x1a5/0x480 [ 22.985239] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.985262] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.985283] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.985304] ? __kthread_parkme+0x82/0x180 [ 22.985324] ? preempt_count_sub+0x50/0x80 [ 22.985346] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.985371] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.985394] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.985418] kthread+0x337/0x6f0 [ 22.985437] ? trace_preempt_on+0x20/0xc0 [ 22.985460] ? __pfx_kthread+0x10/0x10 [ 22.985480] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.985504] ? calculate_sigpending+0x7b/0xa0 [ 22.985527] ? __pfx_kthread+0x10/0x10 [ 22.985548] ret_from_fork+0x116/0x1d0 [ 22.985567] ? __pfx_kthread+0x10/0x10 [ 22.985587] ret_from_fork_asm+0x1a/0x30 [ 22.985618] </TASK> [ 22.985630] [ 22.997123] Allocated by task 207: [ 22.997429] kasan_save_stack+0x45/0x70 [ 22.997734] kasan_save_track+0x18/0x40 [ 22.997931] kasan_save_alloc_info+0x3b/0x50 [ 22.998549] __kasan_krealloc+0x190/0x1f0 [ 22.998713] krealloc_noprof+0xf3/0x340 [ 22.999139] krealloc_less_oob_helper+0x1aa/0x11d0 [ 22.999501] krealloc_less_oob+0x1c/0x30 [ 22.999704] kunit_try_run_case+0x1a5/0x480 [ 22.999921] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.000606] kthread+0x337/0x6f0 [ 23.000774] ret_from_fork+0x116/0x1d0 [ 23.000918] ret_from_fork_asm+0x1a/0x30 [ 23.001521] [ 23.001613] The buggy address belongs to the object at ffff888105572800 [ 23.001613] which belongs to the cache kmalloc-256 of size 256 [ 23.002479] The buggy address is located 7 bytes to the right of [ 23.002479] allocated 201-byte region [ffff888105572800, ffff8881055728c9) [ 23.003391] [ 23.003507] The buggy address belongs to the physical page: [ 23.003753] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105572 [ 23.004449] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.005327] flags: 0x200000000000040(head|node=0|zone=2) [ 23.005586] page_type: f5(slab) [ 23.005746] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.006409] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.006851] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.007559] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.007895] head: 0200000000000001 ffffea0004155c81 00000000ffffffff 00000000ffffffff [ 23.008528] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.008912] page dumped because: kasan: bad access detected [ 23.009234] [ 23.009343] Memory state around the buggy address: [ 23.009542] ffff888105572780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.009868] ffff888105572800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.010632] >ffff888105572880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.010953] ^ [ 23.011160] ffff888105572900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.011476] ffff888105572980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.011752] ================================================================== [ 23.160877] ================================================================== [ 23.161134] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 23.161715] Write of size 1 at addr ffff8881060b20d0 by task kunit_try_catch/211 [ 23.162470] [ 23.162749] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.162805] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.162818] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.162840] Call Trace: [ 23.162862] <TASK> [ 23.162883] dump_stack_lvl+0x73/0xb0 [ 23.162927] print_report+0xd1/0x650 [ 23.162950] ? __virt_addr_valid+0x1db/0x2d0 [ 23.162986] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.163010] ? kasan_addr_to_slab+0x11/0xa0 [ 23.163030] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.163073] kasan_report+0x141/0x180 [ 23.163094] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.163121] __asan_report_store1_noabort+0x1b/0x30 [ 23.163145] krealloc_less_oob_helper+0xe23/0x11d0 [ 23.163169] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.163192] ? finish_task_switch.isra.0+0x153/0x700 [ 23.163222] ? __switch_to+0x47/0xf50 [ 23.163248] ? __schedule+0x10cc/0x2b60 [ 23.163269] ? __pfx_read_tsc+0x10/0x10 [ 23.163294] krealloc_large_less_oob+0x1c/0x30 [ 23.163316] kunit_try_run_case+0x1a5/0x480 [ 23.163342] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.163364] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.163385] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.163406] ? __kthread_parkme+0x82/0x180 [ 23.163426] ? preempt_count_sub+0x50/0x80 [ 23.163448] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.163471] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.163495] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.163518] kthread+0x337/0x6f0 [ 23.163538] ? trace_preempt_on+0x20/0xc0 [ 23.163561] ? __pfx_kthread+0x10/0x10 [ 23.163581] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.163604] ? calculate_sigpending+0x7b/0xa0 [ 23.163628] ? __pfx_kthread+0x10/0x10 [ 23.163648] ret_from_fork+0x116/0x1d0 [ 23.163667] ? __pfx_kthread+0x10/0x10 [ 23.163687] ret_from_fork_asm+0x1a/0x30 [ 23.163719] </TASK> [ 23.163731] [ 23.178175] The buggy address belongs to the physical page: [ 23.178419] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060b0 [ 23.179114] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.179887] flags: 0x200000000000040(head|node=0|zone=2) [ 23.180440] page_type: f8(unknown) [ 23.180837] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.181514] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.182121] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.182889] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.183529] head: 0200000000000002 ffffea0004182c01 00000000ffffffff 00000000ffffffff [ 23.184244] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.184713] page dumped because: kasan: bad access detected [ 23.185240] [ 23.185396] Memory state around the buggy address: [ 23.185818] ffff8881060b1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.186100] ffff8881060b2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.186831] >ffff8881060b2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.187424] ^ [ 23.188015] ffff8881060b2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.188605] ffff8881060b2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.188962] ================================================================== [ 23.130264] ================================================================== [ 23.131325] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 23.131759] Write of size 1 at addr ffff8881060b20c9 by task kunit_try_catch/211 [ 23.132227] [ 23.132431] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.132486] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.132499] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.132521] Call Trace: [ 23.132535] <TASK> [ 23.132555] dump_stack_lvl+0x73/0xb0 [ 23.132585] print_report+0xd1/0x650 [ 23.132608] ? __virt_addr_valid+0x1db/0x2d0 [ 23.132631] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.132653] ? kasan_addr_to_slab+0x11/0xa0 [ 23.132673] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.132695] kasan_report+0x141/0x180 [ 23.132752] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.132780] __asan_report_store1_noabort+0x1b/0x30 [ 23.132816] krealloc_less_oob_helper+0xd70/0x11d0 [ 23.132841] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.132864] ? finish_task_switch.isra.0+0x153/0x700 [ 23.132885] ? __switch_to+0x47/0xf50 [ 23.132912] ? __schedule+0x10cc/0x2b60 [ 23.132950] ? __pfx_read_tsc+0x10/0x10 [ 23.132974] krealloc_large_less_oob+0x1c/0x30 [ 23.132996] kunit_try_run_case+0x1a5/0x480 [ 23.133023] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.133045] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.133077] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.133098] ? __kthread_parkme+0x82/0x180 [ 23.133118] ? preempt_count_sub+0x50/0x80 [ 23.133140] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.133164] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.133234] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.133258] kthread+0x337/0x6f0 [ 23.133277] ? trace_preempt_on+0x20/0xc0 [ 23.133301] ? __pfx_kthread+0x10/0x10 [ 23.133321] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.133344] ? calculate_sigpending+0x7b/0xa0 [ 23.133367] ? __pfx_kthread+0x10/0x10 [ 23.133388] ret_from_fork+0x116/0x1d0 [ 23.133407] ? __pfx_kthread+0x10/0x10 [ 23.133427] ret_from_fork_asm+0x1a/0x30 [ 23.133457] </TASK> [ 23.133469] [ 23.145098] The buggy address belongs to the physical page: [ 23.145610] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060b0 [ 23.146069] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.147100] flags: 0x200000000000040(head|node=0|zone=2) [ 23.147885] page_type: f8(unknown) [ 23.148461] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.149296] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.150194] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.150991] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.151772] head: 0200000000000002 ffffea0004182c01 00000000ffffffff 00000000ffffffff [ 23.152874] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.153805] page dumped because: kasan: bad access detected [ 23.154431] [ 23.154594] Memory state around the buggy address: [ 23.155087] ffff8881060b1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.155875] ffff8881060b2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.156814] >ffff8881060b2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.157520] ^ [ 23.158103] ffff8881060b2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.158919] ffff8881060b2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.159732] ================================================================== [ 23.189406] ================================================================== [ 23.190055] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 23.190538] Write of size 1 at addr ffff8881060b20da by task kunit_try_catch/211 [ 23.191178] [ 23.191422] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.191473] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.191485] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.191508] Call Trace: [ 23.191529] <TASK> [ 23.191550] dump_stack_lvl+0x73/0xb0 [ 23.191579] print_report+0xd1/0x650 [ 23.191601] ? __virt_addr_valid+0x1db/0x2d0 [ 23.191626] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.191648] ? kasan_addr_to_slab+0x11/0xa0 [ 23.191669] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.191692] kasan_report+0x141/0x180 [ 23.191713] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.191740] __asan_report_store1_noabort+0x1b/0x30 [ 23.191764] krealloc_less_oob_helper+0xec6/0x11d0 [ 23.191789] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.191813] ? finish_task_switch.isra.0+0x153/0x700 [ 23.191834] ? __switch_to+0x47/0xf50 [ 23.191860] ? __schedule+0x10cc/0x2b60 [ 23.191881] ? __pfx_read_tsc+0x10/0x10 [ 23.191907] krealloc_large_less_oob+0x1c/0x30 [ 23.191929] kunit_try_run_case+0x1a5/0x480 [ 23.191966] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.191989] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.192010] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.192032] ? __kthread_parkme+0x82/0x180 [ 23.192052] ? preempt_count_sub+0x50/0x80 [ 23.192084] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.192108] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.192132] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.192156] kthread+0x337/0x6f0 [ 23.192175] ? trace_preempt_on+0x20/0xc0 [ 23.192215] ? __pfx_kthread+0x10/0x10 [ 23.192236] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.192259] ? calculate_sigpending+0x7b/0xa0 [ 23.192283] ? __pfx_kthread+0x10/0x10 [ 23.192304] ret_from_fork+0x116/0x1d0 [ 23.192323] ? __pfx_kthread+0x10/0x10 [ 23.192344] ret_from_fork_asm+0x1a/0x30 [ 23.192375] </TASK> [ 23.192388] [ 23.203451] The buggy address belongs to the physical page: [ 23.203874] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060b0 [ 23.204411] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.204864] flags: 0x200000000000040(head|node=0|zone=2) [ 23.205088] page_type: f8(unknown) [ 23.205314] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.205656] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.206036] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.206407] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.206736] head: 0200000000000002 ffffea0004182c01 00000000ffffffff 00000000ffffffff [ 23.207190] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.207721] page dumped because: kasan: bad access detected [ 23.208105] [ 23.208176] Memory state around the buggy address: [ 23.208423] ffff8881060b1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.208740] ffff8881060b2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.209157] >ffff8881060b2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.209566] ^ [ 23.209884] ffff8881060b2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.210166] ffff8881060b2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.210484] ================================================================== [ 22.958002] ================================================================== [ 22.958580] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 22.958888] Write of size 1 at addr ffff8881055728c9 by task kunit_try_catch/207 [ 22.959236] [ 22.959333] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.959385] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.959398] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.959421] Call Trace: [ 22.959436] <TASK> [ 22.959455] dump_stack_lvl+0x73/0xb0 [ 22.959485] print_report+0xd1/0x650 [ 22.959508] ? __virt_addr_valid+0x1db/0x2d0 [ 22.959532] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 22.959554] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.959580] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 22.959603] kasan_report+0x141/0x180 [ 22.959625] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 22.959652] __asan_report_store1_noabort+0x1b/0x30 [ 22.959676] krealloc_less_oob_helper+0xd70/0x11d0 [ 22.959701] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.959724] ? finish_task_switch.isra.0+0x4c5/0x700 [ 22.959746] ? __switch_to+0x47/0xf50 [ 22.959772] ? __schedule+0x10cc/0x2b60 [ 22.959793] ? __pfx_read_tsc+0x10/0x10 [ 22.959818] krealloc_less_oob+0x1c/0x30 [ 22.959839] kunit_try_run_case+0x1a5/0x480 [ 22.959865] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.959888] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.959911] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.959944] ? __kthread_parkme+0x82/0x180 [ 22.959965] ? preempt_count_sub+0x50/0x80 [ 22.959987] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.960012] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.960036] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.960070] kthread+0x337/0x6f0 [ 22.960089] ? trace_preempt_on+0x20/0xc0 [ 22.960112] ? __pfx_kthread+0x10/0x10 [ 22.960132] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.960156] ? calculate_sigpending+0x7b/0xa0 [ 22.960181] ? __pfx_kthread+0x10/0x10 [ 22.960202] ret_from_fork+0x116/0x1d0 [ 22.960221] ? __pfx_kthread+0x10/0x10 [ 22.960242] ret_from_fork_asm+0x1a/0x30 [ 22.960272] </TASK> [ 22.960285] [ 22.967951] Allocated by task 207: [ 22.968140] kasan_save_stack+0x45/0x70 [ 22.968462] kasan_save_track+0x18/0x40 [ 22.968636] kasan_save_alloc_info+0x3b/0x50 [ 22.968777] __kasan_krealloc+0x190/0x1f0 [ 22.968909] krealloc_noprof+0xf3/0x340 [ 22.969041] krealloc_less_oob_helper+0x1aa/0x11d0 [ 22.969275] krealloc_less_oob+0x1c/0x30 [ 22.969465] kunit_try_run_case+0x1a5/0x480 [ 22.969670] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.970057] kthread+0x337/0x6f0 [ 22.970818] ret_from_fork+0x116/0x1d0 [ 22.971022] ret_from_fork_asm+0x1a/0x30 [ 22.971245] [ 22.971535] The buggy address belongs to the object at ffff888105572800 [ 22.971535] which belongs to the cache kmalloc-256 of size 256 [ 22.972876] The buggy address is located 0 bytes to the right of [ 22.972876] allocated 201-byte region [ffff888105572800, ffff8881055728c9) [ 22.974404] [ 22.974493] The buggy address belongs to the physical page: [ 22.974702] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105572 [ 22.975215] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.975644] flags: 0x200000000000040(head|node=0|zone=2) [ 22.975853] page_type: f5(slab) [ 22.976020] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.976443] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.977217] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.977611] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.977980] head: 0200000000000001 ffffea0004155c81 00000000ffffffff 00000000ffffffff [ 22.978276] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 22.978820] page dumped because: kasan: bad access detected [ 22.979105] [ 22.979198] Memory state around the buggy address: [ 22.979391] ffff888105572780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.979886] ffff888105572800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.980345] >ffff888105572880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 22.980553] ^ [ 22.980802] ffff888105572900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.981152] ffff888105572980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.981706] ================================================================== [ 23.057979] ================================================================== [ 23.058381] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 23.058894] Write of size 1 at addr ffff8881055728eb by task kunit_try_catch/207 [ 23.059316] [ 23.059420] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.059469] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.059482] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.059503] Call Trace: [ 23.059524] <TASK> [ 23.059563] dump_stack_lvl+0x73/0xb0 [ 23.059593] print_report+0xd1/0x650 [ 23.059615] ? __virt_addr_valid+0x1db/0x2d0 [ 23.059639] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.059662] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.059687] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.059728] kasan_report+0x141/0x180 [ 23.059749] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.059776] __asan_report_store1_noabort+0x1b/0x30 [ 23.059800] krealloc_less_oob_helper+0xd47/0x11d0 [ 23.059825] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.059848] ? finish_task_switch.isra.0+0x4c5/0x700 [ 23.059886] ? __switch_to+0x47/0xf50 [ 23.059911] ? __schedule+0x10cc/0x2b60 [ 23.059942] ? __pfx_read_tsc+0x10/0x10 [ 23.059967] krealloc_less_oob+0x1c/0x30 [ 23.060004] kunit_try_run_case+0x1a5/0x480 [ 23.060030] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.060092] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.060115] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.060149] ? __kthread_parkme+0x82/0x180 [ 23.060169] ? preempt_count_sub+0x50/0x80 [ 23.060206] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.060231] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.060255] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.060279] kthread+0x337/0x6f0 [ 23.060298] ? trace_preempt_on+0x20/0xc0 [ 23.060321] ? __pfx_kthread+0x10/0x10 [ 23.060341] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.060364] ? calculate_sigpending+0x7b/0xa0 [ 23.060388] ? __pfx_kthread+0x10/0x10 [ 23.060409] ret_from_fork+0x116/0x1d0 [ 23.060428] ? __pfx_kthread+0x10/0x10 [ 23.060448] ret_from_fork_asm+0x1a/0x30 [ 23.060478] </TASK> [ 23.060490] [ 23.068489] Allocated by task 207: [ 23.068772] kasan_save_stack+0x45/0x70 [ 23.069005] kasan_save_track+0x18/0x40 [ 23.069533] kasan_save_alloc_info+0x3b/0x50 [ 23.069738] __kasan_krealloc+0x190/0x1f0 [ 23.069956] krealloc_noprof+0xf3/0x340 [ 23.070294] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.070710] krealloc_less_oob+0x1c/0x30 [ 23.070899] kunit_try_run_case+0x1a5/0x480 [ 23.071125] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.071434] kthread+0x337/0x6f0 [ 23.071605] ret_from_fork+0x116/0x1d0 [ 23.071783] ret_from_fork_asm+0x1a/0x30 [ 23.072037] [ 23.072124] The buggy address belongs to the object at ffff888105572800 [ 23.072124] which belongs to the cache kmalloc-256 of size 256 [ 23.072660] The buggy address is located 34 bytes to the right of [ 23.072660] allocated 201-byte region [ffff888105572800, ffff8881055728c9) [ 23.073136] [ 23.073205] The buggy address belongs to the physical page: [ 23.073457] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105572 [ 23.073812] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.074248] flags: 0x200000000000040(head|node=0|zone=2) [ 23.074438] page_type: f5(slab) [ 23.074554] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.074768] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.075107] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.075776] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.076154] head: 0200000000000001 ffffea0004155c81 00000000ffffffff 00000000ffffffff [ 23.076853] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.077386] page dumped because: kasan: bad access detected [ 23.077869] [ 23.077963] Memory state around the buggy address: [ 23.078269] ffff888105572780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.078602] ffff888105572800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.078865] >ffff888105572880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.079172] ^ [ 23.079549] ffff888105572900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.079836] ffff888105572980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.080315] ================================================================== [ 23.231647] ================================================================== [ 23.231966] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 23.232514] Write of size 1 at addr ffff8881060b20eb by task kunit_try_catch/211 [ 23.232799] [ 23.232914] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.232965] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.232977] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.233000] Call Trace: [ 23.233033] <TASK> [ 23.233054] dump_stack_lvl+0x73/0xb0 [ 23.233106] print_report+0xd1/0x650 [ 23.233130] ? __virt_addr_valid+0x1db/0x2d0 [ 23.233153] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.233176] ? kasan_addr_to_slab+0x11/0xa0 [ 23.233196] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.233219] kasan_report+0x141/0x180 [ 23.233240] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.233267] __asan_report_store1_noabort+0x1b/0x30 [ 23.233292] krealloc_less_oob_helper+0xd47/0x11d0 [ 23.233316] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.233340] ? finish_task_switch.isra.0+0x153/0x700 [ 23.233362] ? __switch_to+0x47/0xf50 [ 23.233388] ? __schedule+0x10cc/0x2b60 [ 23.233409] ? __pfx_read_tsc+0x10/0x10 [ 23.233434] krealloc_large_less_oob+0x1c/0x30 [ 23.233542] kunit_try_run_case+0x1a5/0x480 [ 23.233581] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.233604] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.233625] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.233659] ? __kthread_parkme+0x82/0x180 [ 23.233680] ? preempt_count_sub+0x50/0x80 [ 23.233712] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.233736] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.233770] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.233794] kthread+0x337/0x6f0 [ 23.233813] ? trace_preempt_on+0x20/0xc0 [ 23.233844] ? __pfx_kthread+0x10/0x10 [ 23.233864] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.233888] ? calculate_sigpending+0x7b/0xa0 [ 23.233912] ? __pfx_kthread+0x10/0x10 [ 23.233943] ret_from_fork+0x116/0x1d0 [ 23.233962] ? __pfx_kthread+0x10/0x10 [ 23.233982] ret_from_fork_asm+0x1a/0x30 [ 23.234013] </TASK> [ 23.234025] [ 23.242630] The buggy address belongs to the physical page: [ 23.242931] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060b0 [ 23.243307] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.243649] flags: 0x200000000000040(head|node=0|zone=2) [ 23.243898] page_type: f8(unknown) [ 23.244135] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.244355] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.244690] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.245152] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.245618] head: 0200000000000002 ffffea0004182c01 00000000ffffffff 00000000ffffffff [ 23.245970] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.246518] page dumped because: kasan: bad access detected [ 23.246744] [ 23.246835] Memory state around the buggy address: [ 23.247072] ffff8881060b1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.247497] ffff8881060b2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.247798] >ffff8881060b2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.248122] ^ [ 23.248514] ffff8881060b2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.248827] ffff8881060b2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.249190] ================================================================== [ 23.012428] ================================================================== [ 23.012763] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 23.013136] Write of size 1 at addr ffff8881055728da by task kunit_try_catch/207 [ 23.013358] [ 23.013452] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.013505] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.013517] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.013541] Call Trace: [ 23.013564] <TASK> [ 23.013586] dump_stack_lvl+0x73/0xb0 [ 23.013685] print_report+0xd1/0x650 [ 23.013709] ? __virt_addr_valid+0x1db/0x2d0 [ 23.013734] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.013757] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.013783] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.013806] kasan_report+0x141/0x180 [ 23.013834] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.013861] __asan_report_store1_noabort+0x1b/0x30 [ 23.013885] krealloc_less_oob_helper+0xec6/0x11d0 [ 23.013911] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.013948] ? finish_task_switch.isra.0+0x4c5/0x700 [ 23.013971] ? __switch_to+0x47/0xf50 [ 23.013996] ? __schedule+0x10cc/0x2b60 [ 23.014018] ? __pfx_read_tsc+0x10/0x10 [ 23.014042] krealloc_less_oob+0x1c/0x30 [ 23.014076] kunit_try_run_case+0x1a5/0x480 [ 23.014103] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.014126] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.014147] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.014170] ? __kthread_parkme+0x82/0x180 [ 23.014225] ? preempt_count_sub+0x50/0x80 [ 23.014249] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.014274] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.014297] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.014321] kthread+0x337/0x6f0 [ 23.014341] ? trace_preempt_on+0x20/0xc0 [ 23.014364] ? __pfx_kthread+0x10/0x10 [ 23.014385] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.014409] ? calculate_sigpending+0x7b/0xa0 [ 23.014432] ? __pfx_kthread+0x10/0x10 [ 23.014453] ret_from_fork+0x116/0x1d0 [ 23.014472] ? __pfx_kthread+0x10/0x10 [ 23.014492] ret_from_fork_asm+0x1a/0x30 [ 23.014523] </TASK> [ 23.014536] [ 23.023193] Allocated by task 207: [ 23.023336] kasan_save_stack+0x45/0x70 [ 23.023485] kasan_save_track+0x18/0x40 [ 23.023670] kasan_save_alloc_info+0x3b/0x50 [ 23.023876] __kasan_krealloc+0x190/0x1f0 [ 23.024261] krealloc_noprof+0xf3/0x340 [ 23.024455] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.024603] krealloc_less_oob+0x1c/0x30 [ 23.024759] kunit_try_run_case+0x1a5/0x480 [ 23.024992] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.025249] kthread+0x337/0x6f0 [ 23.025512] ret_from_fork+0x116/0x1d0 [ 23.025943] ret_from_fork_asm+0x1a/0x30 [ 23.026300] [ 23.026376] The buggy address belongs to the object at ffff888105572800 [ 23.026376] which belongs to the cache kmalloc-256 of size 256 [ 23.026919] The buggy address is located 17 bytes to the right of [ 23.026919] allocated 201-byte region [ffff888105572800, ffff8881055728c9) [ 23.027502] [ 23.027628] The buggy address belongs to the physical page: [ 23.027901] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105572 [ 23.028249] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.028638] flags: 0x200000000000040(head|node=0|zone=2) [ 23.028893] page_type: f5(slab) [ 23.029052] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.029402] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.029644] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.030058] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.030565] head: 0200000000000001 ffffea0004155c81 00000000ffffffff 00000000ffffffff [ 23.030848] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.031495] page dumped because: kasan: bad access detected [ 23.031952] [ 23.032265] Memory state around the buggy address: [ 23.032498] ffff888105572780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.032765] ffff888105572800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.033128] >ffff888105572880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.033725] ^ [ 23.033996] ffff888105572900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.034499] ffff888105572980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.034697] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 23.084104] ================================================================== [ 23.084870] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 23.085266] Write of size 1 at addr ffff8881057a20eb by task kunit_try_catch/209 [ 23.085600] [ 23.085692] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.085747] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.085760] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.085805] Call Trace: [ 23.085828] <TASK> [ 23.085850] dump_stack_lvl+0x73/0xb0 [ 23.085883] print_report+0xd1/0x650 [ 23.085926] ? __virt_addr_valid+0x1db/0x2d0 [ 23.085968] ? krealloc_more_oob_helper+0x821/0x930 [ 23.085991] ? kasan_addr_to_slab+0x11/0xa0 [ 23.086011] ? krealloc_more_oob_helper+0x821/0x930 [ 23.086034] kasan_report+0x141/0x180 [ 23.086055] ? krealloc_more_oob_helper+0x821/0x930 [ 23.086093] __asan_report_store1_noabort+0x1b/0x30 [ 23.086133] krealloc_more_oob_helper+0x821/0x930 [ 23.086155] ? __schedule+0x10cc/0x2b60 [ 23.086191] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 23.086214] ? finish_task_switch.isra.0+0x153/0x700 [ 23.086237] ? __switch_to+0x47/0xf50 [ 23.086264] ? __schedule+0x10cc/0x2b60 [ 23.086284] ? __pfx_read_tsc+0x10/0x10 [ 23.086309] krealloc_large_more_oob+0x1c/0x30 [ 23.086332] kunit_try_run_case+0x1a5/0x480 [ 23.086359] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.086382] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.086403] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.086425] ? __kthread_parkme+0x82/0x180 [ 23.086446] ? preempt_count_sub+0x50/0x80 [ 23.086468] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.086492] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.086534] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.086558] kthread+0x337/0x6f0 [ 23.086591] ? trace_preempt_on+0x20/0xc0 [ 23.086616] ? __pfx_kthread+0x10/0x10 [ 23.086636] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.086660] ? calculate_sigpending+0x7b/0xa0 [ 23.086685] ? __pfx_kthread+0x10/0x10 [ 23.086706] ret_from_fork+0x116/0x1d0 [ 23.086725] ? __pfx_kthread+0x10/0x10 [ 23.086745] ret_from_fork_asm+0x1a/0x30 [ 23.086777] </TASK> [ 23.086790] [ 23.096374] The buggy address belongs to the physical page: [ 23.096677] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057a0 [ 23.097266] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.097732] flags: 0x200000000000040(head|node=0|zone=2) [ 23.098145] page_type: f8(unknown) [ 23.098327] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.098631] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.098935] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.099250] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.099556] head: 0200000000000002 ffffea000415e801 00000000ffffffff 00000000ffffffff [ 23.099858] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.100615] page dumped because: kasan: bad access detected [ 23.101129] [ 23.101235] Memory state around the buggy address: [ 23.101652] ffff8881057a1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.102107] ffff8881057a2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.102571] >ffff8881057a2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 23.103057] ^ [ 23.103517] ffff8881057a2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.103992] ffff8881057a2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.104458] ================================================================== [ 22.905857] ================================================================== [ 22.906889] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 22.907424] Write of size 1 at addr ffff8881055726eb by task kunit_try_catch/205 [ 22.907717] [ 22.907808] CPU: 0 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.907861] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.907874] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.907896] Call Trace: [ 22.907910] <TASK> [ 22.907940] dump_stack_lvl+0x73/0xb0 [ 22.907973] print_report+0xd1/0x650 [ 22.907997] ? __virt_addr_valid+0x1db/0x2d0 [ 22.908022] ? krealloc_more_oob_helper+0x821/0x930 [ 22.908045] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.908084] ? krealloc_more_oob_helper+0x821/0x930 [ 22.908108] kasan_report+0x141/0x180 [ 22.908129] ? krealloc_more_oob_helper+0x821/0x930 [ 22.908156] __asan_report_store1_noabort+0x1b/0x30 [ 22.908179] krealloc_more_oob_helper+0x821/0x930 [ 22.908252] ? __schedule+0x10cc/0x2b60 [ 22.908274] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 22.908298] ? finish_task_switch.isra.0+0x153/0x700 [ 22.908319] ? __switch_to+0x47/0xf50 [ 22.908347] ? __schedule+0x10cc/0x2b60 [ 22.908367] ? __pfx_read_tsc+0x10/0x10 [ 22.908391] krealloc_more_oob+0x1c/0x30 [ 22.908412] kunit_try_run_case+0x1a5/0x480 [ 22.908439] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.908462] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.908484] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.908505] ? __kthread_parkme+0x82/0x180 [ 22.908525] ? preempt_count_sub+0x50/0x80 [ 22.908547] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.908572] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.908595] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.908619] kthread+0x337/0x6f0 [ 22.908638] ? trace_preempt_on+0x20/0xc0 [ 22.908661] ? __pfx_kthread+0x10/0x10 [ 22.908681] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.908705] ? calculate_sigpending+0x7b/0xa0 [ 22.908728] ? __pfx_kthread+0x10/0x10 [ 22.908749] ret_from_fork+0x116/0x1d0 [ 22.908768] ? __pfx_kthread+0x10/0x10 [ 22.908788] ret_from_fork_asm+0x1a/0x30 [ 22.908818] </TASK> [ 22.908831] [ 22.922758] Allocated by task 205: [ 22.923172] kasan_save_stack+0x45/0x70 [ 22.923505] kasan_save_track+0x18/0x40 [ 22.923642] kasan_save_alloc_info+0x3b/0x50 [ 22.923784] __kasan_krealloc+0x190/0x1f0 [ 22.923915] krealloc_noprof+0xf3/0x340 [ 22.924295] krealloc_more_oob_helper+0x1a9/0x930 [ 22.924778] krealloc_more_oob+0x1c/0x30 [ 22.925223] kunit_try_run_case+0x1a5/0x480 [ 22.925984] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.926529] kthread+0x337/0x6f0 [ 22.926827] ret_from_fork+0x116/0x1d0 [ 22.927224] ret_from_fork_asm+0x1a/0x30 [ 22.927407] [ 22.927475] The buggy address belongs to the object at ffff888105572600 [ 22.927475] which belongs to the cache kmalloc-256 of size 256 [ 22.927828] The buggy address is located 0 bytes to the right of [ 22.927828] allocated 235-byte region [ffff888105572600, ffff8881055726eb) [ 22.928299] [ 22.928408] The buggy address belongs to the physical page: [ 22.928609] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105572 [ 22.928978] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.929364] flags: 0x200000000000040(head|node=0|zone=2) [ 22.929562] page_type: f5(slab) [ 22.929699] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.930073] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.930650] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.930963] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.931343] head: 0200000000000001 ffffea0004155c81 00000000ffffffff 00000000ffffffff [ 22.931696] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 22.932024] page dumped because: kasan: bad access detected [ 22.932230] [ 22.932295] Memory state around the buggy address: [ 22.932514] ffff888105572580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.932919] ffff888105572600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.933191] >ffff888105572680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 22.933480] ^ [ 22.933733] ffff888105572700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.933992] ffff888105572780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.934319] ================================================================== [ 23.105297] ================================================================== [ 23.106170] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 23.106498] Write of size 1 at addr ffff8881057a20f0 by task kunit_try_catch/209 [ 23.106790] [ 23.106891] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.107172] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.107190] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.107214] Call Trace: [ 23.107236] <TASK> [ 23.107257] dump_stack_lvl+0x73/0xb0 [ 23.107289] print_report+0xd1/0x650 [ 23.107492] ? __virt_addr_valid+0x1db/0x2d0 [ 23.107519] ? krealloc_more_oob_helper+0x7eb/0x930 [ 23.107542] ? kasan_addr_to_slab+0x11/0xa0 [ 23.107562] ? krealloc_more_oob_helper+0x7eb/0x930 [ 23.107585] kasan_report+0x141/0x180 [ 23.107607] ? krealloc_more_oob_helper+0x7eb/0x930 [ 23.107635] __asan_report_store1_noabort+0x1b/0x30 [ 23.107658] krealloc_more_oob_helper+0x7eb/0x930 [ 23.107680] ? __schedule+0x10cc/0x2b60 [ 23.107702] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 23.107725] ? finish_task_switch.isra.0+0x153/0x700 [ 23.107747] ? __switch_to+0x47/0xf50 [ 23.107772] ? __schedule+0x10cc/0x2b60 [ 23.107792] ? __pfx_read_tsc+0x10/0x10 [ 23.107817] krealloc_large_more_oob+0x1c/0x30 [ 23.107838] kunit_try_run_case+0x1a5/0x480 [ 23.107864] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.107887] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.107909] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.107940] ? __kthread_parkme+0x82/0x180 [ 23.107960] ? preempt_count_sub+0x50/0x80 [ 23.107982] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.108006] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.108031] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.108055] kthread+0x337/0x6f0 [ 23.108087] ? trace_preempt_on+0x20/0xc0 [ 23.108110] ? __pfx_kthread+0x10/0x10 [ 23.108130] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.108154] ? calculate_sigpending+0x7b/0xa0 [ 23.108178] ? __pfx_kthread+0x10/0x10 [ 23.108199] ret_from_fork+0x116/0x1d0 [ 23.108218] ? __pfx_kthread+0x10/0x10 [ 23.108238] ret_from_fork_asm+0x1a/0x30 [ 23.108269] </TASK> [ 23.108281] [ 23.118633] The buggy address belongs to the physical page: [ 23.119207] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057a0 [ 23.119670] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.120169] flags: 0x200000000000040(head|node=0|zone=2) [ 23.120407] page_type: f8(unknown) [ 23.120571] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.120874] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.121665] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.122376] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.122961] head: 0200000000000002 ffffea000415e801 00000000ffffffff 00000000ffffffff [ 23.123391] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.123855] page dumped because: kasan: bad access detected [ 23.124317] [ 23.124532] Memory state around the buggy address: [ 23.124862] ffff8881057a1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.125459] ffff8881057a2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.125685] >ffff8881057a2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 23.126018] ^ [ 23.126305] ffff8881057a2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.126553] ffff8881057a2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.126840] ================================================================== [ 22.934916] ================================================================== [ 22.935442] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 22.935787] Write of size 1 at addr ffff8881055726f0 by task kunit_try_catch/205 [ 22.936089] [ 22.936234] CPU: 0 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.936286] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.936298] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.936321] Call Trace: [ 22.936335] <TASK> [ 22.936355] dump_stack_lvl+0x73/0xb0 [ 22.936383] print_report+0xd1/0x650 [ 22.936405] ? __virt_addr_valid+0x1db/0x2d0 [ 22.936429] ? krealloc_more_oob_helper+0x7eb/0x930 [ 22.936451] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.936477] ? krealloc_more_oob_helper+0x7eb/0x930 [ 22.936500] kasan_report+0x141/0x180 [ 22.936521] ? krealloc_more_oob_helper+0x7eb/0x930 [ 22.936549] __asan_report_store1_noabort+0x1b/0x30 [ 22.936573] krealloc_more_oob_helper+0x7eb/0x930 [ 22.936594] ? __schedule+0x10cc/0x2b60 [ 22.936616] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 22.936639] ? finish_task_switch.isra.0+0x153/0x700 [ 22.936661] ? __switch_to+0x47/0xf50 [ 22.936686] ? __schedule+0x10cc/0x2b60 [ 22.936706] ? __pfx_read_tsc+0x10/0x10 [ 22.936731] krealloc_more_oob+0x1c/0x30 [ 22.936751] kunit_try_run_case+0x1a5/0x480 [ 22.936778] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.936801] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.936822] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.936843] ? __kthread_parkme+0x82/0x180 [ 22.936863] ? preempt_count_sub+0x50/0x80 [ 22.936885] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.936909] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.936945] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.936969] kthread+0x337/0x6f0 [ 22.936988] ? trace_preempt_on+0x20/0xc0 [ 22.937011] ? __pfx_kthread+0x10/0x10 [ 22.937031] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.937055] ? calculate_sigpending+0x7b/0xa0 [ 22.937089] ? __pfx_kthread+0x10/0x10 [ 22.937110] ret_from_fork+0x116/0x1d0 [ 22.937129] ? __pfx_kthread+0x10/0x10 [ 22.937149] ret_from_fork_asm+0x1a/0x30 [ 22.937179] </TASK> [ 22.937192] [ 22.944231] Allocated by task 205: [ 22.944414] kasan_save_stack+0x45/0x70 [ 22.944621] kasan_save_track+0x18/0x40 [ 22.944813] kasan_save_alloc_info+0x3b/0x50 [ 22.945154] __kasan_krealloc+0x190/0x1f0 [ 22.945341] krealloc_noprof+0xf3/0x340 [ 22.945517] krealloc_more_oob_helper+0x1a9/0x930 [ 22.945688] krealloc_more_oob+0x1c/0x30 [ 22.945878] kunit_try_run_case+0x1a5/0x480 [ 22.946123] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.946342] kthread+0x337/0x6f0 [ 22.946471] ret_from_fork+0x116/0x1d0 [ 22.946656] ret_from_fork_asm+0x1a/0x30 [ 22.946813] [ 22.946901] The buggy address belongs to the object at ffff888105572600 [ 22.946901] which belongs to the cache kmalloc-256 of size 256 [ 22.947887] The buggy address is located 5 bytes to the right of [ 22.947887] allocated 235-byte region [ffff888105572600, ffff8881055726eb) [ 22.948556] [ 22.948658] The buggy address belongs to the physical page: [ 22.948862] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105572 [ 22.949212] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.949574] flags: 0x200000000000040(head|node=0|zone=2) [ 22.949768] page_type: f5(slab) [ 22.949947] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.950348] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.950614] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.950837] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.951149] head: 0200000000000001 ffffea0004155c81 00000000ffffffff 00000000ffffffff [ 22.951482] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 22.951957] page dumped because: kasan: bad access detected [ 22.952149] [ 22.952354] Memory state around the buggy address: [ 22.952591] ffff888105572580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.952907] ffff888105572600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.953401] >ffff888105572680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 22.953649] ^ [ 22.953923] ffff888105572700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.954209] ffff888105572780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.954412] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 23.919607] ================================================================== [ 23.920168] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x4d6/0x560 [ 23.920500] Read of size 8 at addr ffff888106057e40 by task kunit_try_catch/249 [ 23.920825] [ 23.920937] CPU: 1 UID: 0 PID: 249 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.920990] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.921004] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.921025] Call Trace: [ 23.921040] <TASK> [ 23.921091] dump_stack_lvl+0x73/0xb0 [ 23.921124] print_report+0xd1/0x650 [ 23.921148] ? __virt_addr_valid+0x1db/0x2d0 [ 23.921172] ? workqueue_uaf+0x4d6/0x560 [ 23.921194] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.921220] ? workqueue_uaf+0x4d6/0x560 [ 23.921241] kasan_report+0x141/0x180 [ 23.921263] ? workqueue_uaf+0x4d6/0x560 [ 23.921288] __asan_report_load8_noabort+0x18/0x20 [ 23.921312] workqueue_uaf+0x4d6/0x560 [ 23.921334] ? __pfx_workqueue_uaf+0x10/0x10 [ 23.921356] ? __schedule+0x10cc/0x2b60 [ 23.921379] ? __pfx_read_tsc+0x10/0x10 [ 23.921402] ? ktime_get_ts64+0x86/0x230 [ 23.921428] kunit_try_run_case+0x1a5/0x480 [ 23.921455] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.921479] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.921501] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.921523] ? __kthread_parkme+0x82/0x180 [ 23.921544] ? preempt_count_sub+0x50/0x80 [ 23.921568] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.921593] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.921617] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.921641] kthread+0x337/0x6f0 [ 23.921661] ? trace_preempt_on+0x20/0xc0 [ 23.921686] ? __pfx_kthread+0x10/0x10 [ 23.921706] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.921731] ? calculate_sigpending+0x7b/0xa0 [ 23.921756] ? __pfx_kthread+0x10/0x10 [ 23.921778] ret_from_fork+0x116/0x1d0 [ 23.921797] ? __pfx_kthread+0x10/0x10 [ 23.921818] ret_from_fork_asm+0x1a/0x30 [ 23.921864] </TASK> [ 23.921877] [ 23.930391] Allocated by task 249: [ 23.930578] kasan_save_stack+0x45/0x70 [ 23.930779] kasan_save_track+0x18/0x40 [ 23.930987] kasan_save_alloc_info+0x3b/0x50 [ 23.931258] __kasan_kmalloc+0xb7/0xc0 [ 23.931455] __kmalloc_cache_noprof+0x189/0x420 [ 23.931607] workqueue_uaf+0x152/0x560 [ 23.931733] kunit_try_run_case+0x1a5/0x480 [ 23.931963] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.932281] kthread+0x337/0x6f0 [ 23.932450] ret_from_fork+0x116/0x1d0 [ 23.932616] ret_from_fork_asm+0x1a/0x30 [ 23.932772] [ 23.932837] Freed by task 44: [ 23.932973] kasan_save_stack+0x45/0x70 [ 23.933400] kasan_save_track+0x18/0x40 [ 23.933612] kasan_save_free_info+0x3f/0x60 [ 23.933830] __kasan_slab_free+0x56/0x70 [ 23.934029] kfree+0x222/0x3f0 [ 23.934219] workqueue_uaf_work+0x12/0x20 [ 23.934395] process_one_work+0x5ee/0xf60 [ 23.934596] worker_thread+0x758/0x1220 [ 23.934755] kthread+0x337/0x6f0 [ 23.934907] ret_from_fork+0x116/0x1d0 [ 23.935250] ret_from_fork_asm+0x1a/0x30 [ 23.935439] [ 23.935525] Last potentially related work creation: [ 23.935712] kasan_save_stack+0x45/0x70 [ 23.935889] kasan_record_aux_stack+0xb2/0xc0 [ 23.936104] __queue_work+0x61a/0xe70 [ 23.936310] queue_work_on+0xb6/0xc0 [ 23.936446] workqueue_uaf+0x26d/0x560 [ 23.936615] kunit_try_run_case+0x1a5/0x480 [ 23.936830] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.937115] kthread+0x337/0x6f0 [ 23.937516] ret_from_fork+0x116/0x1d0 [ 23.937722] ret_from_fork_asm+0x1a/0x30 [ 23.937879] [ 23.937948] The buggy address belongs to the object at ffff888106057e40 [ 23.937948] which belongs to the cache kmalloc-32 of size 32 [ 23.938606] The buggy address is located 0 bytes inside of [ 23.938606] freed 32-byte region [ffff888106057e40, ffff888106057e60) [ 23.939100] [ 23.939235] The buggy address belongs to the physical page: [ 23.939476] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106057 [ 23.939829] flags: 0x200000000000000(node=0|zone=2) [ 23.940096] page_type: f5(slab) [ 23.940322] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 23.940634] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 23.940910] page dumped because: kasan: bad access detected [ 23.941164] [ 23.941256] Memory state around the buggy address: [ 23.941490] ffff888106057d00: 00 00 05 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 23.941771] ffff888106057d80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 23.942048] >ffff888106057e00: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 23.942352] ^ [ 23.942577] ffff888106057e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.942857] ffff888106057f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.943463] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 23.885324] ================================================================== [ 23.885870] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x50/0x60 [ 23.886281] Read of size 4 at addr ffff888106057d80 by task swapper/1/0 [ 23.886594] [ 23.886715] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.886770] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.886804] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.886828] Call Trace: [ 23.886873] <IRQ> [ 23.886911] dump_stack_lvl+0x73/0xb0 [ 23.886967] print_report+0xd1/0x650 [ 23.886991] ? __virt_addr_valid+0x1db/0x2d0 [ 23.887018] ? rcu_uaf_reclaim+0x50/0x60 [ 23.887038] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.887074] ? rcu_uaf_reclaim+0x50/0x60 [ 23.887094] kasan_report+0x141/0x180 [ 23.887116] ? rcu_uaf_reclaim+0x50/0x60 [ 23.887141] __asan_report_load4_noabort+0x18/0x20 [ 23.887165] rcu_uaf_reclaim+0x50/0x60 [ 23.887206] rcu_core+0x66f/0x1c40 [ 23.887235] ? __pfx_rcu_core+0x10/0x10 [ 23.887257] ? ktime_get+0x6b/0x150 [ 23.887282] ? handle_softirqs+0x18e/0x730 [ 23.887307] rcu_core_si+0x12/0x20 [ 23.887328] handle_softirqs+0x209/0x730 [ 23.887348] ? hrtimer_interrupt+0x2fe/0x780 [ 23.887375] ? __pfx_handle_softirqs+0x10/0x10 [ 23.887400] __irq_exit_rcu+0xc9/0x110 [ 23.887421] irq_exit_rcu+0x12/0x20 [ 23.887441] sysvec_apic_timer_interrupt+0x81/0x90 [ 23.887465] </IRQ> [ 23.887517] <TASK> [ 23.887530] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 23.887647] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 23.887863] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d a3 af 19 00 fb f4 <e9> 7c 1d 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 23.887970] RSP: 0000:ffff88810087fdc8 EFLAGS: 00010216 [ 23.888073] RAX: ffff8881b832d000 RBX: ffff88810085b000 RCX: ffffffffa08f0225 [ 23.888121] RDX: ffffed102b626193 RSI: 0000000000000004 RDI: 0000000000025b7c [ 23.888165] RBP: ffff88810087fdd0 R08: 0000000000000001 R09: ffffed102b626192 [ 23.888246] R10: ffff88815b130c93 R11: 0000000000013800 R12: 0000000000000001 [ 23.888291] R13: ffffed102010b600 R14: ffffffffa25e77d0 R15: 0000000000000000 [ 23.888352] ? ct_kernel_exit.constprop.0+0xa5/0xd0 [ 23.888407] ? default_idle+0xd/0x20 [ 23.888429] arch_cpu_idle+0xd/0x20 [ 23.888450] default_idle_call+0x48/0x80 [ 23.888472] do_idle+0x379/0x4f0 [ 23.888499] ? __pfx_do_idle+0x10/0x10 [ 23.888520] ? _raw_spin_unlock_irqrestore+0x49/0x90 [ 23.888543] ? complete+0x15b/0x1d0 [ 23.888569] cpu_startup_entry+0x5c/0x70 [ 23.888593] start_secondary+0x211/0x290 [ 23.888616] ? __pfx_start_secondary+0x10/0x10 [ 23.888642] common_startup_64+0x13e/0x148 [ 23.888674] </TASK> [ 23.888687] [ 23.899530] Allocated by task 247: [ 23.899688] kasan_save_stack+0x45/0x70 [ 23.899933] kasan_save_track+0x18/0x40 [ 23.900130] kasan_save_alloc_info+0x3b/0x50 [ 23.900409] __kasan_kmalloc+0xb7/0xc0 [ 23.900596] __kmalloc_cache_noprof+0x189/0x420 [ 23.900824] rcu_uaf+0xb0/0x330 [ 23.901042] kunit_try_run_case+0x1a5/0x480 [ 23.901335] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.901558] kthread+0x337/0x6f0 [ 23.901759] ret_from_fork+0x116/0x1d0 [ 23.901979] ret_from_fork_asm+0x1a/0x30 [ 23.902239] [ 23.902318] Freed by task 0: [ 23.902462] kasan_save_stack+0x45/0x70 [ 23.902702] kasan_save_track+0x18/0x40 [ 23.902906] kasan_save_free_info+0x3f/0x60 [ 23.903132] __kasan_slab_free+0x56/0x70 [ 23.903415] kfree+0x222/0x3f0 [ 23.903590] rcu_uaf_reclaim+0x1f/0x60 [ 23.903888] rcu_core+0x66f/0x1c40 [ 23.904120] rcu_core_si+0x12/0x20 [ 23.904359] handle_softirqs+0x209/0x730 [ 23.904589] __irq_exit_rcu+0xc9/0x110 [ 23.904833] irq_exit_rcu+0x12/0x20 [ 23.905068] sysvec_apic_timer_interrupt+0x81/0x90 [ 23.905275] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 23.905645] [ 23.905760] Last potentially related work creation: [ 23.906022] kasan_save_stack+0x45/0x70 [ 23.906330] kasan_record_aux_stack+0xb2/0xc0 [ 23.906541] __call_rcu_common.constprop.0+0x7b/0x9e0 [ 23.906784] call_rcu+0x12/0x20 [ 23.906988] rcu_uaf+0x168/0x330 [ 23.907194] kunit_try_run_case+0x1a5/0x480 [ 23.907361] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.907589] kthread+0x337/0x6f0 [ 23.907786] ret_from_fork+0x116/0x1d0 [ 23.908002] ret_from_fork_asm+0x1a/0x30 [ 23.908233] [ 23.908403] The buggy address belongs to the object at ffff888106057d80 [ 23.908403] which belongs to the cache kmalloc-32 of size 32 [ 23.908886] The buggy address is located 0 bytes inside of [ 23.908886] freed 32-byte region [ffff888106057d80, ffff888106057da0) [ 23.909668] [ 23.909742] The buggy address belongs to the physical page: [ 23.910012] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106057 [ 23.910454] flags: 0x200000000000000(node=0|zone=2) [ 23.910736] page_type: f5(slab) [ 23.910855] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 23.911241] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 23.911480] page dumped because: kasan: bad access detected [ 23.911727] [ 23.911815] Memory state around the buggy address: [ 23.912034] ffff888106057c80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 23.912316] ffff888106057d00: 00 00 05 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 23.912595] >ffff888106057d80: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 23.912870] ^ [ 23.913003] ffff888106057e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.913353] ffff888106057e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.913566] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 23.795105] ================================================================== [ 23.796701] BUG: KASAN: slab-use-after-free in ksize_uaf+0x19d/0x6c0 [ 23.797633] Read of size 1 at addr ffff8881049c5d00 by task kunit_try_catch/245 [ 23.797987] [ 23.798138] CPU: 1 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.798198] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.798211] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.798235] Call Trace: [ 23.798251] <TASK> [ 23.798288] dump_stack_lvl+0x73/0xb0 [ 23.798323] print_report+0xd1/0x650 [ 23.798361] ? __virt_addr_valid+0x1db/0x2d0 [ 23.798387] ? ksize_uaf+0x19d/0x6c0 [ 23.798407] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.798531] ? ksize_uaf+0x19d/0x6c0 [ 23.798553] kasan_report+0x141/0x180 [ 23.798575] ? ksize_uaf+0x19d/0x6c0 [ 23.798597] ? ksize_uaf+0x19d/0x6c0 [ 23.798618] __kasan_check_byte+0x3d/0x50 [ 23.798640] ksize+0x20/0x60 [ 23.798667] ksize_uaf+0x19d/0x6c0 [ 23.798687] ? __pfx_ksize_uaf+0x10/0x10 [ 23.798708] ? __schedule+0x10cc/0x2b60 [ 23.798731] ? __pfx_read_tsc+0x10/0x10 [ 23.798754] ? ktime_get_ts64+0x86/0x230 [ 23.798781] kunit_try_run_case+0x1a5/0x480 [ 23.798808] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.798832] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.798854] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.798876] ? __kthread_parkme+0x82/0x180 [ 23.798898] ? preempt_count_sub+0x50/0x80 [ 23.798927] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.798952] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.798976] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.799000] kthread+0x337/0x6f0 [ 23.799020] ? trace_preempt_on+0x20/0xc0 [ 23.799044] ? __pfx_kthread+0x10/0x10 [ 23.799073] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.799097] ? calculate_sigpending+0x7b/0xa0 [ 23.799122] ? __pfx_kthread+0x10/0x10 [ 23.799144] ret_from_fork+0x116/0x1d0 [ 23.799163] ? __pfx_kthread+0x10/0x10 [ 23.799472] ret_from_fork_asm+0x1a/0x30 [ 23.799515] </TASK> [ 23.799528] [ 23.812580] Allocated by task 245: [ 23.813012] kasan_save_stack+0x45/0x70 [ 23.813394] kasan_save_track+0x18/0x40 [ 23.813666] kasan_save_alloc_info+0x3b/0x50 [ 23.814271] __kasan_kmalloc+0xb7/0xc0 [ 23.814483] __kmalloc_cache_noprof+0x189/0x420 [ 23.814694] ksize_uaf+0xaa/0x6c0 [ 23.814857] kunit_try_run_case+0x1a5/0x480 [ 23.815790] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.816309] kthread+0x337/0x6f0 [ 23.816847] ret_from_fork+0x116/0x1d0 [ 23.817965] ret_from_fork_asm+0x1a/0x30 [ 23.818135] [ 23.818204] Freed by task 245: [ 23.818329] kasan_save_stack+0x45/0x70 [ 23.818511] kasan_save_track+0x18/0x40 [ 23.818681] kasan_save_free_info+0x3f/0x60 [ 23.818868] __kasan_slab_free+0x56/0x70 [ 23.819025] kfree+0x222/0x3f0 [ 23.819180] ksize_uaf+0x12c/0x6c0 [ 23.819520] kunit_try_run_case+0x1a5/0x480 [ 23.819894] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.820777] kthread+0x337/0x6f0 [ 23.821782] ret_from_fork+0x116/0x1d0 [ 23.822232] ret_from_fork_asm+0x1a/0x30 [ 23.822617] [ 23.822692] The buggy address belongs to the object at ffff8881049c5d00 [ 23.822692] which belongs to the cache kmalloc-128 of size 128 [ 23.823634] The buggy address is located 0 bytes inside of [ 23.823634] freed 128-byte region [ffff8881049c5d00, ffff8881049c5d80) [ 23.823989] [ 23.824098] The buggy address belongs to the physical page: [ 23.824299] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049c5 [ 23.824606] flags: 0x200000000000000(node=0|zone=2) [ 23.824832] page_type: f5(slab) [ 23.824985] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.825232] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.825578] page dumped because: kasan: bad access detected [ 23.825884] [ 23.825952] Memory state around the buggy address: [ 23.826115] ffff8881049c5c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.826326] ffff8881049c5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.826534] >ffff8881049c5d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.827404] ^ [ 23.827545] ffff8881049c5d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.827759] ffff8881049c5e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.828055] ================================================================== [ 23.828678] ================================================================== [ 23.829020] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5fe/0x6c0 [ 23.829400] Read of size 1 at addr ffff8881049c5d00 by task kunit_try_catch/245 [ 23.829766] [ 23.829873] CPU: 1 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.829925] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.829952] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.829974] Call Trace: [ 23.830033] <TASK> [ 23.830055] dump_stack_lvl+0x73/0xb0 [ 23.830098] print_report+0xd1/0x650 [ 23.830121] ? __virt_addr_valid+0x1db/0x2d0 [ 23.830145] ? ksize_uaf+0x5fe/0x6c0 [ 23.830165] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.830224] ? ksize_uaf+0x5fe/0x6c0 [ 23.830244] kasan_report+0x141/0x180 [ 23.830265] ? ksize_uaf+0x5fe/0x6c0 [ 23.830307] __asan_report_load1_noabort+0x18/0x20 [ 23.830331] ksize_uaf+0x5fe/0x6c0 [ 23.830351] ? __pfx_ksize_uaf+0x10/0x10 [ 23.830372] ? __schedule+0x10cc/0x2b60 [ 23.830394] ? __pfx_read_tsc+0x10/0x10 [ 23.830416] ? ktime_get_ts64+0x86/0x230 [ 23.830441] kunit_try_run_case+0x1a5/0x480 [ 23.830467] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.830490] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.830512] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.830532] ? __kthread_parkme+0x82/0x180 [ 23.830552] ? preempt_count_sub+0x50/0x80 [ 23.830575] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.830599] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.830622] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.830646] kthread+0x337/0x6f0 [ 23.830665] ? trace_preempt_on+0x20/0xc0 [ 23.830688] ? __pfx_kthread+0x10/0x10 [ 23.830709] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.830733] ? calculate_sigpending+0x7b/0xa0 [ 23.830756] ? __pfx_kthread+0x10/0x10 [ 23.830777] ret_from_fork+0x116/0x1d0 [ 23.830796] ? __pfx_kthread+0x10/0x10 [ 23.830816] ret_from_fork_asm+0x1a/0x30 [ 23.830846] </TASK> [ 23.830859] [ 23.837769] Allocated by task 245: [ 23.837907] kasan_save_stack+0x45/0x70 [ 23.838121] kasan_save_track+0x18/0x40 [ 23.838310] kasan_save_alloc_info+0x3b/0x50 [ 23.838513] __kasan_kmalloc+0xb7/0xc0 [ 23.838673] __kmalloc_cache_noprof+0x189/0x420 [ 23.838819] ksize_uaf+0xaa/0x6c0 [ 23.838930] kunit_try_run_case+0x1a5/0x480 [ 23.839074] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.839236] kthread+0x337/0x6f0 [ 23.839345] ret_from_fork+0x116/0x1d0 [ 23.839467] ret_from_fork_asm+0x1a/0x30 [ 23.839594] [ 23.839656] Freed by task 245: [ 23.839756] kasan_save_stack+0x45/0x70 [ 23.839878] kasan_save_track+0x18/0x40 [ 23.840002] kasan_save_free_info+0x3f/0x60 [ 23.840144] __kasan_slab_free+0x56/0x70 [ 23.840272] kfree+0x222/0x3f0 [ 23.840379] ksize_uaf+0x12c/0x6c0 [ 23.840540] kunit_try_run_case+0x1a5/0x480 [ 23.840837] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.841127] kthread+0x337/0x6f0 [ 23.841244] ret_from_fork+0x116/0x1d0 [ 23.841363] ret_from_fork_asm+0x1a/0x30 [ 23.841562] [ 23.841648] The buggy address belongs to the object at ffff8881049c5d00 [ 23.841648] which belongs to the cache kmalloc-128 of size 128 [ 23.842335] The buggy address is located 0 bytes inside of [ 23.842335] freed 128-byte region [ffff8881049c5d00, ffff8881049c5d80) [ 23.842664] [ 23.842729] The buggy address belongs to the physical page: [ 23.843168] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049c5 [ 23.843507] flags: 0x200000000000000(node=0|zone=2) [ 23.843738] page_type: f5(slab) [ 23.843944] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.844522] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.844994] page dumped because: kasan: bad access detected [ 23.845337] [ 23.845428] Memory state around the buggy address: [ 23.845759] ffff8881049c5c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.846130] ffff8881049c5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.846608] >ffff8881049c5d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.846827] ^ [ 23.847055] ffff8881049c5d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.847418] ffff8881049c5e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.847705] ================================================================== [ 23.848430] ================================================================== [ 23.848819] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5e4/0x6c0 [ 23.849227] Read of size 1 at addr ffff8881049c5d78 by task kunit_try_catch/245 [ 23.849599] [ 23.849689] CPU: 1 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.849740] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.849754] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.849777] Call Trace: [ 23.849793] <TASK> [ 23.849812] dump_stack_lvl+0x73/0xb0 [ 23.849849] print_report+0xd1/0x650 [ 23.849872] ? __virt_addr_valid+0x1db/0x2d0 [ 23.849896] ? ksize_uaf+0x5e4/0x6c0 [ 23.849916] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.849942] ? ksize_uaf+0x5e4/0x6c0 [ 23.849963] kasan_report+0x141/0x180 [ 23.849984] ? ksize_uaf+0x5e4/0x6c0 [ 23.850009] __asan_report_load1_noabort+0x18/0x20 [ 23.850042] ksize_uaf+0x5e4/0x6c0 [ 23.850073] ? __pfx_ksize_uaf+0x10/0x10 [ 23.850094] ? __schedule+0x10cc/0x2b60 [ 23.850154] ? __pfx_read_tsc+0x10/0x10 [ 23.850177] ? ktime_get_ts64+0x86/0x230 [ 23.850203] kunit_try_run_case+0x1a5/0x480 [ 23.850229] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.850253] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.850274] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.850307] ? __kthread_parkme+0x82/0x180 [ 23.850328] ? preempt_count_sub+0x50/0x80 [ 23.850353] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.850378] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.850431] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.850456] kthread+0x337/0x6f0 [ 23.850475] ? trace_preempt_on+0x20/0xc0 [ 23.850499] ? __pfx_kthread+0x10/0x10 [ 23.850519] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.850543] ? calculate_sigpending+0x7b/0xa0 [ 23.850567] ? __pfx_kthread+0x10/0x10 [ 23.850589] ret_from_fork+0x116/0x1d0 [ 23.850607] ? __pfx_kthread+0x10/0x10 [ 23.850628] ret_from_fork_asm+0x1a/0x30 [ 23.850660] </TASK> [ 23.850672] [ 23.856391] Allocated by task 245: [ 23.856566] kasan_save_stack+0x45/0x70 [ 23.856760] kasan_save_track+0x18/0x40 [ 23.856938] kasan_save_alloc_info+0x3b/0x50 [ 23.857288] __kasan_kmalloc+0xb7/0xc0 [ 23.857497] __kmalloc_cache_noprof+0x189/0x420 [ 23.857899] ksize_uaf+0xaa/0x6c0 [ 23.858256] kunit_try_run_case+0x1a5/0x480 [ 23.858423] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.858586] kthread+0x337/0x6f0 [ 23.858696] ret_from_fork+0x116/0x1d0 [ 23.858817] ret_from_fork_asm+0x1a/0x30 [ 23.858944] [ 23.859006] Freed by task 245: [ 23.859117] kasan_save_stack+0x45/0x70 [ 23.859240] kasan_save_track+0x18/0x40 [ 23.859362] kasan_save_free_info+0x3f/0x60 [ 23.859494] __kasan_slab_free+0x56/0x70 [ 23.859618] kfree+0x222/0x3f0 [ 23.859724] ksize_uaf+0x12c/0x6c0 [ 23.860168] kunit_try_run_case+0x1a5/0x480 [ 23.860373] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.860594] kthread+0x337/0x6f0 [ 23.861414] ret_from_fork+0x116/0x1d0 [ 23.861701] ret_from_fork_asm+0x1a/0x30 [ 23.861903] [ 23.861983] The buggy address belongs to the object at ffff8881049c5d00 [ 23.861983] which belongs to the cache kmalloc-128 of size 128 [ 23.862740] The buggy address is located 120 bytes inside of [ 23.862740] freed 128-byte region [ffff8881049c5d00, ffff8881049c5d80) [ 23.865152] [ 23.865249] The buggy address belongs to the physical page: [ 23.865708] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049c5 [ 23.865978] flags: 0x200000000000000(node=0|zone=2) [ 23.866152] page_type: f5(slab) [ 23.866274] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.866507] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.866732] page dumped because: kasan: bad access detected [ 23.866899] [ 23.866963] Memory state around the buggy address: [ 23.868394] ffff8881049c5c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.868886] ffff8881049c5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.869893] >ffff8881049c5d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.870556] ^ [ 23.871223] ffff8881049c5d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.871557] ffff8881049c5e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.871847] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 23.769897] ================================================================== [ 23.770273] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.770510] Read of size 1 at addr ffff8881049c5c7f by task kunit_try_catch/243 [ 23.770762] [ 23.770877] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.770927] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.770940] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.770963] Call Trace: [ 23.770986] <TASK> [ 23.771007] dump_stack_lvl+0x73/0xb0 [ 23.771035] print_report+0xd1/0x650 [ 23.771057] ? __virt_addr_valid+0x1db/0x2d0 [ 23.771097] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.771119] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.771145] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.771168] kasan_report+0x141/0x180 [ 23.771190] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.771217] __asan_report_load1_noabort+0x18/0x20 [ 23.771240] ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.771264] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 23.771287] ? __kasan_check_write+0x18/0x20 [ 23.771310] ? queued_spin_lock_slowpath+0x116/0xb40 [ 23.771331] ? irqentry_exit+0x2a/0x60 [ 23.771353] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 23.771375] ? trace_hardirqs_on+0x37/0xe0 [ 23.771399] ? __pfx_read_tsc+0x10/0x10 [ 23.771421] ? ktime_get_ts64+0x86/0x230 [ 23.771445] kunit_try_run_case+0x1a5/0x480 [ 23.771471] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.771496] ? queued_spin_lock_slowpath+0x116/0xb40 [ 23.771517] ? __kthread_parkme+0x82/0x180 [ 23.771538] ? preempt_count_sub+0x50/0x80 [ 23.771561] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.771586] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.771609] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.771633] kthread+0x337/0x6f0 [ 23.771652] ? trace_preempt_on+0x20/0xc0 [ 23.771674] ? __pfx_kthread+0x10/0x10 [ 23.771694] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.771718] ? calculate_sigpending+0x7b/0xa0 [ 23.771742] ? __pfx_kthread+0x10/0x10 [ 23.771763] ret_from_fork+0x116/0x1d0 [ 23.771782] ? __pfx_kthread+0x10/0x10 [ 23.771803] ret_from_fork_asm+0x1a/0x30 [ 23.771833] </TASK> [ 23.771845] [ 23.779644] Allocated by task 243: [ 23.779808] kasan_save_stack+0x45/0x70 [ 23.780110] kasan_save_track+0x18/0x40 [ 23.780740] kasan_save_alloc_info+0x3b/0x50 [ 23.780909] __kasan_kmalloc+0xb7/0xc0 [ 23.781032] __kmalloc_cache_noprof+0x189/0x420 [ 23.781531] ksize_unpoisons_memory+0xc7/0x9b0 [ 23.781741] kunit_try_run_case+0x1a5/0x480 [ 23.781941] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.782207] kthread+0x337/0x6f0 [ 23.782346] ret_from_fork+0x116/0x1d0 [ 23.782477] ret_from_fork_asm+0x1a/0x30 [ 23.782617] [ 23.782684] The buggy address belongs to the object at ffff8881049c5c00 [ 23.782684] which belongs to the cache kmalloc-128 of size 128 [ 23.783532] The buggy address is located 12 bytes to the right of [ 23.783532] allocated 115-byte region [ffff8881049c5c00, ffff8881049c5c73) [ 23.784013] [ 23.784126] The buggy address belongs to the physical page: [ 23.785644] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049c5 [ 23.786014] flags: 0x200000000000000(node=0|zone=2) [ 23.786193] page_type: f5(slab) [ 23.786317] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.786573] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.786793] page dumped because: kasan: bad access detected [ 23.787289] [ 23.787393] Memory state around the buggy address: [ 23.787831] ffff8881049c5b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.788628] ffff8881049c5b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.789092] >ffff8881049c5c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.789305] ^ [ 23.789513] ffff8881049c5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.789719] ffff8881049c5d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.790168] ================================================================== [ 23.730534] ================================================================== [ 23.730972] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 23.731459] Read of size 1 at addr ffff8881049c5c73 by task kunit_try_catch/243 [ 23.731782] [ 23.731871] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.731924] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.731937] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.731959] Call Trace: [ 23.731974] <TASK> [ 23.731994] dump_stack_lvl+0x73/0xb0 [ 23.732035] print_report+0xd1/0x650 [ 23.732058] ? __virt_addr_valid+0x1db/0x2d0 [ 23.732096] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 23.732119] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.732144] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 23.732166] kasan_report+0x141/0x180 [ 23.732195] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 23.732221] __asan_report_load1_noabort+0x18/0x20 [ 23.732246] ksize_unpoisons_memory+0x81c/0x9b0 [ 23.732268] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 23.732292] ? __kasan_check_write+0x18/0x20 [ 23.732314] ? queued_spin_lock_slowpath+0x116/0xb40 [ 23.732335] ? irqentry_exit+0x2a/0x60 [ 23.732355] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 23.732377] ? trace_hardirqs_on+0x37/0xe0 [ 23.732401] ? __pfx_read_tsc+0x10/0x10 [ 23.732422] ? ktime_get_ts64+0x86/0x230 [ 23.732448] kunit_try_run_case+0x1a5/0x480 [ 23.732474] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.732498] ? queued_spin_lock_slowpath+0x116/0xb40 [ 23.732519] ? __kthread_parkme+0x82/0x180 [ 23.732540] ? preempt_count_sub+0x50/0x80 [ 23.732563] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.732587] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.732611] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.732634] kthread+0x337/0x6f0 [ 23.732653] ? trace_preempt_on+0x20/0xc0 [ 23.732674] ? __pfx_kthread+0x10/0x10 [ 23.732694] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.732718] ? calculate_sigpending+0x7b/0xa0 [ 23.732742] ? __pfx_kthread+0x10/0x10 [ 23.732763] ret_from_fork+0x116/0x1d0 [ 23.732781] ? __pfx_kthread+0x10/0x10 [ 23.732801] ret_from_fork_asm+0x1a/0x30 [ 23.732832] </TASK> [ 23.732844] [ 23.740779] Allocated by task 243: [ 23.740965] kasan_save_stack+0x45/0x70 [ 23.741156] kasan_save_track+0x18/0x40 [ 23.741410] kasan_save_alloc_info+0x3b/0x50 [ 23.741581] __kasan_kmalloc+0xb7/0xc0 [ 23.741762] __kmalloc_cache_noprof+0x189/0x420 [ 23.741980] ksize_unpoisons_memory+0xc7/0x9b0 [ 23.742162] kunit_try_run_case+0x1a5/0x480 [ 23.742299] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.742460] kthread+0x337/0x6f0 [ 23.742570] ret_from_fork+0x116/0x1d0 [ 23.742728] ret_from_fork_asm+0x1a/0x30 [ 23.742913] [ 23.742999] The buggy address belongs to the object at ffff8881049c5c00 [ 23.742999] which belongs to the cache kmalloc-128 of size 128 [ 23.743851] The buggy address is located 0 bytes to the right of [ 23.743851] allocated 115-byte region [ffff8881049c5c00, ffff8881049c5c73) [ 23.744668] [ 23.744768] The buggy address belongs to the physical page: [ 23.745033] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049c5 [ 23.745452] flags: 0x200000000000000(node=0|zone=2) [ 23.745667] page_type: f5(slab) [ 23.745826] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.746150] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.746418] page dumped because: kasan: bad access detected [ 23.746581] [ 23.746682] Memory state around the buggy address: [ 23.746909] ffff8881049c5b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.747594] ffff8881049c5b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.747835] >ffff8881049c5c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.748042] ^ [ 23.748258] ffff8881049c5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.748573] ffff8881049c5d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.748876] ================================================================== [ 23.750470] ================================================================== [ 23.750825] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.751193] Read of size 1 at addr ffff8881049c5c78 by task kunit_try_catch/243 [ 23.751517] [ 23.751976] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.752032] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.752046] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.752082] Call Trace: [ 23.752098] <TASK> [ 23.752118] dump_stack_lvl+0x73/0xb0 [ 23.752150] print_report+0xd1/0x650 [ 23.752172] ? __virt_addr_valid+0x1db/0x2d0 [ 23.752196] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.752218] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.752244] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.752266] kasan_report+0x141/0x180 [ 23.752287] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.752314] __asan_report_load1_noabort+0x18/0x20 [ 23.752425] ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.752449] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 23.752472] ? __kasan_check_write+0x18/0x20 [ 23.752495] ? queued_spin_lock_slowpath+0x116/0xb40 [ 23.752517] ? irqentry_exit+0x2a/0x60 [ 23.752537] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 23.752559] ? trace_hardirqs_on+0x37/0xe0 [ 23.752583] ? __pfx_read_tsc+0x10/0x10 [ 23.752604] ? ktime_get_ts64+0x86/0x230 [ 23.752629] kunit_try_run_case+0x1a5/0x480 [ 23.752656] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.752681] ? queued_spin_lock_slowpath+0x116/0xb40 [ 23.752701] ? __kthread_parkme+0x82/0x180 [ 23.752722] ? preempt_count_sub+0x50/0x80 [ 23.752745] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.752769] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.752793] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.752816] kthread+0x337/0x6f0 [ 23.752835] ? trace_preempt_on+0x20/0xc0 [ 23.752857] ? __pfx_kthread+0x10/0x10 [ 23.752877] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.752900] ? calculate_sigpending+0x7b/0xa0 [ 23.752924] ? __pfx_kthread+0x10/0x10 [ 23.752954] ret_from_fork+0x116/0x1d0 [ 23.752973] ? __pfx_kthread+0x10/0x10 [ 23.752993] ret_from_fork_asm+0x1a/0x30 [ 23.753023] </TASK> [ 23.753036] [ 23.761023] Allocated by task 243: [ 23.761206] kasan_save_stack+0x45/0x70 [ 23.761382] kasan_save_track+0x18/0x40 [ 23.761572] kasan_save_alloc_info+0x3b/0x50 [ 23.761742] __kasan_kmalloc+0xb7/0xc0 [ 23.761930] __kmalloc_cache_noprof+0x189/0x420 [ 23.762426] ksize_unpoisons_memory+0xc7/0x9b0 [ 23.762585] kunit_try_run_case+0x1a5/0x480 [ 23.762729] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.762900] kthread+0x337/0x6f0 [ 23.763016] ret_from_fork+0x116/0x1d0 [ 23.763161] ret_from_fork_asm+0x1a/0x30 [ 23.763356] [ 23.763445] The buggy address belongs to the object at ffff8881049c5c00 [ 23.763445] which belongs to the cache kmalloc-128 of size 128 [ 23.764074] The buggy address is located 5 bytes to the right of [ 23.764074] allocated 115-byte region [ffff8881049c5c00, ffff8881049c5c73) [ 23.764492] [ 23.764560] The buggy address belongs to the physical page: [ 23.764727] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049c5 [ 23.765344] flags: 0x200000000000000(node=0|zone=2) [ 23.765603] page_type: f5(slab) [ 23.765774] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.766324] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.766624] page dumped because: kasan: bad access detected [ 23.766794] [ 23.766860] Memory state around the buggy address: [ 23.767098] ffff8881049c5b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.767419] ffff8881049c5b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.767907] >ffff8881049c5c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.768123] ^ [ 23.768332] ffff8881049c5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.768928] ffff8881049c5d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.769258] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-kfree_sensitive
[ 23.703616] ================================================================== [ 23.703920] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 23.704414] Free of addr ffff8881049ad5a0 by task kunit_try_catch/241 [ 23.704618] [ 23.704714] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.704768] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.704781] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.704804] Call Trace: [ 23.704827] <TASK> [ 23.704849] dump_stack_lvl+0x73/0xb0 [ 23.704881] print_report+0xd1/0x650 [ 23.704905] ? __virt_addr_valid+0x1db/0x2d0 [ 23.704931] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.704957] ? kfree_sensitive+0x2e/0x90 [ 23.704983] kasan_report_invalid_free+0x10a/0x130 [ 23.705007] ? kfree_sensitive+0x2e/0x90 [ 23.705031] ? kfree_sensitive+0x2e/0x90 [ 23.705054] check_slab_allocation+0x101/0x130 [ 23.705101] __kasan_slab_pre_free+0x28/0x40 [ 23.705121] kfree+0xf0/0x3f0 [ 23.705144] ? kfree_sensitive+0x2e/0x90 [ 23.705169] kfree_sensitive+0x2e/0x90 [ 23.705192] kmalloc_double_kzfree+0x19c/0x350 [ 23.705214] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 23.705253] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 23.705277] ? trace_hardirqs_on+0x37/0xe0 [ 23.705300] ? __pfx_read_tsc+0x10/0x10 [ 23.705322] ? ktime_get_ts64+0x86/0x230 [ 23.705346] kunit_try_run_case+0x1a5/0x480 [ 23.705373] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.705397] ? queued_spin_lock_slowpath+0x116/0xb40 [ 23.705419] ? __kthread_parkme+0x82/0x180 [ 23.705440] ? preempt_count_sub+0x50/0x80 [ 23.705464] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.705488] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.705512] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.705536] kthread+0x337/0x6f0 [ 23.705555] ? trace_preempt_on+0x20/0xc0 [ 23.705576] ? __pfx_kthread+0x10/0x10 [ 23.705597] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.705620] ? calculate_sigpending+0x7b/0xa0 [ 23.705644] ? __pfx_kthread+0x10/0x10 [ 23.705665] ret_from_fork+0x116/0x1d0 [ 23.705684] ? __pfx_kthread+0x10/0x10 [ 23.705704] ret_from_fork_asm+0x1a/0x30 [ 23.705736] </TASK> [ 23.705748] [ 23.713771] Allocated by task 241: [ 23.714081] kasan_save_stack+0x45/0x70 [ 23.714426] kasan_save_track+0x18/0x40 [ 23.714617] kasan_save_alloc_info+0x3b/0x50 [ 23.714831] __kasan_kmalloc+0xb7/0xc0 [ 23.715134] __kmalloc_cache_noprof+0x189/0x420 [ 23.715496] kmalloc_double_kzfree+0xa9/0x350 [ 23.715716] kunit_try_run_case+0x1a5/0x480 [ 23.715920] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.716131] kthread+0x337/0x6f0 [ 23.716250] ret_from_fork+0x116/0x1d0 [ 23.716468] ret_from_fork_asm+0x1a/0x30 [ 23.716674] [ 23.716762] Freed by task 241: [ 23.716909] kasan_save_stack+0x45/0x70 [ 23.717102] kasan_save_track+0x18/0x40 [ 23.717233] kasan_save_free_info+0x3f/0x60 [ 23.717372] __kasan_slab_free+0x56/0x70 [ 23.717510] kfree+0x222/0x3f0 [ 23.717899] kfree_sensitive+0x67/0x90 [ 23.718112] kmalloc_double_kzfree+0x12b/0x350 [ 23.718325] kunit_try_run_case+0x1a5/0x480 [ 23.718670] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.718846] kthread+0x337/0x6f0 [ 23.719051] ret_from_fork+0x116/0x1d0 [ 23.719519] ret_from_fork_asm+0x1a/0x30 [ 23.719730] [ 23.719822] The buggy address belongs to the object at ffff8881049ad5a0 [ 23.719822] which belongs to the cache kmalloc-16 of size 16 [ 23.720467] The buggy address is located 0 bytes inside of [ 23.720467] 16-byte region [ffff8881049ad5a0, ffff8881049ad5b0) [ 23.720800] [ 23.720870] The buggy address belongs to the physical page: [ 23.721132] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ad [ 23.721564] flags: 0x200000000000000(node=0|zone=2) [ 23.721807] page_type: f5(slab) [ 23.722022] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 23.722394] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.722619] page dumped because: kasan: bad access detected [ 23.722785] [ 23.722855] Memory state around the buggy address: [ 23.723171] ffff8881049ad480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.723487] ffff8881049ad500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.723783] >ffff8881049ad580: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 23.724437] ^ [ 23.724611] ffff8881049ad600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.724821] ffff8881049ad680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.725136] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 23.674670] ================================================================== [ 23.675244] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350 [ 23.675588] Read of size 1 at addr ffff8881049ad5a0 by task kunit_try_catch/241 [ 23.675901] [ 23.675988] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.676042] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.676055] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.676090] Call Trace: [ 23.676120] <TASK> [ 23.676140] dump_stack_lvl+0x73/0xb0 [ 23.676171] print_report+0xd1/0x650 [ 23.676194] ? __virt_addr_valid+0x1db/0x2d0 [ 23.676218] ? kmalloc_double_kzfree+0x19c/0x350 [ 23.676240] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.676265] ? kmalloc_double_kzfree+0x19c/0x350 [ 23.676288] kasan_report+0x141/0x180 [ 23.676310] ? kmalloc_double_kzfree+0x19c/0x350 [ 23.676335] ? kmalloc_double_kzfree+0x19c/0x350 [ 23.676357] __kasan_check_byte+0x3d/0x50 [ 23.676379] kfree_sensitive+0x22/0x90 [ 23.676405] kmalloc_double_kzfree+0x19c/0x350 [ 23.676427] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 23.676449] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 23.676473] ? trace_hardirqs_on+0x37/0xe0 [ 23.676497] ? __pfx_read_tsc+0x10/0x10 [ 23.676518] ? ktime_get_ts64+0x86/0x230 [ 23.676543] kunit_try_run_case+0x1a5/0x480 [ 23.676571] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.676595] ? queued_spin_lock_slowpath+0x116/0xb40 [ 23.676618] ? __kthread_parkme+0x82/0x180 [ 23.676638] ? preempt_count_sub+0x50/0x80 [ 23.676661] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.676686] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.676709] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.676733] kthread+0x337/0x6f0 [ 23.676753] ? trace_preempt_on+0x20/0xc0 [ 23.676775] ? __pfx_kthread+0x10/0x10 [ 23.676796] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.676820] ? calculate_sigpending+0x7b/0xa0 [ 23.676844] ? __pfx_kthread+0x10/0x10 [ 23.676865] ret_from_fork+0x116/0x1d0 [ 23.676884] ? __pfx_kthread+0x10/0x10 [ 23.676904] ret_from_fork_asm+0x1a/0x30 [ 23.676947] </TASK> [ 23.676960] [ 23.687710] Allocated by task 241: [ 23.687892] kasan_save_stack+0x45/0x70 [ 23.688090] kasan_save_track+0x18/0x40 [ 23.688590] kasan_save_alloc_info+0x3b/0x50 [ 23.688773] __kasan_kmalloc+0xb7/0xc0 [ 23.688958] __kmalloc_cache_noprof+0x189/0x420 [ 23.689197] kmalloc_double_kzfree+0xa9/0x350 [ 23.689697] kunit_try_run_case+0x1a5/0x480 [ 23.689870] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.690191] kthread+0x337/0x6f0 [ 23.690783] ret_from_fork+0x116/0x1d0 [ 23.690978] ret_from_fork_asm+0x1a/0x30 [ 23.691222] [ 23.691366] Freed by task 241: [ 23.691545] kasan_save_stack+0x45/0x70 [ 23.692077] kasan_save_track+0x18/0x40 [ 23.692291] kasan_save_free_info+0x3f/0x60 [ 23.692498] __kasan_slab_free+0x56/0x70 [ 23.692677] kfree+0x222/0x3f0 [ 23.692823] kfree_sensitive+0x67/0x90 [ 23.693376] kmalloc_double_kzfree+0x12b/0x350 [ 23.693557] kunit_try_run_case+0x1a5/0x480 [ 23.693753] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.694168] kthread+0x337/0x6f0 [ 23.694420] ret_from_fork+0x116/0x1d0 [ 23.694554] ret_from_fork_asm+0x1a/0x30 [ 23.694749] [ 23.694841] The buggy address belongs to the object at ffff8881049ad5a0 [ 23.694841] which belongs to the cache kmalloc-16 of size 16 [ 23.695846] The buggy address is located 0 bytes inside of [ 23.695846] freed 16-byte region [ffff8881049ad5a0, ffff8881049ad5b0) [ 23.696737] [ 23.696829] The buggy address belongs to the physical page: [ 23.697109] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ad [ 23.697722] flags: 0x200000000000000(node=0|zone=2) [ 23.698113] page_type: f5(slab) [ 23.698248] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 23.698778] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.699481] page dumped because: kasan: bad access detected [ 23.699800] [ 23.699880] Memory state around the buggy address: [ 23.700186] ffff8881049ad480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.700959] ffff8881049ad500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.701429] >ffff8881049ad580: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 23.701734] ^ [ 23.702096] ffff8881049ad600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.702516] ffff8881049ad680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.702746] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 23.646636] ================================================================== [ 23.647111] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x4a8/0x520 [ 23.647534] Read of size 1 at addr ffff888106053fa8 by task kunit_try_catch/237 [ 23.647816] [ 23.647952] CPU: 1 UID: 0 PID: 237 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.648006] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.648019] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.648042] Call Trace: [ 23.648057] <TASK> [ 23.648087] dump_stack_lvl+0x73/0xb0 [ 23.648119] print_report+0xd1/0x650 [ 23.648142] ? __virt_addr_valid+0x1db/0x2d0 [ 23.648166] ? kmalloc_uaf2+0x4a8/0x520 [ 23.648255] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.648280] ? kmalloc_uaf2+0x4a8/0x520 [ 23.648300] kasan_report+0x141/0x180 [ 23.648322] ? kmalloc_uaf2+0x4a8/0x520 [ 23.648346] __asan_report_load1_noabort+0x18/0x20 [ 23.648369] kmalloc_uaf2+0x4a8/0x520 [ 23.648388] ? __pfx_kmalloc_uaf2+0x10/0x10 [ 23.648408] ? finish_task_switch.isra.0+0x153/0x700 [ 23.648430] ? __switch_to+0x47/0xf50 [ 23.648457] ? __schedule+0x10cc/0x2b60 [ 23.648479] ? __pfx_read_tsc+0x10/0x10 [ 23.648500] ? ktime_get_ts64+0x86/0x230 [ 23.648525] kunit_try_run_case+0x1a5/0x480 [ 23.648553] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.648576] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.648597] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.648618] ? __kthread_parkme+0x82/0x180 [ 23.648639] ? preempt_count_sub+0x50/0x80 [ 23.648661] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.648685] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.648708] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.648732] kthread+0x337/0x6f0 [ 23.648751] ? trace_preempt_on+0x20/0xc0 [ 23.648774] ? __pfx_kthread+0x10/0x10 [ 23.648794] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.648817] ? calculate_sigpending+0x7b/0xa0 [ 23.648841] ? __pfx_kthread+0x10/0x10 [ 23.648861] ret_from_fork+0x116/0x1d0 [ 23.648880] ? __pfx_kthread+0x10/0x10 [ 23.648900] ret_from_fork_asm+0x1a/0x30 [ 23.648950] </TASK> [ 23.648963] [ 23.656123] Allocated by task 237: [ 23.656337] kasan_save_stack+0x45/0x70 [ 23.656541] kasan_save_track+0x18/0x40 [ 23.656718] kasan_save_alloc_info+0x3b/0x50 [ 23.656859] __kasan_kmalloc+0xb7/0xc0 [ 23.657008] __kmalloc_cache_noprof+0x189/0x420 [ 23.657287] kmalloc_uaf2+0xc6/0x520 [ 23.657474] kunit_try_run_case+0x1a5/0x480 [ 23.657677] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.657911] kthread+0x337/0x6f0 [ 23.658050] ret_from_fork+0x116/0x1d0 [ 23.658206] ret_from_fork_asm+0x1a/0x30 [ 23.658396] [ 23.658484] Freed by task 237: [ 23.658637] kasan_save_stack+0x45/0x70 [ 23.658823] kasan_save_track+0x18/0x40 [ 23.659008] kasan_save_free_info+0x3f/0x60 [ 23.659195] __kasan_slab_free+0x56/0x70 [ 23.659372] kfree+0x222/0x3f0 [ 23.659483] kmalloc_uaf2+0x14c/0x520 [ 23.659606] kunit_try_run_case+0x1a5/0x480 [ 23.659746] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.659912] kthread+0x337/0x6f0 [ 23.660055] ret_from_fork+0x116/0x1d0 [ 23.660417] ret_from_fork_asm+0x1a/0x30 [ 23.660606] [ 23.660694] The buggy address belongs to the object at ffff888106053f80 [ 23.660694] which belongs to the cache kmalloc-64 of size 64 [ 23.661307] The buggy address is located 40 bytes inside of [ 23.661307] freed 64-byte region [ffff888106053f80, ffff888106053fc0) [ 23.661801] [ 23.661879] The buggy address belongs to the physical page: [ 23.662080] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106053 [ 23.662495] flags: 0x200000000000000(node=0|zone=2) [ 23.662729] page_type: f5(slab) [ 23.662899] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.663312] raw: 0000000000000000 0000000000200020 00000000f5000000 0000000000000000 [ 23.663608] page dumped because: kasan: bad access detected [ 23.663812] [ 23.663906] Memory state around the buggy address: [ 23.664133] ffff888106053e80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 23.664479] ffff888106053f00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.664757] >ffff888106053f80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.665053] ^ [ 23.665303] ffff888106054000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.665515] ffff888106054080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.665809] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 23.613972] ================================================================== [ 23.614649] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x1a3/0x360 [ 23.614908] Write of size 33 at addr ffff888105a09b80 by task kunit_try_catch/235 [ 23.615150] [ 23.615334] CPU: 0 UID: 0 PID: 235 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.615393] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.615408] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.615433] Call Trace: [ 23.615448] <TASK> [ 23.615472] dump_stack_lvl+0x73/0xb0 [ 23.615609] print_report+0xd1/0x650 [ 23.615643] ? __virt_addr_valid+0x1db/0x2d0 [ 23.615670] ? kmalloc_uaf_memset+0x1a3/0x360 [ 23.615691] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.615717] ? kmalloc_uaf_memset+0x1a3/0x360 [ 23.615740] kasan_report+0x141/0x180 [ 23.615761] ? kmalloc_uaf_memset+0x1a3/0x360 [ 23.615786] kasan_check_range+0x10c/0x1c0 [ 23.615809] __asan_memset+0x27/0x50 [ 23.615834] kmalloc_uaf_memset+0x1a3/0x360 [ 23.615855] ? __pfx_kmalloc_uaf_memset+0x10/0x10 [ 23.615878] ? __schedule+0x10cc/0x2b60 [ 23.615900] ? __pfx_read_tsc+0x10/0x10 [ 23.615923] ? ktime_get_ts64+0x86/0x230 [ 23.615993] kunit_try_run_case+0x1a5/0x480 [ 23.616021] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.616044] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.616078] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.616100] ? __kthread_parkme+0x82/0x180 [ 23.616122] ? preempt_count_sub+0x50/0x80 [ 23.616178] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.616202] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.616227] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.616301] kthread+0x337/0x6f0 [ 23.616361] ? trace_preempt_on+0x20/0xc0 [ 23.616387] ? __pfx_kthread+0x10/0x10 [ 23.616408] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.616432] ? calculate_sigpending+0x7b/0xa0 [ 23.616457] ? __pfx_kthread+0x10/0x10 [ 23.616479] ret_from_fork+0x116/0x1d0 [ 23.616498] ? __pfx_kthread+0x10/0x10 [ 23.616519] ret_from_fork_asm+0x1a/0x30 [ 23.616551] </TASK> [ 23.616565] [ 23.627899] Allocated by task 235: [ 23.628051] kasan_save_stack+0x45/0x70 [ 23.628340] kasan_save_track+0x18/0x40 [ 23.628859] kasan_save_alloc_info+0x3b/0x50 [ 23.629400] __kasan_kmalloc+0xb7/0xc0 [ 23.629774] __kmalloc_cache_noprof+0x189/0x420 [ 23.630257] kmalloc_uaf_memset+0xa9/0x360 [ 23.630678] kunit_try_run_case+0x1a5/0x480 [ 23.631118] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.631494] kthread+0x337/0x6f0 [ 23.631618] ret_from_fork+0x116/0x1d0 [ 23.631742] ret_from_fork_asm+0x1a/0x30 [ 23.631872] [ 23.631946] Freed by task 235: [ 23.632293] kasan_save_stack+0x45/0x70 [ 23.632722] kasan_save_track+0x18/0x40 [ 23.633185] kasan_save_free_info+0x3f/0x60 [ 23.633901] __kasan_slab_free+0x56/0x70 [ 23.634437] kfree+0x222/0x3f0 [ 23.634758] kmalloc_uaf_memset+0x12b/0x360 [ 23.635169] kunit_try_run_case+0x1a5/0x480 [ 23.635465] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.635641] kthread+0x337/0x6f0 [ 23.635755] ret_from_fork+0x116/0x1d0 [ 23.635880] ret_from_fork_asm+0x1a/0x30 [ 23.636075] [ 23.636143] The buggy address belongs to the object at ffff888105a09b80 [ 23.636143] which belongs to the cache kmalloc-64 of size 64 [ 23.636900] The buggy address is located 0 bytes inside of [ 23.636900] freed 64-byte region [ffff888105a09b80, ffff888105a09bc0) [ 23.637301] [ 23.637393] The buggy address belongs to the physical page: [ 23.637701] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a09 [ 23.638053] flags: 0x200000000000000(node=0|zone=2) [ 23.638550] page_type: f5(slab) [ 23.638739] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.638989] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.639284] page dumped because: kasan: bad access detected [ 23.639610] [ 23.639702] Memory state around the buggy address: [ 23.639880] ffff888105a09a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.640324] ffff888105a09b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.640626] >ffff888105a09b80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.640891] ^ [ 23.641024] ffff888105a09c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.641421] ffff888105a09c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.641689] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 23.581547] ================================================================== [ 23.582050] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x320/0x380 [ 23.582570] Read of size 1 at addr ffff8881049ad588 by task kunit_try_catch/233 [ 23.583195] [ 23.583363] CPU: 1 UID: 0 PID: 233 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.583422] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.583436] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.583461] Call Trace: [ 23.583476] <TASK> [ 23.583500] dump_stack_lvl+0x73/0xb0 [ 23.583535] print_report+0xd1/0x650 [ 23.583559] ? __virt_addr_valid+0x1db/0x2d0 [ 23.583585] ? kmalloc_uaf+0x320/0x380 [ 23.583605] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.583630] ? kmalloc_uaf+0x320/0x380 [ 23.583650] kasan_report+0x141/0x180 [ 23.583672] ? kmalloc_uaf+0x320/0x380 [ 23.583696] __asan_report_load1_noabort+0x18/0x20 [ 23.583721] kmalloc_uaf+0x320/0x380 [ 23.583741] ? __pfx_kmalloc_uaf+0x10/0x10 [ 23.583761] ? __schedule+0x10cc/0x2b60 [ 23.583784] ? __pfx_read_tsc+0x10/0x10 [ 23.583807] ? ktime_get_ts64+0x86/0x230 [ 23.583834] kunit_try_run_case+0x1a5/0x480 [ 23.583862] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.583885] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.583907] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.583929] ? __kthread_parkme+0x82/0x180 [ 23.584296] ? preempt_count_sub+0x50/0x80 [ 23.584324] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.584365] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.584392] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.584469] kthread+0x337/0x6f0 [ 23.584490] ? trace_preempt_on+0x20/0xc0 [ 23.584516] ? __pfx_kthread+0x10/0x10 [ 23.584548] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.584573] ? calculate_sigpending+0x7b/0xa0 [ 23.584598] ? __pfx_kthread+0x10/0x10 [ 23.584620] ret_from_fork+0x116/0x1d0 [ 23.584640] ? __pfx_kthread+0x10/0x10 [ 23.584661] ret_from_fork_asm+0x1a/0x30 [ 23.584695] </TASK> [ 23.584709] [ 23.592792] Allocated by task 233: [ 23.593006] kasan_save_stack+0x45/0x70 [ 23.593335] kasan_save_track+0x18/0x40 [ 23.593595] kasan_save_alloc_info+0x3b/0x50 [ 23.593815] __kasan_kmalloc+0xb7/0xc0 [ 23.594083] __kmalloc_cache_noprof+0x189/0x420 [ 23.594376] kmalloc_uaf+0xaa/0x380 [ 23.594703] kunit_try_run_case+0x1a5/0x480 [ 23.595909] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.596485] kthread+0x337/0x6f0 [ 23.596704] ret_from_fork+0x116/0x1d0 [ 23.596872] ret_from_fork_asm+0x1a/0x30 [ 23.597311] [ 23.597551] Freed by task 233: [ 23.597882] kasan_save_stack+0x45/0x70 [ 23.598092] kasan_save_track+0x18/0x40 [ 23.598528] kasan_save_free_info+0x3f/0x60 [ 23.598845] __kasan_slab_free+0x56/0x70 [ 23.599254] kfree+0x222/0x3f0 [ 23.599646] kmalloc_uaf+0x12c/0x380 [ 23.599973] kunit_try_run_case+0x1a5/0x480 [ 23.600596] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.600848] kthread+0x337/0x6f0 [ 23.601337] ret_from_fork+0x116/0x1d0 [ 23.601573] ret_from_fork_asm+0x1a/0x30 [ 23.602025] [ 23.602168] The buggy address belongs to the object at ffff8881049ad580 [ 23.602168] which belongs to the cache kmalloc-16 of size 16 [ 23.603156] The buggy address is located 8 bytes inside of [ 23.603156] freed 16-byte region [ffff8881049ad580, ffff8881049ad590) [ 23.604115] [ 23.604329] The buggy address belongs to the physical page: [ 23.604715] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ad [ 23.605395] flags: 0x200000000000000(node=0|zone=2) [ 23.605844] page_type: f5(slab) [ 23.605978] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 23.606490] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.607058] page dumped because: kasan: bad access detected [ 23.607403] [ 23.607698] Memory state around the buggy address: [ 23.607890] ffff8881049ad480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.608581] ffff8881049ad500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.609051] >ffff8881049ad580: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.609372] ^ [ 23.609739] ffff8881049ad600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.610135] ffff8881049ad680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.610614] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 23.545520] ================================================================== [ 23.547113] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.547684] Read of size 64 at addr ffff888106053e04 by task kunit_try_catch/231 [ 23.547909] [ 23.547998] CPU: 1 UID: 0 PID: 231 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.548052] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.548080] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.548104] Call Trace: [ 23.548120] <TASK> [ 23.548140] dump_stack_lvl+0x73/0xb0 [ 23.548254] print_report+0xd1/0x650 [ 23.548388] ? __virt_addr_valid+0x1db/0x2d0 [ 23.548426] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.548450] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.548475] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.548499] kasan_report+0x141/0x180 [ 23.548520] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.548547] kasan_check_range+0x10c/0x1c0 [ 23.548570] __asan_memmove+0x27/0x70 [ 23.548624] kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.548648] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 23.548674] ? __schedule+0x10cc/0x2b60 [ 23.548739] ? __pfx_read_tsc+0x10/0x10 [ 23.548763] ? ktime_get_ts64+0x86/0x230 [ 23.548799] kunit_try_run_case+0x1a5/0x480 [ 23.548826] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.548849] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.548871] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.548893] ? __kthread_parkme+0x82/0x180 [ 23.548915] ? preempt_count_sub+0x50/0x80 [ 23.548954] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.548978] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.549001] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.549025] kthread+0x337/0x6f0 [ 23.549045] ? trace_preempt_on+0x20/0xc0 [ 23.549079] ? __pfx_kthread+0x10/0x10 [ 23.549099] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.549123] ? calculate_sigpending+0x7b/0xa0 [ 23.549146] ? __pfx_kthread+0x10/0x10 [ 23.549167] ret_from_fork+0x116/0x1d0 [ 23.549273] ? __pfx_kthread+0x10/0x10 [ 23.549298] ret_from_fork_asm+0x1a/0x30 [ 23.549329] </TASK> [ 23.549341] [ 23.562405] Allocated by task 231: [ 23.562675] kasan_save_stack+0x45/0x70 [ 23.563031] kasan_save_track+0x18/0x40 [ 23.563173] kasan_save_alloc_info+0x3b/0x50 [ 23.563642] __kasan_kmalloc+0xb7/0xc0 [ 23.564039] __kmalloc_cache_noprof+0x189/0x420 [ 23.564393] kmalloc_memmove_invalid_size+0xac/0x330 [ 23.564752] kunit_try_run_case+0x1a5/0x480 [ 23.565104] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.565570] kthread+0x337/0x6f0 [ 23.565699] ret_from_fork+0x116/0x1d0 [ 23.565842] ret_from_fork_asm+0x1a/0x30 [ 23.566114] [ 23.566289] The buggy address belongs to the object at ffff888106053e00 [ 23.566289] which belongs to the cache kmalloc-64 of size 64 [ 23.567616] The buggy address is located 4 bytes inside of [ 23.567616] allocated 64-byte region [ffff888106053e00, ffff888106053e40) [ 23.568641] [ 23.568717] The buggy address belongs to the physical page: [ 23.568888] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106053 [ 23.569671] flags: 0x200000000000000(node=0|zone=2) [ 23.570277] page_type: f5(slab) [ 23.570688] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.571308] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.571783] page dumped because: kasan: bad access detected [ 23.572000] [ 23.572180] Memory state around the buggy address: [ 23.572682] ffff888106053d00: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 23.573426] ffff888106053d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.573830] >ffff888106053e00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 23.574464] ^ [ 23.574936] ffff888106053e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.575502] ffff888106053f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.575718] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 23.518513] ================================================================== [ 23.518944] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 23.519490] Read of size 18446744073709551614 at addr ffff888105a09984 by task kunit_try_catch/229 [ 23.520365] [ 23.520547] CPU: 0 UID: 0 PID: 229 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.520600] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.520613] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.520636] Call Trace: [ 23.520650] <TASK> [ 23.520670] dump_stack_lvl+0x73/0xb0 [ 23.520703] print_report+0xd1/0x650 [ 23.520726] ? __virt_addr_valid+0x1db/0x2d0 [ 23.520750] ? kmalloc_memmove_negative_size+0x171/0x330 [ 23.520775] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.520800] ? kmalloc_memmove_negative_size+0x171/0x330 [ 23.520846] kasan_report+0x141/0x180 [ 23.520867] ? kmalloc_memmove_negative_size+0x171/0x330 [ 23.520895] kasan_check_range+0x10c/0x1c0 [ 23.520918] __asan_memmove+0x27/0x70 [ 23.520942] kmalloc_memmove_negative_size+0x171/0x330 [ 23.520965] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 23.520992] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 23.521019] kunit_try_run_case+0x1a5/0x480 [ 23.521046] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.521084] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.521106] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.521128] ? __kthread_parkme+0x82/0x180 [ 23.521148] ? preempt_count_sub+0x50/0x80 [ 23.521172] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.521245] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.521269] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.521293] kthread+0x337/0x6f0 [ 23.521312] ? trace_preempt_on+0x20/0xc0 [ 23.521337] ? __pfx_kthread+0x10/0x10 [ 23.521357] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.521382] ? calculate_sigpending+0x7b/0xa0 [ 23.521405] ? __pfx_kthread+0x10/0x10 [ 23.521427] ret_from_fork+0x116/0x1d0 [ 23.521447] ? __pfx_kthread+0x10/0x10 [ 23.521467] ret_from_fork_asm+0x1a/0x30 [ 23.521498] </TASK> [ 23.521511] [ 23.532682] Allocated by task 229: [ 23.532886] kasan_save_stack+0x45/0x70 [ 23.533090] kasan_save_track+0x18/0x40 [ 23.533222] kasan_save_alloc_info+0x3b/0x50 [ 23.533613] __kasan_kmalloc+0xb7/0xc0 [ 23.533808] __kmalloc_cache_noprof+0x189/0x420 [ 23.534006] kmalloc_memmove_negative_size+0xac/0x330 [ 23.534212] kunit_try_run_case+0x1a5/0x480 [ 23.534457] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.534629] kthread+0x337/0x6f0 [ 23.534745] ret_from_fork+0x116/0x1d0 [ 23.534924] ret_from_fork_asm+0x1a/0x30 [ 23.535125] [ 23.535217] The buggy address belongs to the object at ffff888105a09980 [ 23.535217] which belongs to the cache kmalloc-64 of size 64 [ 23.536100] The buggy address is located 4 bytes inside of [ 23.536100] 64-byte region [ffff888105a09980, ffff888105a099c0) [ 23.536565] [ 23.536648] The buggy address belongs to the physical page: [ 23.536897] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a09 [ 23.537277] flags: 0x200000000000000(node=0|zone=2) [ 23.537564] page_type: f5(slab) [ 23.537713] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.538071] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.538357] page dumped because: kasan: bad access detected [ 23.538608] [ 23.538697] Memory state around the buggy address: [ 23.538870] ffff888105a09880: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc [ 23.539090] ffff888105a09900: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.539352] >ffff888105a09980: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 23.539698] ^ [ 23.539858] ffff888105a09a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.540269] ffff888105a09a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.540512] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 23.495699] ================================================================== [ 23.496220] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 23.496771] Write of size 16 at addr ffff8881049c5b69 by task kunit_try_catch/227 [ 23.497103] [ 23.497222] CPU: 1 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.497278] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.497291] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.497315] Call Trace: [ 23.497329] <TASK> [ 23.497350] dump_stack_lvl+0x73/0xb0 [ 23.497384] print_report+0xd1/0x650 [ 23.497407] ? __virt_addr_valid+0x1db/0x2d0 [ 23.497434] ? kmalloc_oob_memset_16+0x166/0x330 [ 23.497454] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.497480] ? kmalloc_oob_memset_16+0x166/0x330 [ 23.497501] kasan_report+0x141/0x180 [ 23.497523] ? kmalloc_oob_memset_16+0x166/0x330 [ 23.497548] kasan_check_range+0x10c/0x1c0 [ 23.497571] __asan_memset+0x27/0x50 [ 23.497594] kmalloc_oob_memset_16+0x166/0x330 [ 23.497615] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 23.497637] ? __schedule+0x10cc/0x2b60 [ 23.497659] ? __pfx_read_tsc+0x10/0x10 [ 23.497681] ? ktime_get_ts64+0x86/0x230 [ 23.497708] kunit_try_run_case+0x1a5/0x480 [ 23.497736] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.497758] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.497780] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.497801] ? __kthread_parkme+0x82/0x180 [ 23.497829] ? preempt_count_sub+0x50/0x80 [ 23.497853] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.497877] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.497901] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.497925] kthread+0x337/0x6f0 [ 23.498076] ? trace_preempt_on+0x20/0xc0 [ 23.498104] ? __pfx_kthread+0x10/0x10 [ 23.498124] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.498246] ? calculate_sigpending+0x7b/0xa0 [ 23.498276] ? __pfx_kthread+0x10/0x10 [ 23.498298] ret_from_fork+0x116/0x1d0 [ 23.498318] ? __pfx_kthread+0x10/0x10 [ 23.498338] ret_from_fork_asm+0x1a/0x30 [ 23.498370] </TASK> [ 23.498383] [ 23.506028] Allocated by task 227: [ 23.506310] kasan_save_stack+0x45/0x70 [ 23.506497] kasan_save_track+0x18/0x40 [ 23.506669] kasan_save_alloc_info+0x3b/0x50 [ 23.506841] __kasan_kmalloc+0xb7/0xc0 [ 23.507037] __kmalloc_cache_noprof+0x189/0x420 [ 23.507347] kmalloc_oob_memset_16+0xac/0x330 [ 23.507539] kunit_try_run_case+0x1a5/0x480 [ 23.507681] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.507873] kthread+0x337/0x6f0 [ 23.508054] ret_from_fork+0x116/0x1d0 [ 23.508515] ret_from_fork_asm+0x1a/0x30 [ 23.508726] [ 23.508796] The buggy address belongs to the object at ffff8881049c5b00 [ 23.508796] which belongs to the cache kmalloc-128 of size 128 [ 23.509430] The buggy address is located 105 bytes inside of [ 23.509430] allocated 120-byte region [ffff8881049c5b00, ffff8881049c5b78) [ 23.509963] [ 23.510070] The buggy address belongs to the physical page: [ 23.510400] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049c5 [ 23.510631] flags: 0x200000000000000(node=0|zone=2) [ 23.510784] page_type: f5(slab) [ 23.510899] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.511204] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.511524] page dumped because: kasan: bad access detected [ 23.511762] [ 23.511848] Memory state around the buggy address: [ 23.512355] ffff8881049c5a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.512633] ffff8881049c5a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.512834] >ffff8881049c5b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.513160] ^ [ 23.513470] ffff8881049c5b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.513760] ffff8881049c5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.514128] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 23.466411] ================================================================== [ 23.466837] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 23.467237] Write of size 8 at addr ffff88810255e771 by task kunit_try_catch/225 [ 23.467803] [ 23.467925] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.467989] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.468002] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.468035] Call Trace: [ 23.468068] <TASK> [ 23.468088] dump_stack_lvl+0x73/0xb0 [ 23.468120] print_report+0xd1/0x650 [ 23.468143] ? __virt_addr_valid+0x1db/0x2d0 [ 23.468177] ? kmalloc_oob_memset_8+0x166/0x330 [ 23.468198] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.468223] ? kmalloc_oob_memset_8+0x166/0x330 [ 23.468255] kasan_report+0x141/0x180 [ 23.468329] ? kmalloc_oob_memset_8+0x166/0x330 [ 23.468360] kasan_check_range+0x10c/0x1c0 [ 23.468384] __asan_memset+0x27/0x50 [ 23.468407] kmalloc_oob_memset_8+0x166/0x330 [ 23.468429] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 23.468453] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 23.468478] kunit_try_run_case+0x1a5/0x480 [ 23.468506] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.468529] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.468563] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.468585] ? __kthread_parkme+0x82/0x180 [ 23.468607] ? preempt_count_sub+0x50/0x80 [ 23.468642] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.468667] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.468691] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.468717] kthread+0x337/0x6f0 [ 23.468737] ? trace_preempt_on+0x20/0xc0 [ 23.468761] ? __pfx_kthread+0x10/0x10 [ 23.468781] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.468805] ? calculate_sigpending+0x7b/0xa0 [ 23.468829] ? __pfx_kthread+0x10/0x10 [ 23.468850] ret_from_fork+0x116/0x1d0 [ 23.468870] ? __pfx_kthread+0x10/0x10 [ 23.468890] ret_from_fork_asm+0x1a/0x30 [ 23.468921] </TASK> [ 23.468935] [ 23.478129] Allocated by task 225: [ 23.478519] kasan_save_stack+0x45/0x70 [ 23.478689] kasan_save_track+0x18/0x40 [ 23.478868] kasan_save_alloc_info+0x3b/0x50 [ 23.479282] __kasan_kmalloc+0xb7/0xc0 [ 23.479434] __kmalloc_cache_noprof+0x189/0x420 [ 23.479656] kmalloc_oob_memset_8+0xac/0x330 [ 23.479970] kunit_try_run_case+0x1a5/0x480 [ 23.480397] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.480781] kthread+0x337/0x6f0 [ 23.481078] ret_from_fork+0x116/0x1d0 [ 23.481326] ret_from_fork_asm+0x1a/0x30 [ 23.481709] [ 23.481814] The buggy address belongs to the object at ffff88810255e700 [ 23.481814] which belongs to the cache kmalloc-128 of size 128 [ 23.482517] The buggy address is located 113 bytes inside of [ 23.482517] allocated 120-byte region [ffff88810255e700, ffff88810255e778) [ 23.483359] [ 23.483440] The buggy address belongs to the physical page: [ 23.483682] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10255e [ 23.484052] flags: 0x200000000000000(node=0|zone=2) [ 23.484237] page_type: f5(slab) [ 23.484442] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.485140] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.485541] page dumped because: kasan: bad access detected [ 23.485812] [ 23.485912] Memory state around the buggy address: [ 23.486219] ffff88810255e600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.486627] ffff88810255e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.487005] >ffff88810255e700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.487368] ^ [ 23.487763] ffff88810255e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.488012] ffff88810255e800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.488465] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 23.430664] ================================================================== [ 23.432225] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 23.432818] Write of size 4 at addr ffff8881049c5a75 by task kunit_try_catch/223 [ 23.433071] [ 23.433192] CPU: 1 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.433248] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.433261] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.433284] Call Trace: [ 23.433301] <TASK> [ 23.433323] dump_stack_lvl+0x73/0xb0 [ 23.433356] print_report+0xd1/0x650 [ 23.433500] ? __virt_addr_valid+0x1db/0x2d0 [ 23.433531] ? kmalloc_oob_memset_4+0x166/0x330 [ 23.433553] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.433579] ? kmalloc_oob_memset_4+0x166/0x330 [ 23.433600] kasan_report+0x141/0x180 [ 23.433622] ? kmalloc_oob_memset_4+0x166/0x330 [ 23.433647] kasan_check_range+0x10c/0x1c0 [ 23.433670] __asan_memset+0x27/0x50 [ 23.433693] kmalloc_oob_memset_4+0x166/0x330 [ 23.433714] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 23.433736] ? __schedule+0x10cc/0x2b60 [ 23.433758] ? __pfx_read_tsc+0x10/0x10 [ 23.433780] ? ktime_get_ts64+0x86/0x230 [ 23.433805] kunit_try_run_case+0x1a5/0x480 [ 23.433837] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.433860] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.433881] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.433903] ? __kthread_parkme+0x82/0x180 [ 23.433924] ? preempt_count_sub+0x50/0x80 [ 23.434229] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.434257] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.434297] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.434324] kthread+0x337/0x6f0 [ 23.434343] ? trace_preempt_on+0x20/0xc0 [ 23.434368] ? __pfx_kthread+0x10/0x10 [ 23.434388] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.434412] ? calculate_sigpending+0x7b/0xa0 [ 23.434436] ? __pfx_kthread+0x10/0x10 [ 23.434457] ret_from_fork+0x116/0x1d0 [ 23.434476] ? __pfx_kthread+0x10/0x10 [ 23.434496] ret_from_fork_asm+0x1a/0x30 [ 23.434528] </TASK> [ 23.434541] [ 23.448136] Allocated by task 223: [ 23.448402] kasan_save_stack+0x45/0x70 [ 23.448777] kasan_save_track+0x18/0x40 [ 23.449164] kasan_save_alloc_info+0x3b/0x50 [ 23.449613] __kasan_kmalloc+0xb7/0xc0 [ 23.449806] __kmalloc_cache_noprof+0x189/0x420 [ 23.449989] kmalloc_oob_memset_4+0xac/0x330 [ 23.450467] kunit_try_run_case+0x1a5/0x480 [ 23.450868] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.451553] kthread+0x337/0x6f0 [ 23.451685] ret_from_fork+0x116/0x1d0 [ 23.451813] ret_from_fork_asm+0x1a/0x30 [ 23.451954] [ 23.452022] The buggy address belongs to the object at ffff8881049c5a00 [ 23.452022] which belongs to the cache kmalloc-128 of size 128 [ 23.452773] The buggy address is located 117 bytes inside of [ 23.452773] allocated 120-byte region [ffff8881049c5a00, ffff8881049c5a78) [ 23.453570] [ 23.453765] The buggy address belongs to the physical page: [ 23.454163] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049c5 [ 23.454406] flags: 0x200000000000000(node=0|zone=2) [ 23.454567] page_type: f5(slab) [ 23.454685] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.454914] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.455798] page dumped because: kasan: bad access detected [ 23.456464] [ 23.456641] Memory state around the buggy address: [ 23.457076] ffff8881049c5900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.457832] ffff8881049c5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.458570] >ffff8881049c5a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.459363] ^ [ 23.460106] ffff8881049c5a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.460588] ffff8881049c5b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.461255] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 23.397578] ================================================================== [ 23.398606] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 23.398846] Write of size 2 at addr ffff8881049c5977 by task kunit_try_catch/221 [ 23.399492] [ 23.399684] CPU: 1 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.399737] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.399750] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.399773] Call Trace: [ 23.399788] <TASK> [ 23.399807] dump_stack_lvl+0x73/0xb0 [ 23.399839] print_report+0xd1/0x650 [ 23.399861] ? __virt_addr_valid+0x1db/0x2d0 [ 23.399886] ? kmalloc_oob_memset_2+0x166/0x330 [ 23.399908] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.399954] ? kmalloc_oob_memset_2+0x166/0x330 [ 23.399975] kasan_report+0x141/0x180 [ 23.399997] ? kmalloc_oob_memset_2+0x166/0x330 [ 23.400022] kasan_check_range+0x10c/0x1c0 [ 23.400046] __asan_memset+0x27/0x50 [ 23.400078] kmalloc_oob_memset_2+0x166/0x330 [ 23.400099] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 23.400121] ? __schedule+0x10cc/0x2b60 [ 23.400143] ? __pfx_read_tsc+0x10/0x10 [ 23.400164] ? ktime_get_ts64+0x86/0x230 [ 23.400195] kunit_try_run_case+0x1a5/0x480 [ 23.400222] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.400245] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.400267] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.400288] ? __kthread_parkme+0x82/0x180 [ 23.400308] ? preempt_count_sub+0x50/0x80 [ 23.400331] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.400355] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.400379] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.400402] kthread+0x337/0x6f0 [ 23.400423] ? trace_preempt_on+0x20/0xc0 [ 23.400446] ? __pfx_kthread+0x10/0x10 [ 23.400467] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.400490] ? calculate_sigpending+0x7b/0xa0 [ 23.400601] ? __pfx_kthread+0x10/0x10 [ 23.400623] ret_from_fork+0x116/0x1d0 [ 23.400643] ? __pfx_kthread+0x10/0x10 [ 23.400663] ret_from_fork_asm+0x1a/0x30 [ 23.400695] </TASK> [ 23.400707] [ 23.411699] Allocated by task 221: [ 23.412227] kasan_save_stack+0x45/0x70 [ 23.412668] kasan_save_track+0x18/0x40 [ 23.413097] kasan_save_alloc_info+0x3b/0x50 [ 23.413653] __kasan_kmalloc+0xb7/0xc0 [ 23.414092] __kmalloc_cache_noprof+0x189/0x420 [ 23.414684] kmalloc_oob_memset_2+0xac/0x330 [ 23.415250] kunit_try_run_case+0x1a5/0x480 [ 23.415646] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.416201] kthread+0x337/0x6f0 [ 23.416633] ret_from_fork+0x116/0x1d0 [ 23.417002] ret_from_fork_asm+0x1a/0x30 [ 23.417413] [ 23.417619] The buggy address belongs to the object at ffff8881049c5900 [ 23.417619] which belongs to the cache kmalloc-128 of size 128 [ 23.418787] The buggy address is located 119 bytes inside of [ 23.418787] allocated 120-byte region [ffff8881049c5900, ffff8881049c5978) [ 23.419571] [ 23.419734] The buggy address belongs to the physical page: [ 23.420328] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049c5 [ 23.420740] flags: 0x200000000000000(node=0|zone=2) [ 23.420906] page_type: f5(slab) [ 23.421210] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.421956] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.422761] page dumped because: kasan: bad access detected [ 23.423254] [ 23.423324] Memory state around the buggy address: [ 23.423476] ffff8881049c5800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.423686] ffff8881049c5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.423893] >ffff8881049c5900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.424125] ^ [ 23.424608] ffff8881049c5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.424906] ffff8881049c5a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.425231] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 23.370780] ================================================================== [ 23.371599] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 23.372083] Write of size 128 at addr ffff88810255e600 by task kunit_try_catch/219 [ 23.372405] [ 23.372580] CPU: 0 UID: 0 PID: 219 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.372634] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.372647] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.372707] Call Trace: [ 23.372721] <TASK> [ 23.372741] dump_stack_lvl+0x73/0xb0 [ 23.372773] print_report+0xd1/0x650 [ 23.372796] ? __virt_addr_valid+0x1db/0x2d0 [ 23.372820] ? kmalloc_oob_in_memset+0x15f/0x320 [ 23.372841] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.372867] ? kmalloc_oob_in_memset+0x15f/0x320 [ 23.372888] kasan_report+0x141/0x180 [ 23.372909] ? kmalloc_oob_in_memset+0x15f/0x320 [ 23.372934] kasan_check_range+0x10c/0x1c0 [ 23.372957] __asan_memset+0x27/0x50 [ 23.372979] kmalloc_oob_in_memset+0x15f/0x320 [ 23.373050] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 23.373083] ? __schedule+0x10cc/0x2b60 [ 23.373104] ? __pfx_read_tsc+0x10/0x10 [ 23.373126] ? ktime_get_ts64+0x86/0x230 [ 23.373182] kunit_try_run_case+0x1a5/0x480 [ 23.373211] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.373233] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.373255] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.373276] ? __kthread_parkme+0x82/0x180 [ 23.373308] ? preempt_count_sub+0x50/0x80 [ 23.373332] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.373357] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.373381] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.373405] kthread+0x337/0x6f0 [ 23.373424] ? trace_preempt_on+0x20/0xc0 [ 23.373448] ? __pfx_kthread+0x10/0x10 [ 23.373469] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.373492] ? calculate_sigpending+0x7b/0xa0 [ 23.373516] ? __pfx_kthread+0x10/0x10 [ 23.373537] ret_from_fork+0x116/0x1d0 [ 23.373556] ? __pfx_kthread+0x10/0x10 [ 23.373576] ret_from_fork_asm+0x1a/0x30 [ 23.373607] </TASK> [ 23.373620] [ 23.381370] Allocated by task 219: [ 23.381538] kasan_save_stack+0x45/0x70 [ 23.381680] kasan_save_track+0x18/0x40 [ 23.381832] kasan_save_alloc_info+0x3b/0x50 [ 23.382956] __kasan_kmalloc+0xb7/0xc0 [ 23.383370] __kmalloc_cache_noprof+0x189/0x420 [ 23.383542] kmalloc_oob_in_memset+0xac/0x320 [ 23.383686] kunit_try_run_case+0x1a5/0x480 [ 23.383827] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.384002] kthread+0x337/0x6f0 [ 23.384153] ret_from_fork+0x116/0x1d0 [ 23.384334] ret_from_fork_asm+0x1a/0x30 [ 23.384527] [ 23.384768] The buggy address belongs to the object at ffff88810255e600 [ 23.384768] which belongs to the cache kmalloc-128 of size 128 [ 23.385986] The buggy address is located 0 bytes inside of [ 23.385986] allocated 120-byte region [ffff88810255e600, ffff88810255e678) [ 23.386874] [ 23.387030] The buggy address belongs to the physical page: [ 23.387625] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10255e [ 23.388043] flags: 0x200000000000000(node=0|zone=2) [ 23.388558] page_type: f5(slab) [ 23.388811] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.389276] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.389890] page dumped because: kasan: bad access detected [ 23.390391] [ 23.390482] Memory state around the buggy address: [ 23.390795] ffff88810255e500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.391384] ffff88810255e580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.391806] >ffff88810255e600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.392286] ^ [ 23.392888] ffff88810255e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.393456] ffff88810255e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.393831] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 23.336550] ================================================================== [ 23.337046] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x47b/0x4c0 [ 23.337468] Read of size 16 at addr ffff8881049ad560 by task kunit_try_catch/217 [ 23.338013] [ 23.338168] CPU: 1 UID: 0 PID: 217 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.338245] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.338258] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.338281] Call Trace: [ 23.338295] <TASK> [ 23.338315] dump_stack_lvl+0x73/0xb0 [ 23.338349] print_report+0xd1/0x650 [ 23.338373] ? __virt_addr_valid+0x1db/0x2d0 [ 23.338397] ? kmalloc_uaf_16+0x47b/0x4c0 [ 23.338417] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.338442] ? kmalloc_uaf_16+0x47b/0x4c0 [ 23.338462] kasan_report+0x141/0x180 [ 23.338484] ? kmalloc_uaf_16+0x47b/0x4c0 [ 23.338508] __asan_report_load16_noabort+0x18/0x20 [ 23.338532] kmalloc_uaf_16+0x47b/0x4c0 [ 23.338552] ? __pfx_kmalloc_uaf_16+0x10/0x10 [ 23.338574] ? __schedule+0x10cc/0x2b60 [ 23.338595] ? __pfx_read_tsc+0x10/0x10 [ 23.338618] ? ktime_get_ts64+0x86/0x230 [ 23.338644] kunit_try_run_case+0x1a5/0x480 [ 23.338670] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.338694] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.338716] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.338737] ? __kthread_parkme+0x82/0x180 [ 23.338758] ? preempt_count_sub+0x50/0x80 [ 23.338782] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.338806] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.338830] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.338854] kthread+0x337/0x6f0 [ 23.338873] ? trace_preempt_on+0x20/0xc0 [ 23.338897] ? __pfx_kthread+0x10/0x10 [ 23.338917] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.338940] ? calculate_sigpending+0x7b/0xa0 [ 23.338964] ? __pfx_kthread+0x10/0x10 [ 23.339003] ret_from_fork+0x116/0x1d0 [ 23.339022] ? __pfx_kthread+0x10/0x10 [ 23.339043] ret_from_fork_asm+0x1a/0x30 [ 23.339083] </TASK> [ 23.339097] [ 23.347352] Allocated by task 217: [ 23.347503] kasan_save_stack+0x45/0x70 [ 23.347654] kasan_save_track+0x18/0x40 [ 23.347783] kasan_save_alloc_info+0x3b/0x50 [ 23.347924] __kasan_kmalloc+0xb7/0xc0 [ 23.348048] __kmalloc_cache_noprof+0x189/0x420 [ 23.348451] kmalloc_uaf_16+0x15b/0x4c0 [ 23.348824] kunit_try_run_case+0x1a5/0x480 [ 23.349520] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.350110] kthread+0x337/0x6f0 [ 23.350399] ret_from_fork+0x116/0x1d0 [ 23.350893] ret_from_fork_asm+0x1a/0x30 [ 23.351565] [ 23.351789] Freed by task 217: [ 23.352139] kasan_save_stack+0x45/0x70 [ 23.352571] kasan_save_track+0x18/0x40 [ 23.352937] kasan_save_free_info+0x3f/0x60 [ 23.353569] __kasan_slab_free+0x56/0x70 [ 23.353981] kfree+0x222/0x3f0 [ 23.354318] kmalloc_uaf_16+0x1d6/0x4c0 [ 23.354753] kunit_try_run_case+0x1a5/0x480 [ 23.355294] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.355784] kthread+0x337/0x6f0 [ 23.356141] ret_from_fork+0x116/0x1d0 [ 23.356564] ret_from_fork_asm+0x1a/0x30 [ 23.356948] [ 23.357114] The buggy address belongs to the object at ffff8881049ad560 [ 23.357114] which belongs to the cache kmalloc-16 of size 16 [ 23.358088] The buggy address is located 0 bytes inside of [ 23.358088] freed 16-byte region [ffff8881049ad560, ffff8881049ad570) [ 23.358975] [ 23.359148] The buggy address belongs to the physical page: [ 23.359764] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ad [ 23.360320] flags: 0x200000000000000(node=0|zone=2) [ 23.360778] page_type: f5(slab) [ 23.361108] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 23.361560] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.361786] page dumped because: kasan: bad access detected [ 23.361961] [ 23.362025] Memory state around the buggy address: [ 23.362430] ffff8881049ad400: 00 06 fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 23.363178] ffff8881049ad480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.363892] >ffff8881049ad500: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 23.364660] ^ [ 23.365326] ffff8881049ad580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.366068] ffff8881049ad600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.366718] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 23.310932] ================================================================== [ 23.311432] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 23.311730] Write of size 16 at addr ffff8881049ad500 by task kunit_try_catch/215 [ 23.312322] [ 23.312452] CPU: 1 UID: 0 PID: 215 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.312506] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.312519] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.312542] Call Trace: [ 23.312556] <TASK> [ 23.312577] dump_stack_lvl+0x73/0xb0 [ 23.312613] print_report+0xd1/0x650 [ 23.312637] ? __virt_addr_valid+0x1db/0x2d0 [ 23.312662] ? kmalloc_oob_16+0x452/0x4a0 [ 23.312682] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.312708] ? kmalloc_oob_16+0x452/0x4a0 [ 23.312728] kasan_report+0x141/0x180 [ 23.312749] ? kmalloc_oob_16+0x452/0x4a0 [ 23.312773] __asan_report_store16_noabort+0x1b/0x30 [ 23.312797] kmalloc_oob_16+0x452/0x4a0 [ 23.312817] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 23.312839] ? __schedule+0x10cc/0x2b60 [ 23.312860] ? __pfx_read_tsc+0x10/0x10 [ 23.312883] ? ktime_get_ts64+0x86/0x230 [ 23.312910] kunit_try_run_case+0x1a5/0x480 [ 23.312960] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.312982] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.313005] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.313027] ? __kthread_parkme+0x82/0x180 [ 23.313048] ? preempt_count_sub+0x50/0x80 [ 23.313082] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.313106] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.313131] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.313154] kthread+0x337/0x6f0 [ 23.313235] ? trace_preempt_on+0x20/0xc0 [ 23.313264] ? __pfx_kthread+0x10/0x10 [ 23.313285] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.313309] ? calculate_sigpending+0x7b/0xa0 [ 23.313334] ? __pfx_kthread+0x10/0x10 [ 23.313356] ret_from_fork+0x116/0x1d0 [ 23.313375] ? __pfx_kthread+0x10/0x10 [ 23.313396] ret_from_fork_asm+0x1a/0x30 [ 23.313427] </TASK> [ 23.313440] [ 23.320402] Allocated by task 215: [ 23.320542] kasan_save_stack+0x45/0x70 [ 23.320688] kasan_save_track+0x18/0x40 [ 23.320818] kasan_save_alloc_info+0x3b/0x50 [ 23.321050] __kasan_kmalloc+0xb7/0xc0 [ 23.321316] __kmalloc_cache_noprof+0x189/0x420 [ 23.321542] kmalloc_oob_16+0xa8/0x4a0 [ 23.321726] kunit_try_run_case+0x1a5/0x480 [ 23.321938] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.322357] kthread+0x337/0x6f0 [ 23.322530] ret_from_fork+0x116/0x1d0 [ 23.322702] ret_from_fork_asm+0x1a/0x30 [ 23.322882] [ 23.323716] The buggy address belongs to the object at ffff8881049ad500 [ 23.323716] which belongs to the cache kmalloc-16 of size 16 [ 23.324537] The buggy address is located 0 bytes inside of [ 23.324537] allocated 13-byte region [ffff8881049ad500, ffff8881049ad50d) [ 23.325013] [ 23.325118] The buggy address belongs to the physical page: [ 23.325359] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ad [ 23.325690] flags: 0x200000000000000(node=0|zone=2) [ 23.325920] page_type: f5(slab) [ 23.326542] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 23.327144] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.327885] page dumped because: kasan: bad access detected [ 23.328358] [ 23.328628] Memory state around the buggy address: [ 23.328914] ffff8881049ad400: 00 06 fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 23.329458] ffff8881049ad480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.329744] >ffff8881049ad500: 00 05 fc fc 00 00 fc fc fc fc fc fc fc fc fc fc [ 23.330403] ^ [ 23.330709] ffff8881049ad580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.331412] ffff8881049ad600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.331717] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 23.283314] ================================================================== [ 23.283681] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x53c/0x5e0 [ 23.284533] Read of size 1 at addr ffff888105572a00 by task kunit_try_catch/213 [ 23.284858] [ 23.285001] CPU: 0 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.285054] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.285081] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.285104] Call Trace: [ 23.285128] <TASK> [ 23.285148] dump_stack_lvl+0x73/0xb0 [ 23.285180] print_report+0xd1/0x650 [ 23.285326] ? __virt_addr_valid+0x1db/0x2d0 [ 23.285351] ? krealloc_uaf+0x53c/0x5e0 [ 23.285372] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.285411] ? krealloc_uaf+0x53c/0x5e0 [ 23.285433] kasan_report+0x141/0x180 [ 23.285454] ? krealloc_uaf+0x53c/0x5e0 [ 23.285493] __asan_report_load1_noabort+0x18/0x20 [ 23.285518] krealloc_uaf+0x53c/0x5e0 [ 23.285539] ? __pfx_krealloc_uaf+0x10/0x10 [ 23.285568] ? finish_task_switch.isra.0+0x153/0x700 [ 23.285592] ? __switch_to+0x47/0xf50 [ 23.285618] ? __schedule+0x10cc/0x2b60 [ 23.285651] ? __pfx_read_tsc+0x10/0x10 [ 23.285673] ? ktime_get_ts64+0x86/0x230 [ 23.285699] kunit_try_run_case+0x1a5/0x480 [ 23.285725] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.285748] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.285769] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.285791] ? __kthread_parkme+0x82/0x180 [ 23.285811] ? preempt_count_sub+0x50/0x80 [ 23.285838] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.285863] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.285887] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.285911] kthread+0x337/0x6f0 [ 23.285942] ? trace_preempt_on+0x20/0xc0 [ 23.285965] ? __pfx_kthread+0x10/0x10 [ 23.285986] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.286010] ? calculate_sigpending+0x7b/0xa0 [ 23.286034] ? __pfx_kthread+0x10/0x10 [ 23.286056] ret_from_fork+0x116/0x1d0 [ 23.286085] ? __pfx_kthread+0x10/0x10 [ 23.286106] ret_from_fork_asm+0x1a/0x30 [ 23.286137] </TASK> [ 23.286149] [ 23.294136] Allocated by task 213: [ 23.294587] kasan_save_stack+0x45/0x70 [ 23.294742] kasan_save_track+0x18/0x40 [ 23.294952] kasan_save_alloc_info+0x3b/0x50 [ 23.295234] __kasan_kmalloc+0xb7/0xc0 [ 23.295427] __kmalloc_cache_noprof+0x189/0x420 [ 23.295616] krealloc_uaf+0xbb/0x5e0 [ 23.295786] kunit_try_run_case+0x1a5/0x480 [ 23.296004] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.296319] kthread+0x337/0x6f0 [ 23.296495] ret_from_fork+0x116/0x1d0 [ 23.296674] ret_from_fork_asm+0x1a/0x30 [ 23.296880] [ 23.296995] Freed by task 213: [ 23.297150] kasan_save_stack+0x45/0x70 [ 23.297342] kasan_save_track+0x18/0x40 [ 23.297474] kasan_save_free_info+0x3f/0x60 [ 23.297617] __kasan_slab_free+0x56/0x70 [ 23.297836] kfree+0x222/0x3f0 [ 23.298018] krealloc_uaf+0x13d/0x5e0 [ 23.298258] kunit_try_run_case+0x1a5/0x480 [ 23.298465] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.298676] kthread+0x337/0x6f0 [ 23.298790] ret_from_fork+0x116/0x1d0 [ 23.298981] ret_from_fork_asm+0x1a/0x30 [ 23.299467] [ 23.299570] The buggy address belongs to the object at ffff888105572a00 [ 23.299570] which belongs to the cache kmalloc-256 of size 256 [ 23.300137] The buggy address is located 0 bytes inside of [ 23.300137] freed 256-byte region [ffff888105572a00, ffff888105572b00) [ 23.300699] [ 23.300770] The buggy address belongs to the physical page: [ 23.300955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105572 [ 23.301358] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.301690] flags: 0x200000000000040(head|node=0|zone=2) [ 23.301975] page_type: f5(slab) [ 23.302152] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.302570] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.302834] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.303153] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.303599] head: 0200000000000001 ffffea0004155c81 00000000ffffffff 00000000ffffffff [ 23.303984] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.304300] page dumped because: kasan: bad access detected [ 23.304508] [ 23.304955] Memory state around the buggy address: [ 23.305136] ffff888105572900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.305496] ffff888105572980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.305808] >ffff888105572a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.306084] ^ [ 23.306313] ffff888105572a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.306655] ffff888105572b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.306973] ================================================================== [ 23.254760] ================================================================== [ 23.255241] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x1b8/0x5e0 [ 23.255676] Read of size 1 at addr ffff888105572a00 by task kunit_try_catch/213 [ 23.256007] [ 23.256151] CPU: 0 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.256207] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.256220] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.256243] Call Trace: [ 23.256258] <TASK> [ 23.256278] dump_stack_lvl+0x73/0xb0 [ 23.256311] print_report+0xd1/0x650 [ 23.256346] ? __virt_addr_valid+0x1db/0x2d0 [ 23.256383] ? krealloc_uaf+0x1b8/0x5e0 [ 23.256403] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.256429] ? krealloc_uaf+0x1b8/0x5e0 [ 23.256503] kasan_report+0x141/0x180 [ 23.256526] ? krealloc_uaf+0x1b8/0x5e0 [ 23.256550] ? krealloc_uaf+0x1b8/0x5e0 [ 23.256571] __kasan_check_byte+0x3d/0x50 [ 23.256592] krealloc_noprof+0x3f/0x340 [ 23.256631] krealloc_uaf+0x1b8/0x5e0 [ 23.256652] ? __pfx_krealloc_uaf+0x10/0x10 [ 23.256672] ? finish_task_switch.isra.0+0x153/0x700 [ 23.256706] ? __switch_to+0x47/0xf50 [ 23.256733] ? __schedule+0x10cc/0x2b60 [ 23.256755] ? __pfx_read_tsc+0x10/0x10 [ 23.256777] ? ktime_get_ts64+0x86/0x230 [ 23.256813] kunit_try_run_case+0x1a5/0x480 [ 23.256841] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.256874] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.256896] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.256917] ? __kthread_parkme+0x82/0x180 [ 23.256938] ? preempt_count_sub+0x50/0x80 [ 23.256971] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.256996] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.257019] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.257043] kthread+0x337/0x6f0 [ 23.257072] ? trace_preempt_on+0x20/0xc0 [ 23.257097] ? __pfx_kthread+0x10/0x10 [ 23.257117] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.257141] ? calculate_sigpending+0x7b/0xa0 [ 23.257165] ? __pfx_kthread+0x10/0x10 [ 23.257197] ret_from_fork+0x116/0x1d0 [ 23.257216] ? __pfx_kthread+0x10/0x10 [ 23.257236] ret_from_fork_asm+0x1a/0x30 [ 23.257268] </TASK> [ 23.257281] [ 23.268915] Allocated by task 213: [ 23.269363] kasan_save_stack+0x45/0x70 [ 23.269602] kasan_save_track+0x18/0x40 [ 23.269735] kasan_save_alloc_info+0x3b/0x50 [ 23.269884] __kasan_kmalloc+0xb7/0xc0 [ 23.270039] __kmalloc_cache_noprof+0x189/0x420 [ 23.270265] krealloc_uaf+0xbb/0x5e0 [ 23.270463] kunit_try_run_case+0x1a5/0x480 [ 23.270606] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.271051] kthread+0x337/0x6f0 [ 23.271280] ret_from_fork+0x116/0x1d0 [ 23.271499] ret_from_fork_asm+0x1a/0x30 [ 23.271691] [ 23.271789] Freed by task 213: [ 23.271920] kasan_save_stack+0x45/0x70 [ 23.272220] kasan_save_track+0x18/0x40 [ 23.272433] kasan_save_free_info+0x3f/0x60 [ 23.272602] __kasan_slab_free+0x56/0x70 [ 23.272791] kfree+0x222/0x3f0 [ 23.272933] krealloc_uaf+0x13d/0x5e0 [ 23.273080] kunit_try_run_case+0x1a5/0x480 [ 23.273262] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.273519] kthread+0x337/0x6f0 [ 23.273743] ret_from_fork+0x116/0x1d0 [ 23.273912] ret_from_fork_asm+0x1a/0x30 [ 23.274105] [ 23.274172] The buggy address belongs to the object at ffff888105572a00 [ 23.274172] which belongs to the cache kmalloc-256 of size 256 [ 23.274808] The buggy address is located 0 bytes inside of [ 23.274808] freed 256-byte region [ffff888105572a00, ffff888105572b00) [ 23.275549] [ 23.275647] The buggy address belongs to the physical page: [ 23.275889] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105572 [ 23.276396] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.276735] flags: 0x200000000000040(head|node=0|zone=2) [ 23.277010] page_type: f5(slab) [ 23.277246] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.277493] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.277973] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.278238] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.278621] head: 0200000000000001 ffffea0004155c81 00000000ffffffff 00000000ffffffff [ 23.279011] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.279399] page dumped because: kasan: bad access detected [ 23.279654] [ 23.279744] Memory state around the buggy address: [ 23.279983] ffff888105572900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.280369] ffff888105572980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.280596] >ffff888105572a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.280899] ^ [ 23.281093] ffff888105572a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.281406] ffff888105572b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.281675] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 22.880955] ================================================================== [ 22.882690] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 22.882965] Read of size 1 at addr ffff888106180000 by task kunit_try_catch/203 [ 22.884045] [ 22.884416] CPU: 0 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.884476] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.884490] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.884513] Call Trace: [ 22.884528] <TASK> [ 22.884549] dump_stack_lvl+0x73/0xb0 [ 22.884584] print_report+0xd1/0x650 [ 22.884609] ? __virt_addr_valid+0x1db/0x2d0 [ 22.884634] ? page_alloc_uaf+0x356/0x3d0 [ 22.884655] ? kasan_addr_to_slab+0x11/0xa0 [ 22.884675] ? page_alloc_uaf+0x356/0x3d0 [ 22.884696] kasan_report+0x141/0x180 [ 22.884717] ? page_alloc_uaf+0x356/0x3d0 [ 22.884742] __asan_report_load1_noabort+0x18/0x20 [ 22.884766] page_alloc_uaf+0x356/0x3d0 [ 22.884786] ? __pfx_page_alloc_uaf+0x10/0x10 [ 22.884808] ? __schedule+0x10cc/0x2b60 [ 22.884830] ? __pfx_read_tsc+0x10/0x10 [ 22.884852] ? ktime_get_ts64+0x86/0x230 [ 22.884878] kunit_try_run_case+0x1a5/0x480 [ 22.884905] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.884937] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.884958] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.884980] ? __kthread_parkme+0x82/0x180 [ 22.885001] ? preempt_count_sub+0x50/0x80 [ 22.885025] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.885049] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.885149] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.885193] kthread+0x337/0x6f0 [ 22.885213] ? trace_preempt_on+0x20/0xc0 [ 22.885238] ? __pfx_kthread+0x10/0x10 [ 22.885258] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.885284] ? calculate_sigpending+0x7b/0xa0 [ 22.885308] ? __pfx_kthread+0x10/0x10 [ 22.885330] ret_from_fork+0x116/0x1d0 [ 22.885349] ? __pfx_kthread+0x10/0x10 [ 22.885369] ret_from_fork_asm+0x1a/0x30 [ 22.885400] </TASK> [ 22.885413] [ 22.895797] The buggy address belongs to the physical page: [ 22.896011] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106180 [ 22.896730] flags: 0x200000000000000(node=0|zone=2) [ 22.897312] page_type: f0(buddy) [ 22.897608] raw: 0200000000000000 ffff88817fffb538 ffff88817fffb538 0000000000000000 [ 22.898378] raw: 0000000000000000 0000000000000007 00000000f0000000 0000000000000000 [ 22.898639] page dumped because: kasan: bad access detected [ 22.898804] [ 22.898869] Memory state around the buggy address: [ 22.899197] ffff88810617ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.899864] ffff88810617ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.900611] >ffff888106180000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.901336] ^ [ 22.901687] ffff888106180080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.902010] ffff888106180100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.902369] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-kfree
[ 22.856677] ================================================================== [ 22.857187] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 22.857487] Free of addr ffff8881060ac001 by task kunit_try_catch/199 [ 22.857739] [ 22.857857] CPU: 1 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.857913] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.857925] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.858143] Call Trace: [ 22.858159] <TASK> [ 22.858179] dump_stack_lvl+0x73/0xb0 [ 22.858504] print_report+0xd1/0x650 [ 22.858530] ? __virt_addr_valid+0x1db/0x2d0 [ 22.858556] ? kasan_addr_to_slab+0x11/0xa0 [ 22.858576] ? kfree+0x274/0x3f0 [ 22.858598] kasan_report_invalid_free+0x10a/0x130 [ 22.858622] ? kfree+0x274/0x3f0 [ 22.858645] ? kfree+0x274/0x3f0 [ 22.858665] __kasan_kfree_large+0x86/0xd0 [ 22.858687] free_large_kmalloc+0x52/0x110 [ 22.858710] kfree+0x274/0x3f0 [ 22.858734] kmalloc_large_invalid_free+0x120/0x2b0 [ 22.858756] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 22.858779] ? __schedule+0x10cc/0x2b60 [ 22.858800] ? __pfx_read_tsc+0x10/0x10 [ 22.858822] ? ktime_get_ts64+0x86/0x230 [ 22.858847] kunit_try_run_case+0x1a5/0x480 [ 22.858874] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.858897] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.858918] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.858939] ? __kthread_parkme+0x82/0x180 [ 22.858960] ? preempt_count_sub+0x50/0x80 [ 22.858983] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.859008] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.859033] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.859056] kthread+0x337/0x6f0 [ 22.859089] ? trace_preempt_on+0x20/0xc0 [ 22.859112] ? __pfx_kthread+0x10/0x10 [ 22.859133] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.859156] ? calculate_sigpending+0x7b/0xa0 [ 22.859231] ? __pfx_kthread+0x10/0x10 [ 22.859257] ret_from_fork+0x116/0x1d0 [ 22.859276] ? __pfx_kthread+0x10/0x10 [ 22.859297] ret_from_fork_asm+0x1a/0x30 [ 22.859328] </TASK> [ 22.859341] [ 22.867008] The buggy address belongs to the physical page: [ 22.867500] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ac [ 22.867860] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.868370] flags: 0x200000000000040(head|node=0|zone=2) [ 22.868600] page_type: f8(unknown) [ 22.868756] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.869106] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.869594] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.869905] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.870151] head: 0200000000000002 ffffea0004182b01 00000000ffffffff 00000000ffffffff [ 22.870434] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.871098] page dumped because: kasan: bad access detected [ 22.871377] [ 22.871446] Memory state around the buggy address: [ 22.871601] ffff8881060abf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.871897] ffff8881060abf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.872640] >ffff8881060ac000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.872924] ^ [ 22.873092] ffff8881060ac080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.873538] ffff8881060ac100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.873877] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 22.832092] ================================================================== [ 22.832811] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f1/0x340 [ 22.833041] Read of size 1 at addr ffff8881057a0000 by task kunit_try_catch/197 [ 22.833287] [ 22.833375] CPU: 0 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.833429] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.833443] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.833465] Call Trace: [ 22.833479] <TASK> [ 22.833498] dump_stack_lvl+0x73/0xb0 [ 22.833596] print_report+0xd1/0x650 [ 22.833620] ? __virt_addr_valid+0x1db/0x2d0 [ 22.833644] ? kmalloc_large_uaf+0x2f1/0x340 [ 22.833664] ? kasan_addr_to_slab+0x11/0xa0 [ 22.833685] ? kmalloc_large_uaf+0x2f1/0x340 [ 22.833705] kasan_report+0x141/0x180 [ 22.833726] ? kmalloc_large_uaf+0x2f1/0x340 [ 22.833750] __asan_report_load1_noabort+0x18/0x20 [ 22.833774] kmalloc_large_uaf+0x2f1/0x340 [ 22.833794] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 22.833815] ? __schedule+0x10cc/0x2b60 [ 22.833845] ? __pfx_read_tsc+0x10/0x10 [ 22.833867] ? ktime_get_ts64+0x86/0x230 [ 22.833892] kunit_try_run_case+0x1a5/0x480 [ 22.833919] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.833957] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.833980] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.834001] ? __kthread_parkme+0x82/0x180 [ 22.834022] ? preempt_count_sub+0x50/0x80 [ 22.834045] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.834080] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.834104] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.834128] kthread+0x337/0x6f0 [ 22.834147] ? trace_preempt_on+0x20/0xc0 [ 22.834171] ? __pfx_kthread+0x10/0x10 [ 22.834200] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.834224] ? calculate_sigpending+0x7b/0xa0 [ 22.834248] ? __pfx_kthread+0x10/0x10 [ 22.834269] ret_from_fork+0x116/0x1d0 [ 22.834288] ? __pfx_kthread+0x10/0x10 [ 22.834308] ret_from_fork_asm+0x1a/0x30 [ 22.834339] </TASK> [ 22.834351] [ 22.843963] The buggy address belongs to the physical page: [ 22.844518] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057a0 [ 22.845311] flags: 0x200000000000000(node=0|zone=2) [ 22.845763] raw: 0200000000000000 ffffea000415e908 ffff88815b039fc0 0000000000000000 [ 22.846406] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 22.846635] page dumped because: kasan: bad access detected [ 22.846803] [ 22.846870] Memory state around the buggy address: [ 22.847221] ffff88810579ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.847917] ffff88810579ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.848624] >ffff8881057a0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.849331] ^ [ 22.849651] ffff8881057a0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.850399] ffff8881057a0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.850691] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 22.801402] ================================================================== [ 22.801957] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 22.803097] Write of size 1 at addr ffff8881057a200a by task kunit_try_catch/195 [ 22.804083] [ 22.804287] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.804345] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.804360] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.804383] Call Trace: [ 22.804397] <TASK> [ 22.804419] dump_stack_lvl+0x73/0xb0 [ 22.804455] print_report+0xd1/0x650 [ 22.804479] ? __virt_addr_valid+0x1db/0x2d0 [ 22.804503] ? kmalloc_large_oob_right+0x2e9/0x330 [ 22.804524] ? kasan_addr_to_slab+0x11/0xa0 [ 22.804544] ? kmalloc_large_oob_right+0x2e9/0x330 [ 22.804566] kasan_report+0x141/0x180 [ 22.804587] ? kmalloc_large_oob_right+0x2e9/0x330 [ 22.804613] __asan_report_store1_noabort+0x1b/0x30 [ 22.804637] kmalloc_large_oob_right+0x2e9/0x330 [ 22.804658] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 22.804682] ? __schedule+0x10cc/0x2b60 [ 22.804704] ? __pfx_read_tsc+0x10/0x10 [ 22.804726] ? ktime_get_ts64+0x86/0x230 [ 22.804751] kunit_try_run_case+0x1a5/0x480 [ 22.804778] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.804801] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.804823] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.804844] ? __kthread_parkme+0x82/0x180 [ 22.804864] ? preempt_count_sub+0x50/0x80 [ 22.804887] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.804912] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.804953] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.804977] kthread+0x337/0x6f0 [ 22.804997] ? trace_preempt_on+0x20/0xc0 [ 22.805020] ? __pfx_kthread+0x10/0x10 [ 22.805041] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.805074] ? calculate_sigpending+0x7b/0xa0 [ 22.805098] ? __pfx_kthread+0x10/0x10 [ 22.805119] ret_from_fork+0x116/0x1d0 [ 22.805137] ? __pfx_kthread+0x10/0x10 [ 22.805158] ret_from_fork_asm+0x1a/0x30 [ 22.805220] </TASK> [ 22.805234] [ 22.817613] The buggy address belongs to the physical page: [ 22.818177] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057a0 [ 22.818767] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.819084] flags: 0x200000000000040(head|node=0|zone=2) [ 22.819642] page_type: f8(unknown) [ 22.820119] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.820849] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.821308] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.821981] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.822665] head: 0200000000000002 ffffea000415e801 00000000ffffffff 00000000ffffffff [ 22.823432] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.824104] page dumped because: kasan: bad access detected [ 22.824417] [ 22.824605] Memory state around the buggy address: [ 22.824813] ffff8881057a1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.825080] ffff8881057a1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.825745] >ffff8881057a2000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.826484] ^ [ 22.826845] ffff8881057a2080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.827588] ffff8881057a2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.828275] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 22.771118] ================================================================== [ 22.771632] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 22.771983] Write of size 1 at addr ffff888101f55f00 by task kunit_try_catch/193 [ 22.772525] [ 22.772644] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.772699] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.772712] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.772734] Call Trace: [ 22.772750] <TASK> [ 22.772771] dump_stack_lvl+0x73/0xb0 [ 22.772804] print_report+0xd1/0x650 [ 22.772827] ? __virt_addr_valid+0x1db/0x2d0 [ 22.772852] ? kmalloc_big_oob_right+0x316/0x370 [ 22.772873] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.772899] ? kmalloc_big_oob_right+0x316/0x370 [ 22.772920] kasan_report+0x141/0x180 [ 22.772959] ? kmalloc_big_oob_right+0x316/0x370 [ 22.772985] __asan_report_store1_noabort+0x1b/0x30 [ 22.773008] kmalloc_big_oob_right+0x316/0x370 [ 22.773030] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 22.773052] ? __schedule+0x10cc/0x2b60 [ 22.773086] ? __pfx_read_tsc+0x10/0x10 [ 22.773108] ? ktime_get_ts64+0x86/0x230 [ 22.773134] kunit_try_run_case+0x1a5/0x480 [ 22.773162] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.773184] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.773206] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.773227] ? __kthread_parkme+0x82/0x180 [ 22.773248] ? preempt_count_sub+0x50/0x80 [ 22.773272] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.773297] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.773320] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.773399] kthread+0x337/0x6f0 [ 22.773421] ? trace_preempt_on+0x20/0xc0 [ 22.773446] ? __pfx_kthread+0x10/0x10 [ 22.773466] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.773490] ? calculate_sigpending+0x7b/0xa0 [ 22.773514] ? __pfx_kthread+0x10/0x10 [ 22.773535] ret_from_fork+0x116/0x1d0 [ 22.773554] ? __pfx_kthread+0x10/0x10 [ 22.773574] ret_from_fork_asm+0x1a/0x30 [ 22.773605] </TASK> [ 22.773618] [ 22.783799] Allocated by task 193: [ 22.784261] kasan_save_stack+0x45/0x70 [ 22.784479] kasan_save_track+0x18/0x40 [ 22.784775] kasan_save_alloc_info+0x3b/0x50 [ 22.785121] __kasan_kmalloc+0xb7/0xc0 [ 22.785358] __kmalloc_cache_noprof+0x189/0x420 [ 22.785642] kmalloc_big_oob_right+0xa9/0x370 [ 22.786015] kunit_try_run_case+0x1a5/0x480 [ 22.786244] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.786496] kthread+0x337/0x6f0 [ 22.786910] ret_from_fork+0x116/0x1d0 [ 22.787311] ret_from_fork_asm+0x1a/0x30 [ 22.787883] [ 22.787970] The buggy address belongs to the object at ffff888101f54000 [ 22.787970] which belongs to the cache kmalloc-8k of size 8192 [ 22.788936] The buggy address is located 0 bytes to the right of [ 22.788936] allocated 7936-byte region [ffff888101f54000, ffff888101f55f00) [ 22.789731] [ 22.789818] The buggy address belongs to the physical page: [ 22.790327] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101f50 [ 22.790731] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.791223] flags: 0x200000000000040(head|node=0|zone=2) [ 22.791705] page_type: f5(slab) [ 22.791866] raw: 0200000000000040 ffff888100042280 dead000000000100 dead000000000122 [ 22.792509] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 22.792853] head: 0200000000000040 ffff888100042280 dead000000000100 dead000000000122 [ 22.793298] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 22.793647] head: 0200000000000003 ffffea000407d401 00000000ffffffff 00000000ffffffff [ 22.794005] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 22.794452] page dumped because: kasan: bad access detected [ 22.794673] [ 22.794767] Memory state around the buggy address: [ 22.795055] ffff888101f55e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.795601] ffff888101f55e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.795965] >ffff888101f55f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.796298] ^ [ 22.796585] ffff888101f55f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.796936] ffff888101f56000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.797207] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 22.747617] ================================================================== [ 22.747926] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 22.748358] Write of size 1 at addr ffff88810255e578 by task kunit_try_catch/191 [ 22.748671] [ 22.749082] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.749139] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.749153] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.749176] Call Trace: [ 22.749415] <TASK> [ 22.749438] dump_stack_lvl+0x73/0xb0 [ 22.749471] print_report+0xd1/0x650 [ 22.749494] ? __virt_addr_valid+0x1db/0x2d0 [ 22.749518] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 22.749543] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.749570] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 22.749594] kasan_report+0x141/0x180 [ 22.749615] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 22.749645] __asan_report_store1_noabort+0x1b/0x30 [ 22.749669] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 22.749692] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 22.749717] ? __schedule+0x10cc/0x2b60 [ 22.749739] ? __pfx_read_tsc+0x10/0x10 [ 22.749761] ? ktime_get_ts64+0x86/0x230 [ 22.749786] kunit_try_run_case+0x1a5/0x480 [ 22.749812] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.749843] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.749865] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.749886] ? __kthread_parkme+0x82/0x180 [ 22.749907] ? preempt_count_sub+0x50/0x80 [ 22.749940] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.749964] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.749988] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.750012] kthread+0x337/0x6f0 [ 22.750032] ? trace_preempt_on+0x20/0xc0 [ 22.750054] ? __pfx_kthread+0x10/0x10 [ 22.750086] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.750110] ? calculate_sigpending+0x7b/0xa0 [ 22.750134] ? __pfx_kthread+0x10/0x10 [ 22.750155] ret_from_fork+0x116/0x1d0 [ 22.750174] ? __pfx_kthread+0x10/0x10 [ 22.750247] ret_from_fork_asm+0x1a/0x30 [ 22.750280] </TASK> [ 22.750292] [ 22.758979] Allocated by task 191: [ 22.759398] kasan_save_stack+0x45/0x70 [ 22.759594] kasan_save_track+0x18/0x40 [ 22.759755] kasan_save_alloc_info+0x3b/0x50 [ 22.759945] __kasan_kmalloc+0xb7/0xc0 [ 22.760526] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 22.760796] kmalloc_track_caller_oob_right+0x19a/0x520 [ 22.760988] kunit_try_run_case+0x1a5/0x480 [ 22.761282] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.761491] kthread+0x337/0x6f0 [ 22.761641] ret_from_fork+0x116/0x1d0 [ 22.761811] ret_from_fork_asm+0x1a/0x30 [ 22.761960] [ 22.762057] The buggy address belongs to the object at ffff88810255e500 [ 22.762057] which belongs to the cache kmalloc-128 of size 128 [ 22.762708] The buggy address is located 0 bytes to the right of [ 22.762708] allocated 120-byte region [ffff88810255e500, ffff88810255e578) [ 22.763257] [ 22.763359] The buggy address belongs to the physical page: [ 22.763560] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10255e [ 22.763849] flags: 0x200000000000000(node=0|zone=2) [ 22.764091] page_type: f5(slab) [ 22.764465] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.764730] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.765115] page dumped because: kasan: bad access detected [ 22.765370] [ 22.765438] Memory state around the buggy address: [ 22.765639] ffff88810255e400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.765910] ffff88810255e480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.766213] >ffff88810255e500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.766477] ^ [ 22.766768] ffff88810255e580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.767094] ffff88810255e600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.767298] ================================================================== [ 22.721866] ================================================================== [ 22.722693] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 22.723634] Write of size 1 at addr ffff88810255e478 by task kunit_try_catch/191 [ 22.724764] [ 22.724950] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.725029] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.725043] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.725091] Call Trace: [ 22.725107] <TASK> [ 22.725127] dump_stack_lvl+0x73/0xb0 [ 22.725164] print_report+0xd1/0x650 [ 22.725203] ? __virt_addr_valid+0x1db/0x2d0 [ 22.725227] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 22.725252] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.725277] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 22.725301] kasan_report+0x141/0x180 [ 22.725322] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 22.725350] __asan_report_store1_noabort+0x1b/0x30 [ 22.725374] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 22.725398] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 22.725422] ? __schedule+0x10cc/0x2b60 [ 22.725443] ? __pfx_read_tsc+0x10/0x10 [ 22.725465] ? ktime_get_ts64+0x86/0x230 [ 22.725489] kunit_try_run_case+0x1a5/0x480 [ 22.725516] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.725538] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.725559] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.725580] ? __kthread_parkme+0x82/0x180 [ 22.725600] ? preempt_count_sub+0x50/0x80 [ 22.725623] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.725647] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.725670] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.725693] kthread+0x337/0x6f0 [ 22.725713] ? trace_preempt_on+0x20/0xc0 [ 22.725736] ? __pfx_kthread+0x10/0x10 [ 22.725755] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.725779] ? calculate_sigpending+0x7b/0xa0 [ 22.725803] ? __pfx_kthread+0x10/0x10 [ 22.725830] ret_from_fork+0x116/0x1d0 [ 22.725849] ? __pfx_kthread+0x10/0x10 [ 22.725869] ret_from_fork_asm+0x1a/0x30 [ 22.725900] </TASK> [ 22.725912] [ 22.736417] Allocated by task 191: [ 22.736647] kasan_save_stack+0x45/0x70 [ 22.736849] kasan_save_track+0x18/0x40 [ 22.736973] kasan_save_alloc_info+0x3b/0x50 [ 22.737147] __kasan_kmalloc+0xb7/0xc0 [ 22.737348] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 22.737659] kmalloc_track_caller_oob_right+0x99/0x520 [ 22.737922] kunit_try_run_case+0x1a5/0x480 [ 22.738152] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.738372] kthread+0x337/0x6f0 [ 22.738563] ret_from_fork+0x116/0x1d0 [ 22.738744] ret_from_fork_asm+0x1a/0x30 [ 22.738951] [ 22.739039] The buggy address belongs to the object at ffff88810255e400 [ 22.739039] which belongs to the cache kmalloc-128 of size 128 [ 22.739384] The buggy address is located 0 bytes to the right of [ 22.739384] allocated 120-byte region [ffff88810255e400, ffff88810255e478) [ 22.739998] [ 22.740119] The buggy address belongs to the physical page: [ 22.740485] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10255e [ 22.740730] flags: 0x200000000000000(node=0|zone=2) [ 22.741512] page_type: f5(slab) [ 22.741720] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.742437] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.742761] page dumped because: kasan: bad access detected [ 22.743288] [ 22.743377] Memory state around the buggy address: [ 22.743836] ffff88810255e300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.744288] ffff88810255e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.744590] >ffff88810255e400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.744880] ^ [ 22.745578] ffff88810255e480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.746029] ffff88810255e500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.746493] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 22.685796] ================================================================== [ 22.686442] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0 [ 22.687618] Read of size 1 at addr ffff888105f31000 by task kunit_try_catch/189 [ 22.688387] [ 22.688629] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.688700] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.688714] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.688739] Call Trace: [ 22.688754] <TASK> [ 22.688778] dump_stack_lvl+0x73/0xb0 [ 22.688816] print_report+0xd1/0x650 [ 22.688840] ? __virt_addr_valid+0x1db/0x2d0 [ 22.688866] ? kmalloc_node_oob_right+0x369/0x3c0 [ 22.688889] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.688915] ? kmalloc_node_oob_right+0x369/0x3c0 [ 22.688938] kasan_report+0x141/0x180 [ 22.688960] ? kmalloc_node_oob_right+0x369/0x3c0 [ 22.688987] __asan_report_load1_noabort+0x18/0x20 [ 22.689010] kmalloc_node_oob_right+0x369/0x3c0 [ 22.689034] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 22.689058] ? __schedule+0x10cc/0x2b60 [ 22.689090] ? __pfx_read_tsc+0x10/0x10 [ 22.689113] ? ktime_get_ts64+0x86/0x230 [ 22.689139] kunit_try_run_case+0x1a5/0x480 [ 22.689167] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.689308] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.689336] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.689358] ? __kthread_parkme+0x82/0x180 [ 22.689381] ? preempt_count_sub+0x50/0x80 [ 22.689405] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.689473] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.689500] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.689524] kthread+0x337/0x6f0 [ 22.689544] ? trace_preempt_on+0x20/0xc0 [ 22.689569] ? __pfx_kthread+0x10/0x10 [ 22.689589] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.689613] ? calculate_sigpending+0x7b/0xa0 [ 22.689638] ? __pfx_kthread+0x10/0x10 [ 22.689659] ret_from_fork+0x116/0x1d0 [ 22.689678] ? __pfx_kthread+0x10/0x10 [ 22.689698] ret_from_fork_asm+0x1a/0x30 [ 22.689731] </TASK> [ 22.689744] [ 22.703986] Allocated by task 189: [ 22.704351] kasan_save_stack+0x45/0x70 [ 22.704770] kasan_save_track+0x18/0x40 [ 22.705246] kasan_save_alloc_info+0x3b/0x50 [ 22.705625] __kasan_kmalloc+0xb7/0xc0 [ 22.705952] __kmalloc_cache_node_noprof+0x188/0x420 [ 22.706445] kmalloc_node_oob_right+0xab/0x3c0 [ 22.706890] kunit_try_run_case+0x1a5/0x480 [ 22.707507] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.707830] kthread+0x337/0x6f0 [ 22.707960] ret_from_fork+0x116/0x1d0 [ 22.708365] ret_from_fork_asm+0x1a/0x30 [ 22.708729] [ 22.708884] The buggy address belongs to the object at ffff888105f30000 [ 22.708884] which belongs to the cache kmalloc-4k of size 4096 [ 22.709650] The buggy address is located 0 bytes to the right of [ 22.709650] allocated 4096-byte region [ffff888105f30000, ffff888105f31000) [ 22.710059] [ 22.710145] The buggy address belongs to the physical page: [ 22.710492] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105f30 [ 22.711691] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.712150] flags: 0x200000000000040(head|node=0|zone=2) [ 22.712738] page_type: f5(slab) [ 22.713053] raw: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 22.713761] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 22.714048] head: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 22.714327] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 22.714732] head: 0200000000000003 ffffea000417cc01 00000000ffffffff 00000000ffffffff [ 22.715102] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 22.715617] page dumped because: kasan: bad access detected [ 22.715835] [ 22.715924] Memory state around the buggy address: [ 22.716266] ffff888105f30f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.716523] ffff888105f30f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.716791] >ffff888105f31000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.717087] ^ [ 22.717319] ffff888105f31080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.717596] ffff888105f31100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.717885] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 22.656416] ================================================================== [ 22.656889] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 22.657562] Read of size 1 at addr ffff888103bdd25f by task kunit_try_catch/187 [ 22.658251] [ 22.658634] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.658694] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.658710] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.658733] Call Trace: [ 22.658749] <TASK> [ 22.658770] dump_stack_lvl+0x73/0xb0 [ 22.658804] print_report+0xd1/0x650 [ 22.658828] ? __virt_addr_valid+0x1db/0x2d0 [ 22.658853] ? kmalloc_oob_left+0x361/0x3c0 [ 22.658873] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.658900] ? kmalloc_oob_left+0x361/0x3c0 [ 22.658921] kasan_report+0x141/0x180 [ 22.658954] ? kmalloc_oob_left+0x361/0x3c0 [ 22.658979] __asan_report_load1_noabort+0x18/0x20 [ 22.659003] kmalloc_oob_left+0x361/0x3c0 [ 22.659025] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 22.659047] ? __schedule+0x10cc/0x2b60 [ 22.659080] ? __pfx_read_tsc+0x10/0x10 [ 22.659103] ? ktime_get_ts64+0x86/0x230 [ 22.659128] kunit_try_run_case+0x1a5/0x480 [ 22.659155] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.659179] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.659201] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.659222] ? __kthread_parkme+0x82/0x180 [ 22.659243] ? preempt_count_sub+0x50/0x80 [ 22.659267] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.659292] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.659316] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.659340] kthread+0x337/0x6f0 [ 22.659360] ? trace_preempt_on+0x20/0xc0 [ 22.659384] ? __pfx_kthread+0x10/0x10 [ 22.659405] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.659429] ? calculate_sigpending+0x7b/0xa0 [ 22.659454] ? __pfx_kthread+0x10/0x10 [ 22.659476] ret_from_fork+0x116/0x1d0 [ 22.659496] ? __pfx_kthread+0x10/0x10 [ 22.659516] ret_from_fork_asm+0x1a/0x30 [ 22.659548] </TASK> [ 22.659561] [ 22.670690] Allocated by task 26: [ 22.670991] kasan_save_stack+0x45/0x70 [ 22.671317] kasan_save_track+0x18/0x40 [ 22.671616] kasan_save_alloc_info+0x3b/0x50 [ 22.671930] __kasan_kmalloc+0xb7/0xc0 [ 22.672252] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 22.672510] kstrdup+0x3e/0xa0 [ 22.672674] devtmpfs_work_loop+0x96d/0xf30 [ 22.672854] devtmpfsd+0x3b/0x40 [ 22.672978] kthread+0x337/0x6f0 [ 22.673131] ret_from_fork+0x116/0x1d0 [ 22.673445] ret_from_fork_asm+0x1a/0x30 [ 22.673645] [ 22.673797] Freed by task 26: [ 22.673959] kasan_save_stack+0x45/0x70 [ 22.674198] kasan_save_track+0x18/0x40 [ 22.674470] kasan_save_free_info+0x3f/0x60 [ 22.674655] __kasan_slab_free+0x56/0x70 [ 22.674898] kfree+0x222/0x3f0 [ 22.675023] devtmpfs_work_loop+0xacb/0xf30 [ 22.675175] devtmpfsd+0x3b/0x40 [ 22.675295] kthread+0x337/0x6f0 [ 22.675478] ret_from_fork+0x116/0x1d0 [ 22.675719] ret_from_fork_asm+0x1a/0x30 [ 22.675938] [ 22.676016] The buggy address belongs to the object at ffff888103bdd240 [ 22.676016] which belongs to the cache kmalloc-16 of size 16 [ 22.676662] The buggy address is located 15 bytes to the right of [ 22.676662] allocated 16-byte region [ffff888103bdd240, ffff888103bdd250) [ 22.677034] [ 22.677117] The buggy address belongs to the physical page: [ 22.677347] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103bdd [ 22.677964] flags: 0x200000000000000(node=0|zone=2) [ 22.678232] page_type: f5(slab) [ 22.678408] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 22.678754] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 22.679056] page dumped because: kasan: bad access detected [ 22.679313] [ 22.679387] Memory state around the buggy address: [ 22.679648] ffff888103bdd100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 22.679865] ffff888103bdd180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 22.680133] >ffff888103bdd200: fa fb fc fc fa fb fc fc fa fb fc fc 00 07 fc fc [ 22.680531] ^ [ 22.680924] ffff888103bdd280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.681530] ffff888103bdd300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.681844] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 22.610131] ================================================================== [ 22.610487] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 22.610808] Write of size 1 at addr ffff88810255e378 by task kunit_try_catch/185 [ 22.611149] [ 22.611237] CPU: 0 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.611286] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.611299] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.611320] Call Trace: [ 22.611341] <TASK> [ 22.611360] dump_stack_lvl+0x73/0xb0 [ 22.611388] print_report+0xd1/0x650 [ 22.611410] ? __virt_addr_valid+0x1db/0x2d0 [ 22.611433] ? kmalloc_oob_right+0x6bd/0x7f0 [ 22.611453] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.611478] ? kmalloc_oob_right+0x6bd/0x7f0 [ 22.611499] kasan_report+0x141/0x180 [ 22.611520] ? kmalloc_oob_right+0x6bd/0x7f0 [ 22.611545] __asan_report_store1_noabort+0x1b/0x30 [ 22.611569] kmalloc_oob_right+0x6bd/0x7f0 [ 22.611590] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 22.611611] ? __schedule+0x10cc/0x2b60 [ 22.611632] ? __pfx_read_tsc+0x10/0x10 [ 22.611653] ? ktime_get_ts64+0x86/0x230 [ 22.611678] kunit_try_run_case+0x1a5/0x480 [ 22.611703] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.611726] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.611747] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.611768] ? __kthread_parkme+0x82/0x180 [ 22.611788] ? preempt_count_sub+0x50/0x80 [ 22.611811] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.611835] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.611858] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.611882] kthread+0x337/0x6f0 [ 22.611902] ? trace_preempt_on+0x20/0xc0 [ 22.611946] ? __pfx_kthread+0x10/0x10 [ 22.611966] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.611991] ? calculate_sigpending+0x7b/0xa0 [ 22.612015] ? __pfx_kthread+0x10/0x10 [ 22.612036] ret_from_fork+0x116/0x1d0 [ 22.612055] ? __pfx_kthread+0x10/0x10 [ 22.612083] ret_from_fork_asm+0x1a/0x30 [ 22.612114] </TASK> [ 22.612125] [ 22.620535] Allocated by task 185: [ 22.620913] kasan_save_stack+0x45/0x70 [ 22.621144] kasan_save_track+0x18/0x40 [ 22.621474] kasan_save_alloc_info+0x3b/0x50 [ 22.621747] __kasan_kmalloc+0xb7/0xc0 [ 22.621896] __kmalloc_cache_noprof+0x189/0x420 [ 22.622256] kmalloc_oob_right+0xa9/0x7f0 [ 22.622449] kunit_try_run_case+0x1a5/0x480 [ 22.622638] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.622862] kthread+0x337/0x6f0 [ 22.623261] ret_from_fork+0x116/0x1d0 [ 22.623421] ret_from_fork_asm+0x1a/0x30 [ 22.623619] [ 22.623687] The buggy address belongs to the object at ffff88810255e300 [ 22.623687] which belongs to the cache kmalloc-128 of size 128 [ 22.624417] The buggy address is located 5 bytes to the right of [ 22.624417] allocated 115-byte region [ffff88810255e300, ffff88810255e373) [ 22.625173] [ 22.625272] The buggy address belongs to the physical page: [ 22.625458] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10255e [ 22.625799] flags: 0x200000000000000(node=0|zone=2) [ 22.626304] page_type: f5(slab) [ 22.626447] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.626905] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.627341] page dumped because: kasan: bad access detected [ 22.627572] [ 22.627663] Memory state around the buggy address: [ 22.627876] ffff88810255e200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.628431] ffff88810255e280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.628722] >ffff88810255e300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.629145] ^ [ 22.629521] ffff88810255e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.629827] ffff88810255e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.630273] ================================================================== [ 22.631115] ================================================================== [ 22.631572] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 22.631880] Read of size 1 at addr ffff88810255e380 by task kunit_try_catch/185 [ 22.632548] [ 22.632727] CPU: 0 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.632849] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.632864] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.632887] Call Trace: [ 22.632911] <TASK> [ 22.632959] dump_stack_lvl+0x73/0xb0 [ 22.632991] print_report+0xd1/0x650 [ 22.633014] ? __virt_addr_valid+0x1db/0x2d0 [ 22.633038] ? kmalloc_oob_right+0x68a/0x7f0 [ 22.633068] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.633094] ? kmalloc_oob_right+0x68a/0x7f0 [ 22.633116] kasan_report+0x141/0x180 [ 22.633137] ? kmalloc_oob_right+0x68a/0x7f0 [ 22.633163] __asan_report_load1_noabort+0x18/0x20 [ 22.633186] kmalloc_oob_right+0x68a/0x7f0 [ 22.633208] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 22.633230] ? __schedule+0x10cc/0x2b60 [ 22.633251] ? __pfx_read_tsc+0x10/0x10 [ 22.633274] ? ktime_get_ts64+0x86/0x230 [ 22.633299] kunit_try_run_case+0x1a5/0x480 [ 22.633326] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.633349] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.633371] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.633392] ? __kthread_parkme+0x82/0x180 [ 22.633413] ? preempt_count_sub+0x50/0x80 [ 22.633437] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.633462] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.633486] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.633510] kthread+0x337/0x6f0 [ 22.633529] ? trace_preempt_on+0x20/0xc0 [ 22.633553] ? __pfx_kthread+0x10/0x10 [ 22.633573] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.633598] ? calculate_sigpending+0x7b/0xa0 [ 22.633623] ? __pfx_kthread+0x10/0x10 [ 22.633645] ret_from_fork+0x116/0x1d0 [ 22.633663] ? __pfx_kthread+0x10/0x10 [ 22.633684] ret_from_fork_asm+0x1a/0x30 [ 22.633716] </TASK> [ 22.633727] [ 22.642526] Allocated by task 185: [ 22.642786] kasan_save_stack+0x45/0x70 [ 22.643147] kasan_save_track+0x18/0x40 [ 22.643320] kasan_save_alloc_info+0x3b/0x50 [ 22.643506] __kasan_kmalloc+0xb7/0xc0 [ 22.643667] __kmalloc_cache_noprof+0x189/0x420 [ 22.643866] kmalloc_oob_right+0xa9/0x7f0 [ 22.644374] kunit_try_run_case+0x1a5/0x480 [ 22.644643] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.644884] kthread+0x337/0x6f0 [ 22.645210] ret_from_fork+0x116/0x1d0 [ 22.645436] ret_from_fork_asm+0x1a/0x30 [ 22.645745] [ 22.645818] The buggy address belongs to the object at ffff88810255e300 [ 22.645818] which belongs to the cache kmalloc-128 of size 128 [ 22.646441] The buggy address is located 13 bytes to the right of [ 22.646441] allocated 115-byte region [ffff88810255e300, ffff88810255e373) [ 22.647150] [ 22.647250] The buggy address belongs to the physical page: [ 22.647440] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10255e [ 22.647918] flags: 0x200000000000000(node=0|zone=2) [ 22.648348] page_type: f5(slab) [ 22.648486] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.648809] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.649348] page dumped because: kasan: bad access detected [ 22.649722] [ 22.649798] Memory state around the buggy address: [ 22.650325] ffff88810255e280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.650778] ffff88810255e300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.651231] >ffff88810255e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.651625] ^ [ 22.651898] ffff88810255e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.652268] ffff88810255e480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.652678] ================================================================== [ 22.587752] ================================================================== [ 22.588632] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 22.589677] Write of size 1 at addr ffff88810255e373 by task kunit_try_catch/185 [ 22.590452] [ 22.591667] CPU: 0 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.592045] Tainted: [N]=TEST [ 22.592091] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.592334] Call Trace: [ 22.592407] <TASK> [ 22.592560] dump_stack_lvl+0x73/0xb0 [ 22.592653] print_report+0xd1/0x650 [ 22.592684] ? __virt_addr_valid+0x1db/0x2d0 [ 22.592710] ? kmalloc_oob_right+0x6f0/0x7f0 [ 22.592731] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.592757] ? kmalloc_oob_right+0x6f0/0x7f0 [ 22.592778] kasan_report+0x141/0x180 [ 22.592799] ? kmalloc_oob_right+0x6f0/0x7f0 [ 22.592825] __asan_report_store1_noabort+0x1b/0x30 [ 22.592849] kmalloc_oob_right+0x6f0/0x7f0 [ 22.592871] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 22.592892] ? __schedule+0x10cc/0x2b60 [ 22.592942] ? __pfx_read_tsc+0x10/0x10 [ 22.592965] ? ktime_get_ts64+0x86/0x230 [ 22.592992] kunit_try_run_case+0x1a5/0x480 [ 22.593020] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.593043] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.593075] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.593096] ? __kthread_parkme+0x82/0x180 [ 22.593118] ? preempt_count_sub+0x50/0x80 [ 22.593142] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.593166] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.593189] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.593213] kthread+0x337/0x6f0 [ 22.593233] ? trace_preempt_on+0x20/0xc0 [ 22.593259] ? __pfx_kthread+0x10/0x10 [ 22.593279] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.593302] ? calculate_sigpending+0x7b/0xa0 [ 22.593328] ? __pfx_kthread+0x10/0x10 [ 22.593349] ret_from_fork+0x116/0x1d0 [ 22.593368] ? __pfx_kthread+0x10/0x10 [ 22.593389] ret_from_fork_asm+0x1a/0x30 [ 22.593446] </TASK> [ 22.593514] [ 22.599720] Allocated by task 185: [ 22.599998] kasan_save_stack+0x45/0x70 [ 22.600232] kasan_save_track+0x18/0x40 [ 22.600422] kasan_save_alloc_info+0x3b/0x50 [ 22.600626] __kasan_kmalloc+0xb7/0xc0 [ 22.600802] __kmalloc_cache_noprof+0x189/0x420 [ 22.601010] kmalloc_oob_right+0xa9/0x7f0 [ 22.601155] kunit_try_run_case+0x1a5/0x480 [ 22.601297] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.601537] kthread+0x337/0x6f0 [ 22.601703] ret_from_fork+0x116/0x1d0 [ 22.601892] ret_from_fork_asm+0x1a/0x30 [ 22.602157] [ 22.602301] The buggy address belongs to the object at ffff88810255e300 [ 22.602301] which belongs to the cache kmalloc-128 of size 128 [ 22.602816] The buggy address is located 0 bytes to the right of [ 22.602816] allocated 115-byte region [ffff88810255e300, ffff88810255e373) [ 22.603405] [ 22.603569] The buggy address belongs to the physical page: [ 22.604069] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10255e [ 22.604600] flags: 0x200000000000000(node=0|zone=2) [ 22.605212] page_type: f5(slab) [ 22.605653] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.605986] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.606360] page dumped because: kasan: bad access detected [ 22.606629] [ 22.606728] Memory state around the buggy address: [ 22.607229] ffff88810255e200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.607533] ffff88810255e280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.607763] >ffff88810255e300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.608133] ^ [ 22.608443] ffff88810255e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.608702] ffff88810255e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.608955] ==================================================================
Failure - log-parser-boot - exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_vscale
------------[ cut here ]------------ [ 179.707790] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#1: kunit_try_catch/2809 [ 179.708724] Modules linked in: [ 179.709131] CPU: 1 UID: 0 PID: 2809 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 179.710177] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 179.710770] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 179.711563] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 179.712188] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 10 d3 22 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 179.712686] RSP: 0000:ffff888103abfc78 EFLAGS: 00010286 [ 179.712864] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 179.713233] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffffa0e54afc [ 179.713554] RBP: ffff888103abfca0 R08: 0000000000000000 R09: ffffed102058fa00 [ 179.713762] R10: ffff888102c7d007 R11: 0000000000000000 R12: ffffffffa0e54ae8 [ 179.714331] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888103abfd38 [ 179.714997] FS: 0000000000000000(0000) GS:ffff8881b832d000(0000) knlGS:0000000000000000 [ 179.716105] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 179.716773] CR2: 00007ffff7ffe000 CR3: 000000001b2bc000 CR4: 00000000000006f0 [ 179.717290] DR0: ffffffffa2e99480 DR1: ffffffffa2e99481 DR2: ffffffffa2e99483 [ 179.717769] DR3: ffffffffa2e99485 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 179.718268] Call Trace: [ 179.718555] <TASK> [ 179.718814] drm_test_rect_calc_vscale+0x108/0x270 [ 179.719326] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 179.719508] ? __schedule+0x10cc/0x2b60 [ 179.719644] ? __pfx_read_tsc+0x10/0x10 [ 179.719775] ? ktime_get_ts64+0x86/0x230 [ 179.719945] kunit_try_run_case+0x1a5/0x480 [ 179.720429] ? __pfx_kunit_try_run_case+0x10/0x10 [ 179.721037] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 179.721600] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 179.722110] ? __kthread_parkme+0x82/0x180 [ 179.722608] ? preempt_count_sub+0x50/0x80 [ 179.723029] ? __pfx_kunit_try_run_case+0x10/0x10 [ 179.723737] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 179.724449] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 179.724775] kthread+0x337/0x6f0 [ 179.724916] ? trace_preempt_on+0x20/0xc0 [ 179.725455] ? __pfx_kthread+0x10/0x10 [ 179.725852] ? _raw_spin_unlock_irq+0x47/0x80 [ 179.726374] ? calculate_sigpending+0x7b/0xa0 [ 179.726800] ? __pfx_kthread+0x10/0x10 [ 179.727070] ret_from_fork+0x116/0x1d0 [ 179.727536] ? __pfx_kthread+0x10/0x10 [ 179.727795] ret_from_fork_asm+0x1a/0x30 [ 179.728123] </TASK> [ 179.728436] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 179.732761] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#0: kunit_try_catch/2811 [ 179.733244] Modules linked in: [ 179.733556] CPU: 0 UID: 0 PID: 2811 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 179.734018] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 179.734429] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 179.734756] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 179.735069] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 10 d3 22 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 179.737109] RSP: 0000:ffff88810401fc78 EFLAGS: 00010286 [ 179.737625] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 179.737966] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffffa0e54b34 [ 179.738517] RBP: ffff88810401fca0 R08: 0000000000000000 R09: ffffed1020c7ae40 [ 179.738778] R10: ffff8881063d7207 R11: 0000000000000000 R12: ffffffffa0e54b20 [ 179.739128] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810401fd38 [ 179.739544] FS: 0000000000000000(0000) GS:ffff8881b822d000(0000) knlGS:0000000000000000 [ 179.739926] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 179.740296] CR2: 00007ffff7ffe000 CR3: 000000001b2bc000 CR4: 00000000000006f0 [ 179.740607] DR0: ffffffffa2e99480 DR1: ffffffffa2e99481 DR2: ffffffffa2e99482 [ 179.740943] DR3: ffffffffa2e99483 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 179.741319] Call Trace: [ 179.741447] <TASK> [ 179.741579] drm_test_rect_calc_vscale+0x108/0x270 [ 179.741826] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 179.742094] ? __schedule+0x10cc/0x2b60 [ 179.742534] ? __pfx_read_tsc+0x10/0x10 [ 179.742751] ? ktime_get_ts64+0x86/0x230 [ 179.742943] kunit_try_run_case+0x1a5/0x480 [ 179.743310] ? __pfx_kunit_try_run_case+0x10/0x10 [ 179.743578] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 179.743778] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 179.743996] ? __kthread_parkme+0x82/0x180 [ 179.744296] ? preempt_count_sub+0x50/0x80 [ 179.744535] ? __pfx_kunit_try_run_case+0x10/0x10 [ 179.744744] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 179.745034] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 179.745263] kthread+0x337/0x6f0 [ 179.745541] ? trace_preempt_on+0x20/0xc0 [ 179.745777] ? __pfx_kthread+0x10/0x10 [ 179.745997] ? _raw_spin_unlock_irq+0x47/0x80 [ 179.746177] ? calculate_sigpending+0x7b/0xa0 [ 179.746611] ? __pfx_kthread+0x10/0x10 [ 179.746768] ret_from_fork+0x116/0x1d0 [ 179.746960] ? __pfx_kthread+0x10/0x10 [ 179.747125] ret_from_fork_asm+0x1a/0x30 [ 179.747338] </TASK> [ 179.747467] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_hscale
------------[ cut here ]------------ [ 179.674936] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#1: kunit_try_catch/2799 [ 179.675818] Modules linked in: [ 179.676031] CPU: 1 UID: 0 PID: 2799 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 179.676629] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 179.676833] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 179.677381] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 179.677639] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 179.678625] RSP: 0000:ffff888103ec7c78 EFLAGS: 00010286 [ 179.678854] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 179.679140] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffa0e54b38 [ 179.679524] RBP: ffff888103ec7ca0 R08: 0000000000000000 R09: ffffed1020c7a3a0 [ 179.679811] R10: ffff8881063d1d07 R11: 0000000000000000 R12: ffffffffa0e54b20 [ 179.680124] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888103ec7d38 [ 179.680486] FS: 0000000000000000(0000) GS:ffff8881b832d000(0000) knlGS:0000000000000000 [ 179.680797] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 179.681065] CR2: 00007ffff7ffe000 CR3: 000000001b2bc000 CR4: 00000000000006f0 [ 179.681518] DR0: ffffffffa2e99480 DR1: ffffffffa2e99481 DR2: ffffffffa2e99483 [ 179.681837] DR3: ffffffffa2e99485 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 179.682168] Call Trace: [ 179.682451] <TASK> [ 179.682568] drm_test_rect_calc_hscale+0x108/0x270 [ 179.682819] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 179.683451] ? __schedule+0x10cc/0x2b60 [ 179.683743] ? __pfx_read_tsc+0x10/0x10 [ 179.683920] ? ktime_get_ts64+0x86/0x230 [ 179.684107] kunit_try_run_case+0x1a5/0x480 [ 179.684298] ? __pfx_kunit_try_run_case+0x10/0x10 [ 179.684597] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 179.684798] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 179.685100] ? __kthread_parkme+0x82/0x180 [ 179.685256] ? preempt_count_sub+0x50/0x80 [ 179.685722] ? __pfx_kunit_try_run_case+0x10/0x10 [ 179.685913] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 179.686294] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 179.686554] kthread+0x337/0x6f0 [ 179.686694] ? trace_preempt_on+0x20/0xc0 [ 179.686890] ? __pfx_kthread+0x10/0x10 [ 179.687023] ? _raw_spin_unlock_irq+0x47/0x80 [ 179.687241] ? calculate_sigpending+0x7b/0xa0 [ 179.687592] ? __pfx_kthread+0x10/0x10 [ 179.687765] ret_from_fork+0x116/0x1d0 [ 179.687897] ? __pfx_kthread+0x10/0x10 [ 179.688114] ret_from_fork_asm+0x1a/0x30 [ 179.688326] </TASK> [ 179.688604] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 179.654930] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#1: kunit_try_catch/2797 [ 179.655785] Modules linked in: [ 179.656112] CPU: 1 UID: 0 PID: 2797 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 179.657037] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 179.657652] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 179.658099] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 179.658905] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 179.660482] RSP: 0000:ffff8881042c7c78 EFLAGS: 00010286 [ 179.660776] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 179.660999] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffa0e54b00 [ 179.661214] RBP: ffff8881042c7ca0 R08: 0000000000000000 R09: ffffed10205a8320 [ 179.661790] R10: ffff888102d41907 R11: 0000000000000000 R12: ffffffffa0e54ae8 [ 179.662612] R13: 0000000000000000 R14: 000000007fffffff R15: ffff8881042c7d38 [ 179.662912] FS: 0000000000000000(0000) GS:ffff8881b832d000(0000) knlGS:0000000000000000 [ 179.663161] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 179.663707] CR2: 00007ffff7ffe000 CR3: 000000001b2bc000 CR4: 00000000000006f0 [ 179.664398] DR0: ffffffffa2e99480 DR1: ffffffffa2e99481 DR2: ffffffffa2e99483 [ 179.664827] DR3: ffffffffa2e99485 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 179.665354] Call Trace: [ 179.665602] <TASK> [ 179.665754] drm_test_rect_calc_hscale+0x108/0x270 [ 179.665983] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 179.666725] ? __schedule+0x10cc/0x2b60 [ 179.667154] ? __pfx_read_tsc+0x10/0x10 [ 179.667577] ? ktime_get_ts64+0x86/0x230 [ 179.667735] kunit_try_run_case+0x1a5/0x480 [ 179.667888] ? __pfx_kunit_try_run_case+0x10/0x10 [ 179.668057] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 179.668255] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 179.668483] ? __kthread_parkme+0x82/0x180 [ 179.668651] ? preempt_count_sub+0x50/0x80 [ 179.668860] ? __pfx_kunit_try_run_case+0x10/0x10 [ 179.669112] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 179.669417] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 179.669705] kthread+0x337/0x6f0 [ 179.669877] ? trace_preempt_on+0x20/0xc0 [ 179.670097] ? __pfx_kthread+0x10/0x10 [ 179.670265] ? _raw_spin_unlock_irq+0x47/0x80 [ 179.670647] ? calculate_sigpending+0x7b/0xa0 [ 179.670873] ? __pfx_kthread+0x10/0x10 [ 179.671014] ret_from_fork+0x116/0x1d0 [ 179.671161] ? __pfx_kthread+0x10/0x10 [ 179.671454] ret_from_fork_asm+0x1a/0x30 [ 179.671671] </TASK> [ 179.671795] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-drm-kunit-mock-device-drm_gem_shmem_test_get_pages_sgtdrm-kunit-mock-device-drm-drm_warn_onrefcount_readshmem-pages_pin_count
------------[ cut here ]------------ [ 178.861747] drm-kunit-mock-device drm_gem_shmem_test_get_pages_sgt.drm-kunit-mock-device: [drm] drm_WARN_ON(refcount_read(&shmem->pages_pin_count)) [ 178.861867] WARNING: drivers/gpu/drm/drm_gem_shmem_helper.c:180 at drm_gem_shmem_free+0x3ed/0x6c0, CPU#0: kunit_try_catch/2602 [ 178.863799] Modules linked in: [ 178.864171] CPU: 0 UID: 0 PID: 2602 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 178.864858] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 178.865484] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 178.865853] RIP: 0010:drm_gem_shmem_free+0x3ed/0x6c0 [ 178.866374] Code: 85 f6 0f 84 ba 01 00 00 4c 89 e7 e8 fd e3 81 00 48 c7 c1 20 8a e0 a0 4c 89 f2 48 c7 c7 40 86 e0 a0 48 89 c6 e8 d4 6a 73 fe 90 <0f> 0b 90 90 e9 09 ff ff ff 90 48 b8 00 00 00 00 00 fc ff df 48 8d [ 178.867282] RSP: 0000:ffff888104787d18 EFLAGS: 00010286 [ 178.867668] RAX: 0000000000000000 RBX: ffff88810a55bc00 RCX: 1ffffffff4364ae8 [ 178.868092] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 178.868502] RBP: ffff888104787d48 R08: 0000000000000000 R09: fffffbfff4364ae8 [ 178.868923] R10: 0000000000000003 R11: 000000000003b690 R12: ffff888104841000 [ 178.869572] R13: ffff88810a55bcf8 R14: ffff888102c8d880 R15: ffff8881003c7b48 [ 178.869853] FS: 0000000000000000(0000) GS:ffff8881b822d000(0000) knlGS:0000000000000000 [ 178.870395] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 178.870762] CR2: 00007ffff7ffe000 CR3: 000000001b2bc000 CR4: 00000000000006f0 [ 178.871198] DR0: ffffffffa2e99480 DR1: ffffffffa2e99481 DR2: ffffffffa2e99482 [ 178.871653] DR3: ffffffffa2e99483 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 178.872105] Call Trace: [ 178.872261] <TASK> [ 178.872600] ? trace_preempt_on+0x20/0xc0 [ 178.872924] ? __pfx_drm_gem_shmem_free_wrapper+0x10/0x10 [ 178.873470] drm_gem_shmem_free_wrapper+0x12/0x20 [ 178.873918] __kunit_action_free+0x57/0x70 [ 178.874130] kunit_remove_resource+0x133/0x200 [ 178.874448] ? preempt_count_sub+0x50/0x80 [ 178.874776] kunit_cleanup+0x7a/0x120 [ 178.874989] kunit_try_run_case_cleanup+0xbd/0xf0 [ 178.875453] ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [ 178.875825] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 178.876119] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 178.876606] kthread+0x337/0x6f0 [ 178.876892] ? trace_preempt_on+0x20/0xc0 [ 178.877330] ? __pfx_kthread+0x10/0x10 [ 178.877524] ? _raw_spin_unlock_irq+0x47/0x80 [ 178.877731] ? calculate_sigpending+0x7b/0xa0 [ 178.877927] ? __pfx_kthread+0x10/0x10 [ 178.878134] ret_from_fork+0x116/0x1d0 [ 178.878776] ? __pfx_kthread+0x10/0x10 [ 178.878999] ret_from_fork_asm+0x1a/0x30 [ 178.879359] </TASK> [ 178.879598] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-warning-driversgpudrmdrm_framebuffer-at-drm_framebuffer_init
------------[ cut here ]------------ [ 178.721252] WARNING: drivers/gpu/drm/drm_framebuffer.c:867 at drm_framebuffer_init+0x44/0x300, CPU#1: kunit_try_catch/2583 [ 178.722641] Modules linked in: [ 178.722867] CPU: 1 UID: 0 PID: 2583 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 178.723580] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 178.723818] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 178.724362] RIP: 0010:drm_framebuffer_init+0x44/0x300 [ 178.724583] Code: 56 49 89 d6 48 89 f2 41 55 48 c1 ea 03 41 54 49 89 fc 53 48 89 f3 48 83 ec 18 80 3c 02 00 0f 85 00 02 00 00 4c 39 23 74 20 90 <0f> 0b 90 41 bd ea ff ff ff 48 83 c4 18 44 89 e8 5b 41 5c 41 5d 41 [ 178.725605] RSP: 0000:ffff888104a8fb30 EFLAGS: 00010246 [ 178.725850] RAX: dffffc0000000000 RBX: ffff888104a8fc28 RCX: 0000000000000000 [ 178.726178] RDX: 1ffff11020951f8e RSI: ffff888104a8fc28 RDI: ffff888104a8fc70 [ 178.726535] RBP: ffff888104a8fb70 R08: ffff8881049e9000 R09: ffffffffa0df8b80 [ 178.726770] R10: 0000000000000003 R11: 000000006f50bea6 R12: ffff8881049e9000 [ 178.727114] R13: ffff8881003c7ae8 R14: ffff888104a8fba8 R15: 0000000000000000 [ 178.727362] FS: 0000000000000000(0000) GS:ffff8881b832d000(0000) knlGS:0000000000000000 [ 178.727734] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 178.727975] CR2: 00007ffff7ffe000 CR3: 000000001b2bc000 CR4: 00000000000006f0 [ 178.728280] DR0: ffffffffa2e99480 DR1: ffffffffa2e99481 DR2: ffffffffa2e99483 [ 178.728875] DR3: ffffffffa2e99485 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 178.729202] Call Trace: [ 178.729312] <TASK> [ 178.729517] ? add_dr+0xc1/0x1d0 [ 178.729721] drm_test_framebuffer_init_bad_format+0xfc/0x240 [ 178.730010] ? add_dr+0x148/0x1d0 [ 178.730185] ? __pfx_drm_test_framebuffer_init_bad_format+0x10/0x10 [ 178.730457] ? __drmm_add_action+0x1a4/0x280 [ 178.730954] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 178.731257] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 178.731577] ? __drmm_add_action_or_reset+0x22/0x50 [ 178.731832] ? __schedule+0x10cc/0x2b60 [ 178.732071] ? __pfx_read_tsc+0x10/0x10 [ 178.732344] ? ktime_get_ts64+0x86/0x230 [ 178.732562] kunit_try_run_case+0x1a5/0x480 [ 178.732774] ? __pfx_kunit_try_run_case+0x10/0x10 [ 178.733220] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 178.733516] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 178.733765] ? __kthread_parkme+0x82/0x180 [ 178.733980] ? preempt_count_sub+0x50/0x80 [ 178.734138] ? __pfx_kunit_try_run_case+0x10/0x10 [ 178.734361] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 178.734642] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 178.734898] kthread+0x337/0x6f0 [ 178.735071] ? trace_preempt_on+0x20/0xc0 [ 178.735560] ? __pfx_kthread+0x10/0x10 [ 178.735732] ? _raw_spin_unlock_irq+0x47/0x80 [ 178.735904] ? calculate_sigpending+0x7b/0xa0 [ 178.736159] ? __pfx_kthread+0x10/0x10 [ 178.736376] ret_from_fork+0x116/0x1d0 [ 178.736598] ? __pfx_kthread+0x10/0x10 [ 178.736781] ret_from_fork_asm+0x1a/0x30 [ 178.737059] </TASK> [ 178.737178] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-drm-kunit-mock-device-drm_test_framebuffer_freedrm-kunit-mock-device-drm-drm_warn_onlist_empty-filp_head
------------[ cut here ]------------ [ 178.683696] drm-kunit-mock-device drm_test_framebuffer_free.drm-kunit-mock-device: [drm] drm_WARN_ON(!list_empty(&fb->filp_head)) [ 178.683836] WARNING: drivers/gpu/drm/drm_framebuffer.c:832 at drm_framebuffer_free+0x13f/0x1c0, CPU#0: kunit_try_catch/2579 [ 178.684838] Modules linked in: [ 178.685117] CPU: 0 UID: 0 PID: 2579 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 178.686320] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 178.686936] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 178.687307] RIP: 0010:drm_framebuffer_free+0x13f/0x1c0 [ 178.688160] Code: 8b 7d 50 4d 85 ff 74 2b 4c 89 ef e8 eb 07 89 00 48 c7 c1 40 3b df a0 4c 89 fa 48 c7 c7 a0 3b df a0 48 89 c6 e8 c2 8e 7a fe 90 <0f> 0b 90 90 e9 1c ff ff ff 48 b8 00 00 00 00 00 fc ff df 4c 89 ea [ 178.689554] RSP: 0000:ffff88810440fb68 EFLAGS: 00010282 [ 178.689751] RAX: 0000000000000000 RBX: ffff88810440fc40 RCX: 1ffffffff4364ae8 [ 178.689977] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 178.690509] RBP: ffff88810440fb90 R08: 0000000000000000 R09: fffffbfff4364ae8 [ 178.690843] R10: 0000000000000003 R11: 0000000000039c30 R12: ffff88810440fc18 [ 178.691648] R13: ffff888104a7c000 R14: ffff888104434000 R15: ffff888102293880 [ 178.691997] FS: 0000000000000000(0000) GS:ffff8881b822d000(0000) knlGS:0000000000000000 [ 178.692632] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 178.693035] CR2: 00007ffff7ffe000 CR3: 000000001b2bc000 CR4: 00000000000006f0 [ 178.693644] DR0: ffffffffa2e99480 DR1: ffffffffa2e99481 DR2: ffffffffa2e99482 [ 178.694124] DR3: ffffffffa2e99483 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 178.694721] Call Trace: [ 178.694954] <TASK> [ 178.695403] drm_test_framebuffer_free+0x1ab/0x610 [ 178.695613] ? __pfx_drm_test_framebuffer_free+0x10/0x10 [ 178.696099] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 178.696561] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 178.696986] ? __drmm_add_action_or_reset+0x22/0x50 [ 178.697462] ? __schedule+0x10cc/0x2b60 [ 178.697711] ? __pfx_read_tsc+0x10/0x10 [ 178.698108] ? ktime_get_ts64+0x86/0x230 [ 178.698483] kunit_try_run_case+0x1a5/0x480 [ 178.698807] ? __pfx_kunit_try_run_case+0x10/0x10 [ 178.699336] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 178.699548] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 178.699723] ? __kthread_parkme+0x82/0x180 [ 178.699929] ? preempt_count_sub+0x50/0x80 [ 178.700630] ? __pfx_kunit_try_run_case+0x10/0x10 [ 178.701034] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 178.701553] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 178.702001] kthread+0x337/0x6f0 [ 178.702417] ? trace_preempt_on+0x20/0xc0 [ 178.702750] ? __pfx_kthread+0x10/0x10 [ 178.703087] ? _raw_spin_unlock_irq+0x47/0x80 [ 178.703316] ? calculate_sigpending+0x7b/0xa0 [ 178.703811] ? __pfx_kthread+0x10/0x10 [ 178.704110] ret_from_fork+0x116/0x1d0 [ 178.704620] ? __pfx_kthread+0x10/0x10 [ 178.704879] ret_from_fork_asm+0x1a/0x30 [ 178.705457] </TASK> [ 178.705718] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-warning-driversgpudrmdrm_connector-at-drm_connector_dynamic_register
------------[ cut here ]------------ [ 177.372734] WARNING: drivers/gpu/drm/drm_connector.c:903 at drm_connector_dynamic_register+0xbf/0x110, CPU#1: kunit_try_catch/2027 [ 177.373937] Modules linked in: [ 177.374545] CPU: 1 UID: 0 PID: 2027 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 177.375073] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 177.375542] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 177.376120] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 177.376642] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d c3 cc cc cc cc 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d e9 90 22 2a 02 48 89 df e8 68 [ 177.377503] RSP: 0000:ffff888105dffc90 EFLAGS: 00010246 [ 177.377871] RAX: dffffc0000000000 RBX: ffff888105e20000 RCX: 0000000000000000 [ 177.378344] RDX: 1ffff11020bc4034 RSI: ffffffff9e004e28 RDI: ffff888105e201a0 [ 177.378731] RBP: ffff888105dffca0 R08: 1ffff11020078f6a R09: ffffed1020bbff65 [ 177.379079] R10: 0000000000000003 R11: ffffffff9d583fa8 R12: 0000000000000000 [ 177.379411] R13: ffff888105dffd38 R14: ffff8881003c7c58 R15: ffff8881003c7c60 [ 177.380006] FS: 0000000000000000(0000) GS:ffff8881b832d000(0000) knlGS:0000000000000000 [ 177.380605] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 177.381018] CR2: 00007ffff7ffe000 CR3: 000000001b2bc000 CR4: 00000000000006f0 [ 177.381550] DR0: ffffffffa2e99480 DR1: ffffffffa2e99481 DR2: ffffffffa2e99483 [ 177.382106] DR3: ffffffffa2e99485 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 177.382373] Call Trace: [ 177.382475] <TASK> [ 177.382675] drm_test_drm_connector_dynamic_register_no_init+0x104/0x290 [ 177.383489] ? __pfx_drm_test_drm_connector_dynamic_register_no_init+0x10/0x10 [ 177.383827] ? __schedule+0x10cc/0x2b60 [ 177.384127] ? __pfx_read_tsc+0x10/0x10 [ 177.384512] ? ktime_get_ts64+0x86/0x230 [ 177.384712] kunit_try_run_case+0x1a5/0x480 [ 177.384911] ? __pfx_kunit_try_run_case+0x10/0x10 [ 177.385143] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 177.385868] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 177.386135] ? __kthread_parkme+0x82/0x180 [ 177.386581] ? preempt_count_sub+0x50/0x80 [ 177.386754] ? __pfx_kunit_try_run_case+0x10/0x10 [ 177.386999] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 177.387684] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 177.388157] kthread+0x337/0x6f0 [ 177.388548] ? trace_preempt_on+0x20/0xc0 [ 177.388722] ? __pfx_kthread+0x10/0x10 [ 177.389450] ? _raw_spin_unlock_irq+0x47/0x80 [ 177.389687] ? calculate_sigpending+0x7b/0xa0 [ 177.390122] ? __pfx_kthread+0x10/0x10 [ 177.390510] ret_from_fork+0x116/0x1d0 [ 177.390817] ? __pfx_kthread+0x10/0x10 [ 177.391622] ret_from_fork_asm+0x1a/0x30 [ 177.391832] </TASK> [ 177.391954] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 177.291766] WARNING: drivers/gpu/drm/drm_connector.c:903 at drm_connector_dynamic_register+0xbf/0x110, CPU#1: kunit_try_catch/2019 [ 177.292978] Modules linked in: [ 177.293424] CPU: 1 UID: 0 PID: 2019 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 177.294733] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 177.295800] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 177.296851] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 177.297311] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d c3 cc cc cc cc 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d e9 90 22 2a 02 48 89 df e8 68 [ 177.297828] RSP: 0000:ffff888105de7c90 EFLAGS: 00010246 [ 177.298447] RAX: dffffc0000000000 RBX: ffff88810b604000 RCX: 0000000000000000 [ 177.299346] RDX: 1ffff110216c0834 RSI: ffffffff9e004e28 RDI: ffff88810b6041a0 [ 177.300184] RBP: ffff888105de7ca0 R08: 1ffff11020078f6a R09: ffffed1020bbcf65 [ 177.300985] R10: 0000000000000003 R11: ffffffff9d583fa8 R12: 0000000000000000 [ 177.301850] R13: ffff888105de7d38 R14: ffff8881003c7c58 R15: ffff8881003c7c60 [ 177.302643] FS: 0000000000000000(0000) GS:ffff8881b832d000(0000) knlGS:0000000000000000 [ 177.302899] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 177.303091] CR2: 00007ffff7ffe000 CR3: 000000001b2bc000 CR4: 00000000000006f0 [ 177.303479] DR0: ffffffffa2e99480 DR1: ffffffffa2e99481 DR2: ffffffffa2e99483 [ 177.304494] DR3: ffffffffa2e99485 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 177.305143] Call Trace: [ 177.305320] <TASK> [ 177.305582] drm_test_drm_connector_dynamic_register_early_no_init+0x104/0x290 [ 177.305900] ? __pfx_drm_test_drm_connector_dynamic_register_early_no_init+0x10/0x10 [ 177.306636] ? __schedule+0x10cc/0x2b60 [ 177.306921] ? __pfx_read_tsc+0x10/0x10 [ 177.307287] ? ktime_get_ts64+0x86/0x230 [ 177.307497] kunit_try_run_case+0x1a5/0x480 [ 177.307884] ? __pfx_kunit_try_run_case+0x10/0x10 [ 177.308308] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 177.308574] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 177.309009] ? __kthread_parkme+0x82/0x180 [ 177.309433] ? preempt_count_sub+0x50/0x80 [ 177.309630] ? __pfx_kunit_try_run_case+0x10/0x10 [ 177.309960] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 177.310468] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 177.310745] kthread+0x337/0x6f0 [ 177.310905] ? trace_preempt_on+0x20/0xc0 [ 177.311357] ? __pfx_kthread+0x10/0x10 [ 177.311766] ? _raw_spin_unlock_irq+0x47/0x80 [ 177.311996] ? calculate_sigpending+0x7b/0xa0 [ 177.312490] ? __pfx_kthread+0x10/0x10 [ 177.312718] ret_from_fork+0x116/0x1d0 [ 177.312932] ? __pfx_kthread+0x10/0x10 [ 177.313112] ret_from_fork_asm+0x1a/0x30 [ 177.313705] </TASK> [ 177.313838] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-warning-libmathint_log-at-intlog10
------------[ cut here ]------------ [ 122.499192] WARNING: lib/math/int_log.c:120 at intlog10+0x2a/0x40, CPU#1: kunit_try_catch/707 [ 122.500453] Modules linked in: [ 122.500632] CPU: 1 UID: 0 PID: 707 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 122.501006] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 122.501491] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 122.501962] RIP: 0010:intlog10+0x2a/0x40 [ 122.502514] Code: f3 0f 1e fa 0f 1f 44 00 00 85 ff 74 1c 55 48 89 e5 e8 ca fe ff ff 5d 89 c0 48 69 c0 a1 26 88 26 48 c1 e8 1f e9 57 68 8e 02 90 <0f> 0b 90 31 c0 e9 4c 68 8e 02 66 2e 0f 1f 84 00 00 00 00 00 66 90 [ 122.503611] RSP: 0000:ffff888105a47cb0 EFLAGS: 00010246 [ 122.504176] RAX: 0000000000000000 RBX: ffff8881003c7ae8 RCX: 1ffff11020b48fb4 [ 122.504492] RDX: 1ffffffff41930fc RSI: 1ffff11020b48fb3 RDI: 0000000000000000 [ 122.504695] RBP: ffff888105a47d60 R08: 0000000000000000 R09: ffffed1020c81420 [ 122.504894] R10: ffff88810640a107 R11: 0000000000000000 R12: 1ffff11020b48f97 [ 122.505522] R13: ffffffffa0c987e0 R14: 0000000000000000 R15: ffff888105a47d38 [ 122.505841] FS: 0000000000000000(0000) GS:ffff8881b832d000(0000) knlGS:0000000000000000 [ 122.506561] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.507218] CR2: ffff88815a92cfe0 CR3: 000000001b2bc000 CR4: 00000000000006f0 [ 122.507469] DR0: ffffffffa2e99480 DR1: ffffffffa2e99481 DR2: ffffffffa2e99483 [ 122.508250] DR3: ffffffffa2e99485 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 122.508624] Call Trace: [ 122.508727] <TASK> [ 122.508813] ? intlog10_test+0xf2/0x220 [ 122.508984] ? __pfx_intlog10_test+0x10/0x10 [ 122.509190] ? __schedule+0x10cc/0x2b60 [ 122.509498] ? __pfx_read_tsc+0x10/0x10 [ 122.509656] ? ktime_get_ts64+0x86/0x230 [ 122.509863] kunit_try_run_case+0x1a5/0x480 [ 122.510084] ? __pfx_kunit_try_run_case+0x10/0x10 [ 122.510234] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 122.510437] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 122.510707] ? __kthread_parkme+0x82/0x180 [ 122.511354] ? preempt_count_sub+0x50/0x80 [ 122.511564] ? __pfx_kunit_try_run_case+0x10/0x10 [ 122.511770] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 122.512399] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 122.512899] kthread+0x337/0x6f0 [ 122.513200] ? trace_preempt_on+0x20/0xc0 [ 122.513589] ? __pfx_kthread+0x10/0x10 [ 122.513781] ? _raw_spin_unlock_irq+0x47/0x80 [ 122.514012] ? calculate_sigpending+0x7b/0xa0 [ 122.514172] ? __pfx_kthread+0x10/0x10 [ 122.514372] ret_from_fork+0x116/0x1d0 [ 122.514708] ? __pfx_kthread+0x10/0x10 [ 122.514894] ret_from_fork_asm+0x1a/0x30 [ 122.515078] </TASK> [ 122.515223] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-warning-libmathint_log-at-intlog2
------------[ cut here ]------------ [ 122.461959] WARNING: lib/math/int_log.c:63 at intlog2+0xdf/0x110, CPU#0: kunit_try_catch/689 [ 122.462850] Modules linked in: [ 122.463313] CPU: 0 UID: 0 PID: 689 Comm: kunit_try_catch Tainted: G B D N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 122.464123] Tainted: [B]=BAD_PAGE, [D]=DIE, [N]=TEST [ 122.464609] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 122.464896] RIP: 0010:intlog2+0xdf/0x110 [ 122.465101] Code: c9 a0 c1 e0 18 48 83 c4 08 89 d1 c1 e2 08 29 cb 01 d0 0f b7 db 41 0f af dc c1 eb 0f 01 d8 5b 41 5c 41 5d 5d e9 c2 68 8e 02 90 <0f> 0b 90 31 c0 c3 cc cc cc cc 89 45 e4 e8 6f cb 55 ff 8b 45 e4 eb [ 122.465986] RSP: 0000:ffff88810ab9fcb0 EFLAGS: 00010246 [ 122.466279] RAX: 0000000000000000 RBX: ffff8881003c7ae8 RCX: 1ffff11021573fb4 [ 122.466773] RDX: 1ffffffff4193150 RSI: 1ffff11021573fb3 RDI: 0000000000000000 [ 122.467098] RBP: ffff88810ab9fd60 R08: 0000000000000000 R09: ffffed1020392980 [ 122.467396] R10: ffff888101c94c07 R11: 0000000000000000 R12: 1ffff11021573f97 [ 122.467667] R13: ffffffffa0c98a80 R14: 0000000000000000 R15: ffff88810ab9fd38 [ 122.468072] FS: 0000000000000000(0000) GS:ffff8881b822d000(0000) knlGS:0000000000000000 [ 122.468681] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.468932] CR2: dffffc0000000000 CR3: 000000001b2bc000 CR4: 00000000000006f0 [ 122.469218] DR0: ffffffffa2e99480 DR1: ffffffffa2e99481 DR2: ffffffffa2e99482 [ 122.469503] DR3: ffffffffa2e99483 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 122.469901] Call Trace: [ 122.470156] <TASK> [ 122.470383] ? intlog2_test+0xf2/0x220 [ 122.470577] ? __pfx_intlog2_test+0x10/0x10 [ 122.470790] ? __schedule+0x10cc/0x2b60 [ 122.471046] ? __pfx_read_tsc+0x10/0x10 [ 122.471205] ? ktime_get_ts64+0x86/0x230 [ 122.471413] kunit_try_run_case+0x1a5/0x480 [ 122.471601] ? __pfx_kunit_try_run_case+0x10/0x10 [ 122.471909] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 122.472107] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 122.472418] ? __kthread_parkme+0x82/0x180 [ 122.472584] ? preempt_count_sub+0x50/0x80 [ 122.472730] ? __pfx_kunit_try_run_case+0x10/0x10 [ 122.472959] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 122.473316] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 122.473535] kthread+0x337/0x6f0 [ 122.473711] ? trace_preempt_on+0x20/0xc0 [ 122.473925] ? __pfx_kthread+0x10/0x10 [ 122.474173] ? _raw_spin_unlock_irq+0x47/0x80 [ 122.474471] ? calculate_sigpending+0x7b/0xa0 [ 122.474700] ? __pfx_kthread+0x10/0x10 [ 122.474894] ret_from_fork+0x116/0x1d0 [ 122.475079] ? __pfx_kthread+0x10/0x10 [ 122.475244] ret_from_fork_asm+0x1a/0x30 [ 122.475394] </TASK> [ 122.475514] ---[ end trace 0000000000000000 ]---